[
{
"path": ".dockerignore",
"content": "# Git-related files\n.gitattributes\n.gitignore\n.git/\n\n# IDE files\n.idea/\n.vscode/\n\n# Build cache\n.gradle/\n\n# Documentation\ndocs/\nLICENSE\nREADME.md\n\n# Miscellaneous\nquick_start.sh\nDockerfile\n.dockerignore\n"
},
{
"path": ".gitattributes",
"content": "#\n# https://help.github.com/articles/dealing-with-line-endings/\n#\n# These are explicitly windows files and should use crlf\n*.bat text eol=crlf\n\n"
},
{
"path": ".github/workflows/core-build.yml",
"content": "name: core-build\n\non:\n pull_request:\n workflow_dispatch:\n\nenv:\n REGISTRY: ghcr.io\n IMAGE_NAME: google/tsunami-scanner-core\n\njobs:\n build-image:\n runs-on: ubuntu-latest\n\n permissions:\n contents: read\n\n steps:\n - name: Checkout repository\n uses: actions/checkout@v4\n\n - name: Build Docker image\n id: build\n uses: docker/build-push-action@v6\n with:\n context: .\n file: core.Dockerfile\n push: false\n tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}\n labels: ${{ steps.meta.outputs.labels }}\n"
},
{
"path": ".github/workflows/core-push.yml",
"content": "name: core-push\n\non:\n push:\n branches:\n - master\n workflow_dispatch:\n\nenv:\n REGISTRY: ghcr.io\n IMAGE_NAME: google/tsunami-scanner-core\n\njobs:\n build-and-push-image:\n runs-on: ubuntu-latest\n\n permissions:\n contents: read\n packages: write\n attestations: write\n id-token: write\n\n steps:\n - name: Checkout repository\n uses: actions/checkout@v4\n\n - name: Log in to the Container registry\n uses: docker/login-action@v3\n with:\n registry: ${{ env.REGISTRY }}\n username: ${{ github.actor }}\n password: ${{ secrets.GITHUB_TOKEN }}\n\n - name: Extract metadata for Docker\n id: meta\n uses: docker/metadata-action@v5\n with:\n images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}\n\n - name: Build and push Docker image\n id: push\n uses: docker/build-push-action@v6\n with:\n context: .\n file: core.Dockerfile\n push: true\n tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}\n labels: ${{ steps.meta.outputs.labels }}\n\n - name: Generate artifact attestation\n uses: actions/attest-build-provenance@v2\n with:\n subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}\n subject-digest: ${{ steps.push.outputs.digest }}\n push-to-registry: true\n"
},
{
"path": ".github/workflows/devel-push.yml",
"content": "name: devel-push\n\non:\n schedule:\n - cron: \"0 */4 * * *\"\n workflow_dispatch:\n\nenv:\n REGISTRY: ghcr.io\n IMAGE_NAME: google/tsunami-scanner-devel\n\njobs:\n build-and-push-image:\n runs-on: ubuntu-latest\n\n permissions:\n contents: read\n packages: write\n attestations: write\n id-token: write\n\n steps:\n - name: Checkout repository\n uses: actions/checkout@v4\n\n - name: Log in to the Container registry\n uses: docker/login-action@v3\n with:\n registry: ${{ env.REGISTRY }}\n username: ${{ github.actor }}\n password: ${{ secrets.GITHUB_TOKEN }}\n\n - name: Extract metadata for Docker\n id: meta\n uses: docker/metadata-action@v5\n with:\n images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}\n\n - name: Build and push Docker image\n id: push\n uses: docker/build-push-action@v6\n with:\n context: .\n file: devel.Dockerfile\n push: true\n tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}\n labels: ${{ steps.meta.outputs.labels }}\n\n - name: Generate artifact attestation\n uses: actions/attest-build-provenance@v2\n with:\n subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}\n subject-digest: ${{ steps.push.outputs.digest }}\n push-to-registry: true\n"
},
{
"path": ".github/workflows/full-push.yml",
"content": "name: full-push\n\non:\n schedule:\n - cron: \"0 */4 * * *\"\n workflow_dispatch:\n\nenv:\n REGISTRY: ghcr.io\n IMAGE_NAME: google/tsunami-scanner-full\n\njobs:\n build-and-push-image:\n runs-on: ubuntu-latest\n\n permissions:\n contents: read\n packages: write\n attestations: write\n id-token: write\n\n steps:\n - name: Checkout repository\n uses: actions/checkout@v4\n\n - name: Log in to the Container registry\n uses: docker/login-action@v3\n with:\n registry: ${{ env.REGISTRY }}\n username: ${{ github.actor }}\n password: ${{ secrets.GITHUB_TOKEN }}\n\n - name: Extract metadata for Docker\n id: meta\n uses: docker/metadata-action@v5\n with:\n images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}\n\n - name: Build and push Docker image\n id: push\n uses: docker/build-push-action@v6\n with:\n context: .\n push: true\n file: full.Dockerfile\n tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}\n labels: ${{ steps.meta.outputs.labels }}\n\n - name: Generate artifact attestation\n uses: actions/attest-build-provenance@v2\n with:\n subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}\n subject-digest: ${{ steps.push.outputs.digest }}\n push-to-registry: true\n"
},
{
"path": ".gitignore",
"content": "# Gradle\nbuild\ngradle.properties\n.gradle\nlocal.properties\nout\n\n# IntelliJ IDEA\n.idea\n*.iml\n*.ipr\n*.iws\nclasses\n\n# Eclipse\n.classpath\n.factorypath\n.project\n.settings\nbin\neclipsebin\n\n# OS X\n.DS_Store\n\n# Emacs\n*~\n\\#*\\#\n"
},
{
"path": "LICENSE",
"content": "\n Apache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n \"License\" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n \"Licensor\" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n \"Legal Entity\" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n \"control\" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n \"You\" (or \"Your\") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n \"Source\" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n \"Object\" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n \"Work\" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n \"Derivative Works\" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n \"Contribution\" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to Licensor for inclusion in the Work by the copyright owner\n or by an individual or Legal Entity authorized to submit on behalf of\n the copyright owner. For the purposes of this definition, \"submitted\"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as \"Not a Contribution.\"\n\n \"Contributor\" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a \"NOTICE\" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n APPENDIX: How to apply the Apache License to your work.\n\n To apply the Apache License to your work, attach the following\n boilerplate notice, with the fields enclosed by brackets \"[]\"\n replaced with your own identifying information. (Don't include\n the brackets!) The text should be enclosed in the appropriate\n comment syntax for the file format. We also recommend that a\n file or class name and description of purpose be included on the\n same \"printed page\" as the copyright notice for easier\n identification within third-party archives.\n\n Copyright [yyyy] [name of copyright owner]\n\n Licensed under the Apache License, Version 2.0 (the \"License\");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n"
},
{
"path": "README.md",
"content": "# Tsunami\n\n\n\nTsunami is a general purpose network security scanner with an extensible plugin\nsystem for detecting high severity vulnerabilities with high confidence.\n\nTo learn more about Tsunami, visit our\n[documentation](https://google.github.io/tsunami-security-scanner/).\n\nTsunami relies heavily on its plugin system to provide basic scanning\ncapabilities. All publicly available Tsunami plugins are hosted in a separate\n[google/tsunami-security-scanner-plugins](https://github.com/google/tsunami-security-scanner-plugins)\nrepository.\n\n## Quick start\n\nPlease see the documentation on how to\n[build and run Tsunami](https://google.github.io/tsunami-security-scanner/howto/howto)\n\n## Contributing\n\nRead how to\n[contribute to Tsunami](https://google.github.io/tsunami-security-scanner/contribute/).\n\n## License\n\nTsunami is released under the [Apache 2.0 license](LICENSE).\n\n```\nCopyright 2025 Google Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\");\nyou may not use this file except in compliance with the License.\nYou may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software\ndistributed under the License is distributed on an \"AS IS\" BASIS,\nWITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\nSee the License for the specific language governing permissions and\nlimitations under the License.\n```\n\n## Disclaimers\n\nTsunami is not an official Google product.\n"
},
{
"path": "build.gradle",
"content": "// Current gradle version 6.5.\n\nplugins {\n id 'net.ltgt.errorprone' apply false version \"4.2.0\"\n id \"com.gradleup.shadow\" version \"8.3.6\"\n}\n\nsubprojects {\n apply plugin: 'java'\n apply plugin: 'maven-publish'\n apply plugin: 'idea'\n\n apply plugin: 'net.ltgt.errorprone'\n apply plugin: 'com.gradleup.shadow'\n\n group = 'com.google.tsunami'\n version = '0.1.1-SNAPSHOT' // Current Tsunami version\n\n repositories {\n maven { // The google mirror is less flaky than mavenCentral()\n url 'https://maven-central.storage-download.googleapis.com/repos/central/data/'\n }\n\n mavenCentral()\n mavenLocal()\n }\n\n if (rootProject.properties.get('errorProne', true)) {\n dependencies {\n errorprone \"com.google.errorprone:error_prone_core:2.38.0\"\n errorproneJavac 'com.google.errorprone:javac:9+181-r4173-1'\n }\n\n // Disable ErrorProne for all generated codes.\n tasks.withType(JavaCompile).configureEach {\n options.errorprone.disableWarningsInGeneratedCode = false\n options.errorprone.excludedPaths = '.*/build/generated/.*'\n }\n } else {\n // Disable Error Prone\n allprojects {\n afterEvaluate { project ->\n project.tasks.withType(JavaCompile) {\n options.errorprone.enabled = false\n }\n }\n }\n }\n\n plugins.withId('java') {\n sourceCompatibility = JavaVersion.VERSION_21\n targetCompatibility = JavaVersion.VERSION_21\n\n java.withJavadocJar()\n java.withSourcesJar()\n\n jar.manifest {\n attributes('Implementation-Title': name,\n 'Implementation-Version': version,\n 'Built-By': System.getProperty('user.name'),\n 'Built-JDK': System.getProperty('java.version'),\n 'Source-Compatibility': sourceCompatibility,\n 'Target-Compatibility': targetCompatibility)\n }\n\n // Log stacktrace to console when test fails.\n test {\n testLogging {\n exceptionFormat = 'full'\n showExceptions true\n showCauses true\n showStackTraces true\n }\n maxHeapSize = '1500m'\n }\n }\n\n plugins.withId('maven-publish') {\n shadowJar {\n archiveClassifier = null\n }\n }\n}\n"
},
{
"path": "common/README.md",
"content": "# Tsunami Common Libraries\n\n## Overview\n\nThis module provides a set of common libraries and utilities for Tsunami\nSecurity Scanner.\n"
},
{
"path": "common/build.gradle",
"content": "description = 'Tsunami: Common'\n\ndependencies {\n implementation project(':tsunami-proto')\n\n implementation \"com.beust:jcommander:1.48\"\n implementation \"com.google.auto.value:auto-value-annotations:1.11.0\"\n implementation \"com.google.cloud:google-cloud-storage:1.103.1\"\n implementation \"com.google.code.gson:gson:2.10.1\"\n implementation \"com.google.flogger:flogger-system-backend:0.9\"\n implementation \"com.google.flogger:flogger:0.9\"\n implementation \"com.google.flogger:google-extensions:0.9\"\n implementation \"com.google.guava:guava:33.0.0-jre\"\n implementation \"com.google.inject:guice:6.0.0\"\n implementation \"com.google.inject.extensions:guice-assistedinject:6.0.0\"\n implementation \"com.google.truth:truth:1.4.4\"\n implementation \"com.squareup.okhttp3:okhttp:3.12.0\"\n implementation \"io.github.classgraph:classgraph:4.8.65\"\n implementation \"org.yaml:snakeyaml:1.26\"\n\n runtimeOnly \"com.mysql:mysql-connector-j:8.0.33\"\n runtimeOnly \"org.apache.hive:hive-jdbc:4.0.1\"\n runtimeOnly \"org.postgresql:postgresql:42.6.0\"\n\n annotationProcessor \"com.google.auto.value:auto-value:1.10.4\"\n testAnnotationProcessor \"com.google.auto.value:auto-value:1.10.4\"\n\n testImplementation \"com.google.guava:guava-testlib:33.0.0-jre\"\n testImplementation \"com.google.truth:truth:1.4.4\"\n testImplementation \"com.google.truth.extensions:truth-java8-extension:1.4.4\"\n testImplementation \"com.google.truth.extensions:truth-proto-extension:1.4.4\"\n testImplementation \"com.squareup.okhttp3:mockwebserver:3.12.0\"\n testImplementation \"junit:junit:4.13.2\"\n testImplementation \"org.mockito:mockito-core:5.18.0\"\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/ErrorCode.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common;\n\n/** Error codes for Tsunami scanner executions. */\npublic enum ErrorCode {\n CONFIG_ERROR,\n PLUGIN_EXECUTION_ERROR,\n WORKFLOW_ERROR,\n LANGUAGE_SERVER_ERROR,\n\n UNKNOWN;\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/TsunamiException.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common;\n\nimport static com.google.common.base.Preconditions.checkNotNull;\n\nimport com.google.common.base.Strings;\n\n/** Base exception definition of all Tsunami execution errors. */\npublic class TsunamiException extends RuntimeException {\n private final ErrorCode errorCode;\n\n public TsunamiException() {\n this(ErrorCode.UNKNOWN);\n }\n\n public TsunamiException(ErrorCode errorCode) {\n this(errorCode, null);\n }\n\n public TsunamiException(ErrorCode errorCode, String message) {\n this(errorCode, message, null);\n }\n\n public TsunamiException(ErrorCode errorCode, String message, Throwable cause) {\n super(buildExceptionMessage(checkNotNull(errorCode), message), cause);\n this.errorCode = errorCode;\n }\n\n private static String buildExceptionMessage(ErrorCode errorCode, String message) {\n StringBuilder exceptionMessageBuilder = new StringBuilder();\n exceptionMessageBuilder.append(\"(Tsunami error \").append(errorCode).append(\")\");\n if (!Strings.isNullOrEmpty(message)) {\n exceptionMessageBuilder.append(\": \").append(message);\n }\n return exceptionMessageBuilder.toString();\n }\n\n public ErrorCode getErrorCode() {\n return errorCode;\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/cli/CliOption.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.cli;\n\n/**\n * A marker interface for a subset of command line options used in Tsunami modules.\n *\n *
Client should ALWAYS mark its options with this interface so that they can be identified by\n * {@link io.github.classgraph.ClassGraph}. All implementations of {@link CliOption} should provide\n * a no argument constructor or omit constructors completely.\n */\npublic interface CliOption {\n\n /**\n * Performs additional validation logic across options defined in the same {@link CliOption}.\n *\n *
If validation failed, simply throw a {@link com.beust.jcommander.ParameterException}.\n */\n void validate();\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/cli/CliOptionsModule.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.cli;\n\nimport static com.google.common.base.Preconditions.checkNotNull;\n\nimport com.beust.jcommander.JCommander;\nimport com.beust.jcommander.ParameterException;\nimport com.google.common.collect.ImmutableList;\nimport com.google.common.flogger.GoogleLogger;\nimport com.google.inject.AbstractModule;\nimport io.github.classgraph.ClassInfo;\nimport io.github.classgraph.ScanResult;\nimport java.lang.reflect.Constructor;\n\n/**\n * A Guice module that parses CLI arguments for all {@link CliOption} implementations at runtime.\n *\n *
This module relies on the {@link io.github.classgraph.ClassGraph} scan results to identify all\n * {@link CliOption} implementations at runtime. Each implementation is bound to a singleton object\n * of that impl and registered to JCommander for CLI parsing.\n */\npublic final class CliOptionsModule extends AbstractModule {\n private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();\n private static final String CLI_OPTION_INTERFACE = \"com.google.tsunami.common.cli.CliOption\";\n\n private final ScanResult scanResult;\n private final String[] args;\n private final JCommander jCommander;\n\n public CliOptionsModule(ScanResult scanResult, String programName, String[] args) {\n this.scanResult = checkNotNull(scanResult);\n this.args = checkNotNull(args);\n this.jCommander = new JCommander();\n\n jCommander.setProgramName(programName);\n }\n\n @Override\n protected void configure() {\n // For each CliOption installed at runtime, bind a singleton instance and register the instance\n // to JCommander for parsing.\n ImmutableList.Builder cliOptions = ImmutableList.builder();\n for (ClassInfo classInfo :\n scanResult\n .getClassesImplementing(CLI_OPTION_INTERFACE)\n .filter(classInfo -> !classInfo.isInterface())) {\n logger.atInfo().log(\"Found CliOption: %s\", classInfo.getName());\n\n CliOption cliOption = bindCliOption(classInfo.loadClass(CliOption.class));\n jCommander.addObject(cliOption);\n cliOptions.add(cliOption);\n }\n\n // Parse command arguments or die.\n try {\n jCommander.parse(args);\n cliOptions.build().forEach(CliOption::validate);\n } catch (ParameterException e) {\n jCommander.usage();\n throw e;\n }\n }\n\n private T bindCliOption(Class cliOptionClass) {\n try {\n Constructor cliOptionCtor = cliOptionClass.getDeclaredConstructor();\n // Always create an instance of the CliOption regardless of scope.\n cliOptionCtor.setAccessible(true);\n T cliOption = cliOptionCtor.newInstance();\n bind(cliOptionClass).toInstance(cliOption);\n return cliOption;\n } catch (ReflectiveOperationException e) {\n throw new AssertionError(\n String.format(\n \"CliOption '%s' must be constructable via a no-argument constructor\",\n cliOptionClass.getTypeName()),\n e);\n }\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/command/CommandExecutionThreadPool.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.command;\n\nimport java.lang.annotation.Retention;\nimport java.lang.annotation.RetentionPolicy;\nimport javax.inject.Qualifier;\n\n/** Annotates the thread pool to use for executing native commands. */\n@Qualifier\n@Retention(RetentionPolicy.RUNTIME)\npublic @interface CommandExecutionThreadPool {}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/command/CommandExecutor.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.command;\n\nimport static com.google.common.base.Preconditions.checkNotNull;\nimport static java.nio.charset.StandardCharsets.UTF_8;\n\nimport com.google.common.annotations.VisibleForTesting;\nimport com.google.common.base.Joiner;\nimport com.google.common.flogger.GoogleLogger;\nimport java.io.BufferedReader;\nimport java.io.IOException;\nimport java.io.InputStream;\nimport java.io.InputStreamReader;\nimport java.util.concurrent.CompletableFuture;\nimport java.util.concurrent.ExecutionException;\nimport java.util.concurrent.Executor;\nimport java.util.concurrent.Executors;\nimport java.util.concurrent.ThreadPoolExecutor;\nimport javax.annotation.Nullable;\n\n/** Helper class that handles running a command line and collecting output and errors. */\n// TODO(b/145315535): reimplement this class so that it is:\n// 1. guice injectable in order to hide Executor interface.\n// 2. unit testable to prevent actually executing commands in test.\npublic class CommandExecutor {\n private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();\n private static final Joiner COMMAND_ARGS_JOINER = Joiner.on(\" \");\n\n private final ProcessBuilder processBuilder;\n private final String[] args;\n private Process process;\n @Nullable private String output;\n @Nullable private String error;\n\n public CommandExecutor(String... args) {\n this.args = checkNotNull(args);\n this.processBuilder = new ProcessBuilder(args);\n }\n\n /*\n * Executes the command and uses a {@link ThreadPoolExecutor} to collect output and error.\n *\n * This is a convenience method for testing purposes only as the executor is not shared and\n * therefore defeats the purpose of having a cached thread pool.\n */\n @VisibleForTesting\n Process execute() throws IOException, InterruptedException, ExecutionException {\n // Nmap is a long running process and the collectStream method is a blocking method.\n // By default CompletableFuture uses ForkJoinPool, which is for suitable short\n // non-blocking operations.\n Executor executor = Executors.newCachedThreadPool();\n return execute(executor);\n }\n\n /**\n * Starts the command and uses the passed executor to collect output and error streams.\n *\n *
IMPORTANT: The stream collection uses an IO blocking method and the passed executor must be\n * well suited for the task. {@link ThreadPoolExecutor} is a viable option.\n *\n * @param executor The executor to collect output and error streams.\n * @return Started {@link Process} object.\n * @throws IOException if an I/O error occurs when starting the command executing process.\n * @throws InterruptedException if interrupted while waiting for the command's output.\n * @throws ExecutionException if the command execution failed.\n */\n public Process execute(Executor executor)\n throws IOException, InterruptedException, ExecutionException {\n logger.atInfo().log(\"Executing the following command: '%s'\", COMMAND_ARGS_JOINER.join(args));\n process = processBuilder.start();\n output =\n CompletableFuture.supplyAsync(() -> collectStream(process.getInputStream()), executor)\n .get();\n error =\n CompletableFuture.supplyAsync(() -> collectStream(process.getErrorStream()), executor)\n .get();\n return process;\n }\n\n /**\n * Starts the command and asynchronously collect output and error.\n *\n * @return Started {@link Process} object.\n * @throws IOException if an I/O error occurs when starting the command executing process.\n * @throws InterruptedException if interrupted while waiting for the command's output.\n * @throws ExecutionException if the command execution failed.\n */\n public Process executeAsync() throws IOException, InterruptedException, ExecutionException {\n logger.atInfo().log(\"Executing the following command: '%s'\", COMMAND_ARGS_JOINER.join(args));\n process = processBuilder.inheritIO().start();\n return process;\n }\n\n /**\n * Starts the command without collecting output and error streams.\n *\n * @return Started {@link Process} object.\n * @throws IOException if an I/O error occurs when starting the command executing process.\n * @throws InterruptedException if interrupted while starting the command executing process.\n * @throws ExecutionException if the command execution failed.\n */\n public Process executeWithNoStreamCollection()\n throws IOException, InterruptedException, ExecutionException {\n logger.atInfo().log(\"Executing the following command: '%s'\", COMMAND_ARGS_JOINER.join(args));\n process = processBuilder.start();\n return process;\n }\n\n @Nullable\n public String getOutput() {\n return output;\n }\n\n @Nullable\n public String getError() {\n return error;\n }\n\n private static String collectStream(InputStream stream) {\n StringBuilder stringBuilder = new StringBuilder();\n try {\n String output;\n BufferedReader streamReader = new BufferedReader(new InputStreamReader(stream, UTF_8));\n while ((output = streamReader.readLine()) != null) {\n stringBuilder.append(output);\n stringBuilder.append(\"\\n\");\n }\n } catch (IOException e) {\n logger.atWarning().withCause(e).log(\"Error collecting output stream from command execution.\");\n }\n return stringBuilder.toString();\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/command/CommandExecutorFactory.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.command;\n\n/** Utility class to simplify the creation and testing of {@link CommandExecutor} instances. */\npublic class CommandExecutorFactory {\n\n private static CommandExecutor instance;\n\n /**\n * Sets an executor instance that will be returned by all future calls to {@link\n * CommandExecutorFactory#create(String...)}\n *\n * @param executor The {@link CommandExecutor} returned by this factory.\n */\n public static void setInstance(CommandExecutor executor) {\n instance = executor;\n }\n\n /**\n * Creates a new {@link CommandExecutor} if none is set.\n *\n * @param args List of arguments to pass to the newly created {@link CommandExecutor}.\n * @return the {@link CommandExecutor} instance created by this factory.\n */\n public static CommandExecutor create(String... args) {\n if (instance == null) {\n return new CommandExecutor(args);\n }\n return instance;\n }\n\n private CommandExecutorFactory() {}\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/command/CommandExecutorModule.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.command;\n\nimport com.google.inject.AbstractModule;\nimport com.google.tsunami.common.concurrent.ThreadPoolModule;\n\n/** Installs dependencies used by {@link CommandExecutor}. */\npublic class CommandExecutorModule extends AbstractModule {\n\n @Override\n protected void configure() {\n install(\n new ThreadPoolModule.Builder()\n .setName(\"CommandExecutor\")\n .setCoreSize(4)\n .setMaxSize(8)\n .setQueueCapacity(32)\n .setDaemon(true)\n .setPriority(Thread.NORM_PRIORITY)\n .setAnnotation(CommandExecutionThreadPool.class)\n .build());\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/concurrent/BaseThreadPoolModule.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.concurrent;\n\nimport static com.google.common.base.Preconditions.checkArgument;\nimport static com.google.common.base.Preconditions.checkNotNull;\nimport static com.google.common.base.Preconditions.checkState;\n\nimport com.google.common.base.Strings;\nimport com.google.common.util.concurrent.ListeningExecutorService;\nimport com.google.common.util.concurrent.MoreExecutors;\nimport com.google.common.util.concurrent.ThreadFactoryBuilder;\nimport com.google.inject.AbstractModule;\nimport com.google.inject.Key;\nimport java.lang.annotation.Annotation;\nimport java.time.Duration;\nimport java.util.concurrent.ExecutorService;\nimport java.util.concurrent.RejectedExecutionHandler;\nimport java.util.concurrent.ThreadFactory;\nimport java.util.concurrent.ThreadPoolExecutor.AbortPolicy;\nimport java.util.concurrent.TimeUnit;\nimport javax.inject.Provider;\nimport org.checkerframework.checker.nullness.qual.Nullable;\n\n/**\n * The base module for binding a thread pool.\n *\n *
This module is essentially a thin wrapper around {@link ThreadFactoryBuilder} and the\n * corresponding {@link ExecutorService} families. Based on the intended usage, it is expected that\n * subclasses of this module should provides bindings to a concrete thread pool implementation of\n * {@link ExecutorService}. This base module wraps the actual {@link ExecutorService} implementation\n * in order to support {@link com.google.common.util.concurrent.ListenableFuture} usage in the code\n * base.\n *\n * @param The expected thread pool implementation, must be a subclass of {@link\n * ListeningExecutorService}.\n */\nabstract class BaseThreadPoolModule\n extends AbstractModule {\n private final ThreadFactory factory;\n private final int maxSize;\n private final int coreSize;\n private final long keepAliveSeconds;\n private final @Nullable Duration shutdownDelay;\n private final Key key;\n private final Class executorServiceTypeClass;\n private final RejectedExecutionHandler rejectedExecutionHandler;\n\n BaseThreadPoolModule(BaseThreadPoolModuleBuilder builder) {\n checkNotNull(builder);\n\n this.factory = builder.factoryBuilder.build();\n this.maxSize = builder.maxSize;\n this.coreSize = builder.coreSize;\n this.keepAliveSeconds = builder.keepAliveSeconds;\n this.shutdownDelay = builder.daemon ? builder.shutdownDelay : null;\n this.key = builder.key;\n this.executorServiceTypeClass = builder.executorServiceTypeClass;\n this.rejectedExecutionHandler = builder.rejectedExecutionHandler;\n }\n\n @Override\n protected final void configure() {\n configureThreadPool(key);\n }\n\n /** Subclasses should override this method for providing Guice bindings. */\n abstract void configureThreadPool(Key key);\n\n /** Base {@link Provider} implementation for providing the target thread pool. */\n abstract class BaseThreadPoolProvider implements Provider {\n abstract ExecutorService createThreadPool(\n int coreSize,\n int maxSize,\n long keepAliveSeconds,\n ThreadFactory factory,\n RejectedExecutionHandler rejectedExecutionHandler);\n\n @Override\n public final ExecutorServiceT get() {\n ExecutorService service =\n createThreadPool(coreSize, maxSize, keepAliveSeconds, factory, rejectedExecutionHandler);\n\n if (shutdownDelay != null) {\n MoreExecutors.addDelayedShutdownHook(\n service, shutdownDelay.toMillis(), TimeUnit.MILLISECONDS);\n }\n return executorServiceTypeClass.cast(MoreExecutors.listeningDecorator(service));\n }\n }\n\n /** Base Builder for {@link BaseThreadPoolModule}. */\n abstract static class BaseThreadPoolModuleBuilder<\n ExecutorServiceT extends ListeningExecutorService,\n BuilderImplT extends BaseThreadPoolModuleBuilder> {\n protected final ThreadFactoryBuilder factoryBuilder = new ThreadFactoryBuilder();\n protected String name;\n protected int maxSize;\n protected int coreSize;\n protected long keepAliveSeconds = 60L;\n protected boolean daemon;\n protected Duration shutdownDelay;\n protected Key key;\n protected final Class executorServiceTypeClass;\n protected RejectedExecutionHandler rejectedExecutionHandler = new AbortPolicy();\n\n BaseThreadPoolModuleBuilder(Class executorServiceTypeClass) {\n this.executorServiceTypeClass = checkNotNull(executorServiceTypeClass);\n }\n\n abstract BuilderImplT self();\n\n /**\n * Sets the name used to name the threads; automatically suffixed with \"-%s\"to incorporate the\n * thread number\n *\n * @param name the name of the thread pool.\n * @return the Builder instance itself.\n */\n public BuilderImplT setName(String name) {\n checkArgument(!Strings.isNullOrEmpty(name), \"Name should not be empty\");\n this.name = name;\n return self();\n }\n\n /**\n * Sets the maximum number of threads allowed in the pool; value should be positive.\n *\n * @param maxSize the maximum number of threads allowed in this thread pool.\n * @return the Builder instance itself.\n */\n BuilderImplT setMaxSize(int maxSize) {\n checkArgument(maxSize > 0, \"Max thread pool size should be positive.\");\n this.maxSize = maxSize;\n return self();\n }\n\n /**\n * Sets the number of threads to keep in the pool.\n *\n * @param coreSize the minimum number of threads to keep alive in this thread pool.\n * @return the Builder instance itself.\n */\n BuilderImplT setCoreSize(int coreSize) {\n checkArgument(coreSize >= 0, \"The core pool size should be non-negative.\");\n this.coreSize = coreSize;\n return self();\n }\n\n /**\n * Sets the keep alive time in seconds for the threads not in core pool.\n *\n * @param keepAliveSeconds the maximum number of seconds an idle thread in this pool can keep\n * alive before being terminated.\n * @return the Builder instance itself.\n */\n public BuilderImplT setKeepAliveSeconds(long keepAliveSeconds) {\n checkArgument(keepAliveSeconds >= 0, \"The keep alive time should be non-negative.\");\n this.keepAliveSeconds = keepAliveSeconds;\n return self();\n }\n\n /**\n * Sets whether or not new threads created by the pool will be daemon threads.*\n *\n * @param daemon whether threads created in this pool are daemon threads.\n * @return the Builder instance itself.\n */\n public BuilderImplT setDaemon(boolean daemon) {\n factoryBuilder.setDaemon(daemon);\n this.daemon = daemon;\n return self();\n }\n\n /**\n * Sets how long the JVM should wait to exit for daemon threads to complete.\n *\n *
This has no effect if the pool does not use daemon threads.\n *\n * @param shutdownDelay the delay enforced during the thread pool shutdown.\n * @return the Builder instance itself.\n */\n public BuilderImplT setDelayedShutdown(Duration shutdownDelay) {\n this.shutdownDelay = checkNotNull(shutdownDelay);\n return self();\n }\n\n /**\n * Sets the priority for threads created by the pool.\n *\n * @param priority the priority of the threads created by this pool.\n * @return the Builder instance itself.\n */\n public BuilderImplT setPriority(int priority) {\n factoryBuilder.setPriority(priority);\n return self();\n }\n\n /**\n * Sets the binding annotation.\n *\n * @param annotation the Guice binding annotation for this thread pool.\n * @return the Builder instance itself.\n */\n public BuilderImplT setAnnotation(Annotation annotation) {\n key = Key.get(executorServiceTypeClass, checkNotNull(annotation));\n return self();\n }\n\n /**\n * Sets the binding annotation.\n *\n * @param annotationClass the Guice binding annotation class for this thread pool.\n * @return the Builder instance itself.\n */\n public BuilderImplT setAnnotation(Class annotationClass) {\n key = Key.get(executorServiceTypeClass, checkNotNull(annotationClass));\n return self();\n }\n\n /**\n * Sets the handler to use when thread execution is blocked due to thread bounds and queue\n * capacities are reached.\n *\n *
By default, {@link AbortPolicy} is used for rejected execution, which throws the {@link\n * java.util.concurrent.RejectedExecutionException}.\n *\n * @param rejectedExecutionHandler A handler for tasks that cannot be executed by this thread\n * pool.\n * @return the Builder instance itself.\n */\n public BuilderImplT setRejectedExecutionHandler(\n RejectedExecutionHandler rejectedExecutionHandler) {\n this.rejectedExecutionHandler = checkNotNull(rejectedExecutionHandler);\n return self();\n }\n\n final void validateAll() {\n checkState(!Strings.isNullOrEmpty(name), \"Name is required.\");\n checkState(\n maxSize > 0,\n \"Max thread pool size must be positive. Did you forget setting maximum thread pool size\"\n + \" by calling setMaxSize?\");\n checkState(\n coreSize <= maxSize, \"Thread pool core size should be less than or equal to max size.\");\n checkState(key != null, \"Annotation is required.\");\n\n validate();\n }\n\n abstract void validate();\n\n public final AbstractModule build() {\n validateAll();\n return newModule();\n }\n\n abstract AbstractModule newModule();\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/concurrent/ScheduledThreadPoolModule.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.concurrent;\n\nimport static com.google.common.base.Preconditions.checkArgument;\nimport static java.util.concurrent.TimeUnit.SECONDS;\n\nimport com.google.common.util.concurrent.ListeningScheduledExecutorService;\nimport com.google.inject.Key;\nimport java.util.concurrent.RejectedExecutionHandler;\nimport java.util.concurrent.ScheduledExecutorService;\nimport java.util.concurrent.ScheduledThreadPoolExecutor;\nimport java.util.concurrent.ThreadFactory;\nimport javax.inject.Singleton;\n\n/**\n * A helper module for binding a scheduled thread pool. The module will bind a {@link\n * ScheduledExecutorService} and a {@link ListeningScheduledExecutorService} to a singleton thread\n * pool that is annotated with the annotation passed to the builder.\n */\npublic final class ScheduledThreadPoolModule\n extends BaseThreadPoolModule {\n\n ScheduledThreadPoolModule(Builder builder) {\n super(builder);\n }\n\n @Override\n void configureThreadPool(Key key) {\n bind(key.ofType(ScheduledExecutorService.class)).to(key);\n bind(key).toProvider(new ScheduledThreadPoolProvider()).in(Singleton.class);\n }\n\n private final class ScheduledThreadPoolProvider extends BaseThreadPoolProvider {\n\n @Override\n ScheduledThreadPoolExecutor createThreadPool(\n int coreSize,\n int maxSize,\n long keepAliveSeconds,\n ThreadFactory factory,\n RejectedExecutionHandler rejectedExecutionHandler) {\n ScheduledThreadPoolExecutor scheduledThreadPoolExecutor =\n new ScheduledThreadPoolExecutor(coreSize, factory, rejectedExecutionHandler);\n scheduledThreadPoolExecutor.setMaximumPoolSize(maxSize);\n scheduledThreadPoolExecutor.setKeepAliveTime(keepAliveSeconds, SECONDS);\n return scheduledThreadPoolExecutor;\n }\n }\n\n /**\n * Builder for {@link ScheduledThreadPoolModule}.\n *\n *
NOTE: Unlike {@link ThreadPoolModule}, {@link ScheduledThreadPoolExecutor} acts as a\n * fixed-sized pool using {@code corePoolSize} threads and an unbounded queue. So this builder\n * only allows users to set a fixed thread pool size.\n */\n public static final class Builder\n extends BaseThreadPoolModuleBuilder {\n\n public Builder() {\n super(ListeningScheduledExecutorService.class);\n }\n\n @Override\n Builder self() {\n return this;\n }\n\n /**\n * Sets the size of the thread pool.\n *\n * @param size the size of the thread pool.\n * @return the {@link Builder} instance itself.\n */\n public Builder setSize(int size) {\n checkArgument(size > 0, \"Thread pool size should be positive.\");\n setCoreSize(size);\n setMaxSize(size);\n return this;\n }\n\n @Override\n void validate() {}\n\n @Override\n ScheduledThreadPoolModule newModule() {\n return new ScheduledThreadPoolModule(this);\n }\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/concurrent/ThreadPoolModule.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.concurrent;\n\nimport static com.google.common.base.Preconditions.checkArgument;\nimport static com.google.common.base.Preconditions.checkNotNull;\nimport static com.google.common.base.Preconditions.checkState;\n\nimport com.google.common.util.concurrent.ListeningExecutorService;\nimport com.google.inject.Key;\nimport com.google.inject.Singleton;\nimport java.util.concurrent.BlockingQueue;\nimport java.util.concurrent.Executor;\nimport java.util.concurrent.ExecutorService;\nimport java.util.concurrent.LinkedBlockingQueue;\nimport java.util.concurrent.RejectedExecutionHandler;\nimport java.util.concurrent.SynchronousQueue;\nimport java.util.concurrent.ThreadFactory;\nimport java.util.concurrent.ThreadPoolExecutor;\nimport java.util.concurrent.TimeUnit;\nimport org.checkerframework.checker.nullness.qual.Nullable;\n\n/**\n * A helper module for binding a thread pool. The module will bind an {@link Executor}, {@link\n * ExecutorService} and {@link ListeningExecutorService} annotated with the annotation passed to the\n * builder.\n */\npublic final class ThreadPoolModule extends BaseThreadPoolModule {\n private final BlockingQueue blockingQueue;\n\n private ThreadPoolModule(Builder builder) {\n super(checkNotNull(builder));\n\n this.blockingQueue = builder.getBlockingQueue();\n }\n\n @Override\n void configureThreadPool(Key key) {\n bind(key.ofType(Executor.class)).to(key);\n bind(key.ofType(ExecutorService.class)).to(key);\n bind(key).toProvider(new ThreadPoolProvider()).in(Singleton.class);\n }\n\n private final class ThreadPoolProvider extends BaseThreadPoolProvider {\n @Override\n ThreadPoolExecutor createThreadPool(\n int coreSize,\n int maxSize,\n long keepAliveSeconds,\n ThreadFactory factory,\n RejectedExecutionHandler rejectedExecutionHandler) {\n return new ThreadPoolExecutor(\n coreSize,\n maxSize,\n keepAliveSeconds,\n TimeUnit.SECONDS,\n blockingQueue,\n factory,\n rejectedExecutionHandler);\n }\n }\n\n /** Builder for {@link ThreadPoolModule}. */\n public static final class Builder\n extends BaseThreadPoolModuleBuilder {\n private int queueCapacity = Integer.MAX_VALUE;\n private @Nullable BlockingQueue blockingQueue;\n\n public Builder() {\n super(ListeningExecutorService.class);\n }\n\n @Override\n Builder self() {\n return this;\n }\n\n /** {@inheritDoc} */\n @Override\n public Builder setMaxSize(int maxSize) {\n return super.setMaxSize(maxSize);\n }\n\n /** {@inheritDoc} */\n @Override\n public Builder setCoreSize(int coreSize) {\n return super.setCoreSize(coreSize);\n }\n\n /**\n * Sets the queue capacity for the thread pool.\n *\n *
NOTE: Users should NOT specify both this value and the {@link BlockingQueue} via {@link\n * #setBlockingQueue}.\n *\n *
By default, {@link SynchronousQueue} will be used when {@code queueCapacity} is set to\n * zero. Otherwise a {@link LinkedBlockingQueue} will be used.\n *\n * @param queueCapacity the capacity of the task queue.\n * @return the Builder instance itself.\n */\n public Builder setQueueCapacity(int queueCapacity) {\n checkArgument(queueCapacity >= 0, \"The queue capacity should be non-negative value.\");\n this.queueCapacity = queueCapacity;\n return this;\n }\n\n /**\n * Sets the {@link BlockingQueue} to use for holding tasks before they are executed.\n *\n *
NOTE: Do NOT set both {@link BlockingQueue} and {@code queueCapacity}. Only use this\n * method to override the default {@link BlockingQueue} choice. See comments of {@link\n * #getBlockingQueue} for which {@link BlockingQueue} is used by default.\n *\n * @param blockingQueue a {@link BlockingQueue} used for holding tasks before executing.\n * @return the Builder instance itself.\n */\n public Builder setBlockingQueue(BlockingQueue blockingQueue) {\n this.blockingQueue = checkNotNull(blockingQueue);\n return this;\n }\n\n private BlockingQueue getBlockingQueue() {\n if (blockingQueue == null) {\n return queueCapacity == 0\n ? new SynchronousQueue<>()\n : new LinkedBlockingQueue<>(queueCapacity);\n }\n return blockingQueue;\n }\n\n private boolean isBoundedQueue() {\n return (blockingQueue == null ? queueCapacity : blockingQueue.remainingCapacity())\n < Integer.MAX_VALUE;\n }\n\n @Override\n void validate() {\n checkState(\n blockingQueue == null || queueCapacity == Integer.MAX_VALUE,\n \"Both custom BlockingQueue and queue capacity are specified.\");\n if (coreSize < maxSize) {\n checkState(\n isBoundedQueue(),\n \"Finite capacity queue should be set when the core pool size is less than max pool\"\n + \" size. ThreadPoolExecutor will only create new threads past core size when the\"\n + \" queue is full.\");\n }\n }\n\n @Override\n ThreadPoolModule newModule() {\n return new ThreadPoolModule(this);\n }\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/config/ConfigException.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.config;\n\nimport com.google.tsunami.common.ErrorCode;\nimport com.google.tsunami.common.TsunamiException;\n\n/** Exception when handling Tsunami configs. */\npublic class ConfigException extends TsunamiException {\n public ConfigException(String message) {\n super(ErrorCode.CONFIG_ERROR, message);\n }\n\n public ConfigException(String message, Throwable cause) {\n super(ErrorCode.CONFIG_ERROR, message, cause);\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/config/ConfigLoader.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.config;\n\n/** Config loader interface that load Tsunami configs from certain data sources. */\npublic interface ConfigLoader {\n\n /**\n * Load a {@link TsunamiConfig} object from certain data source.\n *\n * @return the loaded {@link TsunamiConfig} object.\n */\n TsunamiConfig loadConfig();\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/config/ConfigModule.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.config;\n\nimport static com.google.common.base.Preconditions.checkNotNull;\n\nimport com.google.common.flogger.GoogleLogger;\nimport com.google.inject.AbstractModule;\nimport io.github.classgraph.ClassInfo;\nimport io.github.classgraph.ScanResult;\n\n/**\n * A Guice module that binds all Tsunami config objects at runtime.\n *\n *
This module relies on the {@link io.github.classgraph.ClassGraph} scan results to identify all\n * Tsunami config objects annotated by the {@link\n * com.google.tsunami.common.config.annotations.ConfigProperties} annotation. Each config class is\n * bound to a singleton object whose fields are populated from the Tsunami config file.\n */\npublic final class ConfigModule extends AbstractModule {\n private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();\n private static final String CONFIG_PROPERTIES_ANNOTATION =\n \"com.google.tsunami.common.config.annotations.ConfigProperties\";\n\n private final ScanResult scanResult;\n private final TsunamiConfig tsunamiConfig;\n\n public ConfigModule(ScanResult scanResult, TsunamiConfig tsunamiConfig) {\n this.scanResult = checkNotNull(scanResult);\n this.tsunamiConfig = checkNotNull(tsunamiConfig);\n }\n\n @Override\n protected void configure() {\n bind(TsunamiConfig.class).toInstance(tsunamiConfig);\n\n for (ClassInfo configClass :\n scanResult\n .getClassesWithAnnotation(CONFIG_PROPERTIES_ANNOTATION)\n .filter(classInfo -> !classInfo.isAbstract())) {\n logger.atInfo().log(\"Found Tsunami config class: %s\", configClass.getName());\n\n bindConfigClass(getConfigPrefix(configClass), configClass.loadClass());\n }\n }\n\n private void bindConfigClass(String configPrefix, Class configClass) {\n T configObject = tsunamiConfig.getConfig(configPrefix, configClass);\n bind(configClass).toInstance(configObject);\n }\n\n private static String getConfigPrefix(ClassInfo configClass) {\n Object configPrefix =\n configClass\n .getAnnotationInfo(CONFIG_PROPERTIES_ANNOTATION)\n .getParameterValues()\n .getValue(\"value\");\n if (!(configPrefix instanceof String)) {\n throw new AssertionError(\"SHOULD NEVER HAPPEN, ConfigProperties value is not a string.\");\n }\n\n return (String) configPrefix;\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/config/TsunamiConfig.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.config;\n\nimport static com.google.common.base.Preconditions.checkNotNull;\n\nimport com.google.common.base.CaseFormat;\nimport com.google.common.base.Converter;\nimport com.google.common.base.Splitter;\nimport com.google.common.collect.ImmutableMap;\nimport java.lang.reflect.Constructor;\nimport java.lang.reflect.Field;\nimport java.util.Map;\nimport java.util.Optional;\n\n/** A data holder for all Tsunami config data, including config files and Java system properties. */\npublic final class TsunamiConfig {\n private static final Converter FIELD_NAME_TO_LOWER_UNDERSCORE =\n CaseFormat.LOWER_CAMEL.converterTo(CaseFormat.LOWER_UNDERSCORE);\n private static final Splitter CONFIG_PATH_SPLITTER = Splitter.on('.').omitEmptyStrings();\n\n private final ImmutableMap rawConfigData;\n\n private TsunamiConfig(ImmutableMap rawConfigData) {\n this.rawConfigData = checkNotNull(rawConfigData);\n }\n\n public ImmutableMap getRawConfigData() {\n return rawConfigData;\n }\n\n public static TsunamiConfig fromYamlData(Map yamlConfig) {\n return new TsunamiConfig(\n yamlConfig == null ? ImmutableMap.of() : ImmutableMap.copyOf(yamlConfig));\n }\n\n public static Optional getSystemProperty(String propertyName) {\n return Optional.ofNullable(getSystemProperty(propertyName, null));\n }\n\n public static String getSystemProperty(String propertyName, String def) {\n return System.getProperty(propertyName, def);\n }\n\n /**\n * Get a config object with the given {@code configPrefix} and bind all config values to the\n * requested {@code clazz}.\n *\n *
This code uses reflection to create the requested config object. The request type {@code T}\n * must provide a no-argument or default constructor.\n *\n * @param configPrefix the prefix of the config to be read from.\n * @param clazz the class of the returned config object.\n * @param actual config object type.\n * @return an object whose field values are filled by the config data under the given {@code\n * configPrefix}.\n */\n public T getConfig(String configPrefix, Class clazz) {\n checkNotNull(configPrefix);\n checkNotNull(clazz);\n\n Map configValue = readConfigValue(configPrefix);\n return newConfigObject(clazz, configValue);\n }\n\n @SuppressWarnings(\"unchecked\") // We know Map key is always String from yaml file.\n public ImmutableMap readConfigValue(String configPrefix) {\n Map retrievedData = rawConfigData;\n\n // Config prefixes are dot separated words list, e.g. example.config.prefix.\n for (String configKey : CONFIG_PATH_SPLITTER.split(configPrefix)) {\n // Requested data not found under configPrefix.\n if (!retrievedData.containsKey(configKey)) {\n return ImmutableMap.of();\n }\n\n Object configData = retrievedData.get(configKey);\n if (!(configData instanceof Map)) {\n throw new ConfigException(\n String.format(\n \"Unexpected data type for config '%s', expected '%s', got '%s'\",\n configKey, Map.class, configData.getClass()));\n }\n\n retrievedData = (Map) configData;\n }\n\n return ImmutableMap.copyOf(retrievedData);\n }\n\n private static T newConfigObject(Class clazz, Map configValue) {\n try {\n Constructor configObjectCtor = clazz.getDeclaredConstructor();\n // Always create an instance of the config data regardless of scope.\n configObjectCtor.setAccessible(true);\n T configObject = configObjectCtor.newInstance();\n\n // Fill each field of the configObject from configValue using the field name as key.\n for (Field field : clazz.getDeclaredFields()) {\n String fieldName = field.getName();\n if (configValue.containsKey(fieldName)\n || configValue.containsKey(FIELD_NAME_TO_LOWER_UNDERSCORE.convert(fieldName))) {\n Object fieldValue =\n Optional.ofNullable(configValue.get(fieldName))\n .orElse(configValue.get(FIELD_NAME_TO_LOWER_UNDERSCORE.convert(fieldName)));\n field.setAccessible(true);\n field.set(configObject, fieldValue);\n }\n }\n\n return configObject;\n } catch (ReflectiveOperationException e) {\n // This is bad. Config objects cannot be created or config value cannot be assigned to the\n // field, we throw assertion error and fail the execution.\n throw new AssertionError(\n String.format(\n \"Unable to create new instance of '%s' using config value '%s'\", clazz, configValue),\n e);\n }\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/config/YamlConfigLoader.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.config;\n\nimport static java.nio.charset.StandardCharsets.UTF_8;\n\nimport com.google.common.flogger.GoogleLogger;\nimport com.google.common.io.Files;\nimport java.io.File;\nimport java.io.FileNotFoundException;\nimport java.io.Reader;\nimport java.io.StringReader;\nimport java.util.Map;\nimport org.yaml.snakeyaml.LoaderOptions;\nimport org.yaml.snakeyaml.Yaml;\nimport org.yaml.snakeyaml.constructor.SafeConstructor;\n\n/** A {@link ConfigLoader} implementation that loads Tsunami configs from YAML file. */\npublic final class YamlConfigLoader implements ConfigLoader {\n private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();\n private static final String DEFAULT_CONFIG_FILE = \"tsunami.yaml\";\n\n @Override\n public TsunamiConfig loadConfig() {\n Yaml yaml = new Yaml(new SafeConstructor(new LoaderOptions()));\n Map rawYamlData = yaml.load(configFileReader());\n return TsunamiConfig.fromYamlData(rawYamlData);\n }\n\n private static Reader configFileReader() {\n String configFile =\n TsunamiConfig.getSystemProperty(\"tsunami.config.location\").orElse(DEFAULT_CONFIG_FILE);\n\n try {\n return Files.newReader(new File(configFile), UTF_8);\n } catch (FileNotFoundException e) {\n logger.atWarning().log(\n \"Unable to read config file '%s', default to empty config.\", configFile);\n return new StringReader(\"\");\n }\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/config/annotations/ConfigProperties.java",
"content": "/*\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.config.annotations;\n\nimport java.lang.annotation.ElementType;\nimport java.lang.annotation.Retention;\nimport java.lang.annotation.RetentionPolicy;\nimport java.lang.annotation.Target;\n\n/**\n * An annotation for marking a Tsunami config object that can be initialized from external config\n * files, e.g. a {@code .yaml} file.\n *\n *
This annotation is required for any config object in order for Tsunami initialization logic to\n * identify and automatically populate config properties.\n *\n * Example usage:\n *\n *
{@code\n * {@literal @}ConfigProperties(\"example.config.location\")})\n * public class ExampleConfig {\n * // ...\n * }\n * }
\n */\n@Retention(RetentionPolicy.RUNTIME)\n@Target(ElementType.TYPE)\npublic @interface ConfigProperties {\n\n /**\n * The required prefix of the properties that should be bound to the annotated object.\n *\n *
A valid prefix is defined as dot separated words list (e.g. \"plugin.example.abc\"). Each dot\n * separated segment represents a section within the config file. For example, given a YAML file\n *\n *
\n *\n * value {@code \"plugin.example.abc\"} will select {@code fieldA} and {@code fieldB} for config\n * binding for the annotated class.\n *\n * @return the prefix of the config properties.\n */\n String value();\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/data/NetworkEndpointUtils.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n *\n * For any utility update, please consider if Python's network endpoint utils\n * (plugin_server/py/common/data/network_endpoint_utils.py) also needs the modification.\n */\npackage com.google.tsunami.common.data;\n\nimport static com.google.common.base.Preconditions.checkArgument;\nimport static com.google.common.base.Preconditions.checkNotNull;\n\nimport com.google.common.net.HostAndPort;\nimport com.google.common.net.InetAddresses;\nimport com.google.tsunami.proto.AddressFamily;\nimport com.google.tsunami.proto.Hostname;\nimport com.google.tsunami.proto.IpAddress;\nimport com.google.tsunami.proto.NetworkEndpoint;\nimport com.google.tsunami.proto.Port;\nimport java.net.Inet4Address;\nimport java.net.Inet6Address;\nimport java.net.InetAddress;\n\n/** Static utility methods pertaining to {@link NetworkEndpoint} proto buffer. */\npublic final class NetworkEndpointUtils {\n public static final int MAX_PORT_NUMBER = 65535;\n\n private NetworkEndpointUtils() {}\n\n public static boolean hasIpAddress(NetworkEndpoint networkEndpoint) {\n return networkEndpoint.getType().equals(NetworkEndpoint.Type.IP)\n || networkEndpoint.getType().equals(NetworkEndpoint.Type.IP_PORT)\n || networkEndpoint.getType().equals(NetworkEndpoint.Type.IP_HOSTNAME)\n || networkEndpoint.getType().equals(NetworkEndpoint.Type.IP_HOSTNAME_PORT);\n }\n\n public static boolean hasHostname(NetworkEndpoint networkEndpoint) {\n return networkEndpoint.getType().equals(NetworkEndpoint.Type.HOSTNAME)\n || networkEndpoint.getType().equals(NetworkEndpoint.Type.HOSTNAME_PORT)\n || networkEndpoint.getType().equals(NetworkEndpoint.Type.IP_HOSTNAME)\n || networkEndpoint.getType().equals(NetworkEndpoint.Type.IP_HOSTNAME_PORT);\n }\n\n public static boolean hasPort(NetworkEndpoint networkEndpoint) {\n return networkEndpoint.getType().equals(NetworkEndpoint.Type.IP_PORT)\n || networkEndpoint.getType().equals(NetworkEndpoint.Type.HOSTNAME_PORT)\n || networkEndpoint.getType().equals(NetworkEndpoint.Type.IP_HOSTNAME_PORT);\n }\n\n public static boolean isIpV6Endpoint(NetworkEndpoint networkEndpoint) {\n return hasIpAddress(networkEndpoint)\n && networkEndpoint.getIpAddress().getAddressFamily().equals(AddressFamily.IPV6);\n }\n\n /**\n * Converts the given {@link NetworkEndpoint} to its uri authority representation.\n *\n *
For example:\n *\n *
\n *
ip_v4 = \"1.2.3.4\" -> uri = \"1.2.3.4\"\n *
ip_v6 = \"3ffe::1\" -> uri = \"[3ffe::1]\"\n *
host = \"localhost\" -> url = \"localhost\"\n *
ip_v4 = \"1.2.3.4\", port = 8888 -> uri = \"1.2.3.4:8888\"\n *
ip_v6 = \"3ffe::1\", port = 8888 -> uri = \"[3ffe::1]:8888\"\n *
\n *\n * @param networkEndpoint the {@link NetworkEndpoint} instance to be converted.\n * @return the URI authority converted from the {@link NetworkEndpoint} instance.\n */\n public static String toUriAuthority(NetworkEndpoint networkEndpoint) {\n return toHostAndPort(networkEndpoint).toString();\n }\n\n public static HostAndPort toHostAndPort(NetworkEndpoint networkEndpoint) {\n switch (networkEndpoint.getType()) {\n case IP:\n return HostAndPort.fromHost(networkEndpoint.getIpAddress().getAddress());\n case IP_PORT:\n return HostAndPort.fromParts(\n networkEndpoint.getIpAddress().getAddress(), networkEndpoint.getPort().getPortNumber());\n case HOSTNAME:\n case IP_HOSTNAME:\n return HostAndPort.fromHost(networkEndpoint.getHostname().getName());\n case HOSTNAME_PORT:\n case IP_HOSTNAME_PORT:\n return HostAndPort.fromParts(\n networkEndpoint.getHostname().getName(), networkEndpoint.getPort().getPortNumber());\n case UNRECOGNIZED:\n case TYPE_UNSPECIFIED:\n throw new AssertionError(\"Type for NetworkEndpoint must be specified.\");\n }\n\n throw new AssertionError(\n String.format(\n \"Should never happen. Unchecked NetworkEndpoint type: %s\", networkEndpoint.getType()));\n }\n\n /**\n * Creates a {@link NetworkEndpoint} proto buffer object from the given ip address.\n *\n * @param ipAddress the IP address of the network endpoint.\n * @return the created {@link NetworkEndpoint} instance from the given IP address.\n */\n public static NetworkEndpoint forIp(String ipAddress) {\n checkArgument(InetAddresses.isInetAddress(ipAddress), \"'%s' is not an IP address.\", ipAddress);\n\n return NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP)\n .setIpAddress(\n IpAddress.newBuilder()\n .setAddressFamily(ipAddressFamily(ipAddress))\n .setAddress(ipAddress))\n .build();\n }\n\n /**\n * Creates a {@link NetworkEndpoint} proto buffer object from the given ip address and port.\n *\n * @param ipAddress the IP address of the network endpoint.\n * @param port the port number of the network endpoint\n * @return the created {@link NetworkEndpoint} instance from the given IP and port.\n */\n public static NetworkEndpoint forIpAndPort(String ipAddress, int port) {\n checkArgument(InetAddresses.isInetAddress(ipAddress), \"'%s' is not an IP address.\", ipAddress);\n checkArgument(\n 0 <= port && port <= MAX_PORT_NUMBER,\n \"Port out of range. Expected [0, %s], actual %s.\",\n MAX_PORT_NUMBER,\n port);\n\n return forIp(ipAddress).toBuilder()\n .setType(NetworkEndpoint.Type.IP_PORT)\n .setPort(Port.newBuilder().setPortNumber(port))\n .build();\n }\n\n /**\n * Creates a {@link NetworkEndpoint} proto buffer object from the given hostname.\n *\n * @param hostname the hostname of the network endpoint\n * @return the created {@link NetworkEndpoint} instance from the hostname.\n */\n public static NetworkEndpoint forHostname(String hostname) {\n checkArgument(\n !InetAddresses.isInetAddress(hostname), \"Expected hostname, got IP address '%s'\", hostname);\n\n return NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.HOSTNAME)\n .setHostname(Hostname.newBuilder().setName(hostname))\n .build();\n }\n\n /**\n * Creates a {@link NetworkEndpoint} proto buffer object from the given ip address and hostname.\n *\n * @param hostname the hostname of the network endpoint\n * @param ipAddress the IP address of the network endpoint.\n * @return the created {@link NetworkEndpoint} instance from the IP address and hostname.\n */\n public static NetworkEndpoint forIpAndHostname(String ipAddress, String hostname) {\n return forIp(ipAddress).toBuilder()\n .setType(NetworkEndpoint.Type.IP_HOSTNAME)\n .setHostname(Hostname.newBuilder().setName(hostname))\n .build();\n }\n\n /**\n * Creates a {@link NetworkEndpoint} proto buffer object from the given hostname and port.\n *\n * @param hostname the hostname of the network endpoint\n * @param port the port number of the network endpoint.\n * @return the created {@link NetworkEndpoint} instance from the hostname and port.\n */\n public static NetworkEndpoint forHostnameAndPort(String hostname, int port) {\n checkArgument(\n 0 <= port && port <= MAX_PORT_NUMBER,\n \"Port out of range. Expected [0, %s], actual %s.\",\n MAX_PORT_NUMBER,\n port);\n\n return forHostname(hostname).toBuilder()\n .setType(NetworkEndpoint.Type.HOSTNAME_PORT)\n .setPort(Port.newBuilder().setPortNumber(port))\n .build();\n }\n\n /**\n * Returns a {@link NetworkEndpoint} proto buffer object from the given ip address, hostname and\n * port.\n *\n * @param ipAddress the IP address of the network endpoint.\n * @param hostname the hostname of the network endpoint\n * @param port the port number of the network endpoint.\n * @return the created {@link NetworkEndpoint} instance from the parameters.\n */\n public static NetworkEndpoint forIpHostnameAndPort(String ipAddress, String hostname, int port) {\n checkArgument(\n 0 <= port && port <= MAX_PORT_NUMBER,\n \"Port out of range. Expected [0, %s], actual %s.\",\n MAX_PORT_NUMBER,\n port);\n\n return forIpAndHostname(ipAddress, hostname).toBuilder()\n .setType(NetworkEndpoint.Type.IP_HOSTNAME_PORT)\n .setPort(Port.newBuilder().setPortNumber(port))\n .build();\n }\n\n /**\n * Returns a {@link NetworkEndpoint} proto buffer object from the given {@code networkEndpoint}\n * and port. The {@code networkEndpoint} parameter cannot contain any port information, otherwise\n * {@link IllegalArgumentException} is thrown.\n *\n * @param networkEndpoint the source {@link NetworkEndpoint} instance without the port number\n * @param port the port number of the network endpoint.\n * @return the {@link NetworkEndpoint} instance from the parameters.\n */\n public static NetworkEndpoint forNetworkEndpointAndPort(\n NetworkEndpoint networkEndpoint, int port) {\n checkNotNull(networkEndpoint);\n checkArgument(\n 0 <= port && port <= MAX_PORT_NUMBER,\n \"Port out of range. Expected [0, %s], actual %s.\",\n MAX_PORT_NUMBER,\n port);\n\n switch (networkEndpoint.getType()) {\n case IP:\n return networkEndpoint.toBuilder()\n .setType(NetworkEndpoint.Type.IP_PORT)\n .setPort(Port.newBuilder().setPortNumber(port))\n .build();\n case HOSTNAME:\n return networkEndpoint.toBuilder()\n .setType(NetworkEndpoint.Type.HOSTNAME_PORT)\n .setPort(Port.newBuilder().setPortNumber(port))\n .build();\n case IP_HOSTNAME:\n return networkEndpoint.toBuilder()\n .setType(NetworkEndpoint.Type.IP_HOSTNAME_PORT)\n .setPort(Port.newBuilder().setPortNumber(port))\n .build();\n case IP_PORT:\n case HOSTNAME_PORT:\n case IP_HOSTNAME_PORT:\n case UNRECOGNIZED:\n case TYPE_UNSPECIFIED:\n throw new IllegalArgumentException(\"Invalid NetworkEndpoint type.\");\n }\n throw new AssertionError(\n String.format(\n \"Should never happen. Unchecked NetworkEndpoint type: %s\", networkEndpoint.getType()));\n }\n\n public static AddressFamily ipAddressFamily(String ipAddress) {\n InetAddress inetAddress = InetAddresses.forString(ipAddress);\n\n if (inetAddress instanceof Inet4Address) {\n return AddressFamily.IPV4;\n } else if (inetAddress instanceof Inet6Address) {\n return AddressFamily.IPV6;\n } else {\n throw new AssertionError(String.format(\"Unknown IP address family for IP '%s'\", ipAddress));\n }\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/data/NetworkServiceUtils.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n *\n * For any utility update, please consider if Python's network service utils\n * (plugin_server/py/common/data/network_service_utils.py) also needs the modification.\n */\n\npackage com.google.tsunami.common.data;\n\nimport static com.google.common.base.Preconditions.checkArgument;\nimport static com.google.common.base.Preconditions.checkNotNull;\n\nimport com.google.common.base.Ascii;\nimport com.google.common.collect.ImmutableMap;\nimport com.google.tsunami.proto.AddressFamily;\nimport com.google.tsunami.proto.Hostname;\nimport com.google.tsunami.proto.IpAddress;\nimport com.google.tsunami.proto.NetworkEndpoint;\nimport com.google.tsunami.proto.NetworkService;\nimport com.google.tsunami.proto.Port;\nimport com.google.tsunami.proto.ServiceContext;\nimport com.google.tsunami.proto.TransportProtocol;\nimport com.google.tsunami.proto.WebServiceContext;\nimport java.net.Inet4Address;\nimport java.net.Inet6Address;\nimport java.net.InetAddress;\nimport java.net.URI;\nimport java.net.URISyntaxException;\nimport java.net.UnknownHostException;\nimport java.util.Optional;\n\n/** Static utility methods pertaining to {@link NetworkService} proto buffer. */\npublic final class NetworkServiceUtils {\n // Service names are those described in [RFC6335].\n private static final ImmutableMap IS_PLAIN_HTTP_BY_KNOWN_WEB_SERVICE_NAME =\n ImmutableMap.builder()\n .put(\"http\", true)\n .put(\"http-alt\", true) // Some http server are identified as this rather than \"http\".\n .put(\"http-proxy\", true)\n .put(\"https\", false)\n .put(\"radan-http\", true) // Port 8088, Hadoop Yarn web UI identified as this.\n .put(\"ssl/http\", false)\n .put(\"ssl/https\", false)\n .put(\"ssl/http-proxy\", false)\n .put(\"ssl/tungsten-https\", false) // Port 9443, WSO2 Identity Server & WSO2 API Manager.\n .put(\"ssl/wso2esb-console\", false) // Port 9444, WSO2 Identity Server Analytics.\n .build();\n\n private NetworkServiceUtils() {}\n\n public static boolean isWebService(Optional serviceName) {\n return serviceName.isPresent()\n && IS_PLAIN_HTTP_BY_KNOWN_WEB_SERVICE_NAME.containsKey(\n Ascii.toLowerCase(serviceName.get()));\n }\n\n public static boolean isWebService(NetworkService networkService) {\n checkNotNull(networkService);\n // A web-service is a service that is either flagged as http by nmap or one that supports at\n // least one HTTP method.\n return (networkService.getSupportedHttpMethodsCount() > 0)\n || isWebService(Optional.of(networkService.getServiceName()));\n }\n\n public static boolean isPlainHttp(NetworkService networkService) {\n checkNotNull(networkService);\n\n var isWebService = isWebService(networkService);\n var isKnownServiceName = IS_PLAIN_HTTP_BY_KNOWN_WEB_SERVICE_NAME.containsKey(\n Ascii.toLowerCase(networkService.getServiceName()));\n var doesNotSupportAnySslVersion = networkService.getSupportedSslVersionsCount() == 0;\n\n if (!isKnownServiceName) {\n return isWebService && doesNotSupportAnySslVersion;\n }\n\n var isKnownPlainHttpService =\n IS_PLAIN_HTTP_BY_KNOWN_WEB_SERVICE_NAME.getOrDefault(\n Ascii.toLowerCase(networkService.getServiceName()), false);\n\n return isKnownPlainHttpService && doesNotSupportAnySslVersion;\n }\n\n public static String getServiceName(NetworkService networkService) {\n if (isWebService(networkService) && networkService.hasSoftware()) {\n return Ascii.toLowerCase(networkService.getSoftware().getName());\n }\n return Ascii.toLowerCase(networkService.getServiceName());\n }\n\n public static String getWebServiceName(NetworkService networkService) {\n if (isWebService(networkService)\n && networkService.getServiceContext().getWebServiceContext().hasSoftware()) {\n return Ascii.toLowerCase(\n networkService.getServiceContext().getWebServiceContext().getSoftware().getName());\n }\n return Ascii.toLowerCase(networkService.getServiceName());\n }\n\n public static NetworkService buildUriNetworkService(String uriString) {\n try {\n URI uri = new URI(uriString);\n NetworkEndpoint uriEndPoint = buildUriNetworkEndPoint(uri);\n\n return NetworkService.newBuilder()\n .setNetworkEndpoint(uriEndPoint)\n .setTransportProtocol(TransportProtocol.TCP)\n .setServiceName(uri.getScheme())\n .setServiceContext(\n ServiceContext.newBuilder()\n .setWebServiceContext(\n WebServiceContext.newBuilder().setApplicationRoot(uri.getPath())))\n .build();\n } catch (URISyntaxException exception) {\n throw new AssertionError(\n String.format(\n \"Invalid uri syntax passed as target '%s'. Error: %s\", uriString, exception));\n }\n }\n\n private static NetworkEndpoint buildUriNetworkEndPoint(URI uri) {\n try {\n String hostname = uri.getHost();\n String scheme = uri.getScheme();\n checkArgument(\n scheme.equals(\"http\") || scheme.equals(\"https\"),\n \"Uri scheme should be one of the following: 'http', 'https'\");\n\n int port = uri.getPort();\n if (port < 0) {\n port = scheme.equals(\"http\") ? 80 : 443;\n }\n\n String ipAddress = InetAddress.getByName(hostname).getHostAddress();\n InetAddress inetAddress = InetAddress.getByName(uri.getHost());\n checkArgument(\n (inetAddress instanceof Inet4Address) || (inetAddress instanceof Inet6Address),\n \"Invalid address family\");\n AddressFamily addressFamily =\n inetAddress instanceof Inet4Address ? AddressFamily.IPV4 : AddressFamily.IPV6;\n\n return NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP_HOSTNAME_PORT)\n .setPort(Port.newBuilder().setPortNumber(port))\n .setHostname(Hostname.newBuilder().setName(uri.getHost()))\n .setIpAddress(\n IpAddress.newBuilder().setAddressFamily(addressFamily).setAddress(ipAddress))\n .build();\n } catch (UnknownHostException exception) {\n throw new AssertionError(\n String.format(\"Unable to get valid host from uri. Error: %s\", exception));\n }\n }\n\n /**\n * Build the root url for a web application service.\n *\n * @param networkService a web (http/https) service\n * @return the root url for the web service, which always ends with a \"/\".\n */\n public static String buildWebApplicationRootUrl(NetworkService networkService) {\n checkNotNull(networkService);\n\n if (!isWebService(networkService)) {\n return \"http://\"\n + NetworkEndpointUtils.toUriAuthority(networkService.getNetworkEndpoint())\n + \"/\";\n }\n\n String rootUrl =\n (isPlainHttp(networkService) ? \"http://\" : \"https://\")\n + buildWebUriAuthority(networkService)\n + buildWebAppRootPath(networkService);\n return rootUrl.endsWith(\"/\") ? rootUrl : rootUrl + \"/\";\n }\n\n private static String buildWebAppRootPath(NetworkService networkService) {\n String rootPath =\n networkService.getServiceContext().hasWebServiceContext()\n ? networkService.getServiceContext().getWebServiceContext().getApplicationRoot()\n : \"/\";\n if (!rootPath.startsWith(\"/\")) {\n rootPath = \"/\" + rootPath;\n }\n return rootPath;\n }\n\n private static String buildWebUriAuthority(NetworkService networkService) {\n String uriAuthority = NetworkEndpointUtils.toUriAuthority(networkService.getNetworkEndpoint());\n\n // Remove default ports of the protocol.\n boolean isPlainHttp = isPlainHttp(networkService);\n if (isPlainHttp && uriAuthority.endsWith(\":80\")) {\n uriAuthority = uriAuthority.substring(0, uriAuthority.lastIndexOf(\":80\"));\n }\n if (!isPlainHttp && uriAuthority.endsWith(\":443\")) {\n uriAuthority = uriAuthority.substring(0, uriAuthority.lastIndexOf(\":443\"));\n }\n\n return uriAuthority;\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/io/archiving/Archiver.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.io.archiving;\n\nimport static com.google.common.base.Preconditions.checkNotNull;\nimport static java.nio.charset.StandardCharsets.UTF_8;\n\nimport com.google.errorprone.annotations.CanIgnoreReturnValue;\n\n/** An {@link Archiver} archives the given data to some data storage. */\npublic interface Archiver {\n\n /**\n * Archives the {@code data} associated with the given {@code name}.\n *\n * @param name the name that will be associated with the data\n * @param data the data to be archived in byte array format\n * @return whether the given data is archived successfully.\n */\n @CanIgnoreReturnValue\n boolean archive(String name, byte[] data);\n\n /**\n * Archives the {@code data} associated with the given {@code name}. By default, this method\n * encodes the {@link CharSequence} {@code data} into a sequence of bytes using {@code UTF_8}\n * {@link java.nio.charset.StandardCharsets} and calls the {@link #archive(String, byte[])}\n * method.\n *\n * @param name the name that will be associated with the data\n * @param data the data to be archived in {@link CharSequence} format\n * @return whether the given data is archived successfully.\n */\n @CanIgnoreReturnValue\n default boolean archive(String name, CharSequence data) {\n return archive(name, checkNotNull(data).toString().getBytes(UTF_8));\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/io/archiving/GoogleCloudStorageArchiver.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.io.archiving;\n\nimport static com.google.common.base.Preconditions.checkArgument;\nimport static com.google.common.base.Preconditions.checkNotNull;\n\nimport com.beust.jcommander.Parameter;\nimport com.beust.jcommander.Parameters;\nimport com.beust.jcommander.validators.PositiveInteger;\nimport com.google.cloud.WriteChannel;\nimport com.google.cloud.storage.BlobInfo;\nimport com.google.cloud.storage.Storage;\nimport com.google.common.flogger.GoogleLogger;\nimport com.google.inject.assistedinject.Assisted;\nimport com.google.tsunami.common.cli.CliOption;\nimport java.io.IOException;\nimport java.nio.ByteBuffer;\nimport java.util.regex.Matcher;\nimport java.util.regex.Pattern;\nimport javax.inject.Inject;\n\n/** An {@link Archiver} implementation that archives data into Google Cloud Storage. */\npublic class GoogleCloudStorageArchiver implements Archiver {\n private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();\n // For sanity-checking and to parse out the bucket name and object id.\n // See https://cloud.google.com/storage/docs/bucket-naming\n public static final Pattern GS_URL_PATTERN = Pattern.compile(\"gs://([^/]{3,63})/(.*)\");\n\n private final Options options;\n private final Storage storage;\n\n /** All command line options for {@link GoogleCloudStorageArchiver}. */\n @Parameters(separators = \"=\")\n public static final class Options implements CliOption {\n @Parameter(\n names = \"--gcs-archiver-chunk-size-in-bytes\",\n description = \"The size of the data chunk when GCS archiver uploads data to Cloud Storage.\",\n validateWith = PositiveInteger.class)\n int chunkSizeInBytes = 1_000;\n\n @Parameter(\n names = \"--gcs-archiver-chunk-upload-threshold-in-bytes\",\n description = \"The default data size threshold in bytes to enable chunk upload to GCS.\",\n validateWith = PositiveInteger.class)\n int chunkUploadThresholdInBytes = 1_000_000;\n\n @Override\n public void validate() {}\n }\n\n @Inject\n public GoogleCloudStorageArchiver(Options options, @Assisted Storage storage) {\n this.options = checkNotNull(options);\n this.storage = checkNotNull(storage);\n }\n\n private static BlobInfo parseBlobInfo(String gcsUrl) {\n Matcher matcher = GS_URL_PATTERN.matcher(gcsUrl);\n checkArgument(matcher.matches(), \"Invalid GCS URL: '%s'\", gcsUrl);\n\n String bucketName = matcher.group(1);\n String objectName = matcher.group(2);\n return BlobInfo.newBuilder(bucketName, objectName).build();\n }\n\n @Override\n public boolean archive(String gcsUrl, byte[] data) {\n BlobInfo blobInfo = parseBlobInfo(gcsUrl);\n\n if (data.length <= options.chunkUploadThresholdInBytes) {\n // Create the blob in one request.\n logger.atInfo().log(\"Archiving data to GCS at '%s' in one request.\", gcsUrl);\n storage.create(blobInfo, data);\n return true;\n }\n\n // When content is large (1MB or more) it is recommended to write it in chunks via the blob's\n // channel writer.\n logger.atInfo().log(\n \"Content is larger than threshold, archiving data to GCS at '%s' in chunks.\", gcsUrl);\n try (WriteChannel writer = storage.writer(blobInfo)) {\n for (int chunkOffset = 0;\n chunkOffset < data.length;\n chunkOffset += options.chunkSizeInBytes) {\n int chunkSize = Math.min(data.length - chunkOffset, options.chunkSizeInBytes);\n writer.write(ByteBuffer.wrap(data, chunkOffset, chunkSize));\n }\n return true;\n } catch (IOException e) {\n logger.atSevere().withCause(e).log(\"Unable to archving data to GCS at '%s'.\", gcsUrl);\n return false;\n }\n }\n\n /** The factory of {@link GoogleCloudStorageArchiver} types for usage with assisted injection. */\n // TODO(b/145315535): consider wrap the Storage API into a client library. Current implementation\n // is not easily testable.\n public interface Factory {\n GoogleCloudStorageArchiver create(Storage storage);\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/io/archiving/GoogleCloudStorageArchiverModule.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.io.archiving;\n\nimport com.google.inject.AbstractModule;\nimport com.google.inject.assistedinject.FactoryModuleBuilder;\n\n/** Installs {@link GoogleCloudStorageArchiver}. */\npublic class GoogleCloudStorageArchiverModule extends AbstractModule {\n\n @Override\n protected void configure() {\n install(new FactoryModuleBuilder().build(GoogleCloudStorageArchiver.Factory.class));\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/io/archiving/RawFileArchiver.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.io.archiving;\n\nimport static com.google.common.base.Preconditions.checkArgument;\nimport static com.google.common.base.Preconditions.checkNotNull;\n\nimport com.google.common.base.Strings;\nimport com.google.common.flogger.GoogleLogger;\nimport com.google.common.io.Files;\nimport java.io.File;\nimport java.io.IOException;\n\n/** An {@link Archiver} implementation that archives data into file systems as raw files. */\npublic class RawFileArchiver implements Archiver {\n private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();\n\n @Override\n public boolean archive(String fileName, byte[] data) {\n checkArgument(!Strings.isNullOrEmpty(fileName));\n checkNotNull(data);\n\n try {\n logger.atInfo().log(\"Archiving data to file system with filename '%s'.\", fileName);\n Files.asByteSink(new File(fileName)).write(data);\n return true;\n } catch (IOException e) {\n logger.atWarning().withCause(e).log(\"Failed archiving data to file '%s'.\", fileName);\n return false;\n }\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/io/archiving/testing/FakeArchiver.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.io.archiving.testing;\n\nimport static com.google.common.truth.Truth.assertThat;\n\nimport com.google.common.collect.Maps;\nimport com.google.tsunami.common.io.archiving.Archiver;\nimport java.util.Collection;\nimport java.util.Map;\nimport java.util.NoSuchElementException;\nimport java.util.Set;\n\n/** An implementation of {@link Archiver} that stores data in memory for testing purposes. */\npublic final class FakeArchiver implements Archiver {\n private final Map archivedByteArrayData = Maps.newHashMap();\n private final Map archivedCharSequenceData = Maps.newHashMap();\n private boolean shouldFail = false;\n\n @Override\n public boolean archive(String name, byte[] data) {\n if (shouldFail) {\n return false;\n }\n\n archivedByteArrayData.put(name, data);\n return true;\n }\n\n @Override\n public boolean archive(String name, CharSequence data) {\n if (shouldFail) {\n return false;\n }\n\n archivedCharSequenceData.put(name, data);\n return true;\n }\n\n public void failArchival() {\n this.shouldFail = true;\n }\n\n public byte[] getStoredByteArrays(String name) {\n if (!archivedByteArrayData.containsKey(name)) {\n throw new NoSuchElementException(String.format(\"'%s' not found in FakeArchiver\", name));\n }\n return archivedByteArrayData.get(name);\n }\n\n public CharSequence getStoredCharSequence(String name) {\n if (!archivedCharSequenceData.containsKey(name)) {\n throw new NoSuchElementException(String.format(\"'%s' not found in FakeArchiver\", name));\n }\n return archivedCharSequenceData.get(name);\n }\n\n public void assertNoByteArraysStored() {\n assertThat(archivedByteArrayData).isEmpty();\n }\n\n public void assertNoCharSequencesStored() {\n assertThat(archivedCharSequenceData).isEmpty();\n }\n\n public void assertNoDataStored() {\n assertNoByteArraysStored();\n assertNoCharSequencesStored();\n }\n\n public void assertByteArraysStored(Map expectedData) {\n assertThat(archivedByteArrayData).containsExactlyEntriesIn(expectedData);\n }\n\n public void assertByteArraysStoredForNames(Set expectedNames) {\n assertThat(archivedByteArrayData.keySet()).containsExactlyElementsIn(expectedNames);\n }\n\n public void assertByteArraysStoredWithValues(Collection expectedValues) {\n assertThat(archivedByteArrayData.values()).containsExactlyElementsIn(expectedValues);\n }\n\n public void assertCharSequencesStored(Map expectedData) {\n assertThat(archivedCharSequenceData).containsExactlyEntriesIn(expectedData);\n }\n\n public void assertCharSequencesStoredForNames(Set expectedNames) {\n assertThat(archivedCharSequenceData.keySet()).containsExactlyElementsIn(expectedNames);\n }\n\n public void assertCharSequencesStoredWithValues(Collection expectedValues) {\n assertThat(archivedCharSequenceData.values()).containsExactlyElementsIn(expectedValues);\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/io/archiving/testing/FakeGoogleCloudStorageArchivers.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.io.archiving.testing;\n\nimport com.google.cloud.storage.Storage;\nimport com.google.tsunami.common.io.archiving.GoogleCloudStorageArchiver;\nimport java.util.HashMap;\nimport java.util.Map;\nimport java.util.NoSuchElementException;\n\n/** A collection of fake {@link GoogleCloudStorageArchiver} created by {@link FakeFactory}. */\npublic final class FakeGoogleCloudStorageArchivers {\n private final Map delegatedArchivers = new HashMap<>();\n\n public void assertNoDataStored() {\n for (FakeArchiver delegate : delegatedArchivers.values()) {\n delegate.assertNoDataStored();\n }\n }\n\n /**\n * Get the byte array data stored in {@code storage} at {@code gcsUrl}.\n *\n * @param storage the instance of the GCS storage.\n * @param gcsUrl the URL to the GCS storage object.\n * @return the content of the GCS storage object in byte array format.\n */\n public byte[] getStoredByteArrays(Storage storage, String gcsUrl) {\n if (!delegatedArchivers.containsKey(storage)) {\n throw new NoSuchElementException(String.format(\"Storage '%s' not found\", storage));\n }\n return delegatedArchivers.get(storage).getStoredByteArrays(gcsUrl);\n }\n\n /**\n * Get the {@link CharSequence} data stored in {@code storage} at {@code gcsUrl}.\n *\n * @param storage the instance of the GCS storage.\n * @param gcsUrl the URL to the GCS storage object.\n * @return the content of the GCS storage object in {@link CharSequence} format.\n */\n public CharSequence getStoredCharSequence(Storage storage, String gcsUrl) {\n if (!delegatedArchivers.containsKey(storage)) {\n throw new NoSuchElementException(String.format(\"Storage '%s' not found\", storage));\n }\n return delegatedArchivers.get(storage).getStoredCharSequence(gcsUrl);\n }\n\n final class FakeGoogleCloudStorageArchiver extends GoogleCloudStorageArchiver {\n private final Storage storage;\n\n private FakeGoogleCloudStorageArchiver(Storage storage) {\n super(new Options(), storage);\n this.storage = storage;\n }\n\n @Override\n public boolean archive(String gcsUrl, byte[] data) {\n FakeArchiver fakeArchiver =\n delegatedArchivers.computeIfAbsent(storage, unused -> new FakeArchiver());\n return fakeArchiver.archive(gcsUrl, data);\n }\n\n @Override\n public boolean archive(String gcsUrl, CharSequence data) {\n FakeArchiver fakeArchiver =\n delegatedArchivers.computeIfAbsent(storage, unused -> new FakeArchiver());\n return fakeArchiver.archive(gcsUrl, data);\n }\n }\n\n final class FakeFactory implements GoogleCloudStorageArchiver.Factory {\n\n @Override\n public GoogleCloudStorageArchiver create(Storage storage) {\n return new FakeGoogleCloudStorageArchiver(storage);\n }\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/io/archiving/testing/FakeGoogleCloudStorageArchiversModule.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.io.archiving.testing;\n\nimport com.google.inject.AbstractModule;\nimport com.google.inject.Provides;\nimport com.google.tsunami.common.io.archiving.GoogleCloudStorageArchiver;\nimport javax.inject.Singleton;\n\n/** Installs fake factory for {@link GoogleCloudStorageArchiver}. */\npublic final class FakeGoogleCloudStorageArchiversModule extends AbstractModule {\n\n @Provides\n @Singleton\n GoogleCloudStorageArchiver.Factory provideGoogleCloudStorageArchiverFactory(\n FakeGoogleCloudStorageArchivers fakeGoogleCloudStorageArchivers) {\n return fakeGoogleCloudStorageArchivers.new FakeFactory();\n }\n\n @Provides\n @Singleton\n FakeGoogleCloudStorageArchivers provideFakeGoogleCloudStorageArchivers() {\n return new FakeGoogleCloudStorageArchivers();\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/io/archiving/testing/FakeRawFileArchiver.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.io.archiving.testing;\n\nimport com.google.tsunami.common.io.archiving.RawFileArchiver;\n\n/** A fake implementation of the {@link RawFileArchiver}. */\npublic final class FakeRawFileArchiver extends RawFileArchiver {\n private final FakeArchiver delegate = new FakeArchiver();\n\n @Override\n public boolean archive(String fileName, byte[] data) {\n return delegate.archive(fileName, data);\n }\n\n @Override\n public boolean archive(String fileName, CharSequence data) {\n return delegate.archive(fileName, data);\n }\n\n public byte[] getStoredByteArrays(String fileName) {\n return delegate.getStoredByteArrays(fileName);\n }\n\n public CharSequence getStoredCharSequence(String fileName) {\n return delegate.getStoredCharSequence(fileName);\n }\n\n public void assertNoDataStored() {\n delegate.assertNoDataStored();\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/io/archiving/testing/FakeRawFileArchiverModule.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.io.archiving.testing;\n\nimport com.google.inject.AbstractModule;\nimport com.google.tsunami.common.io.archiving.RawFileArchiver;\nimport javax.inject.Singleton;\n\n/** Installs {@link FakeRawFileArchiver}. */\npublic final class FakeRawFileArchiverModule extends AbstractModule {\n\n @Override\n protected void configure() {\n // This is intentional to create 2 separate bindings. One is for FakeRawFileArchiver itself,\n // which always injects as a singleton. The other one links the binding for RawFileArchiver to\n // FakeRawFileArchiver so that the FakeRawFileArchiver singleton instance is injected to\n // RawFileArchiver. This way the classes on the inheritance chain always get the same instance.\n //\n // This is useful in unit test. Test cases now are able to get the same injected instance as the\n // code under test.\n bind(FakeRawFileArchiver.class).in(Singleton.class);\n bind(RawFileArchiver.class).to(FakeRawFileArchiver.class);\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/FuzzingUtils.java",
"content": "/*\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net;\n\nimport static com.google.common.base.Strings.isNullOrEmpty;\nimport static com.google.common.collect.ImmutableList.toImmutableList;\nimport static java.util.stream.Collectors.joining;\n\nimport com.google.auto.value.AutoValue;\nimport com.google.common.base.Splitter;\nimport com.google.common.collect.ImmutableList;\nimport com.google.common.collect.ImmutableSet;\nimport com.google.tsunami.common.net.http.HttpRequest;\nimport java.net.URI;\nimport java.util.ArrayList;\nimport java.util.List;\nimport java.util.Optional;\n\n/** Fuzzing utilities for HTTP request properties. */\npublic final class FuzzingUtils {\n /* TODO(b/251480660): Refactor to generic fuzzing library. */\n\n /**\n * Fuzz GET parameters by replacing values with the provided payload. If no GET parameter is\n * found, add a new parameter called {@code defaultParameter}.\n */\n public static ImmutableList fuzzGetParametersWithDefaultParameter(\n HttpRequest request, String payload, String defaultParameter) {\n return fuzzGetParameters(request, payload, Optional.of(defaultParameter), ImmutableSet.of());\n }\n\n /**\n * Fuzz GET parameters by replacing values with the provided payload. Payloads are expected to\n * represent paths. If encountered, file extesions and path prefixes are kept and provided via\n * additional exploit requests. If no GET parameter is found, return an empty list.\n */\n public static ImmutableList fuzzGetParametersExpectingPathValues(\n HttpRequest request, String payload) {\n return fuzzGetParameters(\n request, payload, Optional.empty(), ImmutableSet.of(FuzzingModifier.FUZZING_PATHS));\n }\n\n /**\n * Fuzz GET parameters by replacing values with the provided payload. If no GET parameter is\n * found, return an empty list.\n */\n public static ImmutableList fuzzGetParameters(HttpRequest request, String payload) {\n return fuzzGetParameters(request, payload, Optional.empty(), ImmutableSet.of());\n }\n\n private static ImmutableList fuzzGetParameters(\n HttpRequest request,\n String payload,\n Optional defaultParameter,\n ImmutableSet modifiers) {\n URI parsedUrl = URI.create(request.url());\n ImmutableList queryParams = parseQuery(parsedUrl.getQuery());\n if (queryParams.isEmpty() && defaultParameter.isPresent()) {\n return ImmutableList.of(\n request.toBuilder()\n .setUrl(\n assembleUrlWithQueries(\n parsedUrl,\n ImmutableList.of(HttpQueryParameter.create(defaultParameter.get(), payload))))\n .build());\n }\n return fuzzParams(queryParams, payload, modifiers).stream()\n .map(fuzzedParams -> assembleUrlWithQueries(parsedUrl, fuzzedParams))\n .map(fuzzedUrl -> request.toBuilder().setUrl(fuzzedUrl).build())\n .collect(toImmutableList());\n }\n\n private static ImmutableList setFuzzedParams(\n ImmutableList params, int index, String payload) {\n List paramsWithPayload = new ArrayList<>(params);\n paramsWithPayload.set(index, HttpQueryParameter.create(params.get(index).name(), payload));\n return ImmutableList.copyOf(paramsWithPayload);\n }\n\n private static void fuzzParamsWithExtendedPathPayloads(\n ImmutableSet.Builder> builder,\n ImmutableList params,\n int index,\n String payload) {\n int dotLocation = params.get(index).value().lastIndexOf('.');\n if (dotLocation != -1) {\n builder.add(\n setFuzzedParams(\n params, index, payload + \"%00\" + params.get(index).value().substring(dotLocation)));\n }\n\n int slashLocation = params.get(index).value().lastIndexOf('/');\n if (slashLocation != -1) {\n builder.add(\n setFuzzedParams(\n params, index, params.get(index).value().substring(0, slashLocation + 1) + payload));\n }\n\n if (dotLocation != -1 && slashLocation != -1 && slashLocation < dotLocation) {\n builder.add(\n setFuzzedParams(\n params,\n index,\n params.get(index).value().substring(0, slashLocation + 1)\n + payload\n + \"%00\"\n + params.get(index).value().substring(dotLocation)));\n }\n }\n\n private static ImmutableSet> fuzzParams(\n ImmutableList params,\n String payload,\n ImmutableSet modifiers) {\n ImmutableSet.Builder> fuzzedParamsBuilder =\n ImmutableSet.builder();\n\n for (int i = 0; i < params.size(); i++) {\n fuzzedParamsBuilder.add(setFuzzedParams(params, i, payload));\n\n if (modifiers.contains(FuzzingModifier.FUZZING_PATHS)) {\n fuzzParamsWithExtendedPathPayloads(fuzzedParamsBuilder, params, i, payload);\n }\n }\n\n return fuzzedParamsBuilder.build();\n }\n\n public static ImmutableList parseQuery(String query) {\n if (isNullOrEmpty(query)) {\n return ImmutableList.of();\n }\n ImmutableList.Builder queryParamsBuilder = ImmutableList.builder();\n for (String param : Splitter.on('&').split(query)) {\n int equalPosition = param.indexOf(\"=\");\n if (equalPosition > -1) {\n String name = param.substring(0, equalPosition);\n String value = param.substring(equalPosition + 1);\n queryParamsBuilder.add(HttpQueryParameter.create(name, value));\n } else {\n queryParamsBuilder.add(HttpQueryParameter.create(param, \"\"));\n }\n }\n return queryParamsBuilder.build();\n }\n\n private static String assembleUrlWithQueries(\n URI parsedUrl, ImmutableList params) {\n String query = assembleQueryParams(params);\n StringBuilder urlBuilder = new StringBuilder();\n urlBuilder.append(parsedUrl.getScheme()).append(\"://\").append(parsedUrl.getRawAuthority());\n if (!isNullOrEmpty(parsedUrl.getRawPath())) {\n urlBuilder.append(parsedUrl.getRawPath());\n }\n if (!isNullOrEmpty(query)) {\n urlBuilder.append('?').append(query);\n }\n if (!isNullOrEmpty(parsedUrl.getRawFragment())) {\n urlBuilder.append('#').append(parsedUrl.getRawFragment());\n }\n return urlBuilder.toString();\n }\n\n private static String assembleQueryParams(ImmutableList params) {\n return params.stream()\n .map(param -> String.format(\"%s=%s\", param.name(), param.value()))\n .collect(joining(\"&\"));\n }\n\n /** URL Query parameter name and value pair. */\n @AutoValue\n public abstract static class HttpQueryParameter {\n public abstract String name();\n\n public abstract String value();\n\n public static HttpQueryParameter create(String name, String value) {\n return new AutoValue_FuzzingUtils_HttpQueryParameter(name, value);\n }\n }\n\n enum FuzzingModifier {\n FUZZING_PATHS;\n }\n\n private FuzzingUtils() {}\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/UrlUtils.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net;\n\nimport static java.nio.charset.StandardCharsets.UTF_8;\n\nimport com.google.common.base.Joiner;\nimport com.google.common.collect.ImmutableSet;\nimport com.google.common.collect.Iterables;\nimport com.google.common.collect.Lists;\nimport java.io.UnsupportedEncodingException;\nimport java.net.URLEncoder;\nimport java.util.List;\nimport java.util.Optional;\nimport java.util.regex.Pattern;\nimport okhttp3.HttpUrl;\n\n/** Utilities for dealing with URLs. */\npublic final class UrlUtils {\n private static final Joiner PATH_JOINER = Joiner.on(\"/\");\n private static final Pattern SLASH_PREFIX_PATTERN = Pattern.compile(\"^/+\");\n private static final Pattern TRAILING_SLASH_PATTERN = Pattern.compile(\"/+$\");\n\n /**\n * Enumerates all sub-paths for a given URL. All query parameters and fragments are removed.\n *\n *
For example:\n *\n *
\n *
given \"http://localhost/\", it returns [\"http://localhost/\"]\n *
given \"http://localhost/a/b/\", it returns \n * [\"http://localhost/\", \"http://localhost/a/\", \"http://localhost/a/b/\"]\n *
\n *\n * @param url the URL to be enumerated.\n * @return all sub-paths URLs for the given URL.\n */\n public static ImmutableSet allSubPaths(String url) {\n return allSubPaths(HttpUrl.parse(url));\n }\n\n /**\n * Enumerates all sub-paths for a given URL. All query parameters and fragments are removed.\n *\n *
For example:\n *\n *
\n *
given \"http://localhost/\", it returns [\"http://localhost/\"]\n *
given \"http://localhost/a/b/\", it returns \n * [\"http://localhost/\", \"http://localhost/a/\", \"http://localhost/a/b/\"]\n *
\n *\n * @param url the URL to be enumerated.\n * @return all sub-paths URLs for the given URL.\n */\n public static ImmutableSet allSubPaths(HttpUrl url) {\n if (url == null) {\n return ImmutableSet.of();\n }\n\n // Url at root.\n List pathSegments = url.encodedPathSegments();\n if (pathSegments.size() == 1 && pathSegments.get(0).isEmpty()) {\n return ImmutableSet.of(url.newBuilder().query(null).fragment(null).build());\n }\n\n // Url has sub-paths.\n ImmutableSet.Builder allSubUrlsBuilder = ImmutableSet.builder();\n for (int pathEnd = 0; pathEnd <= pathSegments.size(); pathEnd++) {\n List subPathSegments = Lists.newArrayList(pathSegments.subList(0, pathEnd));\n // Ensure sub-path has leading slash.\n if (subPathSegments.isEmpty() || !subPathSegments.get(0).isEmpty()) {\n subPathSegments.add(0, \"\");\n }\n // Ensure sub-path has trailing slash.\n if (subPathSegments.size() == 1 || !Iterables.getLast(subPathSegments).isEmpty()) {\n subPathSegments.add(\"\");\n }\n allSubUrlsBuilder.add(\n url.newBuilder()\n .encodedPath(PATH_JOINER.join(subPathSegments))\n .query(null)\n .fragment(null)\n .build());\n }\n return allSubUrlsBuilder.build();\n }\n\n /**\n * Removes the leading slashes of a URL path.\n *\n * @param path the URL path to be transformed.\n * @return a URL path without leading slash.\n */\n public static String removeLeadingSlashes(String path) {\n return SLASH_PREFIX_PATTERN.matcher(path).replaceFirst(\"\");\n }\n\n /**\n * Removes the trailing slashes of a URL path.\n *\n * @param path the URL path to be transformed.\n * @return a URL path without leading slash.\n */\n public static String removeTrailingSlashes(String path) {\n return TRAILING_SLASH_PATTERN.matcher(path).replaceFirst(\"\");\n }\n\n /**\n * Encodes the given String using URL-encoding.\n *\n * @param raw the raw String to be encoded.\n * @return the URL-encoded version of the provided String if it was valid UTF-8.\n */\n public static Optional urlEncode(String raw) {\n try {\n return Optional.of(URLEncoder.encode(raw, UTF_8.toString()));\n } catch (UnsupportedEncodingException e) {\n return Optional.empty();\n }\n }\n\n private UrlUtils() {}\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/db/ConnectionProvider.java",
"content": "/*\n * Copyright 2023 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.db;\n\nimport java.sql.Connection;\nimport java.sql.DriverManager;\nimport java.sql.SQLException;\n\n/** A client library that communicates with different databases via jdbc. */\npublic class ConnectionProvider implements ConnectionProviderInterface {\n public ConnectionProvider() {}\n\n @Override\n public Connection getConnection(String url, String user, String password) throws SQLException {\n return DriverManager.getConnection(url, user, password);\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/db/ConnectionProviderInterface.java",
"content": "/*\n * Copyright 2023 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.db;\n\nimport java.sql.Connection;\nimport java.sql.SQLException;\n\n/** A client interface that communicates with different databases. */\npublic interface ConnectionProviderInterface {\n public Connection getConnection(String url, String user, String password) throws SQLException;\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/http/HttpClient.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.http;\n\nimport com.google.common.util.concurrent.ListenableFuture;\nimport com.google.tsunami.proto.NetworkService;\nimport java.io.IOException;\nimport java.time.Duration;\nimport org.checkerframework.checker.nullness.qual.Nullable;\n\n/** A client library that communicates with remote servers via the HTTP protocol. */\npublic abstract class HttpClient {\n public static final String TSUNAMI_USER_AGENT = \"TsunamiSecurityScanner\";\n\n /**\n * Gets log id.\n *\n * @return log id string.\n */\n public abstract String getLogId();\n\n /**\n * NOTE: This is a temporary hack to workaround OkHttp's hardcoded URL canonicalization algorithm.\n * We should rewrite the entire library using a more flexible backend.\n *\n *
Sends the given HTTP request as is, blocking until full response is received.\n *\n * @param httpRequest the HTTP request to be sent by this client.\n * @return the response returned from the HTTP server.\n * @throws IOException if an I/O error occurs during the HTTP request.\n */\n public abstract HttpResponse sendAsIs(HttpRequest httpRequest) throws IOException;\n\n /**\n * Sends the given HTTP request using this client, blocking until full response is received.\n *\n * @param httpRequest the HTTP request to be sent by this client.\n * @return the response returned from the HTTP server.\n * @throws IOException if an I/O error occurs during the HTTP request.\n */\n public abstract HttpResponse send(HttpRequest httpRequest) throws IOException;\n\n /**\n * Sends the given HTTP request using this client blocking until full response is received. If\n * {@code networkService} is not null, the host header is set according to the service's header\n * field even if it resolves to a different ip.\n *\n * @param httpRequest the HTTP request to be sent by this client.\n * @param networkService the {@link NetworkService} proto to be used for the HOST header.\n * @return the response returned from the HTTP server.\n * @throws IOException if an I/O error occurs during the HTTP request.\n */\n public abstract HttpResponse send(\n HttpRequest httpRequest, @Nullable NetworkService networkService) throws IOException;\n\n /**\n * Sends the given HTTP request using this client asynchronously.\n *\n * @param httpRequest the HTTP request to be sent by this client.\n * @return the future for the response to be returned from the HTTP server.\n */\n public abstract ListenableFuture sendAsync(HttpRequest httpRequest);\n\n /**\n * Sends the given HTTP request using this client asynchronously. If {@code networkService} is not\n * null, the host header is set according to the service's header field even if it resolves to a\n * different ip.\n *\n * @param httpRequest the HTTP request to be sent by this client.\n * @param networkService the {@link NetworkService} proto to be used for the HOST header.\n * @return the future for the response to be returned from the HTTP server.\n */\n public abstract ListenableFuture sendAsync(\n HttpRequest httpRequest, @Nullable NetworkService networkService);\n\n public abstract Builder modify();\n\n /** Base builder for implementations of HttpClient */\n public abstract static class Builder {\n\n public abstract Builder setFollowRedirects(boolean followRedirects);\n\n public abstract Builder setLogId(String logId);\n\n public abstract Builder setConnectTimeout(Duration connectionTimeout);\n\n public abstract T build();\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/http/HttpClientCliOptions.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.http;\n\nimport com.beust.jcommander.Parameter;\nimport com.beust.jcommander.ParameterException;\nimport com.beust.jcommander.Parameters;\nimport com.google.tsunami.common.cli.CliOption;\nimport org.checkerframework.checker.nullness.qual.Nullable;\n\n/** Command line argument for {@link HttpClient}. */\n@Parameters(separators = \"=\")\npublic final class HttpClientCliOptions implements CliOption {\n\n @Parameter(\n names = \"--http-client-trust-all-certificates\",\n arity = 1,\n description = \"Whether the HTTP client should trust all certificates on HTTPS traffic.\")\n public Boolean trustAllCertificates;\n\n @Parameter(\n names = \"--http-client-call-timeout-seconds\",\n description =\n \"[Depreciated] Set to be the same as the timeout specified by\"\n + \" --http-client-connect-timeout-seconds.\")\n Integer callTimeoutSeconds;\n\n @Parameter(\n names = \"--http-client-connect-timeout-seconds\",\n description =\n \"The timeout in seconds for new HTTP connections. See\"\n + \" https://square.github.io/okhttp/4.x/okhttp/okhttp3/-ok-http-client/-builder/connect-timeout/\"\n + \" for more details.\")\n Integer connectTimeoutSeconds;\n\n @Parameter(\n names = \"--http-client-read-timeout-seconds\",\n description =\n \"[Depreciated] Set to be the same as the timeout specified by\"\n + \" --http-client-connect-timeout-seconds\")\n Integer readTimeoutSeconds;\n\n @Parameter(\n names = \"--http-client-write-timeout-seconds\",\n description =\n \"[Depreciated] Set to be the same as the timeout specified by\"\n + \" --http-client-connect-timeout-seconds.\")\n Integer writeTimeoutSeconds;\n\n @Parameter(\n names = \"--http-client-user-agent\",\n description = \"User-Agent to use in HTTP requests.\")\n public String userAgent = HttpClient.TSUNAMI_USER_AGENT;\n\n @Override\n public void validate() {\n validateTimeout(\"--http-client-call-timeout-seconds\", callTimeoutSeconds);\n validateTimeout(\"--http-client-connect-timeout-seconds\", connectTimeoutSeconds);\n validateTimeout(\"--http-client-read-timeout-seconds\", readTimeoutSeconds);\n validateTimeout(\"--http-client-write-timeout-seconds\", writeTimeoutSeconds);\n }\n\n private static void validateTimeout(String flagName, @Nullable Integer value) {\n if (value != null && value < 0) {\n throw new ParameterException(\n String.format(\"%s cannot be a negative number, received %d.\", flagName, value));\n }\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/http/HttpClientConfigProperties.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.http;\n\nimport com.google.tsunami.common.config.annotations.ConfigProperties;\n\n/** Configuration properties for {@link HttpClient}. */\n@ConfigProperties(\"common.net.http\")\npublic final class HttpClientConfigProperties {\n /** Whether the HTTP client should trust all certificates on HTTPS traffic. */\n Boolean trustAllCertificates;\n\n /**\n * The timeout in seconds for complete HTTP calls. See\n * https://square.github.io/okhttp/4.x/okhttp/okhttp3/-ok-http-client/-builder/call-timeout/ for\n * more details.\n */\n Integer callTimeoutSeconds;\n\n /**\n * The timeout in seconds for new HTTP connections. See\n * https://square.github.io/okhttp/4.x/okhttp/okhttp3/-ok-http-client/-builder/connect-timeout/\n * for more details.\n */\n Integer connectTimeoutSeconds;\n\n /**\n * The timeout in seconds for the read operations for HTTP connections. See\n * https://square.github.io/okhttp/4.x/okhttp/okhttp3/-ok-http-client/-builder/read-timeout/ for\n * more details.\n */\n Integer readTimeoutSeconds;\n\n /**\n * The timeout in seconds for the write operations for HTTP connections. See\n * https://square.github.io/okhttp/4.x/okhttp/okhttp3/-ok-http-client/-builder/write-timeout/ for\n * more details.\n */\n Integer writeTimeoutSeconds;\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/http/HttpClientModule.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.http;\n\nimport static com.google.common.base.Preconditions.checkArgument;\nimport static com.google.common.base.Preconditions.checkNotNull;\nimport static com.google.common.base.Strings.isNullOrEmpty;\nimport static java.util.concurrent.TimeUnit.MILLISECONDS;\n\nimport com.google.inject.AbstractModule;\nimport com.google.inject.Provides;\nimport com.google.tsunami.common.net.http.javanet.ConnectionFactory;\nimport com.google.tsunami.common.net.http.javanet.DefaultConnectionFactory;\nimport java.lang.annotation.ElementType;\nimport java.lang.annotation.Retention;\nimport java.lang.annotation.RetentionPolicy;\nimport java.lang.annotation.Target;\nimport java.security.GeneralSecurityException;\nimport java.security.SecureRandom;\nimport java.security.cert.X509Certificate;\nimport java.time.Duration;\nimport javax.inject.Qualifier;\nimport javax.inject.Singleton;\nimport javax.net.ssl.SSLContext;\nimport javax.net.ssl.SSLSocketFactory;\nimport javax.net.ssl.TrustManager;\nimport javax.net.ssl.X509TrustManager;\nimport okhttp3.ConnectionPool;\nimport okhttp3.Dispatcher;\nimport okhttp3.OkHttpClient;\n\n/** Guice module for installing {@link HttpClient} library. */\npublic final class HttpClientModule extends AbstractModule {\n // This TrustManager does NOT validate certificate chains.\n private static final X509TrustManager TRUST_ALL_CERTS_MANAGER =\n new X509TrustManager() {\n @Override\n public void checkClientTrusted(X509Certificate[] chain, String authType) {}\n\n @Override\n public void checkServerTrusted(X509Certificate[] chain, String authType) {}\n\n @Override\n public X509Certificate[] getAcceptedIssuers() {\n return new X509Certificate[0];\n }\n };\n // Maximum number of requests for each host (URL's host name) to execute concurrently.\n private static final int OKHTTPCLIENT_MAX_REQUESTS_PER_HOST = 5;\n\n // Maximum number of idle connections to each to keep in the pool.\n private final int connectionPoolMaxIdle;\n // Duration to keep the connection alive in the pool before closing it.\n private final Duration connectionPoolKeepAliveDuration;\n // Maximum number of requests to execute concurrently.\n private final int maxRequests;\n // Whether or not to follow redirect from server.\n private final boolean followRedirects;\n // A log ID to print in front of the logs.\n private final String logId;\n\n public HttpClientModule(Builder builder) {\n checkNotNull(builder);\n this.connectionPoolMaxIdle = builder.connectionPoolMaxIdle;\n this.connectionPoolKeepAliveDuration = builder.connectionPoolKeepAliveDuration;\n this.maxRequests = builder.maxRequests;\n this.followRedirects = builder.followRedirects;\n this.logId = builder.logId;\n }\n\n @Provides\n @Singleton\n ConnectionPool provideConnectionPool() {\n return new ConnectionPool(\n connectionPoolMaxIdle, connectionPoolKeepAliveDuration.toMillis(), MILLISECONDS);\n }\n\n @Provides\n @Singleton\n Dispatcher provideDispatcher() {\n Dispatcher dispatcher = new Dispatcher();\n dispatcher.setMaxRequests(maxRequests);\n dispatcher.setMaxRequestsPerHost(OKHTTPCLIENT_MAX_REQUESTS_PER_HOST);\n return dispatcher;\n }\n\n @Provides\n @Singleton\n @TrustAllCertsSocketFactory\n SSLSocketFactory provideTrustAllCertsSocketFactory() throws GeneralSecurityException {\n SSLContext sslContext = SSLContext.getInstance(\"TLS\");\n sslContext.init(null, new TrustManager[] {TRUST_ALL_CERTS_MANAGER}, new SecureRandom());\n return sslContext.getSocketFactory();\n }\n\n // Missing features:\n // 1. Custom cookie handler.\n @Provides\n @Singleton\n OkHttpClient provideOkHttpClient(\n ConnectionPool connectionPool,\n Dispatcher dispatcher,\n @TrustAllCertsSocketFactory SSLSocketFactory trustAllCertsSocketFactory,\n @TrustAllCertificates boolean trustAllCertificates,\n @ConnectTimeoutSeconds int connectTimeoutSeconds) {\n OkHttpClient.Builder clientBuilder =\n new OkHttpClient.Builder()\n .callTimeout(Duration.ofSeconds(connectTimeoutSeconds))\n .connectTimeout(Duration.ofSeconds(connectTimeoutSeconds))\n .readTimeout(Duration.ofSeconds(connectTimeoutSeconds))\n .writeTimeout(Duration.ofSeconds(connectTimeoutSeconds))\n .connectionPool(connectionPool)\n .dispatcher(dispatcher)\n .followRedirects(followRedirects);\n if (trustAllCertificates) {\n clientBuilder\n .sslSocketFactory(trustAllCertsSocketFactory, TRUST_ALL_CERTS_MANAGER)\n .hostnameVerifier((hostname, session) -> true);\n }\n return clientBuilder.build();\n }\n\n @Provides\n @Singleton\n HttpClient provideOkHttpHttpClient(\n OkHttpClient okHttpClient,\n @TrustAllCertificates boolean trustAllCertificates,\n ConnectionFactory connectionFactory,\n @LogId String logId,\n @ConnectTimeout Duration connectTimeout,\n @UserAgent String userAgent) {\n return new OkHttpHttpClient(\n okHttpClient, trustAllCertificates, connectionFactory, logId, connectTimeout, userAgent);\n }\n\n @Provides\n @Singleton\n ConnectionFactory provideJavaNetConnectionFactory(\n @TrustAllCertificates boolean trustAllCertificates,\n @TrustAllCertsSocketFactory SSLSocketFactory trustAllCertsSocketFactory,\n @ConnectTimeoutSeconds int connectTimeoutSeconds,\n @ReadTimeoutSeconds int readTimeoutSeconds) {\n return new DefaultConnectionFactory(\n trustAllCertificates,\n trustAllCertsSocketFactory,\n Duration.ofSeconds(connectTimeoutSeconds),\n Duration.ofSeconds(readTimeoutSeconds));\n }\n\n @Provides\n @TrustAllCertificates\n boolean shouldTrustAllCertificates(\n HttpClientCliOptions httpClientCliOptions,\n HttpClientConfigProperties httpClientConfigProperties) {\n if (httpClientCliOptions.trustAllCertificates != null) {\n return httpClientCliOptions.trustAllCertificates;\n }\n if (httpClientConfigProperties.trustAllCertificates != null) {\n return httpClientConfigProperties.trustAllCertificates;\n }\n return true;\n }\n\n @Provides\n @LogId\n String provideLogid() {\n return logId;\n }\n\n @Provides\n @FollowRedirects\n boolean provideFollowRedirects() {\n return followRedirects;\n }\n\n @Provides\n @MaxRequests\n int provideMaxRequests() {\n return maxRequests;\n }\n\n @Provides\n @CallTimeoutSeconds\n int provideCallTimeoutSeconds(\n HttpClientCliOptions httpClientCliOptions,\n HttpClientConfigProperties httpClientConfigProperties) {\n if (httpClientCliOptions.callTimeoutSeconds != null) {\n return httpClientCliOptions.callTimeoutSeconds;\n }\n if (httpClientConfigProperties.callTimeoutSeconds != null) {\n return httpClientConfigProperties.callTimeoutSeconds;\n }\n // Default call timeout specified in\n // https://square.github.io/okhttp/4.x/okhttp/okhttp3/-ok-http-client/-builder/call-timeout/.\n return 0;\n }\n\n @Provides\n @ConnectTimeoutSeconds\n int provideConnectTimeoutSeconds(\n HttpClientCliOptions httpClientCliOptions,\n HttpClientConfigProperties httpClientConfigProperties) {\n if (httpClientCliOptions.connectTimeoutSeconds != null) {\n return httpClientCliOptions.connectTimeoutSeconds;\n }\n if (httpClientConfigProperties.connectTimeoutSeconds != null) {\n return httpClientConfigProperties.connectTimeoutSeconds;\n }\n // Default connect timeout specified in\n // https://square.github.io/okhttp/4.x/okhttp/okhttp3/-ok-http-client/-builder/connect-timeout/.\n return 10;\n }\n\n @Provides\n @ConnectTimeout\n Duration provideConnectTimeout(@ConnectTimeoutSeconds int connectionTimeoutSeconds) {\n return Duration.ofSeconds(connectionTimeoutSeconds);\n }\n\n @Provides\n @ReadTimeoutSeconds\n int provideReadTimeoutSeconds(\n HttpClientCliOptions httpClientCliOptions,\n HttpClientConfigProperties httpClientConfigProperties) {\n if (httpClientCliOptions.readTimeoutSeconds != null) {\n return httpClientCliOptions.readTimeoutSeconds;\n }\n if (httpClientConfigProperties.readTimeoutSeconds != null) {\n return httpClientConfigProperties.readTimeoutSeconds;\n }\n // Default read timeout specified in\n // https://square.github.io/okhttp/4.x/okhttp/okhttp3/-ok-http-client/-builder/read-timeout/.\n return 10;\n }\n\n @Provides\n @WriteTimeoutSeconds\n int provideWriteTimeoutSeconds(\n HttpClientCliOptions httpClientCliOptions,\n HttpClientConfigProperties httpClientConfigProperties) {\n if (httpClientCliOptions.writeTimeoutSeconds != null) {\n return httpClientCliOptions.writeTimeoutSeconds;\n }\n if (httpClientConfigProperties.writeTimeoutSeconds != null) {\n return httpClientConfigProperties.writeTimeoutSeconds;\n }\n // Default write timeout specified in\n // https://square.github.io/okhttp/4.x/okhttp/okhttp3/-ok-http-client/-builder/write-timeout/.\n return 10;\n }\n\n @Provides\n @UserAgent\n String provideUserAgent(HttpClientCliOptions httpClientCliOptions) {\n if (!isNullOrEmpty(httpClientCliOptions.userAgent)) {\n return httpClientCliOptions.userAgent;\n }\n return HttpClient.TSUNAMI_USER_AGENT;\n }\n\n @Qualifier\n @Retention(RetentionPolicy.RUNTIME)\n @Target({ElementType.PARAMETER, ElementType.METHOD, ElementType.FIELD})\n @interface TrustAllCertificates {}\n\n @Qualifier\n @Retention(RetentionPolicy.RUNTIME)\n @Target({ElementType.PARAMETER, ElementType.METHOD, ElementType.FIELD})\n @interface TrustAllCertsSocketFactory {}\n\n @Qualifier\n @Retention(RetentionPolicy.RUNTIME)\n @Target({ElementType.PARAMETER, ElementType.METHOD, ElementType.FIELD})\n @interface LogId {}\n\n @Qualifier\n @Retention(RetentionPolicy.RUNTIME)\n @Target({ElementType.PARAMETER, ElementType.METHOD, ElementType.FIELD})\n @interface CallTimeoutSeconds {}\n\n @Qualifier\n @Retention(RetentionPolicy.RUNTIME)\n @Target({ElementType.PARAMETER, ElementType.METHOD, ElementType.FIELD})\n @interface ConnectTimeoutSeconds {}\n\n @Qualifier\n @Retention(RetentionPolicy.RUNTIME)\n @Target({ElementType.PARAMETER, ElementType.METHOD, ElementType.FIELD})\n @interface ConnectTimeout {}\n\n @Qualifier\n @Retention(RetentionPolicy.RUNTIME)\n @Target({ElementType.PARAMETER, ElementType.METHOD, ElementType.FIELD})\n @interface ReadTimeoutSeconds {}\n\n @Qualifier\n @Retention(RetentionPolicy.RUNTIME)\n @Target({ElementType.PARAMETER, ElementType.METHOD, ElementType.FIELD})\n @interface WriteTimeoutSeconds {}\n\n @Qualifier\n @Retention(RetentionPolicy.RUNTIME)\n @Target({ElementType.PARAMETER, ElementType.METHOD, ElementType.FIELD})\n @interface FollowRedirects {}\n\n @Qualifier\n @Retention(RetentionPolicy.RUNTIME)\n @Target({ElementType.PARAMETER, ElementType.METHOD, ElementType.FIELD})\n @interface MaxRequests {}\n\n @Qualifier\n @Retention(RetentionPolicy.RUNTIME)\n @Target({ElementType.PARAMETER, ElementType.METHOD, ElementType.FIELD})\n @interface UserAgent {}\n\n /** Builder for {@link HttpClientModule}. */\n public static final class Builder {\n private static final int DEFAULT_CONNECTION_POOL_MAX_IDLE = 5;\n private static final Duration DEFAULT_CONNECTION_POOL_KEEP_ALIVE_DURATION =\n Duration.ofMinutes(5);\n private static final int DEFAULT_MAX_REQUESTS = 64;\n private static final boolean DEFAULT_FOLLOW_REDIRECTS = true;\n private static final String DEFAULT_LOG_ID = \"\";\n\n private int connectionPoolMaxIdle = DEFAULT_CONNECTION_POOL_MAX_IDLE;\n private Duration connectionPoolKeepAliveDuration = DEFAULT_CONNECTION_POOL_KEEP_ALIVE_DURATION;\n private int maxRequests = DEFAULT_MAX_REQUESTS;\n private boolean followRedirects = DEFAULT_FOLLOW_REDIRECTS;\n private String logId = DEFAULT_LOG_ID;\n\n /**\n * Sets the maximum number of idle connections to each to keep in the pool.\n *\n * @param maxIdle maximum number of idel connecteds.\n * @return the {@link Builder} instance itself.\n */\n public Builder setConnectionPoolMaxIdle(int maxIdle) {\n checkArgument(maxIdle > 0);\n this.connectionPoolMaxIdle = maxIdle;\n return this;\n }\n\n /**\n * Sets the duration to keep the connection alive in the connection pool before closing it.\n *\n * @param keepAliveDuration the duration to keep the connection alive.\n * @return the {@link Builder} instance itself.\n */\n public Builder setConnectionPoolKeepAliveDuration(Duration keepAliveDuration) {\n checkNotNull(keepAliveDuration);\n checkArgument(!keepAliveDuration.isNegative());\n this.connectionPoolKeepAliveDuration = keepAliveDuration;\n return this;\n }\n\n /**\n * Sets the maximum number of requests to execute concurrently.\n *\n * @param maxRequests the maximum number of concurrent requests.\n * @return the {@link Builder} instance itself.\n */\n public Builder setMaxRequests(int maxRequests) {\n checkArgument(maxRequests > 0);\n this.maxRequests = maxRequests;\n return this;\n }\n\n /**\n * Sets whether or not to follow redirect from server. If unset, by default redirects will be\n * followed.\n *\n * @param followRedirects whether the HTTP client should follow redirect responses from the\n * server.\n * @return the {@link Builder} instance itself.\n */\n public Builder setFollowRedirects(boolean followRedirects) {\n this.followRedirects = followRedirects;\n return this;\n }\n\n /**\n * Sets the log ID to print in front of the logs.\n *\n * @param logId the log ID to print in front of the logs.\n * @return the {@link Builder} instance itself.\n */\n public Builder setLogId(String logId) {\n this.logId = logId;\n return this;\n }\n\n public HttpClientModule build() {\n return new HttpClientModule(this);\n }\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/http/HttpHeaders.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.http;\n\nimport static com.google.common.base.Preconditions.checkArgument;\nimport static com.google.common.base.Preconditions.checkNotNull;\n\nimport com.google.auto.value.AutoValue;\nimport com.google.common.base.Ascii;\nimport com.google.common.base.CharMatcher;\nimport com.google.common.base.MoreObjects;\nimport com.google.common.collect.ImmutableBiMap;\nimport com.google.common.collect.ImmutableList;\nimport com.google.common.collect.ImmutableListMultimap;\nimport com.google.common.collect.ImmutableSet;\nimport com.google.errorprone.annotations.Immutable;\nimport java.lang.reflect.Field;\nimport java.util.Optional;\n\n/** Immutable HTTP headers. */\n@Immutable\n@AutoValue\npublic abstract class HttpHeaders {\n private static final ImmutableBiMap LOWER_TO_KNOWN = createKnownHeaders();\n private static final ImmutableSet KNOWN = LOWER_TO_KNOWN.values();\n\n /** Canonicalize a header name. */\n private static String canonicalize(String headerName) {\n if (KNOWN.contains(headerName)) {\n return headerName;\n }\n String lower = Ascii.toLowerCase(headerName);\n String known = LOWER_TO_KNOWN.get(lower);\n return MoreObjects.firstNonNull(known, lower);\n }\n\n private static ImmutableBiMap createKnownHeaders() {\n ImmutableBiMap.Builder builder = ImmutableBiMap.builder();\n addFields(builder, com.google.common.net.HttpHeaders.class);\n return builder.build();\n }\n\n /**\n * Loops over all of the public String fields in the given class and puts them into the BiMap\n * (lower case to original string value).\n */\n private static void addFields(ImmutableBiMap.Builder builder, Class clazz) {\n try {\n for (Field field : clazz.getFields()) {\n if (field.getType().equals(String.class)) {\n String known = (String) field.get(null);\n String lower = Ascii.toLowerCase(known);\n builder.put(lower, known);\n }\n }\n } catch (ReflectiveOperationException e) {\n throw new IllegalStateException(e);\n }\n }\n\n abstract ImmutableListMultimap rawHeaders();\n\n /**\n * Gets a set of all HTTP header names.\n *\n * @return all HTTP header names.\n */\n public ImmutableSet names() {\n return rawHeaders().keySet();\n }\n\n /**\n * Returns the first value for the header with the given name, or empty Optional if none exists.\n *\n * @param name case-insensitive header name\n * @return the first value for the given header name.\n */\n public Optional get(String name) {\n checkNotNull(name, \"Name cannot be null.\");\n\n ImmutableList values = getAll(name);\n return values.isEmpty() ? Optional.empty() : Optional.of(values.get(0));\n }\n\n /**\n * Returns all the values for the header with the given name. Values are in the same order they\n * were added to the builder.\n *\n * @param name case-insensitive header name\n * @return All values for the given header name.\n */\n public ImmutableList getAll(String name) {\n checkNotNull(name, \"Name cannot be null.\");\n\n // We first check the multimap using whatever string is passed in. Usually\n // this will be a constant from HttpHeaders, which is pre-canonicalized.\n // Only if the lookup fails do we then canonicalize and try again.\n ImmutableList values = rawHeaders().get(name);\n if (!values.isEmpty()) {\n return values;\n }\n String fixedName = canonicalize(name);\n if (fixedName.equals(name)) {\n return values; // Name was already canonicalized, so return the empty list.\n }\n return rawHeaders().get(fixedName);\n }\n\n public static Builder builder() {\n return new AutoValue_HttpHeaders.Builder();\n }\n\n /** Builder for {@link HttpHeaders}. */\n @AutoValue.Builder\n public abstract static class Builder {\n /** RFC 2616 section 4.2. */\n private static final CharMatcher HEADER_NAME_MATCHER =\n CharMatcher.inRange('!', '~').and(CharMatcher.isNot(':'));\n /** RFC 2616 section 4.2. */\n private static final CharMatcher HEADER_VALUE_MATCHER =\n CharMatcher.inRange((char) 0, (char) 31) // No control characters\n .or(CharMatcher.is((char) 127)) // or DEL\n .negate()\n .or(CharMatcher.is('\\t')); // except horizontal-tab\n\n abstract ImmutableListMultimap.Builder rawHeadersBuilder();\n\n public Builder addHeader(String name, String value) {\n checkNotNull(name, \"Name cannot be null.\");\n checkNotNull(value, \"Value cannot be null.\");\n checkArgument(isLegalHeaderName(name), \"Illegal header name %s\", name);\n checkArgument(isLegalHeaderValue(value), \"Illegal header value %s\", value);\n rawHeadersBuilder().put(canonicalize(name), value);\n return this;\n }\n\n public Builder addHeader(String name, String value, boolean canonicalize) {\n checkNotNull(name, \"Name cannot be null.\");\n checkNotNull(value, \"Value cannot be null.\");\n if (canonicalize) {\n return addHeader(name, value);\n } else {\n rawHeadersBuilder().put(name, value);\n return this;\n }\n }\n\n public abstract HttpHeaders build();\n\n private static boolean isLegalHeaderName(String str) {\n return HEADER_NAME_MATCHER.matchesAllOf(str);\n }\n\n private static boolean isLegalHeaderValue(String value) {\n return HEADER_VALUE_MATCHER.matchesAllOf(value);\n }\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/http/HttpMethod.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.http;\n\n/** Represents HTTP methods. */\npublic enum HttpMethod {\n // Add more http methods here if necessary.\n GET(\"GET\"),\n HEAD(\"HEAD\"),\n POST(\"POST\"),\n PUT(\"PUT\"),\n DELETE(\"DELETE\");\n\n private final String string;\n\n HttpMethod(String string) {\n this.string = string;\n }\n\n @Override\n public String toString() {\n return string;\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/http/HttpRequest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.http;\n\nimport static com.google.common.base.Preconditions.checkArgument;\nimport static com.google.common.base.Preconditions.checkNotNull;\nimport static com.google.common.base.Preconditions.checkState;\n\nimport com.google.auto.value.AutoValue;\nimport com.google.common.base.Strings;\nimport com.google.errorprone.annotations.Immutable;\nimport com.google.protobuf.ByteString;\nimport java.util.Optional;\nimport okhttp3.HttpUrl;\n\n/** Immutable HTTP request. */\n@Immutable\n@AutoValue\n@AutoValue.CopyAnnotations\n@SuppressWarnings(\"Immutable\")\npublic abstract class HttpRequest {\n public abstract HttpMethod method();\n public abstract String url();\n public abstract HttpHeaders headers();\n public abstract Optional requestBody();\n\n public abstract Builder toBuilder();\n\n /**\n * Creates a {@link Builder} object for configuring {@link HttpRequest}.\n *\n * @return a {@link Builder} instance for the {@link HttpRequest} object.\n */\n public static Builder builder() {\n return new AutoValue_HttpRequest.Builder();\n }\n\n /**\n * Create a new HTTP GET request with the given {@code url}.\n *\n * @param url the url of the GET request.\n * @return a {@link Builder} object for configuring {@link HttpRequest}.\n */\n public static Builder get(String url) {\n checkArgument(!Strings.isNullOrEmpty(url));\n return builder().setMethod(HttpMethod.GET).setUrl(url);\n }\n\n /**\n * Create a new HTTP GET request with the given {@code uri}.\n *\n * @param uri the url of the GET request.\n * @return a {@link Builder} object for configuring {@link HttpRequest}.\n */\n public static Builder get(HttpUrl uri) {\n checkNotNull(uri);\n return builder().setMethod(HttpMethod.GET).setUrl(uri);\n }\n\n /**\n * Create a new HTTP HEAD request with the given {@code url}.\n *\n * @param url the url of the HEAD request.\n * @return a {@link Builder} object for configuring {@link HttpRequest}.\n */\n public static Builder head(String url) {\n checkArgument(!Strings.isNullOrEmpty(url));\n return builder().setMethod(HttpMethod.HEAD).setUrl(url);\n }\n\n /**\n * Create a new HTTP HEAD request with the given {@code uri}.\n *\n * @param uri the url of the HEAD request.\n * @return a {@link Builder} object for configuring {@link HttpRequest}.\n */\n public static Builder head(HttpUrl uri) {\n checkNotNull(uri);\n return builder().setMethod(HttpMethod.HEAD).setUrl(uri);\n }\n\n /**\n * Create a new HTTP POST request with the given {@code url}.\n *\n * @param url the url of the POST request.\n * @return a {@link Builder} object for configuring {@link HttpRequest}.\n */\n public static Builder post(String url) {\n checkArgument(!Strings.isNullOrEmpty(url));\n return builder().setMethod(HttpMethod.POST).setUrl(url);\n }\n\n /**\n * Create a new HTTP POST request with the given {@code uri}.\n *\n * @param uri the url of the POST request.\n * @return a {@link Builder} object for configuring {@link HttpRequest}.\n */\n public static Builder post(HttpUrl uri) {\n checkNotNull(uri);\n return builder().setMethod(HttpMethod.POST).setUrl(uri);\n }\n\n /**\n * Create a new HTTP PUT request with the given {@code url}.\n *\n * @param url the url of the PUT request.\n * @return a {@link Builder} object for configuring {@link HttpRequest}.\n */\n public static Builder put(String url) {\n checkArgument(!Strings.isNullOrEmpty(url));\n return put(HttpUrl.parse(url));\n }\n\n /**\n * Create a new HTTP PUT request with the given {@code uri}.\n *\n * @param uri the url of the PUT request.\n * @return a {@link Builder} object for configuring {@link HttpRequest}.\n */\n public static Builder put(HttpUrl uri) {\n checkNotNull(uri);\n return builder().setMethod(HttpMethod.PUT).setUrl(uri);\n }\n\n /**\n * Create a new HTTP DELETE request with the given {@code url}.\n *\n * @param url the url of the DELETE request.\n * @return a {@link Builder} object for configuring {@link HttpRequest}.\n */\n public static Builder delete(String url) {\n checkArgument(!Strings.isNullOrEmpty(url));\n return builder().setMethod(HttpMethod.DELETE).setUrl(url);\n }\n\n /**\n * Create a new HTTP DELETE request with the given {@code uri}.\n *\n * @param uri the url of the DELETE request.\n * @return a {@link Builder} object for configuring {@link HttpRequest}.\n */\n public static Builder delete(HttpUrl uri) {\n checkNotNull(uri);\n return builder().setMethod(HttpMethod.DELETE).setUrl(uri);\n }\n\n /** Builder for {@link HttpRequest}. */\n @AutoValue.Builder\n public abstract static class Builder {\n public abstract Builder setMethod(HttpMethod method);\n public abstract Builder setUrl(String url);\n public Builder setUrl(HttpUrl url) {\n setUrl(url.toString());\n return this;\n }\n public abstract Builder setHeaders(HttpHeaders httpHeaders);\n public abstract Builder setRequestBody(ByteString requestBody);\n public abstract Builder setRequestBody(Optional requestBody);\n\n public Builder withEmptyHeaders() {\n setHeaders(HttpHeaders.builder().build());\n return this;\n }\n\n abstract HttpRequest autoBuild();\n public HttpRequest build() {\n HttpRequest httpRequest = autoBuild();\n\n switch (httpRequest.method()) {\n case GET:\n case HEAD:\n checkState(\n !httpRequest.requestBody().isPresent(),\n \"A request body is not allowed for HTTP GET/HEAD request\");\n break;\n case POST:\n case PUT:\n case DELETE:\n break;\n }\n\n return httpRequest;\n }\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/http/HttpResponse.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.http;\n\nimport com.google.auto.value.AutoValue;\nimport com.google.auto.value.extension.memoized.Memoized;\nimport com.google.errorprone.annotations.Immutable;\nimport com.google.gson.JsonElement;\nimport com.google.gson.JsonParser;\nimport com.google.gson.JsonPrimitive;\nimport com.google.protobuf.ByteString;\nimport java.util.Optional;\nimport okhttp3.HttpUrl;\n\n/** Immutable HTTP response. */\n@Immutable\n@AutoValue\n@AutoValue.CopyAnnotations\n// HttpUrl is immutable even if not marked as such.\n@SuppressWarnings(\"Immutable\")\npublic abstract class HttpResponse {\n public abstract HttpStatus status();\n public abstract HttpHeaders headers();\n public abstract Optional bodyBytes();\n // The URL that produced this response.\n // TODO(b/173574468): Provide the full redirection request not just the Url.\n public abstract Optional responseUrl();\n\n /**\n * Gets the body of the HTTP response as a UTF-8 encoded String.\n *\n * @return HTTP response body as a Java {@link String}.\n */\n @Memoized\n public Optional bodyString() {\n return bodyBytes().map(ByteString::toStringUtf8);\n }\n\n /**\n * Tries to parse the response body as json and returns the parsing result as {@link JsonElement}.\n * If parsing failed, an empty optional is returned.\n *\n * @return HTTP response body as a Gson {@link JsonElement} object.\n */\n @Memoized\n public Optional bodyJson() {\n try {\n return bodyString().map(JsonParser::parseString);\n } catch (RuntimeException e) {\n // Do best-effort parsing and ignore Json parsing errors\n return Optional.empty();\n }\n }\n\n /**\n * Tries to determine if a given field in Json response is equal to a specific value. If parsing\n * failed, {@link com.google.gson.JsonSyntaxException} or {@link IllegalStateException} will be\n * thrown.\n *\n * @return boolean\n */\n public boolean jsonFieldEqualsToValue(String fieldname, String value) {\n Optional jsonPrimitive =\n bodyJson()\n .map(JsonElement::getAsJsonObject)\n .map(object -> object.getAsJsonPrimitive(fieldname));\n return jsonPrimitive.isPresent() && jsonPrimitive.get().getAsString().equals(value);\n }\n\n public static Builder builder() {\n return new AutoValue_HttpResponse.Builder();\n }\n\n /** Builder for {@link HttpResponse}. */\n @AutoValue.Builder\n public abstract static class Builder {\n public abstract Builder setStatus(HttpStatus httpStatus);\n public abstract Builder setHeaders(HttpHeaders httpHeaders);\n public abstract Builder setBodyBytes(ByteString bodyBytes);\n public abstract Builder setBodyBytes(Optional bodyBytes);\n public abstract Builder setResponseUrl(HttpUrl url);\n public abstract Builder setResponseUrl(Optional url);\n\n public abstract HttpResponse build();\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/http/HttpStatus.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.http;\n\nimport static com.google.common.collect.ImmutableMap.toImmutableMap;\n\nimport com.google.common.collect.ImmutableMap;\nimport java.util.Arrays;\nimport java.util.function.Function;\n\n/**\n * HTTP Status Codes defined in RFC 2616, RFC 6585, RFC 4918 and RFC 7538.\n *\n * @see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html\n * @see http://tools.ietf.org/html/rfc6585\n * @see https://tools.ietf.org/html/rfc4918\n * @see https://tools.ietf.org/html/rfc7538\n */\npublic enum HttpStatus {\n // Default\n HTTP_STATUS_UNSPECIFIED(0, \"Status Unspecified\"),\n\n // Informational 1xx\n CONTINUE(100, \"Continue\"),\n SWITCHING_PROTOCOLS(101, \"Switching Protocols\"),\n\n // Successful 2xx\n OK(200, \"Ok\"),\n CREATED(201, \"Created\"),\n ACCEPTED(202, \"Accepted\"),\n NON_AUTHORITATIVE_INFORMATION(203, \"Non-Authoritative Information\"),\n NO_CONTENT(204, \"No Content\"),\n RESET_CONTENT(205, \"Reset Content\"),\n PARTIAL_CONTENT(206, \"Partial Content\"),\n MULTI_STATUS(207, \"Multi-Status\"),\n\n // Redirection 3xx\n MULTIPLE_CHOICES(300, \"Multiple Choices\"),\n MOVED_PERMANENTLY(301, \"Moved Permanently\"),\n FOUND(302, \"Found\"),\n SEE_OTHER(303, \"See Other\"),\n NOT_MODIFIED(304, \"Not Modified\"),\n USE_PROXY(305, \"Use Proxy\"),\n TEMPORARY_REDIRECT(307, \"Temporary Redirect\"),\n PERMANENT_REDIRECT(308, \"Permanent Redirect\"),\n\n // Client Error 4xx\n BAD_REQUEST(400, \"Bad Request\"),\n UNAUTHORIZED(401, \"Unauthorized\"),\n PAYMENT_REQUIRED(402, \"Payment Required\"),\n FORBIDDEN(403, \"Forbidden\"),\n NOT_FOUND(404, \"Not Found\"),\n METHOD_NOT_ALLOWED(405, \"Method Not Allowed\"),\n NOT_ACCEPTABLE(406, \"Not Acceptable\"),\n PROXY_AUTHENTICATION_REQUIRED(407, \"Proxy Authentication Required\"),\n REQUEST_TIMEOUT(408, \"Request Timeout\"),\n CONFLICT(409, \"Conflict\"),\n GONE(410, \"Gone\"),\n LENGTH_REQUIRED(411, \"Length Required\"),\n PRECONDITION_FAILED(412, \"Precondition Failed\"),\n REQUEST_ENTITY_TOO_LARGE(413, \"Request Entity Too Large\"),\n REQUEST_URI_TOO_LONG(414, \"Request Uri Too Long\"),\n UNSUPPORTED_MEDIA_TYPE(415, \"Unsupported Media Type\"),\n REQUEST_RANGE_NOT_SATISFIABLE(416, \"Request Range Not Satisfiable\"),\n EXPECTATION_FAILED(417, \"Expectation Failed\"),\n UNPROCESSABLE_ENTITY(422, \"Unprocessable Entity\"),\n LOCKED(423, \"Locked\"),\n FAILED_DEPENDENCY(424, \"Failed Dependency\"),\n PRECONDITION_REQUIRED(428, \"Precondition Required\"),\n TOO_MANY_REQUESTS(429, \"Too Many Requests\"),\n REQUEST_HEADER_FIELDS_TOO_LARGE(431, \"Request Header Fields Too Large\"),\n\n // Server Error 5xx\n INTERNAL_SERVER_ERROR(500, \"Internal Server Error\"),\n NOT_IMPLEMENTED(501, \"Not Implemented\"),\n BAD_GATEWAY(502, \"Bad Gateway\"),\n SERVICE_UNAVAILABLE(503, \"Service Unavailable\"),\n GATEWAY_TIMEOUT(504, \"Gateway Timeout\"),\n HTTP_VERSION_NOT_SUPPORTED(505, \"Http Version Not Supported\"),\n INSUFFICIENT_STORAGE(507, \"Insufficient Storage\"),\n NETWORK_AUTHENTICATION_REQUIRED(511, \"Network Authentication Required\"),\n\n /*\n * IE returns this code for 204 due to its use of URLMon, which returns this\n * code for 'Operation Aborted'. The status text is 'Unknown', the response\n * headers are ''. Known to occur on IE 6 on XP through IE9 on Win7.\n */\n QUIRK_IE_NO_CONTENT(1223, \"Quirk IE No Content\");\n\n /** Status indexed by code. */\n private static final ImmutableMap BY_CODE =\n Arrays.stream(HttpStatus.values())\n .collect(toImmutableMap(HttpStatus::code, Function.identity()));\n\n /**\n * Creates the {@link HttpStatus} from the given status code, or null if there is no known status\n * with that code.\n *\n * @param code the HTTP status code.\n * @return the matching {@link HttpStatus} from the given status code.\n */\n public static HttpStatus fromCode(int code) {\n HttpStatus status = BY_CODE.get(code);\n return status == null ? HTTP_STATUS_UNSPECIFIED : status;\n }\n\n private final int code;\n private final String name;\n\n HttpStatus(int code, String name) {\n this.code = code;\n this.name = name;\n }\n\n public int code() {\n return code;\n }\n\n public boolean isRedirect() {\n switch (this) {\n case MULTIPLE_CHOICES:\n case MOVED_PERMANENTLY:\n case FOUND:\n case SEE_OTHER:\n case TEMPORARY_REDIRECT:\n case PERMANENT_REDIRECT:\n return true;\n default:\n return false;\n }\n }\n\n public boolean isSuccess() {\n return code >= 200 && code < 300;\n }\n\n @Override\n public String toString() {\n return name;\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/http/OkHttpHttpClient.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.http;\n\nimport static com.google.common.base.Preconditions.checkNotNull;\nimport static com.google.common.base.Strings.isNullOrEmpty;\nimport static com.google.common.net.HttpHeaders.USER_AGENT;\nimport static com.google.common.util.concurrent.MoreExecutors.directExecutor;\n\nimport com.google.common.base.Ascii;\nimport com.google.common.collect.ImmutableSet;\nimport com.google.common.flogger.GoogleLogger;\nimport com.google.common.io.ByteSource;\nimport com.google.common.util.concurrent.ListenableFuture;\nimport com.google.common.util.concurrent.SettableFuture;\nimport com.google.errorprone.annotations.CanIgnoreReturnValue;\nimport com.google.protobuf.ByteString;\nimport com.google.tsunami.common.net.http.javanet.ConnectionFactory;\nimport com.google.tsunami.proto.NetworkService;\nimport java.io.IOException;\nimport java.net.HttpURLConnection;\nimport java.time.Duration;\nimport java.util.List;\nimport java.util.Map;\nimport javax.net.ssl.HttpsURLConnection;\nimport okhttp3.Call;\nimport okhttp3.Callback;\nimport okhttp3.Dns;\nimport okhttp3.Headers;\nimport okhttp3.MediaType;\nimport okhttp3.OkHttpClient;\nimport okhttp3.Request;\nimport okhttp3.RequestBody;\nimport okhttp3.Response;\nimport okhttp3.ResponseBody;\nimport org.checkerframework.checker.nullness.qual.Nullable;\n\n/**\n * A client library that communicates with remote servers via the HTTP protocol using {@link\n * OkHttpClient}.\n */\nfinal class OkHttpHttpClient extends HttpClient {\n private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();\n\n private final OkHttpClient okHttpClient;\n private final boolean trustAllCertificates;\n private final ConnectionFactory connectionFactory;\n private final String logId;\n private final Duration connectionTimeout;\n private final String userAgent;\n\n OkHttpHttpClient(\n OkHttpClient okHttpClient,\n boolean trustAllCertificates,\n ConnectionFactory connectionFactory,\n String logId,\n Duration connectionTimeout,\n String userAgent) {\n this.okHttpClient = checkNotNull(okHttpClient);\n this.trustAllCertificates = trustAllCertificates;\n this.connectionFactory = checkNotNull(connectionFactory);\n this.logId = logId;\n this.connectionTimeout = connectionTimeout;\n this.userAgent = isNullOrEmpty(userAgent) ? TSUNAMI_USER_AGENT : userAgent;\n }\n\n /**\n * Gets log id.\n *\n * @return log id string.\n */\n @Override\n public String getLogId() {\n return this.logId;\n }\n\n /**\n * NOTE: This is a temporary hack to workaround OkHttp's hardcoded URL canonicalization algorithm.\n * We should rewrite the entire library using a more flexible backend.\n *\n *
Sends the given HTTP request as is, blocking until full response is received.\n *\n * @param httpRequest the HTTP request to be sent by this client.\n * @return the response returned from the HTTP server.\n * @throws IOException if an I/O error occurs during the HTTP request.\n */\n @Override\n public HttpResponse sendAsIs(HttpRequest httpRequest) throws IOException {\n HttpURLConnection connection = connectionFactory.openConnection(httpRequest.url());\n connection.setRequestMethod(httpRequest.method().toString());\n httpRequest.headers().names().stream()\n .filter(headerName -> !Ascii.equalsIgnoreCase(headerName, USER_AGENT))\n .forEach(\n headerName ->\n httpRequest\n .headers()\n .getAll(headerName)\n .forEach(\n headerValue -> connection.setRequestProperty(headerName, headerValue)));\n connection.setRequestProperty(USER_AGENT, this.userAgent);\n\n if (ImmutableSet.of(HttpMethod.POST, HttpMethod.PUT, HttpMethod.DELETE)\n .contains(httpRequest.method())) {\n connection.setDoOutput(true);\n ByteSource.wrap(httpRequest.requestBody().orElse(ByteString.EMPTY).toByteArray())\n .copyTo(connection.getOutputStream());\n }\n\n int responseCode = connection.getResponseCode();\n HttpHeaders.Builder responseHeadersBuilder = HttpHeaders.builder();\n for (Map.Entry> headerEntry : connection.getHeaderFields().entrySet()) {\n String headerName = headerEntry.getKey();\n if (!isNullOrEmpty(headerName)) {\n for (String headerValue : headerEntry.getValue()) {\n if (!isNullOrEmpty(headerValue)) {\n responseHeadersBuilder.addHeader(headerName, headerValue);\n }\n }\n }\n }\n return HttpResponse.builder()\n .setStatus(HttpStatus.fromCode(responseCode))\n .setHeaders(responseHeadersBuilder.build())\n .setBodyBytes(ByteString.readFrom(connection.getInputStream()))\n .build();\n }\n\n /**\n * Sends the given HTTP request using this client, blocking until full response is received.\n *\n * @param httpRequest the HTTP request to be sent by this client.\n * @return the response returned from the HTTP server.\n * @throws IOException if an I/O error occurs during the HTTP request.\n */\n @Override\n public HttpResponse send(HttpRequest httpRequest) throws IOException {\n return send(httpRequest, null);\n }\n\n /**\n * Sends the given HTTP request using this client blocking until full response is received. If\n * {@code networkService} is not null, the host header is set according to the service's header\n * field even if it resolves to a different ip.\n *\n * @param httpRequest the HTTP request to be sent by this client.\n * @param networkService the {@link NetworkService} proto to be used for the HOST header.\n * @return the response returned from the HTTP server.\n * @throws IOException if an I/O error occurs during the HTTP request.\n */\n @Override\n public HttpResponse send(HttpRequest httpRequest, @Nullable NetworkService networkService)\n throws IOException {\n logger.atInfo().log(\n \"%sSending HTTP '%s' request to '%s'.\", logId, httpRequest.method(), httpRequest.url());\n\n OkHttpClient callHttpClient = clientWithHostnameAsProxy(networkService);\n try (Response okHttpResponse =\n callHttpClient.newCall(buildOkHttpRequest(httpRequest, this.userAgent)).execute()) {\n return parseResponse(okHttpResponse);\n }\n }\n\n /**\n * Sends the given HTTP request using this client asynchronously.\n *\n * @param httpRequest the HTTP request to be sent by this client.\n * @return the future for the response to be returned from the HTTP server.\n */\n @Override\n public ListenableFuture sendAsync(HttpRequest httpRequest) {\n return sendAsync(httpRequest, null);\n }\n\n /**\n * Sends the given HTTP request using this client asynchronously. If {@code networkService} is not\n * null, the host header is set according to the service's header field even if it resolves to a\n * different ip.\n *\n * @param httpRequest the HTTP request to be sent by this client.\n * @param networkService the {@link NetworkService} proto to be used for the HOST header.\n * @return the future for the response to be returned from the HTTP server.\n */\n @Override\n public ListenableFuture sendAsync(\n HttpRequest httpRequest, @Nullable NetworkService networkService) {\n logger.atInfo().log(\n \"%sSending async HTTP '%s' request to '%s'.\",\n logId, httpRequest.method(), httpRequest.url());\n OkHttpClient callHttpClient = clientWithHostnameAsProxy(networkService);\n SettableFuture responseFuture = SettableFuture.create();\n Call requestCall = callHttpClient.newCall(buildOkHttpRequest(httpRequest, this.userAgent));\n\n try {\n requestCall.enqueue(\n new Callback() {\n @Override\n public void onFailure(Call call, IOException e) {\n responseFuture.setException(e);\n }\n\n @Override\n public void onResponse(Call call, Response response) {\n try (ResponseBody unused = response.body()) {\n responseFuture.set(parseResponse(response));\n } catch (Throwable t) {\n responseFuture.setException(t);\n }\n }\n });\n } catch (Throwable t) {\n responseFuture.setException(t);\n }\n\n // Makes sure cancellation state is propagated to OkHttp.\n responseFuture.addListener(\n () -> {\n if (responseFuture.isCancelled()) {\n requestCall.cancel();\n }\n },\n directExecutor());\n return responseFuture;\n }\n\n /*\n * Returns a modified HTTP client that's configured to connect to the {@code networkService}'s IP\n * and use its hostname in the host header, when both a hostname and an IP address is specified.\n * Returns an unmodified HTTP client otherwise.\n */\n private OkHttpClient clientWithHostnameAsProxy(NetworkService networkService) {\n if (networkService == null) {\n return this.okHttpClient;\n }\n String serviceIp = networkService.getNetworkEndpoint().getIpAddress().getAddress();\n String serviceHostname = networkService.getNetworkEndpoint().getHostname().getName();\n return this.okHttpClient\n .newBuilder()\n .dns(\n hostname -> {\n if (hostname.equals(serviceHostname)) {\n hostname = serviceIp;\n }\n return Dns.SYSTEM.lookup(hostname);\n })\n .hostnameVerifier(\n (hostname, session) -> {\n if (trustAllCertificates) {\n return true;\n }\n if (hostname.equals(serviceHostname)) {\n return true;\n }\n return HttpsURLConnection.getDefaultHostnameVerifier().verify(hostname, session);\n })\n .build();\n }\n\n private static Request buildOkHttpRequest(HttpRequest httpRequest, String userAgent) {\n Request.Builder okRequestBuilder = new Request.Builder().url(httpRequest.url());\n\n httpRequest.headers().names().stream()\n .filter(headerName -> !Ascii.equalsIgnoreCase(headerName, USER_AGENT))\n .forEach(\n headerName ->\n httpRequest\n .headers()\n .getAll(headerName)\n .forEach(headerValue -> okRequestBuilder.addHeader(headerName, headerValue)));\n okRequestBuilder.addHeader(USER_AGENT, userAgent);\n\n switch (httpRequest.method()) {\n case GET:\n okRequestBuilder.get();\n break;\n case HEAD:\n okRequestBuilder.head();\n break;\n case PUT:\n okRequestBuilder.put(buildRequestBody(httpRequest));\n break;\n case POST:\n okRequestBuilder.post(buildRequestBody(httpRequest));\n break;\n case DELETE:\n okRequestBuilder.delete(buildRequestBody(httpRequest));\n break;\n }\n\n return okRequestBuilder.build();\n }\n\n private static RequestBody buildRequestBody(HttpRequest httpRequest) {\n MediaType mediaType =\n MediaType.parse(\n httpRequest.headers().get(com.google.common.net.HttpHeaders.CONTENT_TYPE).orElse(\"\"));\n return RequestBody.create(\n mediaType, httpRequest.requestBody().orElse(ByteString.EMPTY).toByteArray());\n }\n\n private static HttpResponse parseResponse(Response okResponse) throws IOException {\n logger.atInfo().log(\n \"Received HTTP response with code '%d' for request to '%s'.\",\n okResponse.code(), okResponse.request().url());\n\n HttpResponse.Builder httpResponseBuilder =\n HttpResponse.builder()\n .setStatus(HttpStatus.fromCode(okResponse.code()))\n .setHeaders(convertHeaders(okResponse.headers()))\n .setResponseUrl(okResponse.request().url());\n if (!okResponse.request().method().equals(HttpMethod.HEAD.name())\n && okResponse.body() != null) {\n httpResponseBuilder.setBodyBytes(ByteString.copyFrom(okResponse.body().bytes()));\n }\n return httpResponseBuilder.build();\n }\n\n private static HttpHeaders convertHeaders(Headers headers) {\n HttpHeaders.Builder headersBuilder = HttpHeaders.builder();\n for (int i = 0; i < headers.size(); i++) {\n headersBuilder.addHeader(headers.name(i), headers.value(i));\n }\n return headersBuilder.build();\n }\n\n /**\n * Returns a {@link Builder} that allows client code to modify the configurations of the internal\n * http client.\n *\n * @return the {@link Builder} for modifying this client instance.\n */\n @Override\n @SuppressWarnings(\"unchecked\") // safe covariant cast\n public Builder modify() {\n return new OkHttpHttpClientBuilder(this);\n }\n\n /** Builder for {@link OkHttpHttpClient}. */\n // TODO(b/145315535): add more configurable options into the builder.\n public static class OkHttpHttpClientBuilder extends Builder {\n private final OkHttpClient okHttpClient;\n private boolean followRedirects;\n private boolean trustAllCertificates;\n private final ConnectionFactory connectionFactory;\n private String logId;\n private Duration connectionTimeout;\n private String userAgent;\n\n private OkHttpHttpClientBuilder(OkHttpHttpClient okHttpHttpClient) {\n this.okHttpClient = okHttpHttpClient.okHttpClient;\n this.followRedirects = okHttpClient.followRedirects();\n this.trustAllCertificates = okHttpHttpClient.trustAllCertificates;\n this.connectionFactory = okHttpHttpClient.connectionFactory;\n this.logId = okHttpHttpClient.logId;\n this.connectionTimeout = okHttpHttpClient.connectionTimeout;\n this.userAgent = okHttpHttpClient.userAgent;\n }\n\n @Override\n public OkHttpHttpClientBuilder setFollowRedirects(boolean followRedirects) {\n this.followRedirects = followRedirects;\n return this;\n }\n\n @Override\n public OkHttpHttpClientBuilder setLogId(String logId) {\n this.logId = logId;\n return this;\n }\n\n @Override\n public OkHttpHttpClientBuilder setConnectTimeout(Duration connectionTimeout) {\n this.connectionTimeout = connectionTimeout;\n return this;\n }\n\n @CanIgnoreReturnValue\n public OkHttpHttpClientBuilder setUserAgent(String userAgent) {\n this.userAgent = userAgent;\n return this;\n }\n\n @Override\n public OkHttpHttpClient build() {\n return new OkHttpHttpClient(\n okHttpClient.newBuilder().followRedirects(followRedirects).build(),\n trustAllCertificates,\n connectionFactory,\n logId,\n connectionTimeout,\n userAgent);\n }\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/http/javanet/ConnectionFactory.java",
"content": "/*\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.http.javanet;\n\nimport java.io.IOException;\nimport java.net.HttpURLConnection;\n\n/** Given an URL, produces an {@link HttpURLConnection}. */\npublic interface ConnectionFactory {\n\n /**\n * Creates a new {@link HttpURLConnection} from the given {@code url}.\n *\n * @param url the URL to which the connection will be made\n * @return the created connection object, which will still be in the pre-connected state\n * @throws IOException if there was a problem producing the connection\n */\n HttpURLConnection openConnection(String url) throws IOException;\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/http/javanet/DefaultConnectionFactory.java",
"content": "/*\n * Copyright 2021 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.http.javanet;\n\nimport static com.google.common.base.Preconditions.checkNotNull;\n\nimport java.io.IOException;\nimport java.net.HttpURLConnection;\nimport java.net.URL;\nimport java.time.Duration;\nimport javax.net.ssl.HttpsURLConnection;\nimport javax.net.ssl.SSLSocketFactory;\n\n/**\n * Default implementation of {@link ConnectionFactory}, which simply attempts to open the connection\n * and optionally allows trusting all certifications.\n */\npublic class DefaultConnectionFactory implements ConnectionFactory {\n private final boolean trustAllCertificates;\n private final SSLSocketFactory trustAllCertsSocketFactory;\n private final Duration connectTimeout;\n private final Duration readTimeout;\n\n public DefaultConnectionFactory(\n boolean trustAllCertificates,\n SSLSocketFactory trustAllCertsSocketFactory,\n Duration connectTimeout,\n Duration readTimeout) {\n this.trustAllCertificates = trustAllCertificates;\n this.trustAllCertsSocketFactory = checkNotNull(trustAllCertsSocketFactory);\n this.connectTimeout = checkNotNull(connectTimeout);\n this.readTimeout = checkNotNull(readTimeout);\n }\n\n @Override\n public HttpURLConnection openConnection(String url) throws IOException {\n HttpURLConnection connection = (HttpURLConnection) new URL(url).openConnection();\n connection.setConnectTimeout((int) connectTimeout.toMillis());\n connection.setReadTimeout((int) readTimeout.toMillis());\n\n if (connection instanceof HttpsURLConnection && trustAllCertificates) {\n HttpsURLConnection secureConnection = (HttpsURLConnection) connection;\n secureConnection.setSSLSocketFactory(trustAllCertsSocketFactory);\n secureConnection.setHostnameVerifier((hostname, session) -> true);\n }\n return connection;\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/socket/DefaultTsunamiSocketFactory.java",
"content": "/*\n * Copyright 2026 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.socket;\n\nimport static com.google.common.base.Preconditions.checkArgument;\nimport static com.google.common.base.Preconditions.checkNotNull;\n\nimport com.google.common.flogger.GoogleLogger;\nimport java.io.IOException;\nimport java.net.InetAddress;\nimport java.net.InetSocketAddress;\nimport java.net.Socket;\nimport java.time.Duration;\nimport javax.net.SocketFactory;\nimport javax.net.ssl.SSLSocket;\nimport javax.net.ssl.SSLSocketFactory;\n\n/**\n * Default implementation of {@link TsunamiSocketFactory} that creates TCP sockets.\n *\n *
This implementation wraps the standard Java {@link SocketFactory} and {@link SSLSocketFactory}\n * to ensure that all created sockets have proper timeout settings configured, preventing plugins\n * from hanging indefinitely.\n */\npublic final class DefaultTsunamiSocketFactory implements TsunamiSocketFactory {\n private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();\n\n private final SocketFactory socketFactory;\n private final SSLSocketFactory sslSocketFactory;\n private final Duration defaultConnectTimeout;\n private final Duration defaultReadTimeout;\n\n /**\n * Creates a new DefaultTsunamiSocketFactory.\n *\n * @param socketFactory the underlying socket factory to use for plain TCP connections\n * @param sslSocketFactory the underlying SSL socket factory to use for SSL/TLS connections\n * @param defaultConnectTimeout the default timeout for establishing connections\n * @param defaultReadTimeout the default timeout for read operations\n */\n public DefaultTsunamiSocketFactory(\n SocketFactory socketFactory,\n SSLSocketFactory sslSocketFactory,\n Duration defaultConnectTimeout,\n Duration defaultReadTimeout) {\n this.socketFactory = checkNotNull(socketFactory);\n this.sslSocketFactory = checkNotNull(sslSocketFactory);\n this.defaultConnectTimeout = checkNotNull(defaultConnectTimeout);\n this.defaultReadTimeout = checkNotNull(defaultReadTimeout);\n\n checkArgument(!defaultConnectTimeout.isNegative(), \"Connect timeout cannot be negative\");\n checkArgument(!defaultReadTimeout.isNegative(), \"Read timeout cannot be negative\");\n\n logger.atInfo().log(\n \"TsunamiSocketFactory initialized with connect timeout: %s, read timeout: %s\",\n defaultConnectTimeout, defaultReadTimeout);\n }\n\n @Override\n public Socket createSocket(String host, int port) throws IOException {\n return createSocket(host, port, defaultConnectTimeout, defaultReadTimeout);\n }\n\n @Override\n public Socket createSocket(String host, int port, Duration timeout) throws IOException {\n return createSocket(host, port, timeout, timeout);\n }\n\n @Override\n public Socket createSocket(String host, int port, Duration connectTimeout, Duration readTimeout)\n throws IOException {\n checkNotNull(host);\n checkArgument(port > 0 && port <= 65535, \"Port must be between 1 and 65535\");\n checkNotNull(connectTimeout);\n checkNotNull(readTimeout);\n\n logger.atFine().log(\n \"Creating socket to %s:%d with connect timeout %s, read timeout %s\",\n host, port, connectTimeout, readTimeout);\n\n Socket socket = socketFactory.createSocket();\n configureAndConnect(socket, new InetSocketAddress(host, port), connectTimeout, readTimeout);\n return socket;\n }\n\n @Override\n public Socket createSocket(InetAddress address, int port) throws IOException {\n return createSocket(address, port, defaultConnectTimeout, defaultReadTimeout);\n }\n\n @Override\n public Socket createSocket(InetAddress address, int port, Duration timeout) throws IOException {\n return createSocket(address, port, timeout, timeout);\n }\n\n @Override\n public Socket createSocket(\n InetAddress address, int port, Duration connectTimeout, Duration readTimeout)\n throws IOException {\n checkNotNull(address);\n checkArgument(port > 0 && port <= 65535, \"Port must be between 1 and 65535\");\n checkNotNull(connectTimeout);\n checkNotNull(readTimeout);\n\n logger.atFine().log(\n \"Creating socket to %s:%d with connect timeout %s, read timeout %s\",\n address.getHostAddress(), port, connectTimeout, readTimeout);\n\n Socket socket = socketFactory.createSocket();\n configureAndConnect(socket, new InetSocketAddress(address, port), connectTimeout, readTimeout);\n return socket;\n }\n\n @Override\n public Socket createUnconnectedSocket() throws IOException {\n Socket socket = socketFactory.createSocket();\n socket.setSoTimeout((int) defaultReadTimeout.toMillis());\n logger.atFine().log(\"Created unconnected socket with read timeout %s\", defaultReadTimeout);\n return socket;\n }\n\n @Override\n public SSLSocket createSslSocket(String host, int port) throws IOException {\n return createSslSocket(host, port, defaultConnectTimeout, defaultReadTimeout);\n }\n\n @Override\n public SSLSocket createSslSocket(String host, int port, Duration timeout) throws IOException {\n return createSslSocket(host, port, timeout, timeout);\n }\n\n @Override\n public SSLSocket createSslSocket(\n String host, int port, Duration connectTimeout, Duration readTimeout) throws IOException {\n checkNotNull(host);\n checkArgument(port > 0 && port <= 65535, \"Port must be between 1 and 65535\");\n checkNotNull(connectTimeout);\n checkNotNull(readTimeout);\n\n logger.atFine().log(\n \"Creating SSL socket to %s:%d with connect timeout %s, read timeout %s\",\n host, port, connectTimeout, readTimeout);\n\n // Create a plain socket first, connect with timeout, then wrap with SSL\n Socket plainSocket = socketFactory.createSocket();\n configureAndConnect(\n plainSocket, new InetSocketAddress(host, port), connectTimeout, readTimeout);\n\n SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(plainSocket, host, port, true);\n sslSocket.setSoTimeout((int) readTimeout.toMillis());\n sslSocket.startHandshake();\n\n return sslSocket;\n }\n\n @Override\n public SSLSocket createSslSocket(InetAddress address, int port) throws IOException {\n return createSslSocket(address, port, defaultConnectTimeout, defaultReadTimeout);\n }\n\n @Override\n public SSLSocket createSslSocket(InetAddress address, int port, Duration timeout)\n throws IOException {\n return createSslSocket(address, port, timeout, timeout);\n }\n\n @Override\n public SSLSocket createSslSocket(\n InetAddress address, int port, Duration connectTimeout, Duration readTimeout)\n throws IOException {\n checkNotNull(address);\n checkArgument(port > 0 && port <= 65535, \"Port must be between 1 and 65535\");\n checkNotNull(connectTimeout);\n checkNotNull(readTimeout);\n\n logger.atFine().log(\n \"Creating SSL socket to %s:%d with connect timeout %s, read timeout %s\",\n address.getHostAddress(), port, connectTimeout, readTimeout);\n\n // Create a plain socket first, connect with timeout, then wrap with SSL\n Socket plainSocket = socketFactory.createSocket();\n configureAndConnect(\n plainSocket, new InetSocketAddress(address, port), connectTimeout, readTimeout);\n\n SSLSocket sslSocket =\n (SSLSocket)\n sslSocketFactory.createSocket(plainSocket, address.getHostAddress(), port, true);\n sslSocket.setSoTimeout((int) readTimeout.toMillis());\n sslSocket.startHandshake();\n\n return sslSocket;\n }\n\n @Override\n public SSLSocket wrapWithSsl(Socket socket, String host, int port, boolean autoClose)\n throws IOException {\n checkNotNull(socket);\n checkNotNull(host);\n checkArgument(port > 0 && port <= 65535, \"Port must be between 1 and 65535\");\n\n logger.atFine().log(\"Wrapping existing socket with SSL for host %s:%d\", host, port);\n\n SSLSocket sslSocket = (SSLSocket) sslSocketFactory.createSocket(socket, host, port, autoClose);\n // Preserve the timeout from the original socket if set, otherwise use default\n int originalTimeout = socket.getSoTimeout();\n if (originalTimeout > 0) {\n sslSocket.setSoTimeout(originalTimeout);\n } else {\n sslSocket.setSoTimeout((int) defaultReadTimeout.toMillis());\n }\n sslSocket.startHandshake();\n\n return sslSocket;\n }\n\n @Override\n public Duration getDefaultConnectTimeout() {\n return defaultConnectTimeout;\n }\n\n @Override\n public Duration getDefaultReadTimeout() {\n return defaultReadTimeout;\n }\n\n /**\n * Configures socket options and connects to the specified address with timeout.\n *\n * @param socket the socket to configure and connect\n * @param address the address to connect to\n * @param connectTimeout the timeout for establishing the connection\n * @param readTimeout the timeout for read operations\n * @throws IOException if an I/O error occurs\n */\n private void configureAndConnect(\n Socket socket, InetSocketAddress address, Duration connectTimeout, Duration readTimeout)\n throws IOException {\n // Set read timeout before connecting\n socket.setSoTimeout((int) readTimeout.toMillis());\n\n // Enable TCP keep-alive to detect dead connections\n socket.setKeepAlive(true);\n\n // Disable Nagle's algorithm for better latency in security scanning\n socket.setTcpNoDelay(true);\n\n // Connect with timeout\n socket.connect(address, (int) connectTimeout.toMillis());\n\n logger.atFine().log(\n \"Socket connected to %s with SO_TIMEOUT=%dms\", address, readTimeout.toMillis());\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/socket/TsunamiSocketFactory.java",
"content": "/*\n * Copyright 2026 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.socket;\n\nimport java.io.IOException;\nimport java.net.InetAddress;\nimport java.net.Socket;\nimport java.time.Duration;\nimport javax.net.ssl.SSLSocket;\n\n/**\n * A socket factory API for creating TCP sockets with enforced default configurations.\n *\n *
This API provides a normalized way to create sockets from Tsunami plugins, ensuring that\n * proper timeouts are always configured. This prevents plugins from hanging indefinitely when\n * servers don't respond.\n *\n *
Plugins should use this factory instead of directly creating sockets through {@link\n * javax.net.SocketFactory} or {@link javax.net.ssl.SSLSocketFactory} to ensure consistent behavior\n * and proper timeout handling.\n *\n *
\n */\npublic interface TsunamiSocketFactory {\n\n /**\n * Creates a TCP socket connected to the specified host and port with default timeouts.\n *\n *
The socket will be configured with the default connect and read timeouts specified in the\n * Tsunami configuration. If no configuration is provided, sensible defaults will be used.\n *\n * @param host the host to connect to\n * @param port the port to connect to\n * @return a connected socket with enforced timeouts\n * @throws IOException if an I/O error occurs while creating the socket\n */\n Socket createSocket(String host, int port) throws IOException;\n\n /**\n * Creates a TCP socket connected to the specified host and port with a single timeout.\n *\n *
The specified timeout will be used for both connection establishment and read operations.\n *\n * @param host the host to connect to\n * @param port the port to connect to\n * @param timeout the timeout for both connection and read operations\n * @return a connected socket with the specified timeout\n * @throws IOException if an I/O error occurs while creating the socket\n */\n Socket createSocket(String host, int port, Duration timeout) throws IOException;\n\n /**\n * Creates a TCP socket connected to the specified host and port with custom timeouts.\n *\n * @param host the host to connect to\n * @param port the port to connect to\n * @param connectTimeout the timeout for establishing the connection\n * @param readTimeout the timeout for read operations (SO_TIMEOUT)\n * @return a connected socket with the specified timeouts\n * @throws IOException if an I/O error occurs while creating the socket\n */\n Socket createSocket(String host, int port, Duration connectTimeout, Duration readTimeout)\n throws IOException;\n\n /**\n * Creates a TCP socket connected to the specified address and port with default timeouts.\n *\n * @param address the IP address to connect to\n * @param port the port to connect to\n * @return a connected socket with enforced timeouts\n * @throws IOException if an I/O error occurs while creating the socket\n */\n Socket createSocket(InetAddress address, int port) throws IOException;\n\n /**\n * Creates a TCP socket connected to the specified address and port with a single timeout.\n *\n *
The specified timeout will be used for both connection establishment and read operations.\n *\n * @param address the IP address to connect to\n * @param port the port to connect to\n * @param timeout the timeout for both connection and read operations\n * @return a connected socket with the specified timeout\n * @throws IOException if an I/O error occurs while creating the socket\n */\n Socket createSocket(InetAddress address, int port, Duration timeout) throws IOException;\n\n /**\n * Creates a TCP socket connected to the specified address and port with custom timeouts.\n *\n * @param address the IP address to connect to\n * @param port the port to connect to\n * @param connectTimeout the timeout for establishing the connection\n * @param readTimeout the timeout for read operations (SO_TIMEOUT)\n * @return a connected socket with the specified timeouts\n * @throws IOException if an I/O error occurs while creating the socket\n */\n Socket createSocket(InetAddress address, int port, Duration connectTimeout, Duration readTimeout)\n throws IOException;\n\n /**\n * Creates an unconnected TCP socket with default timeouts configured.\n *\n *
The returned socket will have SO_TIMEOUT set to the default read timeout. The caller is\n * responsible for connecting the socket, which should be done with a timeout.\n *\n * @return an unconnected socket with default read timeout configured\n * @throws IOException if an I/O error occurs while creating the socket\n */\n Socket createUnconnectedSocket() throws IOException;\n\n /**\n * Creates an SSL/TLS socket connected to the specified host and port with default timeouts.\n *\n *
The socket will be configured with the default connect and read timeouts. SSL/TLS handshake\n * will be performed automatically.\n *\n * @param host the host to connect to\n * @param port the port to connect to\n * @return a connected SSL socket with enforced timeouts\n * @throws IOException if an I/O error occurs while creating the socket\n */\n SSLSocket createSslSocket(String host, int port) throws IOException;\n\n /**\n * Creates an SSL/TLS socket connected to the specified host and port with a single timeout.\n *\n *
The specified timeout will be used for both connection establishment and read operations.\n *\n * @param host the host to connect to\n * @param port the port to connect to\n * @param timeout the timeout for both connection and read operations\n * @return a connected SSL socket with the specified timeout\n * @throws IOException if an I/O error occurs while creating the socket\n */\n SSLSocket createSslSocket(String host, int port, Duration timeout) throws IOException;\n\n /**\n * Creates an SSL/TLS socket connected to the specified host and port with custom timeouts.\n *\n * @param host the host to connect to\n * @param port the port to connect to\n * @param connectTimeout the timeout for establishing the connection\n * @param readTimeout the timeout for read operations (SO_TIMEOUT)\n * @return a connected SSL socket with the specified timeouts\n * @throws IOException if an I/O error occurs while creating the socket\n */\n SSLSocket createSslSocket(String host, int port, Duration connectTimeout, Duration readTimeout)\n throws IOException;\n\n /**\n * Creates an SSL/TLS socket connected to the specified address and port with default timeouts.\n *\n * @param address the IP address to connect to\n * @param port the port to connect to\n * @return a connected SSL socket with enforced timeouts\n * @throws IOException if an I/O error occurs while creating the socket\n */\n SSLSocket createSslSocket(InetAddress address, int port) throws IOException;\n\n /**\n * Creates an SSL/TLS socket connected to the specified address and port with a single timeout.\n *\n *
The specified timeout will be used for both connection establishment and read operations.\n *\n * @param address the IP address to connect to\n * @param port the port to connect to\n * @param timeout the timeout for both connection and read operations\n * @return a connected SSL socket with the specified timeout\n * @throws IOException if an I/O error occurs while creating the socket\n */\n SSLSocket createSslSocket(InetAddress address, int port, Duration timeout) throws IOException;\n\n /**\n * Creates an SSL/TLS socket connected to the specified address and port with custom timeouts.\n *\n * @param address the IP address to connect to\n * @param port the port to connect to\n * @param connectTimeout the timeout for establishing the connection\n * @param readTimeout the timeout for read operations (SO_TIMEOUT)\n * @return a connected SSL socket with the specified timeouts\n * @throws IOException if an I/O error occurs while creating the socket\n */\n SSLSocket createSslSocket(\n InetAddress address, int port, Duration connectTimeout, Duration readTimeout)\n throws IOException;\n\n /**\n * Wraps an existing socket with SSL/TLS.\n *\n *
This method is useful when you need to upgrade a plain TCP connection to SSL/TLS, such as\n * when implementing STARTTLS protocols.\n *\n * @param socket the existing socket to wrap\n * @param host the hostname for SNI (Server Name Indication)\n * @param port the port number\n * @param autoClose whether the underlying socket should be closed when the SSL socket is closed\n * @return an SSL socket wrapping the existing socket\n * @throws IOException if an I/O error occurs while creating the SSL socket\n */\n SSLSocket wrapWithSsl(Socket socket, String host, int port, boolean autoClose) throws IOException;\n\n /**\n * Returns the default connect timeout configured for this factory.\n *\n * @return the default connect timeout\n */\n Duration getDefaultConnectTimeout();\n\n /**\n * Returns the default read timeout configured for this factory.\n *\n * @return the default read timeout\n */\n Duration getDefaultReadTimeout();\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/socket/TsunamiSocketFactoryCliOptions.java",
"content": "/*\n * Copyright 2025 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.socket;\n\nimport com.beust.jcommander.Parameter;\nimport com.beust.jcommander.ParameterException;\nimport com.beust.jcommander.Parameters;\nimport com.google.tsunami.common.cli.CliOption;\nimport org.checkerframework.checker.nullness.qual.Nullable;\n\n/**\n * Command line arguments for {@link TsunamiSocketFactory}.\n *\n *
These options allow users to override socket timeout settings from the command line. CLI\n * options take precedence over configuration file settings.\n */\n@Parameters(separators = \"=\")\npublic final class TsunamiSocketFactoryCliOptions implements CliOption {\n\n @Parameter(\n names = \"--socket-connect-timeout-seconds\",\n description =\n \"The timeout in seconds for establishing TCP connections. This timeout applies to the\"\n + \" socket connect operation. Default is 10 seconds.\")\n public Integer connectTimeoutSeconds;\n\n @Parameter(\n names = \"--socket-read-timeout-seconds\",\n description =\n \"The timeout in seconds for read operations on sockets (SO_TIMEOUT). If no data is\"\n + \" received within this time, a SocketTimeoutException will be thrown. Default is 30\"\n + \" seconds.\")\n public Integer readTimeoutSeconds;\n\n @Parameter(\n names = \"--socket-trust-all-certificates\",\n arity = 1,\n description =\n \"Whether SSL/TLS connections should trust all certificates. When true, accepts any SSL\"\n + \" certificate without validation. Useful for scanning targets with self-signed\"\n + \" certificates. Default is true.\")\n public Boolean trustAllCertificates;\n\n @Parameter(\n names = \"--socket-disable-timeouts\",\n arity = 1,\n description =\n \"Disable all socket timeouts, allowing connections to wait indefinitely. WARNING: This\"\n + \" can cause plugins to hang forever if servers do not respond. Use with caution.\"\n + \" Default is false.\")\n public Boolean disableTimeouts;\n\n @Override\n public void validate() {\n // Skip timeout validation if timeouts are disabled\n if (disableTimeouts != null && disableTimeouts) {\n return;\n }\n validateTimeout(\"--socket-connect-timeout-seconds\", connectTimeoutSeconds);\n validateTimeout(\"--socket-read-timeout-seconds\", readTimeoutSeconds);\n }\n\n private static void validateTimeout(String flagName, @Nullable Integer value) {\n if (value != null && value < 0) {\n throw new ParameterException(\n String.format(\"%s cannot be a negative number, received %d.\", flagName, value));\n }\n if (value != null && value == 0) {\n throw new ParameterException(\n String.format(\n \"%s cannot be zero. Use a positive value for timeouts or pass the\"\n + \" --socket-disable-timeouts flag to disable timeouts entirely. Received %d.\",\n flagName, value));\n }\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/socket/TsunamiSocketFactoryConfigProperties.java",
"content": "/*\n * Copyright 2025 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.socket;\n\nimport com.google.tsunami.common.config.annotations.ConfigProperties;\n\n/**\n * Configuration properties for {@link TsunamiSocketFactory}.\n *\n *
These properties can be set in the Tsunami configuration file (e.g., tsunami.yaml) under the\n * {@code common.net.socket} prefix:\n *\n *
\n */\n@ConfigProperties(\"common.net.socket\")\npublic final class TsunamiSocketFactoryConfigProperties {\n\n /**\n * The timeout in seconds for establishing TCP connections.\n *\n *
This timeout applies to the socket connect operation. If the connection cannot be\n * established within this time, a {@link java.net.SocketTimeoutException} will be thrown.\n *\n *
Default value is 10 seconds if not specified.\n */\n Integer connectTimeoutSeconds;\n\n /**\n * The timeout in seconds for read operations on sockets.\n *\n *
This timeout is set as the socket's SO_TIMEOUT option. If no data is received within this\n * time, a {@link java.net.SocketTimeoutException} will be thrown.\n *\n *
Default value is 30 seconds if not specified. This is intentionally longer than the connect\n * timeout to allow for slow servers or large data transfers.\n */\n Integer readTimeoutSeconds;\n\n /**\n * Whether SSL/TLS connections should trust all certificates.\n *\n *
When set to true, the socket factory will accept any SSL certificate without validation.\n * This is useful for security scanning where targets may have self-signed or expired\n * certificates.\n *\n *
Warning: This should only be used in controlled environments. Setting this\n * to true disables certificate validation which could expose the scanner to man-in-the-middle\n * attacks.\n *\n *
Default value is true for security scanning purposes.\n */\n Boolean trustAllCertificates;\n\n /**\n * Whether to disable all socket timeouts.\n *\n *
When set to true, sockets will wait indefinitely for connections and data. This means\n * plugins may hang forever if a server does not respond.\n *\n *
Warning: Disabling timeouts is dangerous and can cause the scanner to hang\n * indefinitely. Only use this option if you have a specific need to wait for slow or unresponsive\n * servers.\n *\n *
Default value is false (timeouts are enforced).\n */\n Boolean disableTimeouts;\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/net/socket/TsunamiSocketFactoryModule.java",
"content": "/*\n * Copyright 2025 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.socket;\n\nimport com.google.inject.AbstractModule;\nimport com.google.inject.Provides;\nimport java.lang.annotation.ElementType;\nimport java.lang.annotation.Retention;\nimport java.lang.annotation.RetentionPolicy;\nimport java.lang.annotation.Target;\nimport java.security.GeneralSecurityException;\nimport java.security.SecureRandom;\nimport java.security.cert.X509Certificate;\nimport java.time.Duration;\nimport javax.inject.Qualifier;\nimport javax.inject.Singleton;\nimport javax.net.SocketFactory;\nimport javax.net.ssl.SSLContext;\nimport javax.net.ssl.SSLSocketFactory;\nimport javax.net.ssl.TrustManager;\nimport javax.net.ssl.X509TrustManager;\n\n/**\n * Guice module for installing {@link TsunamiSocketFactory}.\n *\n *
This module provides a {@link TsunamiSocketFactory} instance that creates sockets with\n * enforced timeout configurations. It integrates with Tsunami's configuration system to allow\n * customization of default timeouts through both configuration files and command-line options.\n *\n *
Example usage in a plugin:\n *\n *
{@code\n * public class MyPlugin implements VulnDetector {\n * private final TsunamiSocketFactory socketFactory;\n *\n * @Inject\n * MyPlugin(TsunamiSocketFactory socketFactory) {\n * this.socketFactory = socketFactory;\n * }\n *\n * public void doSomething() throws IOException {\n * // Socket will have enforced timeouts\n * Socket socket = socketFactory.createSocket(\"example.com\", 80);\n * // ...\n * }\n * }\n * }
\n */\npublic final class TsunamiSocketFactoryModule extends AbstractModule {\n\n // Default timeout values\n private static final int DEFAULT_CONNECT_TIMEOUT_SECONDS = 10;\n private static final int DEFAULT_READ_TIMEOUT_SECONDS = 30;\n private static final boolean DEFAULT_TRUST_ALL_CERTIFICATES = true;\n private static final boolean DEFAULT_DISABLE_TIMEOUTS = false;\n\n // This TrustManager does NOT validate certificate chains.\n private static final X509TrustManager TRUST_ALL_CERTS_MANAGER =\n new X509TrustManager() {\n @Override\n public void checkClientTrusted(X509Certificate[] chain, String authType) {}\n\n @Override\n public void checkServerTrusted(X509Certificate[] chain, String authType) {}\n\n @Override\n public X509Certificate[] getAcceptedIssuers() {\n return new X509Certificate[0];\n }\n };\n\n @Override\n protected void configure() {\n // Module configuration is handled by @Provides methods\n }\n\n @Provides\n @Singleton\n TsunamiSocketFactory provideTsunamiSocketFactory(\n @TrustAllCertificates boolean trustAllCertificates,\n @DisableTimeouts boolean disableTimeouts,\n @ConnectTimeoutSeconds int connectTimeoutSeconds,\n @ReadTimeoutSeconds int readTimeoutSeconds)\n throws GeneralSecurityException {\n SocketFactory socketFactory = SocketFactory.getDefault();\n SSLSocketFactory sslSocketFactory;\n\n if (trustAllCertificates) {\n SSLContext sslContext = SSLContext.getInstance(\"TLS\");\n sslContext.init(null, new TrustManager[] {TRUST_ALL_CERTS_MANAGER}, new SecureRandom());\n sslSocketFactory = sslContext.getSocketFactory();\n } else {\n sslSocketFactory = (SSLSocketFactory) SSLSocketFactory.getDefault();\n }\n\n // When timeouts are disabled, use 0 which means infinite timeout in Java\n Duration connectTimeout =\n disableTimeouts ? Duration.ZERO : Duration.ofSeconds(connectTimeoutSeconds);\n Duration readTimeout = disableTimeouts ? Duration.ZERO : Duration.ofSeconds(readTimeoutSeconds);\n\n return new DefaultTsunamiSocketFactory(\n socketFactory, sslSocketFactory, connectTimeout, readTimeout);\n }\n\n @Provides\n @DisableTimeouts\n boolean provideDisableTimeouts(\n TsunamiSocketFactoryCliOptions cliOptions,\n TsunamiSocketFactoryConfigProperties configProperties) {\n if (cliOptions.disableTimeouts != null) {\n return cliOptions.disableTimeouts;\n }\n if (configProperties.disableTimeouts != null) {\n return configProperties.disableTimeouts;\n }\n return DEFAULT_DISABLE_TIMEOUTS;\n }\n\n @Provides\n @TrustAllCertificates\n boolean provideTrustAllCertificates(\n TsunamiSocketFactoryCliOptions cliOptions,\n TsunamiSocketFactoryConfigProperties configProperties) {\n if (cliOptions.trustAllCertificates != null) {\n return cliOptions.trustAllCertificates;\n }\n if (configProperties.trustAllCertificates != null) {\n return configProperties.trustAllCertificates;\n }\n return DEFAULT_TRUST_ALL_CERTIFICATES;\n }\n\n @Provides\n @ConnectTimeoutSeconds\n int provideConnectTimeoutSeconds(\n TsunamiSocketFactoryCliOptions cliOptions,\n TsunamiSocketFactoryConfigProperties configProperties) {\n if (cliOptions.connectTimeoutSeconds != null) {\n return cliOptions.connectTimeoutSeconds;\n }\n if (configProperties.connectTimeoutSeconds != null) {\n return configProperties.connectTimeoutSeconds;\n }\n return DEFAULT_CONNECT_TIMEOUT_SECONDS;\n }\n\n @Provides\n @ReadTimeoutSeconds\n int provideReadTimeoutSeconds(\n TsunamiSocketFactoryCliOptions cliOptions,\n TsunamiSocketFactoryConfigProperties configProperties) {\n if (cliOptions.readTimeoutSeconds != null) {\n return cliOptions.readTimeoutSeconds;\n }\n if (configProperties.readTimeoutSeconds != null) {\n return configProperties.readTimeoutSeconds;\n }\n return DEFAULT_READ_TIMEOUT_SECONDS;\n }\n\n /** Qualifier for whether to disable all socket timeouts. */\n @Qualifier\n @Retention(RetentionPolicy.RUNTIME)\n @Target({ElementType.PARAMETER, ElementType.METHOD, ElementType.FIELD})\n public @interface DisableTimeouts {}\n\n /** Qualifier for whether to trust all SSL certificates. */\n @Qualifier\n @Retention(RetentionPolicy.RUNTIME)\n @Target({ElementType.PARAMETER, ElementType.METHOD, ElementType.FIELD})\n public @interface TrustAllCertificates {}\n\n /** Qualifier for the connect timeout in seconds. */\n @Qualifier\n @Retention(RetentionPolicy.RUNTIME)\n @Target({ElementType.PARAMETER, ElementType.METHOD, ElementType.FIELD})\n public @interface ConnectTimeoutSeconds {}\n\n /** Qualifier for the read timeout in seconds. */\n @Qualifier\n @Retention(RetentionPolicy.RUNTIME)\n @Target({ElementType.PARAMETER, ElementType.METHOD, ElementType.FIELD})\n public @interface ReadTimeoutSeconds {}\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/reflection/ClassGraphModule.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.reflection;\n\nimport static com.google.common.base.Preconditions.checkNotNull;\n\nimport com.google.inject.AbstractModule;\nimport io.github.classgraph.ScanResult;\n\n/** Guice module for providing ClassGraph bindings. */\npublic final class ClassGraphModule extends AbstractModule {\n private final ScanResult scanResult;\n\n public ClassGraphModule(ScanResult scanResult) {\n this.scanResult = checkNotNull(scanResult);\n }\n\n @Override\n protected void configure() {\n bind(ScanResult.class).annotatedWith(RuntimeClassGraphScanResult.class).toInstance(scanResult);\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/reflection/RuntimeClassGraphScanResult.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.reflection;\n\nimport static java.lang.annotation.ElementType.FIELD;\nimport static java.lang.annotation.ElementType.METHOD;\nimport static java.lang.annotation.ElementType.PARAMETER;\n\nimport java.lang.annotation.Retention;\nimport java.lang.annotation.RetentionPolicy;\nimport java.lang.annotation.Target;\nimport javax.inject.Qualifier;\n\n/** Annotation for the ClassGraph {@link io.github.classgraph.ScanResult} at runtime. */\n@Qualifier\n@Retention(RetentionPolicy.RUNTIME)\n@Target({PARAMETER, METHOD, FIELD})\npublic @interface RuntimeClassGraphScanResult {}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/server/CompactRunRequestHelper.java",
"content": "/*\n * Copyright 2024 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.server;\n\nimport com.google.common.collect.ImmutableList;\nimport com.google.tsunami.proto.MatchedPlugin;\nimport com.google.tsunami.proto.NetworkService;\nimport com.google.tsunami.proto.RunCompactRequest;\nimport com.google.tsunami.proto.RunCompactRequest.PluginNetworkServiceTarget;\nimport com.google.tsunami.proto.RunRequest;\nimport java.util.HashMap;\n\n/**\n * CompactRunRequestHelper is a helper class to compress/uncompress the RunRequest into/from the\n * compact representation.\n */\npublic final class CompactRunRequestHelper {\n\n private CompactRunRequestHelper() {}\n\n public static RunCompactRequest compress(RunRequest runRequest) {\n var builder = RunCompactRequest.newBuilder().setTarget(runRequest.getTarget());\n HashMap serviceIndexMap = new HashMap<>();\n int pluginIndex = -1;\n for (MatchedPlugin matchedPlugin : runRequest.getPluginsList()) {\n pluginIndex++;\n builder.addPlugins(matchedPlugin.getPlugin());\n for (NetworkService service : matchedPlugin.getServicesList()) {\n Integer serviceIndex = serviceIndexMap.get(service);\n if (serviceIndex == null) {\n serviceIndex = serviceIndexMap.size();\n serviceIndexMap.put(service, serviceIndex);\n builder.addServices(service);\n }\n\n builder.addScanTargets(\n PluginNetworkServiceTarget.newBuilder()\n .setPluginIndex(pluginIndex)\n .setServiceIndex(serviceIndex)\n .build());\n }\n }\n return builder.build();\n }\n\n public static RunRequest uncompress(RunCompactRequest runCompactRequest) {\n ImmutableList.Builder matchedPlugins = ImmutableList.builder();\n for (var target : runCompactRequest.getScanTargetsList()) {\n var plugin = runCompactRequest.getPlugins(target.getPluginIndex());\n var networkService = runCompactRequest.getServices(target.getServiceIndex());\n matchedPlugins.add(\n MatchedPlugin.newBuilder().setPlugin(plugin).addServices(networkService).build());\n }\n\n return RunRequest.newBuilder()\n .setTarget(runCompactRequest.getTarget())\n .addAllPlugins(matchedPlugins.build())\n .build();\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/server/LanguageServerCommand.java",
"content": "/*\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.server;\n\nimport com.google.auto.value.AutoValue;\nimport java.time.Duration;\nimport javax.annotation.Nullable;\n\n/** Command to spawn a language server and associated command lines. */\n@AutoValue\npublic abstract class LanguageServerCommand {\n public static LanguageServerCommand create(\n String serverCommand,\n @Nullable String serverAddress,\n String port,\n String logId,\n String outputDir,\n boolean trustAllSsl,\n Duration timeoutSeconds,\n String callbackAddress,\n int callbackPort,\n String pollingUri,\n int deadlineRunSeconds) {\n return new AutoValue_LanguageServerCommand(\n serverCommand,\n serverAddress,\n port,\n logId,\n outputDir,\n trustAllSsl,\n timeoutSeconds,\n callbackAddress,\n callbackPort,\n pollingUri,\n deadlineRunSeconds);\n }\n\n public abstract String serverCommand();\n\n public abstract String serverAddress();\n\n public abstract String port();\n\n public abstract String logId();\n\n public abstract String outputDir();\n\n public abstract boolean trustAllSslCert();\n\n public abstract Duration timeoutSeconds();\n\n public abstract String callbackAddress();\n\n public abstract int callbackPort();\n\n public abstract String pollingUri();\n\n public abstract int deadlineRunSeconds();\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/time/SystemUtcClockModule.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.time;\n\nimport com.google.inject.AbstractModule;\nimport java.time.Clock;\n\n/** Binds {@link java.time.Clock} to a {@code Clock.systemUTC()}. */\npublic class SystemUtcClockModule extends AbstractModule {\n\n @Override\n protected void configure() {\n bind(Clock.class).annotatedWith(UtcClock.class).toInstance(Clock.systemUTC());\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/time/UtcClock.java",
"content": "/*\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.time;\n\nimport java.lang.annotation.Retention;\nimport java.lang.annotation.RetentionPolicy;\nimport javax.inject.Qualifier;\n\n/** Annotation for the UTC {@link java.time.Clock} used in Tsunami. */\n@Qualifier\n@Retention(RetentionPolicy.RUNTIME)\npublic @interface UtcClock {}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/time/testing/FakeUtcClock.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.time.testing;\n\nimport static com.google.common.base.Preconditions.checkNotNull;\n\nimport java.time.Clock;\nimport java.time.Duration;\nimport java.time.Instant;\nimport java.time.ZoneId;\nimport java.time.ZoneOffset;\nimport java.util.concurrent.atomic.AtomicReference;\n\n/**\n * Implementation of a {@link java.time.Clock} that returns a settable {@link Instant} value.\n *\n *
By default, the clock is set to the {@link Instant} when the clock is created. Clock can be\n * set to a specific instant by {@link #setNow}.\n */\npublic final class FakeUtcClock extends Clock {\n\n private final AtomicReference nowReference = new AtomicReference<>();\n\n private FakeUtcClock(Instant now) {\n nowReference.set(checkNotNull(now));\n }\n\n /**\n * Create a {@link FakeUtcClock} instance initialized to UTC now.\n *\n *
To create a fake UTC clock at a specific instant, calling {@code setNow()} as in:\n *\n *
\n *\n * @return a {@link FakeUtcClock} instance.\n */\n public static FakeUtcClock create() {\n return new FakeUtcClock(Instant.now());\n }\n\n /**\n * Sets the return value of {@link #instant()}.\n *\n * @param now the instant that this clock points to\n * @return this\n */\n public FakeUtcClock setNow(Instant now) {\n nowReference.set(checkNotNull(now));\n return this;\n }\n\n /**\n * Advances the clock by the given duration.\n *\n *
NOTE: this method can be called with a negative duration if the clock needs to go back in\n * time.\n *\n * @param increment the duration to advance the clock by\n * @return this\n */\n public FakeUtcClock advance(Duration increment) {\n checkNotNull(increment);\n nowReference.getAndUpdate(now -> now.plus(increment));\n return this;\n }\n\n @Override\n public Instant instant() {\n return nowReference.get();\n }\n\n @Override\n public ZoneId getZone() {\n return ZoneOffset.UTC;\n }\n\n @Override\n public Clock withZone(ZoneId zone) {\n throw new UnsupportedOperationException(\"Setting ZoneId to FakeUtcClock is not supported\");\n }\n\n @Override\n public boolean equals(Object obj) {\n if (obj instanceof FakeUtcClock) {\n FakeUtcClock other = (FakeUtcClock) obj;\n return nowReference.get().equals(other.nowReference.get());\n }\n return false;\n }\n\n @Override\n public int hashCode() {\n return nowReference.get().hashCode();\n }\n\n @Override\n public String toString() {\n return String.format(\"FakeUtcClock(now = %s)\", nowReference.get());\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/time/testing/FakeUtcClockModule.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.time.testing;\n\nimport static com.google.common.base.Preconditions.checkNotNull;\n\nimport com.google.inject.AbstractModule;\nimport com.google.tsunami.common.time.UtcClock;\nimport java.time.Clock;\n\n/** Binds {@link java.time.Clock} to a {@link FakeUtcClock}. */\npublic class FakeUtcClockModule extends AbstractModule {\n private final FakeUtcClock fakeUtcClock;\n\n public FakeUtcClockModule() {\n this.fakeUtcClock = FakeUtcClock.create();\n }\n\n public FakeUtcClockModule(FakeUtcClock fakeUtcClock) {\n this.fakeUtcClock = checkNotNull(fakeUtcClock);\n }\n\n @Override\n protected void configure() {\n bind(Clock.class).annotatedWith(UtcClock.class).toInstance(fakeUtcClock);\n bind(FakeUtcClock.class).annotatedWith(UtcClock.class).toInstance(fakeUtcClock);\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/version/ComparisonUtility.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.version;\n\nimport java.util.List;\n\n/** Utility for version related comparison. */\nfinal class ComparisonUtility {\n\n private ComparisonUtility() {}\n\n /**\n * Compares two lists. If one list is shorter than the other, {@code fillValue} is used for\n * comparison.\n *\n *
For example, comparing {@code [1, 2, 3]} and {@code [1, 2, 3, 4]} with {@code fillValue}\n * equals to 10 is equivalent of comparing {@code [1, 2, 3, 10]} with {@code [1, 2, 3, 4]}.\n *\n * @param left list for comparison.\n * @param right list for comparison.\n * @param fillValue value to use if one list is shorter than the other.\n * @param element type of the list.\n * @return 0 if two lists equals, -1 if {@code left} is less than {@code right}, 1 otherwise.\n */\n static > int compareListWithFillValue(\n List left, List right, T fillValue) {\n int longest = Math.max(left.size(), right.size());\n for (int i = 0; i < longest; i++) {\n T leftElement = fillValue;\n T rightElement = fillValue;\n\n if (i < left.size()) {\n leftElement = left.get(i);\n }\n if (i < right.size()) {\n rightElement = right.get(i);\n }\n\n int compareResult = leftElement.compareTo(rightElement);\n if (compareResult != 0) {\n return compareResult;\n }\n }\n\n return 0;\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/version/KnownQualifier.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.version;\n\nimport static com.google.common.base.Preconditions.checkNotNull;\n\nimport com.google.common.base.Ascii;\nimport java.util.Arrays;\n\n/**\n * A list of all the known text token qualifiers from our vulnerability feeds and the order here\n * represents the precedence of these identifiers.\n */\nenum KnownQualifier implements Comparable {\n ALPHA(\"alpha\"),\n BETA(\"beta\"),\n PRE(\"pre\"),\n R(\"r\"),\n RC(\"rc\"),\n ABSENT(\"\"),\n P(\"p\"),\n PATCH(\"patch\"),\n PATCHED(\"patched\");\n\n private final String qualifierText;\n\n KnownQualifier(String qualifierText) {\n this.qualifierText = qualifierText;\n }\n\n String getQualifierText() {\n return this.qualifierText;\n }\n\n static boolean isKnownQualifier(String string) {\n checkNotNull(string);\n return Arrays.stream(KnownQualifier.values())\n .anyMatch(knownQualifier -> Ascii.equalsIgnoreCase(knownQualifier.qualifierText, string));\n }\n\n static KnownQualifier fromText(String string) {\n checkNotNull(string);\n return Arrays.stream(KnownQualifier.values())\n .filter(knownQualifier -> Ascii.equalsIgnoreCase(knownQualifier.qualifierText, string))\n .findFirst()\n .orElseThrow(\n () ->\n new IllegalArgumentException(\n String.format(\"%s is not a valid KnownQualifier text.\", string)));\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/version/Segment.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.version;\n\nimport com.google.auto.value.AutoValue;\nimport com.google.common.collect.ImmutableList;\nimport com.google.common.collect.ImmutableSet;\nimport com.google.errorprone.annotations.Immutable;\nimport java.util.Arrays;\nimport java.util.regex.Pattern;\nimport java.util.stream.Collectors;\n\n/**\n * The segment of a version number, separated by the semantic separators from the original version\n * string.\n *\n *
For example, there are 2 segments in version string \"2.1.1-alpha.1\": \"2.1.1\" and \"alpha.1\".\n *\n *
The first element of a Segment should always be a {@link KnownQualifier} token. If no {@link\n * KnownQualifier} is found in the segment, an ABSENT qualifier is added.\n */\n@AutoValue\n@Immutable\nabstract class Segment implements Comparable {\n static final Segment NULL = Segment.fromTokenList(ImmutableList.of(Token.EMPTY));\n\n private static final ImmutableSet TOKENIZER_DELIMITERS =\n ImmutableSet.of(\"\\\\.\", \"\\\\+\", \"-\", \":\", \"_\", \"~\");\n private static final Pattern TOKENIZER_SPLIT_REGEX =\n Pattern.compile(\n // Additional split on boundaries between number and text.\n \"(?<=\\\\D)(?=\\\\d)|(?<=\\\\d)(?=\\\\D)|\"\n // We keep the delimiter for comparison.\n + TOKENIZER_DELIMITERS.stream()\n .map(delimiter -> String.format(\"((?<=%1$s)|(?=%1$s))\", delimiter))\n .collect(Collectors.joining(\"|\")));\n private static final ImmutableSet EXCLUDED_TOKENS = ImmutableSet.of(\".\", \"gg\", \"N/A\");\n\n /** All the tokens within this segment. */\n abstract ImmutableList tokens();\n\n static Segment fromTokenList(ImmutableList tokens) {\n ImmutableList.Builder finalTokensBuilder = new ImmutableList.Builder<>();\n\n // Make sure Segment always starts with a KnownQualifier. See http://b/135912609 for details.\n if (tokens.isEmpty() || !tokens.get(0).isKnownQualifier()) {\n finalTokensBuilder.add(Token.fromKnownQualifier(KnownQualifier.ABSENT));\n }\n finalTokensBuilder.addAll(tokens);\n\n return new AutoValue_Segment(finalTokensBuilder.build());\n }\n\n static Segment fromString(String segmentString) {\n return parseFromString(segmentString);\n }\n\n private static Segment parseFromString(String segmentString) {\n ImmutableList rawTokens =\n Arrays.stream(TOKENIZER_SPLIT_REGEX.split(segmentString))\n .filter(token -> !token.isEmpty())\n .filter(token -> !EXCLUDED_TOKENS.contains(token))\n .collect(ImmutableList.toImmutableList());\n\n if (rawTokens.isEmpty()) {\n return Segment.NULL;\n }\n\n ImmutableList.Builder tokensBuilder = new ImmutableList.Builder<>();\n\n // Make sure Segment always starts with a KnownQualifier. See http://b/135912609 for details.\n if (!KnownQualifier.isKnownQualifier(rawTokens.get(0))) {\n tokensBuilder.add(Token.fromKnownQualifier(KnownQualifier.ABSENT));\n }\n\n // Parses token.\n for (String rawToken : rawTokens) {\n try {\n long numericToken = Long.parseLong(rawToken);\n tokensBuilder.add(Token.fromNumeric(numericToken));\n } catch (NumberFormatException e) {\n tokensBuilder.add(Token.fromText(rawToken));\n }\n }\n\n return Segment.fromTokenList(tokensBuilder.build());\n }\n\n @Override\n public int compareTo(Segment other) {\n return ComparisonUtility.compareListWithFillValue(this.tokens(), other.tokens(), Token.EMPTY);\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/version/Token.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.version;\n\nimport com.google.auto.value.AutoOneOf;\nimport com.google.common.base.Ascii;\nimport com.google.errorprone.annotations.Immutable;\n\n/**\n * Represents a token from a version string.\n *\n *
A token is the smallest meaningful piece of a version string. For example, there are 3 tokens\n * in version 2.1.1: [token(2), token(1), token(1)].\n */\n@Immutable\n@AutoOneOf(Token.Kind.class)\nabstract class Token implements Comparable {\n static final Token EMPTY = Token.fromKnownQualifier(KnownQualifier.ABSENT);\n\n /** All types of a token, required by the AutoOneOf annotation. */\n public enum Kind {\n NUMERIC,\n TEXT\n }\n\n abstract Kind getKind();\n\n abstract long getNumeric();\n static Token fromNumeric(long numeric) {\n return AutoOneOf_Token.numeric(numeric);\n }\n boolean isNumeric() {\n return getKind().equals(Kind.NUMERIC);\n }\n\n abstract String getText();\n static Token fromText(String string) {\n return AutoOneOf_Token.text(Ascii.toLowerCase(string));\n }\n boolean isText() {\n return getKind().equals(Kind.TEXT);\n }\n\n static Token fromKnownQualifier(KnownQualifier knownQualifier) {\n return AutoOneOf_Token.text(knownQualifier.getQualifierText());\n }\n boolean isKnownQualifier() {\n return isText() && KnownQualifier.isKnownQualifier(getText());\n }\n boolean isEmptyToken() {\n return isText() && getText().isEmpty();\n }\n\n @Override\n public int compareTo(Token other) {\n // Empty tokens are always the same.\n if (this.isEmptyToken() && other.isEmptyToken()) {\n return 0;\n }\n\n /*\n * If the tokens under comparison are one Empty token and one Numeric token, then Empty token\n * should always be less than Numeric token, e.g. version 2.1 is less than 2.1.1 (i.e.\n * 2.1.empty < 2.1.1, empty < 1).\n */\n if (this.isEmptyToken() && other.isNumeric()) {\n return -1;\n }\n if (this.isNumeric() && other.isEmptyToken()) {\n return 1;\n }\n\n /*\n * For Numeric and Text tokens, we follow the specification from http://semver.org#spec-item-11:\n * 1. Numeric tokens are compared numerically.\n * 2. Text tokens are compared lexically, case insensitively.\n * 3. Numeric identifiers always have lower precedence than non-numeric identifiers.\n *\n * For all the known qualifiers, we apply the comparison rules defined by KnownQualifier.\n */\n if (this.isNumeric() && other.isNumeric()) {\n return Long.compare(this.getNumeric(), other.getNumeric());\n }\n\n if (this.isKnownQualifier() && other.isKnownQualifier()) {\n return KnownQualifier.fromText(this.getText())\n .compareTo(KnownQualifier.fromText(other.getText()));\n }\n\n if (this.isText() && other.isText()) {\n return this.getText().compareToIgnoreCase(other.getText());\n }\n\n // Cross type comparison, Numeric token is always less than Text tokens.\n return this.getKind().compareTo(other.getKind());\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/version/Version.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.version;\n\nimport static com.google.common.base.Preconditions.checkArgument;\n\nimport com.google.auto.value.AutoValue;\nimport com.google.auto.value.extension.memoized.Memoized;\nimport com.google.common.base.Strings;\nimport com.google.common.collect.ImmutableList;\nimport com.google.errorprone.annotations.Immutable;\nimport java.util.Arrays;\nimport java.util.regex.Pattern;\n\n/**\n * Software version class that support 3 types. Type {@link Type#NORMAL} with a version number, type\n * {@link Type#MAXIMUM} and {@link Type#MINIMUM} for use in version range to indicate unbounded\n * ranges.\n *\n *
Version is suitable for unstructured version string and supports comparison operations using\n * extra logic that detects semantic qualifier.\n *\n *
The current logic support comparison of versions that respect order, like:\n *\n *
\n *\n * Known limitation of this approach are versions with no order, like commit hashes.\n */\n@AutoValue\n@Immutable\npublic abstract class Version implements Comparable {\n private static final Pattern EPOCH_PATTERN = Pattern.compile(\"\\\\d+[:|_].*\");\n private static final Pattern SEMANTIC_SEGMENT_SEPARATORS = Pattern.compile(\"[-:_~]\");\n private static final Version MAXIMUM =\n builder().setVersionType(Type.MAXIMUM).setVersionString(\"\").build();\n private static final Version MINIMUM =\n builder().setVersionType(Type.MINIMUM).setVersionString(\"\").build();\n\n /**\n * Software version class that support 3 types. Type {@link Type#NORMAL} with a version number,\n * type {@link Type#MAXIMUM} and {@link Type#MINIMUM} for use in version range to indicate\n * unbounded ranges.\n */\n public enum Type {\n NORMAL,\n MINIMUM,\n MAXIMUM\n }\n\n abstract Type versionType();\n public abstract String versionString();\n\n @Memoized\n ImmutableList segments() {\n String normalizedString = versionString();\n // Add a default epoch of 0 if one is missing.\n if (!EPOCH_PATTERN.matcher(normalizedString).matches()) {\n normalizedString = \"0:\" + normalizedString;\n }\n\n return Arrays.stream(SEMANTIC_SEGMENT_SEPARATORS.split(normalizedString))\n .filter(segment -> !segment.isEmpty())\n .map(Segment::fromString)\n .filter(segment -> !segment.equals(Segment.NULL))\n .collect(ImmutableList.toImmutableList());\n }\n\n public static Builder builder() {\n return new AutoValue_Version.Builder();\n }\n\n public static Version fromString(String versionString) {\n checkArgument(!Strings.isNullOrEmpty(versionString));\n Version version = builder().setVersionType(Type.NORMAL).setVersionString(versionString).build();\n if (!EPOCH_PATTERN.matcher(versionString).matches()) {\n versionString = \"0:\" + versionString;\n }\n\n boolean isValid =\n version.segments().stream()\n .flatMap(segment -> segment.tokens().stream())\n .anyMatch(\n token ->\n (token.isNumeric() && token.getNumeric() != 0)\n || (token.isText() && !token.getText().isEmpty()));\n if (!isValid) {\n throw new IllegalArgumentException(\n String.format(\n \"Input version string %s is not valid, it should contain at least one non-empty\"\n + \" field.\",\n versionString));\n }\n return version;\n }\n\n public static Version maximum() {\n return MAXIMUM;\n }\n\n public boolean isMaximum() {\n return versionType().equals(Type.MAXIMUM);\n }\n\n public static Version minimum() {\n return MINIMUM;\n }\n\n public boolean isMinimum() {\n return versionType().equals(Type.MINIMUM);\n }\n\n /**\n * Compare this Version object with the other one using their meaningful segments.\n *\n *
IMPORTANT: This compareTo implementation is NOT consistent with {@link\n * Version#equals(Object)} method, i.e. this.compareTo(that) == 0 does not imply\n * this.equals(that). The reason is that the raw version string is tokenized and certain tokens\n * are ignored. Tokenized strings are used for {@link #compareTo} comparison while raw version\n * string is used for {@link #equals} comparison. Be careful when using {@link Version} object in\n * collections like {@code HashMap} or {@code TreeMap}.\n *\n * @param other the other {@link Version} object to be compared with.\n * @return 0 if the segments of the two {@link Version} objects are the same, -1 if this {@link\n * Version} is less than {@code other}, 1 if this {@link Version} is greater than {@code\n * other}.\n */\n @Override\n public int compareTo(Version other) {\n if ((this.isMinimum() && other.isMinimum()) || (this.isMaximum() && other.isMaximum())) {\n return 0;\n }\n\n if (this.isMinimum() || other.isMaximum()) {\n return -1;\n }\n\n if (this.isMaximum() || other.isMinimum()) {\n return 1;\n }\n\n return ComparisonUtility.compareListWithFillValue(\n this.segments(), other.segments(), Segment.NULL);\n }\n\n public boolean isLessThan(Version version) {\n return this.compareTo(version) < 0;\n }\n\n /** Builder for {@link Version}. */\n @AutoValue.Builder\n public abstract static class Builder {\n public abstract Builder setVersionType(Type value);\n public abstract Builder setVersionString(String value);\n\n public abstract Version build();\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/version/VersionRange.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.version;\n\nimport static com.google.common.base.Preconditions.checkArgument;\n\nimport com.google.auto.value.AutoValue;\nimport com.google.common.base.CharMatcher;\nimport com.google.common.base.Strings;\nimport com.google.errorprone.annotations.Immutable;\n\n/** Immutable version range, e.g. [1.0, 2.0), (,3.0), etc. */\n@AutoValue\n@Immutable\npublic abstract class VersionRange {\n /** The inclusiveness of the range endpoint. */\n public enum Inclusiveness {\n INCLUSIVE,\n EXCLUSIVE\n }\n\n public abstract Version minVersion();\n public abstract Inclusiveness minVersionInclusiveness();\n public abstract Version maxVersion();\n public abstract Inclusiveness maxVersionInclusiveness();\n\n public static Builder builder() {\n return new AutoValue_VersionRange.Builder();\n }\n\n /** Builder for {@link VersionRange}. */\n @AutoValue.Builder\n public abstract static class Builder {\n public abstract Builder setMinVersion(Version value);\n public abstract Builder setMinVersionInclusiveness(Inclusiveness value);\n public abstract Builder setMaxVersion(Version value);\n public abstract Builder setMaxVersionInclusiveness(Inclusiveness value);\n\n public abstract VersionRange build();\n }\n\n /**\n * Parses the given {@code rangeString} and generates a {@link VersionRange} object.\n *\n *
Valid strings for a version range are like:\n *\n *
\n *
(,1.0]: from negative infinity to version 1.0 (inclusive).\n *
(,1.0): from negative infinity to version 1.0 (exclusive).\n *
[1.0,): from version 1.0 (inclusive) to positive infinity.\n *
(1.0,): from version 1.0 (exclusive) to positive infinity.\n *
[1.0,2.0): from version 1.0 (inclusive) to version 2.0 (exclusive).\n *
\n *\n * @param rangeString the string representation of a version range.\n * @return the parsed {@link VersionRange} object from the given string.\n */\n public static VersionRange parse(String rangeString) {\n validateRangeString(rangeString);\n\n Inclusiveness minVersionInclusiveness =\n rangeString.startsWith(\"[\") ? Inclusiveness.INCLUSIVE : Inclusiveness.EXCLUSIVE;\n Inclusiveness maxVersionInclusiveness =\n rangeString.endsWith(\"]\") ? Inclusiveness.INCLUSIVE : Inclusiveness.EXCLUSIVE;\n\n int commaIndex = rangeString.indexOf(',');\n\n String minVersionString = rangeString.substring(1, commaIndex).trim();\n Version minVersion;\n if (minVersionString.isEmpty()) {\n minVersionInclusiveness = Inclusiveness.EXCLUSIVE;\n minVersion = Version.minimum();\n } else {\n minVersion = Version.fromString(minVersionString);\n }\n\n String maxVersionString =\n rangeString.substring(commaIndex + 1, rangeString.length() - 1).trim();\n Version maxVersion;\n if (maxVersionString.isEmpty()) {\n maxVersionInclusiveness = Inclusiveness.EXCLUSIVE;\n maxVersion = Version.maximum();\n } else {\n maxVersion = Version.fromString(maxVersionString);\n }\n\n if (!minVersion.isLessThan(maxVersion)) {\n throw new IllegalArgumentException(\n String.format(\n \"Min version in range must be less than max version in range, got '%s'\",\n rangeString));\n }\n\n return builder()\n .setMinVersion(minVersion)\n .setMinVersionInclusiveness(minVersionInclusiveness)\n .setMaxVersion(maxVersion)\n .setMaxVersionInclusiveness(maxVersionInclusiveness)\n .build();\n }\n\n public static boolean isValidVersionRange(String rangeString) {\n try {\n parse(rangeString);\n return true;\n } catch (Throwable t) {\n return false;\n }\n }\n\n private static void validateRangeString(String rangeString) {\n checkArgument(!Strings.isNullOrEmpty(rangeString), \"Range string cannot be empty.\");\n\n // Version range string must start with '[' or '('.\n if (!rangeString.startsWith(\"[\") && !rangeString.startsWith(\"(\")) {\n throw new IllegalArgumentException(\n String.format(\"Version range must start with '[' or '(', got '%s'\", rangeString));\n }\n\n // Version range string must end with ']' or ')'.\n if (!rangeString.endsWith(\"]\") && !rangeString.endsWith(\")\")) {\n throw new IllegalArgumentException(\n String.format(\"Version range must end with ']' or ')', got '%s'\", rangeString));\n }\n\n // Remove the leading and ending parenthesis and brackets.\n String trimmedRange = rangeString.substring(1, rangeString.length() - 1).trim();\n\n // No more parenthesis and brackets in the string.\n if (CharMatcher.anyOf(\"[()]\").matchesAnyOf(trimmedRange)) {\n throw new IllegalArgumentException(\n String.format(\n \"Parenthesis and/or brackets not allowed within version range, got '%s'\",\n rangeString));\n }\n\n // Only one comma that separates the minimum and maximum.\n if (CharMatcher.is(',').countIn(trimmedRange) != 1) {\n throw new IllegalArgumentException(\n String.format(\"Invalid range of versions, got '%s'\", rangeString));\n }\n\n // Version range of minimum to maximum is not supported.\n if (trimmedRange.equals(\",\")) {\n throw new IllegalArgumentException(\n String.format(\"Infinity range is not supported, got '%s'\", rangeString));\n }\n }\n}\n"
},
{
"path": "common/src/main/java/com/google/tsunami/common/version/VersionSet.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.version;\n\nimport static com.google.common.base.Preconditions.checkArgument;\nimport static com.google.common.base.Preconditions.checkNotNull;\n\nimport com.google.auto.value.AutoValue;\nimport com.google.common.base.CharMatcher;\nimport com.google.common.collect.ImmutableList;\nimport com.google.errorprone.annotations.Immutable;\n\n/** Immutable set of discrete versions and version ranges. */\n@AutoValue\n@Immutable\npublic abstract class VersionSet {\n public abstract ImmutableList versions();\n public abstract ImmutableList versionRanges();\n\n public static Builder builder() {\n return new AutoValue_VersionSet.Builder();\n }\n\n /** Builder for {@link VersionSet}. */\n @AutoValue.Builder\n public abstract static class Builder {\n abstract ImmutableList.Builder versionsBuilder();\n public Builder addVersion(Version version) {\n versionsBuilder().add(version);\n return this;\n }\n\n abstract ImmutableList.Builder versionRangesBuilder();\n public Builder addVersionRange(VersionRange versionRange) {\n versionRangesBuilder().add(versionRange);\n return this;\n }\n\n public abstract VersionSet build();\n }\n\n public static VersionSet parse(ImmutableList versionAndRangesList) {\n checkNotNull(versionAndRangesList);\n checkArgument(!versionAndRangesList.isEmpty(), \"Versions and ranges list cannot be empty.\");\n\n VersionSet.Builder versionSetBuilder = VersionSet.builder();\n\n for (String versionOrRangeString : versionAndRangesList) {\n if (isDiscreteVersion(versionOrRangeString)) {\n versionSetBuilder.addVersion(Version.fromString(versionOrRangeString));\n } else if (VersionRange.isValidVersionRange(versionOrRangeString)) {\n versionSetBuilder.addVersionRange(VersionRange.parse(versionOrRangeString));\n } else {\n throw new IllegalArgumentException(\n String.format(\n \"String '%s' is neither a discrete string nor a version range.\",\n versionOrRangeString));\n }\n }\n\n return versionSetBuilder.build();\n }\n\n private static boolean isDiscreteVersion(String versionOrRangeString) {\n return CharMatcher.anyOf(\"[()], \").matchesNoneOf(versionOrRangeString);\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/cli/CliOptionsModuleTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.cli;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static org.junit.Assert.assertThrows;\n\nimport com.beust.jcommander.Parameter;\nimport com.beust.jcommander.ParameterException;\nimport com.beust.jcommander.Parameters;\nimport com.google.common.base.Strings;\nimport com.google.inject.CreationException;\nimport com.google.inject.Guice;\nimport com.google.inject.Injector;\nimport io.github.classgraph.ClassGraph;\nimport io.github.classgraph.ScanResult;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link CliOptionsModule}. */\n@RunWith(JUnit4.class)\npublic class CliOptionsModuleTest {\n @Test\n public void configure_whenValidArgs_parsesSuccessfully() {\n try (ScanResult scanResult =\n new ClassGraph()\n .enableAllInfo()\n .whitelistClasses(\n TestOption.class.getTypeName(), TestOptionWithRequiredParam.class.getTypeName())\n .scan()) {\n Injector injector =\n Guice.createInjector(\n new CliOptionsModule(\n scanResult, \"test\", new String[] {\"--test=testoption\", \"--test_required=abc\"}));\n\n TestOption testOption = injector.getInstance(TestOption.class);\n TestOptionWithRequiredParam testOptionWithRequiredParam =\n injector.getInstance(TestOptionWithRequiredParam.class);\n\n assertThat(testOption.test).isEqualTo(\"testoption\");\n assertThat(testOptionWithRequiredParam.testRequired).isEqualTo(\"abc\");\n }\n }\n\n @Test\n public void configure_whenMissingRequiredArgs_throwsException() {\n try (ScanResult scanResult =\n new ClassGraph()\n .enableAllInfo()\n .whitelistClasses(\n TestOption.class.getTypeName(), TestOptionWithRequiredParam.class.getTypeName())\n .scan()) {\n CreationException ex =\n assertThrows(\n CreationException.class,\n () ->\n Guice.createInjector(\n new CliOptionsModule(scanResult, \"test\", new String[] {\"--test=test\"})));\n assertThat(ex).hasCauseThat().isInstanceOf(ParameterException.class);\n }\n }\n\n @Test\n public void configure_whenInvalidArgs_throwsException() {\n try (ScanResult scanResult =\n new ClassGraph().enableAllInfo().whitelistClasses(TestOption.class.getTypeName()).scan()) {\n CreationException ex =\n assertThrows(\n CreationException.class,\n () ->\n Guice.createInjector(\n new CliOptionsModule(scanResult, \"test\", new String[] {\"--test=invalid\"})));\n assertThat(ex).hasCauseThat().isInstanceOf(ParameterException.class);\n }\n }\n\n @Test\n public void configure_whenUnknownArgs_throwsException() {\n try (ScanResult scanResult =\n new ClassGraph().enableAllInfo().whitelistClasses(TestOption.class.getTypeName()).scan()) {\n CreationException ex =\n assertThrows(\n CreationException.class,\n () ->\n Guice.createInjector(\n new CliOptionsModule(\n scanResult, \"test\", new String[] {\"--test=test\", \"--unknown=unknown\"})));\n assertThat(ex).hasCauseThat().isInstanceOf(ParameterException.class);\n }\n }\n\n @Test\n public void configure_whenCliOptionNoCorrectCtor_throwsException() {\n try (ScanResult scanResult =\n new ClassGraph()\n .enableAllInfo()\n .whitelistClasses(TestOptionWithoutNoArgumentCtor.class.getTypeName())\n .scan()) {\n assertThrows(\n AssertionError.class,\n () ->\n Guice.createInjector(\n new CliOptionsModule(scanResult, \"test\", new String[] {})));\n }\n }\n\n @Parameters(separators = \"=\")\n private static final class TestOption implements CliOption {\n @Parameter(names = \"--test\", description = \"A test option\")\n String test;\n\n @Override\n public void validate() {\n if (Strings.isNullOrEmpty(test)) {\n throw new ParameterException(\"Empty test param\");\n }\n\n if (!test.startsWith(\"test\")) {\n throw new ParameterException(\"test param value must start with 'test'\");\n }\n }\n }\n\n @Parameters(separators = \"=\")\n private static final class TestOptionWithRequiredParam implements CliOption {\n @Parameter(names = \"--test_required\", description = \"A required option\", required = true)\n String testRequired;\n\n @Override\n public void validate() {}\n }\n\n @Parameters(separators = \"=\")\n private static final class TestOptionWithoutNoArgumentCtor implements CliOption {\n String testOption;\n\n TestOptionWithoutNoArgumentCtor(String testOption) {\n this.testOption = testOption;\n }\n\n @Override\n public void validate() {}\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/command/CommandExecutorFactoryTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.command;\n\nimport static com.google.common.truth.Truth.assertThat;\n\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\nimport org.mockito.Mockito;\n\n/** Tests for {@link CommandExecutorFactory}. */\n@RunWith(JUnit4.class)\npublic final class CommandExecutorFactoryTest {\n\n @Test\n public void getInstance_whenNoPreviousInstanceIsProvided_createsNewProcessExecutor() {\n CommandExecutor executor = CommandExecutorFactory.create(\"fakeArgs\");\n assertThat(executor).isNotNull();\n }\n\n @Test\n public void getInstance_whenPreviousInstanceIsProvided_returnsProvidedInstance() {\n CommandExecutor executor = Mockito.mock(CommandExecutor.class);\n CommandExecutorFactory.setInstance(executor);\n\n assertThat(CommandExecutorFactory.create(\"fakeArgs\")).isSameInstanceAs(executor);\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/command/CommandExecutorTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.command;\n\nimport static com.google.common.truth.Truth.assertThat;\n\nimport java.io.IOException;\nimport java.util.concurrent.ExecutionException;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link CommandExecutor}. */\n@RunWith(JUnit4.class)\npublic final class CommandExecutorTest {\n\n @Test\n public void execute_always_startsProcessAndReturnsProcessInstance()\n throws IOException, InterruptedException, ExecutionException {\n CommandExecutor executor = new CommandExecutor(\"/bin/sh\", \"-c\", \"echo 1\");\n\n Process process = executor.execute();\n process.waitFor();\n\n assertThat(process.exitValue()).isEqualTo(0);\n }\n\n @Test\n public void executeAsync_always_startsProcessAndReturnsProcessInstance()\n throws IOException, InterruptedException, ExecutionException {\n CommandExecutor executor = new CommandExecutor(\"/bin/sh\", \"-c\", \"echo 1\");\n\n Process process = executor.executeAsync();\n process.waitFor();\n\n assertThat(process.exitValue()).isEqualTo(0);\n }\n\n @Test\n public void executeWithNoStreamCollection_always_startsProcessAndReturnsProcessInstance()\n throws IOException, InterruptedException, ExecutionException {\n CommandExecutor executor = new CommandExecutor(\"/bin/sh\", \"-c\", \"echo 1\");\n\n Process process = executor.executeWithNoStreamCollection();\n process.waitFor();\n\n assertThat(process.exitValue()).isEqualTo(0);\n }\n\n @Test\n public void getOutput_always_returnsExpect()\n throws IOException, InterruptedException, ExecutionException {\n CommandExecutor executor = new CommandExecutor(\"/bin/sh\", \"-c\", \"echo 1\");\n\n Process process = executor.execute();\n process.waitFor();\n\n assertThat(executor.getOutput()).isEqualTo(\"1\\n\");\n }\n\n @Test\n public void getOutput_withMultipleGetOutputCalls_returnsExpect()\n throws IOException, InterruptedException, ExecutionException {\n CommandExecutor executor = new CommandExecutor(\"/bin/sh\", \"-c\", \"echo 1\");\n\n Process process = executor.execute();\n process.waitFor();\n\n assertThat(executor.getOutput()).isEqualTo(\"1\\n\");\n assertThat(executor.getOutput()).isEqualTo(\"1\\n\");\n }\n\n @Test\n public void getError_always_returnsExpect()\n throws IOException, InterruptedException, ExecutionException {\n CommandExecutor executor = new CommandExecutor(\"/bin/sh\", \"-c\", \"echo 1 1>&2\");\n\n Process process = executor.execute();\n process.waitFor();\n\n assertThat(executor.getError()).isEqualTo(\"1\\n\");\n }\n\n @Test\n public void getError_withMultipleGetOutputCalls_returnsExpect()\n throws IOException, InterruptedException, ExecutionException {\n CommandExecutor executor = new CommandExecutor(\"/bin/sh\", \"-c\", \"echo 1 1>&2\");\n\n Process process = executor.execute();\n process.waitFor();\n\n assertThat(executor.getError()).isEqualTo(\"1\\n\");\n assertThat(executor.getError()).isEqualTo(\"1\\n\");\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/concurrent/BaseThreadPoolModuleTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.concurrent;\n\nimport static org.junit.Assert.assertThrows;\n\nimport com.google.common.util.concurrent.ListeningExecutorService;\nimport com.google.inject.AbstractModule;\nimport com.google.inject.Key;\nimport java.lang.annotation.Retention;\nimport java.lang.annotation.RetentionPolicy;\nimport javax.inject.Qualifier;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link ThreadPoolModule}. */\n@RunWith(JUnit4.class)\npublic final class BaseThreadPoolModuleTest {\n\n /** Internal annotation used for tests. */\n @Qualifier\n @Retention(RetentionPolicy.RUNTIME)\n @interface TestThreadPool {}\n\n static final class TestThreadPoolModule extends BaseThreadPoolModule {\n\n TestThreadPoolModule(Builder builder) {\n super(builder);\n }\n\n @Override\n void configureThreadPool(Key key) {}\n\n static final class Builder\n extends BaseThreadPoolModuleBuilder {\n\n Builder() {\n super(ListeningExecutorService.class);\n }\n\n @Override\n Builder self() {\n return this;\n }\n\n @Override\n void validate() {}\n\n @Override\n AbstractModule newModule() {\n return new TestThreadPoolModule(this);\n }\n }\n }\n\n @Test\n public void build_whenNoName_throwsIllegalStateException() {\n assertThrows(IllegalStateException.class, () -> new TestThreadPoolModule.Builder().build());\n }\n\n @Test\n public void build_whenEmptyName_throwsIllegalArgumentException() {\n assertThrows(\n IllegalArgumentException.class,\n () -> new TestThreadPoolModule.Builder().setName(\"\").build());\n }\n\n @Test\n public void build_whenNegativeCoreSize_throwsIllegalArgumentException() {\n assertThrows(\n IllegalArgumentException.class,\n () -> new TestThreadPoolModule.Builder().setName(\"test\").setCoreSize(-1).build());\n }\n\n @Test\n public void build_whenNegativeMaxSize_throwsIllegalArgumentException() {\n assertThrows(\n IllegalArgumentException.class,\n () -> new TestThreadPoolModule.Builder().setName(\"test\").setMaxSize(-1).build());\n }\n\n @Test\n public void build_whenNegativeKeepAliveSeconds_throwsIllegalArgumentException() {\n assertThrows(\n IllegalArgumentException.class,\n () ->\n new TestThreadPoolModule.Builder()\n .setName(\"test\")\n .setMaxSize(1)\n .setKeepAliveSeconds(-1)\n .build());\n }\n\n @Test\n public void build_whenCoreSizeLessThanMaxSize_throwsIllegalStateException() {\n assertThrows(\n IllegalStateException.class,\n () ->\n new TestThreadPoolModule.Builder()\n .setName(\"test\")\n .setCoreSize(2)\n .setMaxSize(1)\n .setAnnotation(TestThreadPool.class)\n .build());\n }\n\n @Test\n public void build_whenNoAnnotation_throwsIllegalStateException() {\n assertThrows(\n IllegalStateException.class,\n () -> new TestThreadPoolModule.Builder().setName(\"test\").build());\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/concurrent/ScheduledThreadPoolModuleTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.concurrent;\n\nimport static com.google.common.truth.Truth.assertThat;\n\nimport com.google.common.util.concurrent.ListeningScheduledExecutorService;\nimport com.google.inject.Guice;\nimport com.google.inject.Injector;\nimport com.google.inject.Key;\nimport java.lang.annotation.Retention;\nimport java.lang.annotation.RetentionPolicy;\nimport java.util.concurrent.ScheduledExecutorService;\nimport javax.inject.Qualifier;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link ScheduledThreadPoolModule}. */\n@RunWith(JUnit4.class)\npublic final class ScheduledThreadPoolModuleTest {\n\n /** Internal annotation used for tests. */\n @Qualifier\n @Retention(RetentionPolicy.RUNTIME)\n @interface TestThreadPool {}\n\n @Test\n public void configure_always_bindsListeningScheduledExecutorService() {\n Injector injector =\n Guice.createInjector(\n new ScheduledThreadPoolModule.Builder()\n .setName(\"test\")\n .setSize(1)\n .setAnnotation(TestThreadPool.class)\n .build());\n\n assertThat(\n injector.getInstance(Key.get(ScheduledExecutorService.class, TestThreadPool.class)))\n .isInstanceOf(ListeningScheduledExecutorService.class);\n }\n\n @Test\n public void configure_always_bindsSingleton() {\n Injector injector =\n Guice.createInjector(\n new ScheduledThreadPoolModule.Builder()\n .setName(\"test\")\n .setSize(1)\n .setAnnotation(TestThreadPool.class)\n .build());\n\n ScheduledExecutorService scheduledExecutorService =\n injector.getInstance(Key.get(ScheduledExecutorService.class, TestThreadPool.class));\n ListeningScheduledExecutorService listeningScheduledExecutorService =\n injector.getInstance(\n Key.get(ListeningScheduledExecutorService.class, TestThreadPool.class));\n\n assertThat(scheduledExecutorService).isSameInstanceAs(listeningScheduledExecutorService);\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/concurrent/ThreadPoolModuleTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.concurrent;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static org.junit.Assert.assertThrows;\n\nimport com.google.common.util.concurrent.ListeningExecutorService;\nimport com.google.inject.Guice;\nimport com.google.inject.Injector;\nimport com.google.inject.Key;\nimport java.lang.annotation.Retention;\nimport java.lang.annotation.RetentionPolicy;\nimport java.util.concurrent.Executor;\nimport java.util.concurrent.ExecutorService;\nimport java.util.concurrent.PriorityBlockingQueue;\nimport javax.inject.Qualifier;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link ThreadPoolModule}. */\n@RunWith(JUnit4.class)\npublic final class ThreadPoolModuleTest {\n\n /** Internal annotation used for tests. */\n @Qualifier\n @Retention(RetentionPolicy.RUNTIME)\n @interface TestThreadPool {}\n\n @Test\n public void configure_always_bindsListeningExecutorService() {\n Injector injector =\n Guice.createInjector(\n new ThreadPoolModule.Builder()\n .setName(\"test\")\n .setCoreSize(1)\n .setMaxSize(1)\n .setAnnotation(TestThreadPool.class)\n .build());\n\n assertThat(injector.getInstance(Key.get(Executor.class, TestThreadPool.class)))\n .isInstanceOf(ListeningExecutorService.class);\n assertThat(injector.getInstance(Key.get(ExecutorService.class, TestThreadPool.class)))\n .isInstanceOf(ListeningExecutorService.class);\n }\n\n @Test\n public void configure_always_bindsSingleton() {\n Injector injector =\n Guice.createInjector(\n new ThreadPoolModule.Builder()\n .setName(\"test\")\n .setCoreSize(1)\n .setMaxSize(1)\n .setAnnotation(TestThreadPool.class)\n .build());\n\n Executor executor = injector.getInstance(Key.get(Executor.class, TestThreadPool.class));\n ExecutorService executorService =\n injector.getInstance(Key.get(ExecutorService.class, TestThreadPool.class));\n ListeningExecutorService listeningExecutorService =\n injector.getInstance(Key.get(ListeningExecutorService.class, TestThreadPool.class));\n\n assertThat(executor).isSameInstanceAs(listeningExecutorService);\n assertThat(executorService).isSameInstanceAs(listeningExecutorService);\n }\n\n @Test\n public void build_whenNegativeQueueCapacity_throwsIllegalArgumentException() {\n assertThrows(\n IllegalArgumentException.class,\n () ->\n new ThreadPoolModule.Builder()\n .setName(\"test\")\n .setMaxSize(1)\n .setQueueCapacity(-1)\n .build());\n }\n\n @Test\n public void build_whenBothQueueCapacityAndBlockingQueueSet_throwsIllegalStateException() {\n assertThrows(\n IllegalStateException.class,\n () ->\n new ThreadPoolModule.Builder()\n .setMaxSize(1)\n .setQueueCapacity(1)\n .setBlockingQueue(new PriorityBlockingQueue<>(1))\n .build());\n }\n\n @Test\n public void build_whenUnBoundedQueue_throwsIllegalStateException() {\n assertThrows(\n IllegalStateException.class,\n () ->\n new ThreadPoolModule.Builder()\n .setName(\"test\")\n .setCoreSize(1)\n .setMaxSize(2)\n .setAnnotation(TestThreadPool.class)\n .build());\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/config/ConfigModuleTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.config;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static org.junit.Assert.assertThrows;\n\nimport com.google.common.collect.ImmutableMap;\nimport com.google.inject.Guice;\nimport com.google.inject.Injector;\nimport com.google.tsunami.common.config.annotations.ConfigProperties;\nimport io.github.classgraph.ClassGraph;\nimport io.github.classgraph.ScanResult;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link ConfigModule}. */\n@RunWith(JUnit4.class)\npublic final class ConfigModuleTest {\n\n @Test\n public void configure_always_bindsGivenTsunamiConfigObject() {\n TsunamiConfig tsunamiConfig = TsunamiConfig.fromYamlData(ImmutableMap.of());\n try (ScanResult scanResult =\n new ClassGraph()\n .enableAllInfo()\n .whitelistClasses(TestConfigWithoutPrefix.class.getTypeName())\n .scan()) {\n Injector injector = Guice.createInjector(new ConfigModule(scanResult, tsunamiConfig));\n\n TsunamiConfig boundTsunamiConfig = injector.getInstance(TsunamiConfig.class);\n\n assertThat(boundTsunamiConfig).isSameInstanceAs(tsunamiConfig);\n }\n }\n\n @Test\n public void configure_whenValidConfigData_bindsSuccessfully() {\n TsunamiConfig tsunamiConfig =\n TsunamiConfig.fromYamlData(ImmutableMap.of(\"string_config\", \"testString\"));\n try (ScanResult scanResult =\n new ClassGraph()\n .enableAllInfo()\n .whitelistClasses(TestConfigWithoutPrefix.class.getTypeName())\n .scan()) {\n Injector injector = Guice.createInjector(new ConfigModule(scanResult, tsunamiConfig));\n\n TestConfigWithoutPrefix testConfig = injector.getInstance(TestConfigWithoutPrefix.class);\n\n assertThat(testConfig.stringConfig).isEqualTo(\"testString\");\n }\n }\n\n @Test\n public void configure_whenMissingMatchedConfigData_bindsObjectWithDefaultValue() {\n TsunamiConfig tsunamiConfig = TsunamiConfig.fromYamlData(ImmutableMap.of());\n try (ScanResult scanResult =\n new ClassGraph()\n .enableAllInfo()\n .whitelistClasses(TestConfigWithoutPrefix.class.getTypeName())\n .scan()) {\n Injector injector = Guice.createInjector(new ConfigModule(scanResult, tsunamiConfig));\n\n TestConfigWithoutPrefix testConfig = injector.getInstance(TestConfigWithoutPrefix.class);\n\n assertThat(testConfig.stringConfig).isNull();\n }\n }\n\n @Test\n public void configure_whenValidConfigDataWithPrefix_bindsSuccessfully() {\n TsunamiConfig tsunamiConfig =\n TsunamiConfig.fromYamlData(\n ImmutableMap.of(\n \"test\", ImmutableMap.of(\"prefix\", ImmutableMap.of(\"string_config\", \"testString\"))));\n try (ScanResult scanResult =\n new ClassGraph()\n .enableAllInfo()\n .whitelistClasses(TestConfigWithPrefix.class.getTypeName())\n .scan()) {\n Injector injector = Guice.createInjector(new ConfigModule(scanResult, tsunamiConfig));\n\n TestConfigWithPrefix testConfig = injector.getInstance(TestConfigWithPrefix.class);\n\n assertThat(testConfig.stringConfig).isEqualTo(\"testString\");\n }\n }\n\n @Test\n public void configure_whenInvalidConfigClass_throwsException() {\n TsunamiConfig tsunamiConfig =\n TsunamiConfig.fromYamlData(ImmutableMap.of(\"string_config\", \"testString\"));\n try (ScanResult scanResult =\n new ClassGraph()\n .enableAllInfo()\n .whitelistClasses(InvalidConfig.class.getTypeName())\n .scan()) {\n assertThrows(\n AssertionError.class,\n () -> Guice.createInjector(new ConfigModule(scanResult, tsunamiConfig)));\n }\n }\n\n @ConfigProperties(\"\")\n private static final class TestConfigWithoutPrefix {\n String stringConfig;\n }\n\n @ConfigProperties(\"test.prefix\")\n private static final class TestConfigWithPrefix {\n String stringConfig;\n }\n\n @ConfigProperties(\"\")\n private static final class InvalidConfig {\n String stringConfig;\n\n InvalidConfig(String stringConfig) {\n this.stringConfig = stringConfig;\n }\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/config/TsunamiConfigTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.config;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static org.junit.Assert.assertThrows;\n\nimport com.google.common.collect.ImmutableList;\nimport com.google.common.collect.ImmutableMap;\nimport java.util.List;\nimport java.util.Map;\nimport org.junit.After;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link TsunamiConfig}. */\n@RunWith(JUnit4.class)\npublic final class TsunamiConfigTest {\n private static final String TEST_PROPERTY = \"test.property\";\n\n @After\n public void tearDown() {\n System.clearProperty(TEST_PROPERTY);\n }\n\n @Test\n public void fromYamlData_always_createTsunamiConfigFromMapData() {\n TsunamiConfig tsunamiConfig = TsunamiConfig.fromYamlData(ImmutableMap.of(\"test\", \"value\"));\n\n assertThat(tsunamiConfig.getRawConfigData()).containsEntry(\"test\", \"value\");\n }\n\n @Test\n public void fromYamlData_whenNullYamlData_createEmptyConfigData() {\n TsunamiConfig tsunamiConfig = TsunamiConfig.fromYamlData(null);\n\n assertThat(tsunamiConfig.getRawConfigData()).isEmpty();\n }\n\n @Test\n public void getSystemProperty_whenPropertyExists_returnsPropertyValue() {\n System.setProperty(TEST_PROPERTY, \"Test value\");\n\n assertThat(TsunamiConfig.getSystemProperty(TEST_PROPERTY)).hasValue(\"Test value\");\n }\n\n @Test\n public void getSystemProperty_whenPropertyNotExists_returnsEmptyOptional() {\n assertThat(TsunamiConfig.getSystemProperty(TEST_PROPERTY)).isEmpty();\n }\n\n @Test\n public void getSystemProperty_whenPropertyNotExistsWithDefaultValue_returnsDefaultValue() {\n assertThat(TsunamiConfig.getSystemProperty(TEST_PROPERTY, \"Default\")).isEqualTo(\"Default\");\n }\n\n @Test\n public void getConfig_whenValidConfigData_returnsBoundConfigObject() {\n TsunamiConfig tsunamiConfig =\n TsunamiConfig.fromYamlData(ImmutableMap.of(\"string\", \"string_value\", \"number\", 1234));\n\n SimpleConfig config = tsunamiConfig.getConfig(\"\", SimpleConfig.class);\n\n assertThat(config.string).isEqualTo(\"string_value\");\n assertThat(config.number).isEqualTo(1234);\n }\n\n @Test\n public void getConfig_whenValidConfigDataAndPrefix_returnsBoundConfigObject() {\n TsunamiConfig tsunamiConfig =\n TsunamiConfig.fromYamlData(\n ImmutableMap.of(\n \"test\",\n ImmutableMap.of(\n \"prefix\", ImmutableMap.of(\"string\", \"string_value\", \"number\", 1234))));\n\n SimpleConfig config = tsunamiConfig.getConfig(\"test.prefix\", SimpleConfig.class);\n\n assertThat(config.string).isEqualTo(\"string_value\");\n assertThat(config.number).isEqualTo(1234);\n }\n\n @Test\n public void getConfig_whenRequestedConfigNotExists_returnsObjectWithDefaultValue() {\n TsunamiConfig tsunamiConfig =\n TsunamiConfig.fromYamlData(\n ImmutableMap.of(\n \"test\",\n ImmutableMap.of(\n \"prefix\", ImmutableMap.of(\"string\", \"string_value\", \"number\", 1234))));\n\n SimpleConfig config = tsunamiConfig.getConfig(\"not.exist.prefix\", SimpleConfig.class);\n\n assertThat(config.string).isNull();\n assertThat(config.number).isEqualTo(0);\n }\n\n @Test\n public void getConfig_whenConfigHasComplicateDataStructure_returnsValidObject() {\n ImmutableList stringsField = ImmutableList.of(\"a\", \"b\", \"c\");\n ImmutableMap> complicateField =\n ImmutableMap.of(\"keyA\", ImmutableList.of(1L, 2L), \"keyB\", ImmutableList.of(123L));\n TsunamiConfig tsunamiConfig =\n TsunamiConfig.fromYamlData(\n ImmutableMap.of(\n \"strings\", stringsField, \"complicateField\", complicateField));\n\n CollectionConfig config = tsunamiConfig.getConfig(\"\", CollectionConfig.class);\n\n assertThat(config.strings).isEqualTo(stringsField);\n assertThat(config.complicateField).isEqualTo(complicateField);\n }\n\n @Test\n public void getConfig_whenConfigDataUseLowerUnderscoreCase_returnsValidObject() {\n ImmutableList stringsField = ImmutableList.of(\"a\", \"b\", \"c\");\n ImmutableMap> complicateField =\n ImmutableMap.of(\"keyA\", ImmutableList.of(1L, 2L), \"keyB\", ImmutableList.of(123L));\n TsunamiConfig tsunamiConfig =\n TsunamiConfig.fromYamlData(\n ImmutableMap.of(\n \"strings\", stringsField, \"complicate_field\", complicateField));\n\n CollectionConfig config = tsunamiConfig.getConfig(\"\", CollectionConfig.class);\n\n assertThat(config.strings).isEqualTo(stringsField);\n assertThat(config.complicateField).isEqualTo(complicateField);\n }\n\n @Test\n public void getConfig_whenRequestedConfigHasInvalidType_throwsException() {\n TsunamiConfig tsunamiConfig =\n TsunamiConfig.fromYamlData(\n ImmutableMap.of(\"test\", ImmutableMap.of(\"prefix\", \"invalid_type\")));\n\n assertThrows(\n ConfigException.class, () -> tsunamiConfig.getConfig(\"test.prefix\", SimpleConfig.class));\n }\n\n @Test\n public void getConfig_whenUnassignableConfigValue_throwsException() {\n TsunamiConfig tsunamiConfig =\n TsunamiConfig.fromYamlData(\n ImmutableMap.of(\"string\", \"string_value\", \"number\", \"incompatible_value\"));\n\n assertThrows(\n IllegalArgumentException.class, () -> tsunamiConfig.getConfig(\"\", SimpleConfig.class));\n }\n\n @Test\n public void getConfig_whenInvalidConfigObject_throwsException() {\n TsunamiConfig tsunamiConfig =\n TsunamiConfig.fromYamlData(ImmutableMap.of(\"string\", \"string_value\"));\n\n assertThrows(AssertionError.class, () -> tsunamiConfig.getConfig(\"\", InvalidConfig.class));\n }\n\n private static final class SimpleConfig {\n String string;\n long number;\n }\n\n private static final class CollectionConfig {\n List strings;\n Map> complicateField;\n }\n\n private static final class InvalidConfig {\n String field;\n\n InvalidConfig(String field) {\n this.field = field;\n }\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/config/YamlConfigLoaderTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.config;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static java.nio.charset.StandardCharsets.UTF_8;\n\nimport com.google.common.io.Files;\nimport java.io.File;\nimport java.io.IOException;\nimport org.junit.After;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link YamlConfigLoader}. */\n@RunWith(JUnit4.class)\npublic final class YamlConfigLoaderTest {\n private static final String YAML_DATA = \"test: \\\"data\\\"\\ntest2: 123\";\n\n @After\n public void tearDown() {\n System.clearProperty(\"tsunami.config.location\");\n }\n\n @Test\n public void loadConfig_whenValidYamlFile_loadsConfigFromFile() throws IOException {\n File configFile = File.createTempFile(\"YamlConfigLoaderTest\", \".yaml\");\n Files.asCharSink(configFile, UTF_8).write(YAML_DATA);\n System.setProperty(\"tsunami.config.location\", configFile.getAbsolutePath());\n\n TsunamiConfig tsunamiConfig = new YamlConfigLoader().loadConfig();\n\n assertThat(tsunamiConfig.getRawConfigData()).containsExactly(\"test\", \"data\", \"test2\", 123);\n }\n\n @Test\n public void loadConfig_whenYamlFileNotFound_usesEmptyConfig() {\n TsunamiConfig tsunamiConfig = new YamlConfigLoader().loadConfig();\n\n assertThat(tsunamiConfig.getRawConfigData()).isEmpty();\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/data/NetworkEndpointUtilsTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.data;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static com.google.common.truth.extensions.proto.ProtoTruth.assertThat;\nimport static org.junit.Assert.assertThrows;\n\nimport com.google.common.net.HostAndPort;\nimport com.google.tsunami.proto.AddressFamily;\nimport com.google.tsunami.proto.Hostname;\nimport com.google.tsunami.proto.IpAddress;\nimport com.google.tsunami.proto.NetworkEndpoint;\nimport com.google.tsunami.proto.Port;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link NetworkEndpointUtils}. */\n@RunWith(JUnit4.class)\npublic class NetworkEndpointUtilsTest {\n\n @Test\n public void isIpV6Endpoint_withIpV4Endpoint_returnsFalse() {\n NetworkEndpoint ipV4Endpoint =\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP)\n .setIpAddress(\n IpAddress.newBuilder().setAddress(\"1.2.3.4\").setAddressFamily(AddressFamily.IPV4))\n .build();\n assertThat(NetworkEndpointUtils.isIpV6Endpoint(ipV4Endpoint)).isFalse();\n }\n\n @Test\n public void isIpV6Endpoint_withIpV4AndPortEndpoint_returnsFalse() {\n NetworkEndpoint ipV4AndPortEndpoint =\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP_PORT)\n .setPort(Port.newBuilder().setPortNumber(8888))\n .setIpAddress(\n IpAddress.newBuilder().setAddress(\"1.2.3.4\").setAddressFamily(AddressFamily.IPV4))\n .build();\n assertThat(NetworkEndpointUtils.isIpV6Endpoint(ipV4AndPortEndpoint)).isFalse();\n }\n\n @Test\n public void isIpV6Endpoint_withIpV6Endpoint_returnsFalse() {\n NetworkEndpoint ipV6Endpoint =\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP)\n .setIpAddress(\n IpAddress.newBuilder().setAddress(\"3ffe::1\").setAddressFamily(AddressFamily.IPV6))\n .build();\n assertThat(NetworkEndpointUtils.isIpV6Endpoint(ipV6Endpoint)).isTrue();\n }\n\n @Test\n public void isIpV6Endpoint_withIpV6AndPortEndpoint_returnsFalse() {\n NetworkEndpoint ipV6AndPortEndpoint =\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP_PORT)\n .setPort(Port.newBuilder().setPortNumber(8888))\n .setIpAddress(\n IpAddress.newBuilder().setAddress(\"3ffe::1\").setAddressFamily(AddressFamily.IPV6))\n .build();\n assertThat(NetworkEndpointUtils.isIpV6Endpoint(ipV6AndPortEndpoint)).isTrue();\n }\n\n @Test\n public void isIpV6Endpoint_withHostnameEndpoint_returnsFalse() {\n NetworkEndpoint hostnameEndpoint =\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.HOSTNAME)\n .setHostname(Hostname.newBuilder().setName(\"localhost\"))\n .build();\n assertThat(NetworkEndpointUtils.isIpV6Endpoint(hostnameEndpoint)).isFalse();\n }\n\n @Test\n public void isIpV6Endpoint_withHostnameAndPortEndpoint_returnsFalse() {\n NetworkEndpoint hostnameAndPortEndpoint =\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.HOSTNAME_PORT)\n .setPort(Port.newBuilder().setPortNumber(8888))\n .setHostname(Hostname.newBuilder().setName(\"localhost\"))\n .build();\n assertThat(NetworkEndpointUtils.isIpV6Endpoint(hostnameAndPortEndpoint)).isFalse();\n }\n\n @Test\n public void toUriString_withIpV4Endpoint_returnsIpAddress() {\n NetworkEndpoint ipV4Endpoint =\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP)\n .setIpAddress(\n IpAddress.newBuilder().setAddress(\"1.2.3.4\").setAddressFamily(AddressFamily.IPV4))\n .build();\n assertThat(NetworkEndpointUtils.toUriAuthority(ipV4Endpoint)).isEqualTo(\"1.2.3.4\");\n }\n\n @Test\n public void toUriString_withIpV6Endpoint_returnsIpAddressWithBracket() {\n NetworkEndpoint ipV6Endpoint =\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP)\n .setIpAddress(\n IpAddress.newBuilder().setAddress(\"3ffe::1\").setAddressFamily(AddressFamily.IPV6))\n .build();\n assertThat(NetworkEndpointUtils.toUriAuthority(ipV6Endpoint)).isEqualTo(\"[3ffe::1]\");\n }\n\n @Test\n public void toUriString_withIpV4AndPortEndpoint_returnsIpAddressAndPort() {\n NetworkEndpoint ipV4AndPortEndpoint =\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP_PORT)\n .setPort(Port.newBuilder().setPortNumber(8888))\n .setIpAddress(\n IpAddress.newBuilder().setAddress(\"1.2.3.4\").setAddressFamily(AddressFamily.IPV4))\n .build();\n assertThat(NetworkEndpointUtils.toUriAuthority(ipV4AndPortEndpoint)).isEqualTo(\"1.2.3.4:8888\");\n }\n\n @Test\n public void toUriString_withIpV6AndPortEndpoint_returnsIpAddressWithBracketAndPort() {\n NetworkEndpoint ipV6Endpoint =\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP_PORT)\n .setPort(Port.newBuilder().setPortNumber(8888))\n .setIpAddress(\n IpAddress.newBuilder().setAddress(\"3ffe::1\").setAddressFamily(AddressFamily.IPV6))\n .build();\n assertThat(NetworkEndpointUtils.toUriAuthority(ipV6Endpoint)).isEqualTo(\"[3ffe::1]:8888\");\n }\n\n @Test\n public void toUriString_withHostnameEndpoint_returnsHostname() {\n NetworkEndpoint hostnameEndpoint =\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.HOSTNAME)\n .setHostname(Hostname.newBuilder().setName(\"localhost\"))\n .build();\n assertThat(NetworkEndpointUtils.toUriAuthority(hostnameEndpoint)).isEqualTo(\"localhost\");\n }\n\n @Test\n public void toUriString_withHostnameAndPortEndpoint_returnsHostnameAndPort() {\n NetworkEndpoint hostnameAndPortEndpoint =\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.HOSTNAME_PORT)\n .setPort(Port.newBuilder().setPortNumber(8888))\n .setHostname(Hostname.newBuilder().setName(\"localhost\"))\n .build();\n assertThat(NetworkEndpointUtils.toUriAuthority(hostnameAndPortEndpoint))\n .isEqualTo(\"localhost:8888\");\n }\n\n @Test\n public void toHostAndPort_withIpAddress_returnsHostWithIp() {\n NetworkEndpoint ipV4Endpoint =\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP)\n .setIpAddress(\n IpAddress.newBuilder().setAddress(\"1.2.3.4\").setAddressFamily(AddressFamily.IPV4))\n .build();\n assertThat(NetworkEndpointUtils.toHostAndPort(ipV4Endpoint))\n .isEqualTo(HostAndPort.fromHost(\"1.2.3.4\"));\n }\n\n @Test\n public void toHostAndPort_withIpAddressAndPort_returnsHostWithIpAndPort() {\n NetworkEndpoint ipV4AndPortEndpoint =\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP_PORT)\n .setPort(Port.newBuilder().setPortNumber(8888))\n .setIpAddress(\n IpAddress.newBuilder().setAddress(\"1.2.3.4\").setAddressFamily(AddressFamily.IPV4))\n .build();\n assertThat(NetworkEndpointUtils.toHostAndPort(ipV4AndPortEndpoint))\n .isEqualTo(HostAndPort.fromParts(\"1.2.3.4\", 8888));\n }\n\n @Test\n public void toHostAndPort_withHostname_returnsHostWithHostname() {\n NetworkEndpoint hostnameEndpoint =\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.HOSTNAME)\n .setHostname(Hostname.newBuilder().setName(\"localhost\"))\n .build();\n assertThat(NetworkEndpointUtils.toHostAndPort(hostnameEndpoint))\n .isEqualTo(HostAndPort.fromHost(\"localhost\"));\n }\n\n @Test\n public void toHostAndPort_withHostnameAndPort_returnsHostWithHostnameAndPort() {\n NetworkEndpoint hostnameAndPortEndpoint =\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.HOSTNAME_PORT)\n .setPort(Port.newBuilder().setPortNumber(8888))\n .setHostname(Hostname.newBuilder().setName(\"localhost\"))\n .build();\n assertThat(NetworkEndpointUtils.toHostAndPort(hostnameAndPortEndpoint))\n .isEqualTo(HostAndPort.fromParts(\"localhost\", 8888));\n }\n\n @Test\n public void forIp_withIpV4Address_returnsIpV4NetworkEndpoint() {\n assertThat(NetworkEndpointUtils.forIp(\"1.2.3.4\"))\n .isEqualTo(\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP)\n .setIpAddress(\n IpAddress.newBuilder()\n .setAddressFamily(AddressFamily.IPV4)\n .setAddress(\"1.2.3.4\"))\n .build());\n }\n\n @Test\n public void forIp_withIpV6Address_returnsIpV6NetworkEndpoint() {\n assertThat(NetworkEndpointUtils.forIp(\"3ffe::1\"))\n .isEqualTo(\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP)\n .setIpAddress(\n IpAddress.newBuilder()\n .setAddressFamily(AddressFamily.IPV6)\n .setAddress(\"3ffe::1\"))\n .build());\n }\n\n @Test\n public void forIpAndPort_withIpV4AddressAndPort_returnsIpV4AndPortNetworkEndpoint() {\n assertThat(NetworkEndpointUtils.forIpAndPort(\"1.2.3.4\", 8888))\n .isEqualTo(\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP_PORT)\n .setPort(Port.newBuilder().setPortNumber(8888))\n .setIpAddress(\n IpAddress.newBuilder()\n .setAddressFamily(AddressFamily.IPV4)\n .setAddress(\"1.2.3.4\"))\n .build());\n }\n\n @Test\n public void forIpAndPort_withIpV6AddressAndPort_returnsIpV6AndPortNetworkEndpoint() {\n assertThat(NetworkEndpointUtils.forIpAndPort(\"3ffe::1\", 8888))\n .isEqualTo(\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP_PORT)\n .setPort(Port.newBuilder().setPortNumber(8888))\n .setIpAddress(\n IpAddress.newBuilder()\n .setAddressFamily(AddressFamily.IPV6)\n .setAddress(\"3ffe::1\"))\n .build());\n }\n\n @Test\n public void forHostname_withHostname_returnsHostnameNetworkEndpoint() {\n assertThat(NetworkEndpointUtils.forHostname(\"localhost\"))\n .isEqualTo(\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.HOSTNAME)\n .setHostname(Hostname.newBuilder().setName(\"localhost\"))\n .build());\n }\n\n @Test\n public void forHostnameAndPort_withHostnameAndPort_returnsHostnameAndPortNetworkEndpoint() {\n assertThat(NetworkEndpointUtils.forHostnameAndPort(\"localhost\", 8888))\n .isEqualTo(\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.HOSTNAME_PORT)\n .setPort(Port.newBuilder().setPortNumber(8888))\n .setHostname(Hostname.newBuilder().setName(\"localhost\"))\n .build());\n }\n\n @Test\n public void forIpAndHostname_returnsIpAndHostnameNetworkEndpoint() {\n assertThat(NetworkEndpointUtils.forIpAndHostname(\"1.2.3.4\", \"host.com\"))\n .isEqualTo(\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP_HOSTNAME)\n .setIpAddress(\n IpAddress.newBuilder()\n .setAddressFamily(AddressFamily.IPV4)\n .setAddress(\"1.2.3.4\"))\n .setHostname(Hostname.newBuilder().setName(\"host.com\"))\n .build());\n }\n\n @Test\n public void forIpHostnameAndPort_returnsIpHostnameAndPortNetworkEndpoint() {\n assertThat(NetworkEndpointUtils.forIpHostnameAndPort(\"1.2.3.4\", \"host.com\", 8888))\n .isEqualTo(\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP_HOSTNAME_PORT)\n .setIpAddress(\n IpAddress.newBuilder()\n .setAddressFamily(AddressFamily.IPV4)\n .setAddress(\"1.2.3.4\"))\n .setHostname(Hostname.newBuilder().setName(\"host.com\"))\n .setPort(Port.newBuilder().setPortNumber(8888))\n .build());\n }\n\n @Test\n public void forNetworkEndpointAndPort_withIpEndpointAndPort_returnsIpAndPort() {\n NetworkEndpoint ipEndpoint = NetworkEndpointUtils.forIp(\"1.2.3.4\");\n\n assertThat(NetworkEndpointUtils.forNetworkEndpointAndPort(ipEndpoint, 8888))\n .isEqualTo(\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP_PORT)\n .setPort(Port.newBuilder().setPortNumber(8888))\n .setIpAddress(\n IpAddress.newBuilder()\n .setAddressFamily(AddressFamily.IPV4)\n .setAddress(\"1.2.3.4\"))\n .build());\n }\n\n @Test\n public void forNetworkEndpointAndPort_withHostnameEndpointAndPort_returnsHostnameAndPort() {\n NetworkEndpoint hostnameEndpoint = NetworkEndpointUtils.forHostname(\"localhost\");\n\n assertThat(NetworkEndpointUtils.forNetworkEndpointAndPort(hostnameEndpoint, 8888))\n .isEqualTo(\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.HOSTNAME_PORT)\n .setPort(Port.newBuilder().setPortNumber(8888))\n .setHostname(Hostname.newBuilder().setName(\"localhost\"))\n .build());\n }\n\n @Test\n public void forIp_withInvalidIp_throwsIllegalArgumentException() {\n assertThrows(IllegalArgumentException.class, () -> NetworkEndpointUtils.forIp(\"abc\"));\n }\n\n @Test\n public void forIpAndPort_withInvalidIp_throwsIllegalArgumentException() {\n assertThrows(\n IllegalArgumentException.class, () -> NetworkEndpointUtils.forIpAndPort(\"abc\", 8888));\n }\n\n @Test\n public void forIpAndPort_withInvalidPort_throwsIllegalArgumentException() {\n assertThrows(\n IllegalArgumentException.class, () -> NetworkEndpointUtils.forIpAndPort(\"abc\", -1));\n assertThrows(\n IllegalArgumentException.class, () -> NetworkEndpointUtils.forIpAndPort(\"abc\", 65536));\n }\n\n @Test\n public void forHostname_withIpAddress_throwsIllegalArgumentException() {\n assertThrows(IllegalArgumentException.class, () -> NetworkEndpointUtils.forHostname(\"1.2.3.4\"));\n assertThrows(IllegalArgumentException.class, () -> NetworkEndpointUtils.forHostname(\"3ffe::1\"));\n }\n\n @Test\n public void forHostnameAndPort_withIpAddress_throwsIllegalArgumentException() {\n assertThrows(\n IllegalArgumentException.class,\n () -> NetworkEndpointUtils.forHostnameAndPort(\"1.2.3.4\", 8888));\n assertThrows(\n IllegalArgumentException.class,\n () -> NetworkEndpointUtils.forHostnameAndPort(\"3ffe::1\", 8888));\n }\n\n @Test\n public void forHostnameAndPort_withInvalidPort_throwsIllegalArgumentException() {\n assertThrows(\n IllegalArgumentException.class, () -> NetworkEndpointUtils.forHostnameAndPort(\"abc\", -1));\n assertThrows(\n IllegalArgumentException.class,\n () -> NetworkEndpointUtils.forHostnameAndPort(\"abc\", 65536));\n }\n\n @Test\n public void forNetworkEndpointAndPort_withInvalidEndpointType_throwsIllegalArgumentException() {\n assertThrows(\n IllegalArgumentException.class,\n () ->\n NetworkEndpointUtils.forNetworkEndpointAndPort(\n NetworkEndpointUtils.forIpAndPort(\"1.2.3.4\", 80), 8888));\n assertThrows(\n IllegalArgumentException.class,\n () ->\n NetworkEndpointUtils.forNetworkEndpointAndPort(\n NetworkEndpointUtils.forHostnameAndPort(\"localhost\", 80), 8888));\n }\n\n @Test\n public void forNetworkEndpointAndPort_withInvalidPort_throwsIllegalArgumentException() {\n assertThrows(\n IllegalArgumentException.class,\n () ->\n NetworkEndpointUtils.forNetworkEndpointAndPort(\n NetworkEndpointUtils.forIp(\"1.2.3.4\"), -1));\n assertThrows(\n IllegalArgumentException.class,\n () ->\n NetworkEndpointUtils.forNetworkEndpointAndPort(\n NetworkEndpointUtils.forHostname(\"localhost\"), 65536));\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/data/NetworkServiceUtilsTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.data;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static com.google.common.truth.extensions.proto.ProtoTruth.assertThat;\nimport static com.google.tsunami.common.data.NetworkEndpointUtils.forIpAndPort;\n\nimport com.google.tsunami.proto.AddressFamily;\nimport com.google.tsunami.proto.Hostname;\nimport com.google.tsunami.proto.IpAddress;\nimport com.google.tsunami.proto.NetworkEndpoint;\nimport com.google.tsunami.proto.NetworkService;\nimport com.google.tsunami.proto.Port;\nimport com.google.tsunami.proto.ServiceContext;\nimport com.google.tsunami.proto.Software;\nimport com.google.tsunami.proto.TransportProtocol;\nimport com.google.tsunami.proto.WebServiceContext;\nimport java.io.IOException;\nimport java.net.Inet4Address;\nimport java.net.InetAddress;\nimport java.net.URL;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link NetworkServiceUtils}. */\n@RunWith(JUnit4.class)\npublic final class NetworkServiceUtilsTest {\n\n @Test\n public void isWebService_whenHttpService_returnsTrue() {\n assertThat(\n NetworkServiceUtils.isWebService(\n NetworkService.newBuilder().setServiceName(\"http\").build()))\n .isTrue();\n }\n\n @Test\n public void isWebService_whenHttpAltService_returnsTrue() {\n assertThat(\n NetworkServiceUtils.isWebService(\n NetworkService.newBuilder().setServiceName(\"http-alt\").build()))\n .isTrue();\n }\n\n @Test\n public void isWebService_whenHttpProxyService_returnsTrue() {\n assertThat(\n NetworkServiceUtils.isWebService(\n NetworkService.newBuilder().setServiceName(\"http-proxy\").build()))\n .isTrue();\n }\n\n @Test\n public void isWebService_whenHttpsService_returnsTrue() {\n assertThat(\n NetworkServiceUtils.isWebService(\n NetworkService.newBuilder().setServiceName(\"https\").build()))\n .isTrue();\n }\n\n @Test\n public void isWebService_whenRadanHttpService_returnsTrue() {\n assertThat(\n NetworkServiceUtils.isWebService(\n NetworkService.newBuilder().setServiceName(\"radan-http\").build()))\n .isTrue();\n }\n\n @Test\n public void isWebService_whenSslHttpService_returnsTrue() {\n assertThat(\n NetworkServiceUtils.isWebService(\n NetworkService.newBuilder().setServiceName(\"ssl/http\").build()))\n .isTrue();\n }\n\n @Test\n public void isWebService_whenSslHttpsService_returnsTrue() {\n assertThat(\n NetworkServiceUtils.isWebService(\n NetworkService.newBuilder().setServiceName(\"ssl/https\").build()))\n .isTrue();\n }\n\n @Test\n public void isWebService_whenCapitalizedHttpService_ignoresCaseAndReturnsTrue() {\n assertThat(\n NetworkServiceUtils.isWebService(\n NetworkService.newBuilder().setServiceName(\"HTTP\").build()))\n .isTrue();\n }\n\n @Test\n public void isWebService_whenHasAtLeastOneHttpMethod_returnsTrue() {\n assertThat(\n NetworkServiceUtils.isWebService(\n NetworkService.newBuilder()\n .setServiceName(\"irrelevantService\")\n .addSupportedHttpMethods(\"IrrelevantMethodName\")\n .build()))\n .isTrue();\n }\n\n @Test\n public void isWebService_whenNonWebService_returnsFalse() {\n assertThat(\n NetworkServiceUtils.isWebService(\n NetworkService.newBuilder().setServiceName(\"ssh\").build()))\n .isFalse();\n }\n\n @Test\n public void isPlainHttp_whenPlainHttpService_returnsTrue() {\n assertThat(\n NetworkServiceUtils.isPlainHttp(\n NetworkService.newBuilder().setServiceName(\"http\").build()))\n .isTrue();\n }\n\n @Test\n public void isPlainHttp_whenHttpAltService_returnsTrue() {\n assertThat(\n NetworkServiceUtils.isPlainHttp(\n NetworkService.newBuilder().setServiceName(\"http-alt\").build()))\n .isTrue();\n }\n\n @Test\n public void isPlainHttp_whenHttpsService_returnsFalse() {\n assertThat(\n NetworkServiceUtils.isPlainHttp(\n NetworkService.newBuilder().setServiceName(\"https\").build()))\n .isFalse();\n }\n\n @Test\n public void isPlainHttp_whenRadanHttpService_returnsTrue() {\n assertThat(\n NetworkServiceUtils.isPlainHttp(\n NetworkService.newBuilder().setServiceName(\"radan-http\").build()))\n .isTrue();\n }\n\n @Test\n public void isPlainHttp_whenNonWebService_returnsFalse() {\n assertThat(\n NetworkServiceUtils.isPlainHttp(\n NetworkService.newBuilder().setServiceName(\"ssh\").build()))\n .isFalse();\n }\n\n @Test\n public void isPlainHttp_whenHttpServiceButHasSslVersions_returnsFalse() {\n assertThat(\n NetworkServiceUtils.isPlainHttp(\n NetworkService.newBuilder()\n .setServiceName(\"http\")\n .addSupportedSslVersions(\"SSLV3\")\n .build()))\n .isFalse();\n }\n\n @Test\n public void isPlainHttp_whenNonHttpServiceButHasSslVersions_returnsFalse() {\n assertThat(\n NetworkServiceUtils.isPlainHttp(\n NetworkService.newBuilder()\n .setServiceName(\"ssh\")\n .addSupportedSslVersions(\"SSLV3\")\n .build()))\n .isFalse();\n }\n\n @Test\n public void isPlainHttp_whenHttpServiceFromHttpMethodsWithoutSslVersions_returnsTrue() {\n assertThat(\n NetworkServiceUtils.isPlainHttp(\n NetworkService.newBuilder()\n .setServiceName(\"ssh\")\n .addSupportedHttpMethods(\"GET\")\n .build()))\n .isTrue();\n }\n\n @Test\n public void isPlainHttp_whenHttpServiceWithSslVersions_returnsFalse() {\n assertThat(\n NetworkServiceUtils.isPlainHttp(\n NetworkService.newBuilder()\n .setServiceName(\"http\")\n .addSupportedSslVersions(\"SSLV3\")\n .build()))\n .isFalse();\n }\n\n @Test\n public void getServiceName_whenNonWebService_returnsServiceName() {\n assertThat(\n NetworkServiceUtils.getServiceName(\n NetworkService.newBuilder()\n .setNetworkEndpoint(forIpAndPort(\"127.0.0.1\", 22))\n .setServiceName(\"ssh\")\n .build()))\n .isEqualTo(\"ssh\");\n }\n\n @Test\n public void getServiceName_whenWebServiceNoSoftware_returnsServiceName() {\n assertThat(\n NetworkServiceUtils.getServiceName(\n NetworkService.newBuilder()\n .setNetworkEndpoint(forIpAndPort(\"127.0.0.1\", 22))\n .setServiceName(\"http\")\n .build()))\n .isEqualTo(\"http\");\n }\n\n @Test\n public void getServiceName_whenWebServiceWithSoftware_returnsServiceName() {\n assertThat(\n NetworkServiceUtils.getServiceName(\n NetworkService.newBuilder()\n .setNetworkEndpoint(forIpAndPort(\"127.0.0.1\", 22))\n .setServiceName(\"http\")\n .setSoftware(Software.newBuilder().setName(\"WordPress\"))\n .build()))\n .isEqualTo(\"wordpress\");\n }\n\n @Test\n public void getWebServiceName_whenWebServiceWithSoftware_returnsWebServiceName() {\n assertThat(\n NetworkServiceUtils.getWebServiceName(\n NetworkService.newBuilder()\n .setNetworkEndpoint(forIpAndPort(\"127.0.0.1\", 8080))\n .setServiceName(\"http\")\n .setServiceContext(\n ServiceContext.newBuilder()\n .setWebServiceContext(\n WebServiceContext.newBuilder()\n .setSoftware(Software.newBuilder().setName(\"jenkins\"))))\n .build()))\n .isEqualTo(\"jenkins\");\n }\n\n @Test\n public void getServiceName_whenWebServiceNoContext_returnsServiceName() {\n assertThat(\n NetworkServiceUtils.getWebServiceName(\n NetworkService.newBuilder()\n .setNetworkEndpoint(forIpAndPort(\"127.0.0.1\", 8080))\n .setServiceName(\"http\")\n .setSoftware(Software.newBuilder().setName(\"nothttp\"))\n .build()))\n .isEqualTo(\"http\");\n }\n\n @Test\n public void buildWebApplicationRootUrl_whenHttpWithoutRoot_buildsExpectedUrl() {\n assertThat(\n NetworkServiceUtils.buildWebApplicationRootUrl(\n NetworkService.newBuilder()\n .setNetworkEndpoint(forIpAndPort(\"127.0.0.1\", 8080))\n .setServiceName(\"http\")\n .build()))\n .isEqualTo(\"http://127.0.0.1:8080/\");\n }\n\n @Test\n public void buildWebApplicationRootUrl_whenHttpsWithoutRoot_buildsExpectedUrl() {\n assertThat(\n NetworkServiceUtils.buildWebApplicationRootUrl(\n NetworkService.newBuilder()\n .setNetworkEndpoint(forIpAndPort(\"127.0.0.1\", 8443))\n .setServiceName(\"ssl/https\")\n .setServiceContext(\n ServiceContext.newBuilder()\n .setWebServiceContext(\n WebServiceContext.newBuilder().setApplicationRoot(\"test_root\")))\n .build()))\n .isEqualTo(\"https://127.0.0.1:8443/test_root/\");\n }\n\n @Test\n public void buildWebApplicationRootUrl_whenHttpWithRootPath_buildsUrlWithExpectedRoot() {\n assertThat(\n NetworkServiceUtils.buildWebApplicationRootUrl(\n NetworkService.newBuilder()\n .setNetworkEndpoint(forIpAndPort(\"127.0.0.1\", 8080))\n .setServiceName(\"http\")\n .setServiceContext(\n ServiceContext.newBuilder()\n .setWebServiceContext(\n WebServiceContext.newBuilder().setApplicationRoot(\"/test_root\")))\n .build()))\n .isEqualTo(\"http://127.0.0.1:8080/test_root/\");\n }\n\n @Test\n public void buildWebApplicationRootUrl_whenRootPathNoLeadingSlash_appendsLeadingSlash() {\n assertThat(\n NetworkServiceUtils.buildWebApplicationRootUrl(\n NetworkService.newBuilder()\n .setNetworkEndpoint(forIpAndPort(\"127.0.0.1\", 8080))\n .setServiceName(\"http\")\n .setServiceContext(\n ServiceContext.newBuilder()\n .setWebServiceContext(\n WebServiceContext.newBuilder().setApplicationRoot(\"test_root\")))\n .build()))\n .isEqualTo(\"http://127.0.0.1:8080/test_root/\");\n }\n\n @Test\n public void buildWebApplicationRootUrl_whenHttpServiceOnPort80_removesTrailingPortFromUrl() {\n assertThat(\n NetworkServiceUtils.buildWebApplicationRootUrl(\n NetworkService.newBuilder()\n .setNetworkEndpoint(forIpAndPort(\"127.0.0.1\", 80))\n .setServiceName(\"http\")\n .setServiceContext(\n ServiceContext.newBuilder()\n .setWebServiceContext(\n WebServiceContext.newBuilder().setApplicationRoot(\"test_root\")))\n .build()))\n .isEqualTo(\"http://127.0.0.1/test_root/\");\n }\n\n @Test\n public void buildWebApplicationRootUrl_whenHttpsServiceOnPort443_removesTrailingPortFromUrl() {\n assertThat(\n NetworkServiceUtils.buildWebApplicationRootUrl(\n NetworkService.newBuilder()\n .setNetworkEndpoint(forIpAndPort(\"127.0.0.1\", 443))\n .setServiceName(\"ssl/https\")\n .setServiceContext(\n ServiceContext.newBuilder()\n .setWebServiceContext(\n WebServiceContext.newBuilder().setApplicationRoot(\"test_root\")))\n .build()))\n .isEqualTo(\"https://127.0.0.1/test_root/\");\n }\n\n @Test\n public void buildWebApplicationRootUrl_whenNotWebService_returnsHttpUrl() {\n assertThat(\n NetworkServiceUtils.buildWebApplicationRootUrl(\n NetworkService.newBuilder()\n .setNetworkEndpoint(forIpAndPort(\"127.0.0.1\", 2121))\n .setServiceName(\"unknown\")\n .build()))\n .isEqualTo(\"http://127.0.0.1:2121/\");\n }\n\n @Test\n public void buildUriNetworkService_returnsNetworkService() throws IOException {\n\n URL url = new URL(\"https://localhost/function1\");\n String hostname = url.getHost();\n String ipaddress = InetAddress.getByName(hostname).getHostAddress();\n InetAddress inetAddress = InetAddress.getByName(url.getHost());\n AddressFamily addressFamily =\n inetAddress instanceof Inet4Address ? AddressFamily.IPV4 : AddressFamily.IPV6;\n\n NetworkEndpoint networkEndpoint =\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP_HOSTNAME_PORT)\n .setIpAddress(\n IpAddress.newBuilder().setAddressFamily(addressFamily).setAddress(ipaddress))\n .setPort(Port.newBuilder().setPortNumber(443))\n .setHostname(Hostname.newBuilder().setName(\"localhost\"))\n .build();\n\n NetworkService networkService =\n NetworkService.newBuilder()\n .setNetworkEndpoint(networkEndpoint)\n .setTransportProtocol(TransportProtocol.TCP)\n .setServiceName(\"https\")\n .setServiceContext(\n ServiceContext.newBuilder()\n .setWebServiceContext(\n WebServiceContext.newBuilder().setApplicationRoot(\"/function1\")))\n .build();\n\n assertThat(NetworkServiceUtils.buildUriNetworkService(\"https://localhost/function1\"))\n .isEqualTo(networkService);\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/io/archiving/ArchiverTestUtils.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.io.archiving;\n\n/** Utilities for all {@link Archiver} unit tests. */\nfinal class ArchiverTestUtils {\n private ArchiverTestUtils() {}\n\n /** Returns a byte array of length size that has values 0 .. size - 1. */\n static byte[] newPreFilledByteArray(int size) {\n return newPreFilledByteArray(0, size);\n }\n\n /** Returns a byte array of length size that has values offset .. offset + size - 1. */\n static byte[] newPreFilledByteArray(int offset, int size) {\n byte[] array = new byte[size];\n for (int i = 0; i < size; i++) {\n array[i] = (byte) (offset + i);\n }\n return array;\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/io/archiving/GoogleCloudStorageArchiverTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.io.archiving;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static com.google.tsunami.common.io.archiving.ArchiverTestUtils.newPreFilledByteArray;\nimport static java.nio.charset.StandardCharsets.UTF_8;\nimport static org.junit.Assert.assertThrows;\nimport static org.mockito.ArgumentMatchers.any;\nimport static org.mockito.ArgumentMatchers.eq;\nimport static org.mockito.Mockito.doReturn;\nimport static org.mockito.Mockito.doThrow;\nimport static org.mockito.Mockito.times;\nimport static org.mockito.Mockito.verify;\n\nimport com.google.cloud.WriteChannel;\nimport com.google.cloud.storage.BlobInfo;\nimport com.google.cloud.storage.Storage;\nimport com.google.inject.AbstractModule;\nimport com.google.inject.Guice;\nimport java.io.IOException;\nimport java.nio.ByteBuffer;\nimport javax.inject.Inject;\nimport org.junit.Before;\nimport org.junit.Rule;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\nimport org.mockito.ArgumentCaptor;\nimport org.mockito.Captor;\nimport org.mockito.Mock;\nimport org.mockito.junit.MockitoJUnit;\nimport org.mockito.junit.MockitoRule;\n\n/** Tests for {@link GoogleCloudStorageArchiver}. */\n@RunWith(JUnit4.class)\npublic final class GoogleCloudStorageArchiverTest {\n private static final String BUCKET_ID = \"test_bucket\";\n private static final String OBJECT_ID = \"test/object\";\n\n @Rule public MockitoRule mockitoRule = MockitoJUnit.rule();\n\n @Mock Storage mockStorage;\n @Mock WriteChannel mockWriter;\n\n @Captor ArgumentCaptor blobInfoCaptor;\n @Captor ArgumentCaptor byteDataCaptor;\n @Captor ArgumentCaptor byteBufferCaptor;\n\n @Inject private GoogleCloudStorageArchiver.Options options;\n @Inject private GoogleCloudStorageArchiver.Factory archiverFactory;\n\n @Before\n public void setUp() {\n Guice.createInjector(\n new AbstractModule() {\n @Override\n protected void configure() {\n bind(GoogleCloudStorageArchiver.Options.class)\n .toInstance(new GoogleCloudStorageArchiver.Options());\n install(new GoogleCloudStorageArchiverModule());\n }\n })\n .injectMembers(this);\n }\n\n @Test\n public void archive_withSmallSizeString_createsBlobInOneRequest() {\n GoogleCloudStorageArchiver archiver = archiverFactory.create(mockStorage);\n String dataToArchive = \"TEST DATA\";\n\n boolean succeeded = archiver.archive(buildGcsUrl(BUCKET_ID, OBJECT_ID), dataToArchive);\n\n assertThat(succeeded).isTrue();\n verify(mockStorage, times(1)).create(blobInfoCaptor.capture(), byteDataCaptor.capture());\n assertThat(blobInfoCaptor.getValue())\n .isEqualTo(BlobInfo.newBuilder(BUCKET_ID, OBJECT_ID).build());\n assertThat(byteDataCaptor.getValue()).isEqualTo(dataToArchive.getBytes(UTF_8));\n }\n\n @Test\n public void archive_withSmallSizeBlob_createsBlobInOneRequest() {\n GoogleCloudStorageArchiver archiver = archiverFactory.create(mockStorage);\n byte[] dataToArchive = newPreFilledByteArray(10);\n\n boolean succeeded = archiver.archive(buildGcsUrl(BUCKET_ID, OBJECT_ID), dataToArchive);\n\n assertThat(succeeded).isTrue();\n verify(mockStorage, times(1)).create(blobInfoCaptor.capture(), byteDataCaptor.capture());\n assertThat(blobInfoCaptor.getValue())\n .isEqualTo(BlobInfo.newBuilder(BUCKET_ID, OBJECT_ID).build());\n assertThat(byteDataCaptor.getValue()).isEqualTo(dataToArchive);\n }\n\n @Test\n public void archive_withLargeSizeString_createsBlobWithWriter() throws IOException {\n options.chunkSizeInBytes = 8;\n options.chunkUploadThresholdInBytes = 16;\n doReturn(mockWriter)\n .when(mockStorage)\n .writer(eq(BlobInfo.newBuilder(BUCKET_ID, OBJECT_ID).build()));\n GoogleCloudStorageArchiver archiver = archiverFactory.create(mockStorage);\n String dataToArchive = \"THIS IS A LONG DATA\";\n int numOfChunks = (int) Math.ceil((double) dataToArchive.length() / options.chunkSizeInBytes);\n\n boolean succeeded = archiver.archive(buildGcsUrl(BUCKET_ID, OBJECT_ID), dataToArchive);\n\n assertThat(succeeded).isTrue();\n verify(mockWriter, times(numOfChunks)).write(byteBufferCaptor.capture());\n assertThat(byteBufferCaptor.getAllValues())\n .containsExactly(\n ByteBuffer.wrap(dataToArchive.getBytes(UTF_8), 0, 8),\n ByteBuffer.wrap(dataToArchive.getBytes(UTF_8), 8, 8),\n ByteBuffer.wrap(dataToArchive.getBytes(UTF_8), 16, 3));\n }\n\n @Test\n public void archive_withLargeSizeBlob_createsBlobWithWriter() throws IOException {\n options.chunkSizeInBytes = 8;\n options.chunkUploadThresholdInBytes = 16;\n doReturn(mockWriter)\n .when(mockStorage)\n .writer(eq(BlobInfo.newBuilder(BUCKET_ID, OBJECT_ID).build()));\n GoogleCloudStorageArchiver archiver = archiverFactory.create(mockStorage);\n byte[] dataToArchive = newPreFilledByteArray(20);\n int numOfChunks = (int) Math.ceil((double) dataToArchive.length / options.chunkSizeInBytes);\n\n boolean succeeded = archiver.archive(buildGcsUrl(BUCKET_ID, OBJECT_ID), dataToArchive);\n\n assertThat(succeeded).isTrue();\n verify(mockWriter, times(numOfChunks)).write(byteBufferCaptor.capture());\n assertThat(byteBufferCaptor.getAllValues())\n .containsExactly(\n ByteBuffer.wrap(dataToArchive, 0, 8),\n ByteBuffer.wrap(dataToArchive, 8, 8),\n ByteBuffer.wrap(dataToArchive, 16, 4));\n }\n\n @Test\n public void archive_withLargeSizeBlobAndWriteError_returnsFalse() throws IOException {\n options.chunkSizeInBytes = 8;\n options.chunkUploadThresholdInBytes = 16;\n doReturn(mockWriter)\n .when(mockStorage)\n .writer(eq(BlobInfo.newBuilder(BUCKET_ID, OBJECT_ID).build()));\n doThrow(IOException.class).when(mockWriter).write(any());\n GoogleCloudStorageArchiver archiver = archiverFactory.create(mockStorage);\n byte[] dataToArchive = newPreFilledByteArray(20);\n\n assertThat(archiver.archive(buildGcsUrl(BUCKET_ID, OBJECT_ID), dataToArchive)).isFalse();\n }\n\n @Test\n public void archive_withInvalidGcsUrl_throwsIllegalArgumentException() {\n GoogleCloudStorageArchiver archiver = archiverFactory.create(mockStorage);\n\n assertThrows(IllegalArgumentException.class, () -> archiver.archive(\"invalid_url\", \"\"));\n }\n\n private static final String buildGcsUrl(String bucketId, String objectId) {\n return String.format(\"gs://%s/%s\", bucketId, objectId);\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/io/archiving/RawFileArchiverTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.io.archiving;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static com.google.tsunami.common.io.archiving.ArchiverTestUtils.newPreFilledByteArray;\nimport static java.nio.charset.StandardCharsets.UTF_8;\n\nimport com.google.common.io.Files;\nimport java.io.File;\nimport java.io.IOException;\nimport org.junit.Rule;\nimport org.junit.Test;\nimport org.junit.rules.TemporaryFolder;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link RawFileArchiver}. */\n@RunWith(JUnit4.class)\npublic final class RawFileArchiverTest {\n @Rule public final TemporaryFolder temporaryFolder = new TemporaryFolder();\n\n @Test\n public void archive_whenValidTargetFileAndByteArrayData_archivesGivenDataWithGivenName()\n throws IOException {\n File tempFile = temporaryFolder.newFile();\n byte[] data = newPreFilledByteArray(200);\n\n RawFileArchiver rawFileArchiver = new RawFileArchiver();\n\n assertThat(rawFileArchiver.archive(tempFile.getAbsolutePath(), data)).isTrue();\n assertThat(Files.toByteArray(tempFile)).isEqualTo(data);\n }\n\n @Test\n public void archive_whenInvalidTargetFileAndByteArrayData_returnsFalse() throws IOException {\n File tempFile = temporaryFolder.newFile();\n byte[] data = newPreFilledByteArray(200);\n\n RawFileArchiver rawFileArchiver = new RawFileArchiver();\n\n assertThat(rawFileArchiver.archive(tempFile.getParent(), data)).isFalse();\n assertThat(tempFile.length()).isEqualTo(0);\n }\n\n @Test\n public void archive_whenValidTargetFileAndCharSequenceData_archivesGivenDataWithGivenName()\n throws IOException {\n File tempFile = temporaryFolder.newFile();\n String data = \"file data\";\n\n RawFileArchiver rawFileArchiver = new RawFileArchiver();\n\n assertThat(rawFileArchiver.archive(tempFile.getAbsolutePath(), data)).isTrue();\n assertThat(Files.asCharSource(tempFile, UTF_8).read()).isEqualTo(data);\n }\n\n @Test\n public void archive_whenInvalidTargetFileAndCharSequenceData_returnsFalse() throws IOException {\n File tempFile = temporaryFolder.newFile();\n String data = \"file data\";\n\n RawFileArchiver rawFileArchiver = new RawFileArchiver();\n\n assertThat(rawFileArchiver.archive(tempFile.getParent(), data)).isFalse();\n assertThat(tempFile.length()).isEqualTo(0);\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/net/FuzzingUtilsTest.java",
"content": "/*\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net;\n\nimport static com.google.common.truth.Truth.assertThat;\n\nimport com.google.common.collect.ImmutableList;\nimport com.google.tsunami.common.net.http.HttpRequest;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n@RunWith(JUnit4.class)\npublic final class FuzzingUtilsTest {\n private static final HttpRequest REQUEST_WITHOUT_GET_PARAMETERS =\n HttpRequest.get(\"https://google.com\").withEmptyHeaders().build();\n private static final HttpRequest REQUEST_WITH_GET_PARAMETERS =\n HttpRequest.get(\"https://google.com?key=value&other=test\").withEmptyHeaders().build();\n\n @Test\n public void fuzzGetParametersWithDefaultParameter_whenNoGetParameters_addsDefaultParameter() {\n HttpRequest requestWithDefaultParameter =\n HttpRequest.get(\"https://google.com?default=\").withEmptyHeaders().build();\n\n assertThat(\n FuzzingUtils.fuzzGetParametersWithDefaultParameter(\n REQUEST_WITHOUT_GET_PARAMETERS, \"\", \"default\"))\n .contains(requestWithDefaultParameter);\n }\n\n @Test\n public void fuzzGetParametersWithDefaultParameter_whenGetParameters_doesNotAddDefaultParameter() {\n HttpRequest requestWithDefaultParameter =\n HttpRequest.get(\"https://google.com?default=\").withEmptyHeaders().build();\n\n assertThat(\n FuzzingUtils.fuzzGetParametersWithDefaultParameter(\n REQUEST_WITH_GET_PARAMETERS, \"\", \"default\"))\n .doesNotContain(requestWithDefaultParameter);\n }\n\n @Test\n public void fuzzGetParametersWithDefaultParameter_whenGetParameters_fuzzesAllParameters() {\n ImmutableList requestsWithFuzzedGetParameters =\n ImmutableList.of(\n HttpRequest.get(\"https://google.com?key=&other=test\")\n .withEmptyHeaders()\n .build(),\n HttpRequest.get(\"https://google.com?key=value&other=\")\n .withEmptyHeaders()\n .build());\n\n assertThat(\n FuzzingUtils.fuzzGetParametersWithDefaultParameter(\n REQUEST_WITH_GET_PARAMETERS, \"\", \"default\"))\n .containsAtLeastElementsIn(requestsWithFuzzedGetParameters);\n }\n\n @Test\n public void\n fuzzGetParametersExpectingPathValues_whenGetParameterValueHasFileExtension_appendsFileExtensionToPayload() {\n HttpRequest requestWithFileExtension =\n HttpRequest.get(\"https://google.com?key=value.jpg\").withEmptyHeaders().build();\n HttpRequest requestWithFuzzedGetParameterWithFileExtension =\n HttpRequest.get(\"https://google.com?key=%00.jpg\").withEmptyHeaders().build();\n\n assertThat(\n FuzzingUtils.fuzzGetParametersExpectingPathValues(\n requestWithFileExtension, \"\"))\n .contains(requestWithFuzzedGetParameterWithFileExtension);\n }\n\n @Test\n public void\n fuzzGetParametersExpectingPathValues_whenGetParameterValueHasPathPrefix_prefixesPayload() {\n HttpRequest requestWithPathPrefix =\n HttpRequest.get(\"https://google.com?key=resources/value\").withEmptyHeaders().build();\n HttpRequest requestWithFuzzedGetParameterWithPathPrefix =\n HttpRequest.get(\"https://google.com?key=resources/\").withEmptyHeaders().build();\n\n assertThat(\n FuzzingUtils.fuzzGetParametersExpectingPathValues(requestWithPathPrefix, \"\"))\n .contains(requestWithFuzzedGetParameterWithPathPrefix);\n }\n\n @Test\n public void\n fuzzGetParametersExpectingPathValues_whenGetParameterValueHasPathPrefixAndFileExtension_prefixesPayloadAndAppendsFileExtension() {\n HttpRequest requestWithPathPrefixAndFileExtension =\n HttpRequest.get(\"https://google.com?key=resources/value.jpg\").withEmptyHeaders().build();\n HttpRequest requestWithFuzzedGetParameterWithPathPrefixAndFileExtension =\n HttpRequest.get(\"https://google.com?key=resources/%00.jpg\")\n .withEmptyHeaders()\n .build();\n\n assertThat(\n FuzzingUtils.fuzzGetParametersExpectingPathValues(\n requestWithPathPrefixAndFileExtension, \"\"))\n .contains(requestWithFuzzedGetParameterWithPathPrefixAndFileExtension);\n }\n\n @Test\n public void\n fuzzGetParametersExpectingPathValues_whenGetParameterValueHasPathPrefixOrFileExtension_prefixesPayloadOrAppendsFileExtension() {\n HttpRequest requestWithPathPrefixOrFileExtension =\n HttpRequest.get(\"https://google.com?key=resources./value\").withEmptyHeaders().build();\n HttpRequest requestWithFuzzedGetParameterWithPathPrefixAndFileExtension =\n HttpRequest.get(\"https://google.com?key=resources./%00./value\")\n .withEmptyHeaders()\n .build();\n\n assertThat(\n FuzzingUtils.fuzzGetParametersExpectingPathValues(\n requestWithPathPrefixOrFileExtension, \"\"))\n .doesNotContain(requestWithFuzzedGetParameterWithPathPrefixAndFileExtension);\n }\n\n @Test\n public void fuzzGetParameters_whenNoGetParameters_returnsEmptyList() {\n assertThat(FuzzingUtils.fuzzGetParameters(REQUEST_WITHOUT_GET_PARAMETERS, \"\"))\n .isEmpty();\n }\n\n @Test\n public void fuzzGetParameters_whenGetParameters_fuzzesAllParameters() {\n ImmutableList requestsWithFuzzedGetParameters =\n ImmutableList.of(\n HttpRequest.get(\"https://google.com?key=&other=test\")\n .withEmptyHeaders()\n .build(),\n HttpRequest.get(\"https://google.com?key=value&other=\")\n .withEmptyHeaders()\n .build());\n\n assertThat(FuzzingUtils.fuzzGetParameters(REQUEST_WITH_GET_PARAMETERS, \"\"))\n .containsAtLeastElementsIn(requestsWithFuzzedGetParameters);\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/net/UrlUtilsTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static com.google.tsunami.common.net.UrlUtils.allSubPaths;\nimport static com.google.tsunami.common.net.UrlUtils.removeLeadingSlashes;\nimport static com.google.tsunami.common.net.UrlUtils.removeTrailingSlashes;\nimport static com.google.tsunami.common.net.UrlUtils.urlEncode;\n\nimport okhttp3.HttpUrl;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link UrlUtils}. */\n@RunWith(JUnit4.class)\npublic final class UrlUtilsTest {\n\n @Test\n public void allSubPaths_whenInvalidUrl_returnsEmptyList() {\n assertThat(allSubPaths(\"invalid_url\")).isEmpty();\n }\n\n @Test\n public void allSubPaths_whenNoSubPathNoTrailingSlash_returnsSingleUrl() {\n assertThat(allSubPaths(\"http://localhost\")).containsExactly(HttpUrl.parse(\"http://localhost/\"));\n }\n\n @Test\n public void allSubPaths_whenNoSubPathWithTrailingSlash_returnsSingleUrl() {\n assertThat(allSubPaths(\"http://localhost/\"))\n .containsExactly(HttpUrl.parse(\"http://localhost/\"));\n }\n\n @Test\n public void allSubPaths_whenValidQueryParamsAndFragments_removesParamsAndFragments() {\n assertThat(allSubPaths(\"http://localhost/?param=value¶m2=value2#abc\"))\n .containsExactly(HttpUrl.parse(\"http://localhost/\"));\n }\n\n @Test\n public void allSubPaths_whenSingleSubPathsNoTrailingSlash_returnsExpectedUrl() {\n assertThat(allSubPaths(\"http://localhost/a\"))\n .containsExactly(HttpUrl.parse(\"http://localhost/\"), HttpUrl.parse(\"http://localhost/a/\"));\n }\n\n @Test\n public void allSubPaths_whenSingleSubPathsWithTrailingSlash_returnsExpectedUrl() {\n assertThat(allSubPaths(\"http://localhost/a/\"))\n .containsExactly(HttpUrl.parse(\"http://localhost/\"), HttpUrl.parse(\"http://localhost/a/\"));\n }\n\n @Test\n public void allSubPaths_whenMultipleSubPathsNoTrailingSlash_returnsExpectedUrl() {\n assertThat(allSubPaths(\"http://localhost/a/b/c\"))\n .containsExactly(\n HttpUrl.parse(\"http://localhost/\"),\n HttpUrl.parse(\"http://localhost/a/\"),\n HttpUrl.parse(\"http://localhost/a/b/\"),\n HttpUrl.parse(\"http://localhost/a/b/c/\"));\n }\n\n @Test\n public void allSubPaths_whenMultipleSubPathsWithTrailingSlash_returnsExpectedUrl() {\n assertThat(allSubPaths(\"http://localhost/a/b/c/\"))\n .containsExactly(\n HttpUrl.parse(\"http://localhost/\"),\n HttpUrl.parse(\"http://localhost/a/\"),\n HttpUrl.parse(\"http://localhost/a/b/\"),\n HttpUrl.parse(\"http://localhost/a/b/c/\"));\n }\n\n @Test\n public void allSubPaths_whenMultipleSubPathsWithParamsAndFragments_returnsExpectedUrl() {\n assertThat(allSubPaths(\"http://localhost/a/b/c/?param=value¶m2=value2#abc\"))\n .containsExactly(\n HttpUrl.parse(\"http://localhost/\"),\n HttpUrl.parse(\"http://localhost/a/\"),\n HttpUrl.parse(\"http://localhost/a/b/\"),\n HttpUrl.parse(\"http://localhost/a/b/c/\"));\n }\n\n @Test\n public void removeLeadingSlashes_whenNoLeadingSlashes_returnsOriginal() {\n assertThat(removeLeadingSlashes(\"a/b/c/\")).isEqualTo(\"a/b/c/\");\n }\n\n @Test\n public void removeLeadingSlashes_whenSingleLeadingSlash_removesLeadingSlashes() {\n assertThat(removeLeadingSlashes(\"/a/b/c/\")).isEqualTo(\"a/b/c/\");\n }\n\n @Test\n public void removeLeadingSlashes_whenMultipleLeadingSlashes_removesLeadingSlashes() {\n assertThat(removeLeadingSlashes(\"/////a/b/c/\")).isEqualTo(\"a/b/c/\");\n }\n\n @Test\n public void removeTrailingSlashes_whenNoTrailingSlashes_returnsOriginal() {\n assertThat(removeTrailingSlashes(\"/a/b/c\")).isEqualTo(\"/a/b/c\");\n }\n\n @Test\n public void removeTrailingSlashes_whenSingleTrailingSlash_removesTrailingSlashes() {\n assertThat(removeTrailingSlashes(\"/a/b/c/\")).isEqualTo(\"/a/b/c\");\n }\n\n @Test\n public void removeTrailingSlashes_whenMultipleTrailingSlashes_removesTrailingSlashes() {\n assertThat(removeTrailingSlashes(\"/a/b/c/////\")).isEqualTo(\"/a/b/c\");\n }\n\n @Test\n public void urlEncode_whenEmptyString_returnsOriginal() {\n assertThat(urlEncode(\"\")).hasValue(\"\");\n }\n\n @Test\n public void urlEncode_whenNothingToEncode_returnsOriginal() {\n assertThat(urlEncode(\"abcdefghijklmnopqrstuvwxyz\")).hasValue(\"abcdefghijklmnopqrstuvwxyz\");\n assertThat(urlEncode(\"ABCDEFGHIJKLMNOPQRSTUVWXYZ\")).hasValue(\"ABCDEFGHIJKLMNOPQRSTUVWXYZ\");\n assertThat(urlEncode(\"0123456789\")).hasValue(\"0123456789\");\n assertThat(urlEncode(\"-_.*\")).hasValue(\"-_.*\");\n }\n\n @Test\n public void urlEncode_whenNotEncoded_returnsEncoded() {\n assertThat(urlEncode(\" \")).hasValue(\"+\");\n assertThat(urlEncode(\"()[]{}<>\")).hasValue(\"%28%29%5B%5D%7B%7D%3C%3E\");\n assertThat(urlEncode(\"?!@#$%^&=+,;:'\\\"`/\\\\|~\"))\n .hasValue(\"%3F%21%40%23%24%25%5E%26%3D%2B%2C%3B%3A%27%22%60%2F%5C%7C%7E\");\n }\n\n @Test\n public void urlEncode_whenAlreadyEncoded_encodesAgain() {\n assertThat(urlEncode(\"%2F\")).hasValue(\"%252F\");\n assertThat(urlEncode(\"%252F\")).hasValue(\"%25252F\");\n }\n\n @Test\n public void urlEncode_whenComplexEncoding_encodesCorrectly() {\n assertThat(urlEncode(\"£\")).hasValue(\"%C2%A3\");\n assertThat(urlEncode(\"つ\")).hasValue(\"%E3%81%A4\");\n assertThat(urlEncode(\"äëïöüÿ\")).hasValue(\"%C3%A4%C3%AB%C3%AF%C3%B6%C3%BC%C3%BF\");\n assertThat(urlEncode(\"ÄËÏÖÜŸ\")).hasValue(\"%C3%84%C3%8B%C3%8F%C3%96%C3%9C%C5%B8\");\n }\n\n @Test\n public void urlEncode_whenUnicode_encodesOriginal() {\n // EURO sign\n assertThat(urlEncode(\"\\u20AC\")).hasValue(\"%E2%82%AC\");\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/net/http/HttpClientModuleTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.http;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static com.google.tsunami.common.net.http.HttpRequest.get;\nimport static org.junit.Assert.assertThrows;\nimport static org.junit.Assert.assertTrue;\n\nimport com.google.inject.AbstractModule;\nimport com.google.inject.Guice;\nimport com.google.inject.Injector;\nimport com.google.inject.Key;\nimport com.google.tsunami.common.net.http.HttpClientModule.ConnectTimeout;\nimport com.google.tsunami.common.net.http.HttpClientModule.FollowRedirects;\nimport com.google.tsunami.common.net.http.HttpClientModule.MaxRequests;\nimport java.io.IOException;\nimport java.security.GeneralSecurityException;\nimport java.security.KeyStore;\nimport java.time.Duration;\nimport javax.net.ssl.KeyManagerFactory;\nimport javax.net.ssl.SSLContext;\nimport javax.net.ssl.SSLHandshakeException;\nimport javax.net.ssl.SSLSocketFactory;\nimport okhttp3.mockwebserver.MockResponse;\nimport okhttp3.mockwebserver.MockWebServer;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link HttpClientModule}. */\n@RunWith(JUnit4.class)\npublic final class HttpClientModuleTest {\n private static final String TESTING_KEYSTORE = \"testdata/tsunami_test_server.p12\";\n private static final char[] TESTING_KEYSTORE_PASSWORD = \"tsunamitest\".toCharArray();\n\n private final HttpClientCliOptions cliOptions = new HttpClientCliOptions();\n private final HttpClientConfigProperties configProperties = new HttpClientConfigProperties();\n\n @Test\n public void provideHttpClient_always_createsSingleton() {\n Injector injector =\n Guice.createInjector(new HttpClientModule.Builder().setMaxRequests(10).build());\n\n HttpClient httpClient = injector.getInstance(HttpClient.class);\n HttpClient httpClient2 = injector.getInstance(HttpClient.class);\n\n assertThat(httpClient).isSameInstanceAs(httpClient2);\n }\n\n @Test\n public void setConnectionPoolMaxIdle_whenNonPositiveMaxIdle_throwsIllegalArgumentException() {\n HttpClientModule.Builder builder = new HttpClientModule.Builder();\n\n assertThrows(IllegalArgumentException.class, () -> builder.setConnectionPoolMaxIdle(-1));\n assertThrows(IllegalArgumentException.class, () -> builder.setConnectionPoolMaxIdle(0));\n }\n\n @Test\n public void\n setConnectionPoolKeepAliveDuration_whenNegativeDuration_throwsIllegalArgumentException() {\n HttpClientModule.Builder builder = new HttpClientModule.Builder();\n\n assertThrows(\n IllegalArgumentException.class,\n () -> builder.setConnectionPoolKeepAliveDuration(Duration.ofMillis(-1)));\n }\n\n @Test\n public void setMaxRequests_whenPositiveRequests_setsValueToDispatcher() {\n Injector injector =\n Guice.createInjector(new HttpClientModule.Builder().setMaxRequests(10).build());\n\n assertThat(injector.getInstance(Key.get(int.class, MaxRequests.class))).isEqualTo(10);\n }\n\n @Test\n public void setMaxRequests_whenNonPositiveRequests_throwsIllegalArgumentException() {\n HttpClientModule.Builder builder = new HttpClientModule.Builder();\n\n assertThrows(IllegalArgumentException.class, () -> builder.setMaxRequests(-1));\n assertThrows(IllegalArgumentException.class, () -> builder.setMaxRequests(0));\n }\n\n @Test\n public void setFollowRedirects_always_setsValueToClient() {\n Injector injector =\n Guice.createInjector(new HttpClientModule.Builder().setFollowRedirects(true).build());\n\n assertTrue(injector.getInstance(Key.get(Boolean.class, FollowRedirects.class)));\n }\n\n @Test\n public void setTrustAllCertificates_whenFalseAndCertIsInvalid_throws()\n throws GeneralSecurityException, IOException {\n cliOptions.trustAllCertificates = false;\n configProperties.trustAllCertificates = false;\n HttpClient httpClient =\n Guice.createInjector(getTestingGuiceModuleWithConfigs()).getInstance(HttpClient.class);\n MockWebServer mockWebServer = startMockWebServerWithSsl();\n\n // The certificate used in test is a self-signed one. HttpClient will reject it unless the\n // certificate is explicitly trusted.\n assertThrows(\n SSLHandshakeException.class,\n () -> httpClient.send(get(mockWebServer.url(\"/\")).withEmptyHeaders().build()));\n\n // Note: b/314642696 - After this point, the socket in mockWebServer was closed when the\n // exception was raised. So working with the mockWebServer would be\n // hazardous.\n }\n\n @Test\n public void setTrustAllCertificates_whenBothCliAndConfigValuesAreSet_cliValueTakesPrecedence()\n throws GeneralSecurityException, IOException {\n cliOptions.trustAllCertificates = false;\n configProperties.trustAllCertificates = true;\n HttpClient httpClient =\n Guice.createInjector(getTestingGuiceModuleWithConfigs()).getInstance(HttpClient.class);\n MockWebServer mockWebServer = startMockWebServerWithSsl();\n\n // The certificate used in test is a self-signed one. HttpClient will reject it unless the\n // certificate is explicitly trusted.\n assertThrows(\n SSLHandshakeException.class,\n () -> httpClient.send(get(mockWebServer.url(\"/\")).withEmptyHeaders().build()));\n\n // Note: b/314642696 - After this point, the socket in mockWebServer was closed when the\n // exception was raised. So working with the mockWebServer would be\n // hazardous.\n }\n\n @Test\n public void setTrustAllCertificates_whenCliOptionEnabledAndCertIsInvalid_ignoresCertError()\n throws GeneralSecurityException, IOException {\n cliOptions.trustAllCertificates = true;\n HttpClient httpClient =\n Guice.createInjector(getTestingGuiceModuleWithConfigs()).getInstance(HttpClient.class);\n MockWebServer mockWebServer = startMockWebServerWithSsl();\n\n HttpResponse response = httpClient.send(get(mockWebServer.url(\"/\")).withEmptyHeaders().build());\n assertThat(response.bodyString()).hasValue(\"body\");\n\n mockWebServer.shutdown();\n }\n\n @Test\n public void\n setTrustAllCertificates_whenConfigPropropertyEnabledAndCertIsInvalid_ignoresCertError()\n throws GeneralSecurityException, IOException {\n configProperties.trustAllCertificates = true;\n HttpClient httpClient =\n Guice.createInjector(getTestingGuiceModuleWithConfigs()).getInstance(HttpClient.class);\n MockWebServer mockWebServer = startMockWebServerWithSsl();\n\n HttpResponse response = httpClient.send(get(mockWebServer.url(\"/\")).withEmptyHeaders().build());\n assertThat(response.bodyString()).hasValue(\"body\");\n\n mockWebServer.shutdown();\n }\n\n @Test\n public void setConnectTimeoutSeconds_whenSpecifiedUsingCliOptions_setsValueFromCli() {\n cliOptions.connectTimeoutSeconds = 50;\n Injector injector = Guice.createInjector(getTestingGuiceModuleWithConfigs());\n\n assertThat(injector.getInstance(Key.get(Duration.class, ConnectTimeout.class)))\n .isEqualTo(Duration.ofSeconds(50));\n }\n\n @Test\n public void setConnectTimeoutSeconds_whenSpecifiedUsingConfigProperties_setsValueFromConfig() {\n configProperties.connectTimeoutSeconds = 50;\n\n Injector injector = Guice.createInjector(getTestingGuiceModuleWithConfigs());\n\n assertThat(injector.getInstance(Key.get(Duration.class, ConnectTimeout.class)))\n .isEqualTo(Duration.ofSeconds(50));\n }\n\n @Test\n public void setConnectTimeoutSeconds_whenBothCliAndConfigAreSet_cliTakesPrecedence() {\n cliOptions.connectTimeoutSeconds = 50;\n configProperties.connectTimeoutSeconds = 30;\n\n Injector injector = Guice.createInjector(getTestingGuiceModuleWithConfigs());\n\n assertThat(injector.getInstance(Key.get(Duration.class, ConnectTimeout.class)))\n .isEqualTo(Duration.ofSeconds(50));\n }\n\n @Test\n public void setConnectTimeoutSeconds_whenBothCliAndConfigAreNotSet_setsDefaultValue() {\n Injector injector = Guice.createInjector(getTestingGuiceModuleWithConfigs());\n\n assertThat(injector.getInstance(Key.get(Duration.class, ConnectTimeout.class)))\n .isEqualTo(Duration.ofSeconds(10));\n }\n\n private AbstractModule getTestingGuiceModuleWithConfigs() {\n return new AbstractModule() {\n @Override\n protected void configure() {\n install(new HttpClientModule.Builder().build());\n bind(HttpClientCliOptions.class).toInstance(cliOptions);\n bind(HttpClientConfigProperties.class).toInstance(configProperties);\n }\n };\n }\n\n private MockWebServer startMockWebServerWithSsl() throws GeneralSecurityException, IOException {\n MockWebServer mockWebServer = new MockWebServer();\n mockWebServer.useHttps(getTestingSslSocketFactory(), false);\n mockWebServer.enqueue(new MockResponse().setResponseCode(HttpStatus.OK.code()).setBody(\"body\"));\n mockWebServer.start();\n return mockWebServer;\n }\n\n private SSLSocketFactory getTestingSslSocketFactory()\n throws GeneralSecurityException, IOException {\n final KeyManagerFactory keyManagerFactory =\n KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());\n KeyStore keyStore = KeyStore.getInstance(\"PKCS12\");\n keyStore.load(getClass().getResourceAsStream(TESTING_KEYSTORE), TESTING_KEYSTORE_PASSWORD);\n keyManagerFactory.init(keyStore, TESTING_KEYSTORE_PASSWORD);\n SSLContext sslContext = SSLContext.getInstance(\"TLS\");\n sslContext.init(keyManagerFactory.getKeyManagers(), null, null);\n return sslContext.getSocketFactory();\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/net/http/HttpHeadersTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.http;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static org.junit.Assert.assertThrows;\n\nimport com.google.common.collect.ImmutableListMultimap;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link HttpHeaders}. */\n@RunWith(JUnit4.class)\npublic class HttpHeadersTest {\n\n @Test\n public void builderAddHeader_always_putsInHeadersMap() {\n HttpHeaders httpHeaders = HttpHeaders.builder().addHeader(\"test_header\", \"test_value\").build();\n assertThat(httpHeaders.rawHeaders())\n .containsExactlyEntriesIn(ImmutableListMultimap.of(\"test_header\", \"test_value\"));\n }\n\n @Test\n public void builderAddHeader_withKnownHeader_canonicalizesHeaderName() {\n HttpHeaders httpHeaders =\n HttpHeaders.builder()\n .addHeader(com.google.common.net.HttpHeaders.ACCEPT.toUpperCase(), \"test_value\")\n .build();\n assertThat(httpHeaders.rawHeaders())\n .containsExactlyEntriesIn(\n ImmutableListMultimap.of(com.google.common.net.HttpHeaders.ACCEPT, \"test_value\"));\n }\n\n @Test\n public void builderAddHeader_whenEnableCanonicalization_canonicalizesHeaderName() {\n HttpHeaders httpHeaders =\n HttpHeaders.builder()\n .addHeader(\"TEST_Header\", \"test_value\", true)\n .build();\n assertThat(httpHeaders.rawHeaders())\n .containsExactlyEntriesIn(\n ImmutableListMultimap.of(\"test_header\", \"test_value\"));\n }\n\n @Test\n public void builderAddHeader_whenDisableCanonicalization_addsHeaderNameAsIs() {\n HttpHeaders httpHeaders =\n HttpHeaders.builder()\n .addHeader(\"TEST_Header\", \"test_value\", false)\n .build();\n assertThat(httpHeaders.rawHeaders())\n .containsExactlyEntriesIn(\n ImmutableListMultimap.of(\"TEST_Header\", \"test_value\"));\n }\n\n @Test\n public void builderAddHeader_withNullName_throwsNullPointerException() {\n assertThrows(\n NullPointerException.class, () -> HttpHeaders.builder().addHeader(null, \"test_value\"));\n }\n\n @Test\n public void builderAddHeader_withNullValue_throwsNullPointerException() {\n assertThrows(\n NullPointerException.class, () -> HttpHeaders.builder().addHeader(\"test_header\", null));\n }\n\n @Test\n public void builderAddHeader_withIllegalHeaderName_throwsIllegalArgumentException() {\n assertThrows(\n IllegalArgumentException.class, () -> HttpHeaders.builder().addHeader(\":::\", \"test_value\"));\n }\n\n @Test\n public void builderAddHeader_withIllegalHeaderValue_throwsIllegalArgumentException() {\n assertThrows(\n IllegalArgumentException.class,\n () -> HttpHeaders.builder().addHeader(\"test_header\", String.valueOf((char) 11)));\n }\n\n @Test\n public void names_always_returnsAllHeaderNames() {\n HttpHeaders httpHeaders =\n HttpHeaders.builder()\n .addHeader(com.google.common.net.HttpHeaders.ACCEPT, \"*/*\")\n .addHeader(com.google.common.net.HttpHeaders.CONTENT_TYPE, \"text/html; charset=UTF-8\")\n .addHeader(com.google.common.net.HttpHeaders.ACCEPT, \"text/html\")\n .build();\n\n assertThat(httpHeaders.names())\n .containsExactly(\n com.google.common.net.HttpHeaders.ACCEPT,\n com.google.common.net.HttpHeaders.CONTENT_TYPE);\n }\n\n @Test\n public void get_whenRequestedHeaderExists_returnsRequestedHeader() {\n HttpHeaders httpHeaders =\n HttpHeaders.builder()\n .addHeader(com.google.common.net.HttpHeaders.ACCEPT, \"*/*\")\n .addHeader(com.google.common.net.HttpHeaders.CONTENT_TYPE, \"text/html; charset=UTF-8\")\n .build();\n\n assertThat(httpHeaders.get(com.google.common.net.HttpHeaders.ACCEPT)).hasValue(\"*/*\");\n }\n\n @Test\n public void get_whenMultipleValuesExist_returnsFirstValue() {\n HttpHeaders httpHeaders =\n HttpHeaders.builder()\n .addHeader(com.google.common.net.HttpHeaders.ACCEPT, \"*/*\")\n .addHeader(com.google.common.net.HttpHeaders.CONTENT_TYPE, \"text/html; charset=UTF-8\")\n .addHeader(com.google.common.net.HttpHeaders.ACCEPT, \"text/html\")\n .build();\n\n assertThat(httpHeaders.get(com.google.common.net.HttpHeaders.ACCEPT)).hasValue(\"*/*\");\n }\n\n @Test\n public void get_whenRequestedHeaderDoesNotExist_returnsEmpty() {\n HttpHeaders httpHeaders =\n HttpHeaders.builder()\n .addHeader(com.google.common.net.HttpHeaders.ACCEPT, \"*/*\")\n .addHeader(com.google.common.net.HttpHeaders.CONTENT_TYPE, \"text/html; charset=UTF-8\")\n .addHeader(com.google.common.net.HttpHeaders.ACCEPT, \"text/html\")\n .build();\n\n assertThat(httpHeaders.get(com.google.common.net.HttpHeaders.COOKIE)).isEmpty();\n }\n\n @Test\n public void get_withNullHeaderName_throwsNullPointerException() {\n HttpHeaders httpHeaders =\n HttpHeaders.builder()\n .addHeader(com.google.common.net.HttpHeaders.ACCEPT, \"*/*\")\n .addHeader(com.google.common.net.HttpHeaders.CONTENT_TYPE, \"text/html; charset=UTF-8\")\n .addHeader(com.google.common.net.HttpHeaders.ACCEPT, \"text/html\")\n .build();\n\n assertThrows(NullPointerException.class, () -> httpHeaders.get(null));\n }\n\n @Test\n public void getAll_always_returnsAllRequestedValues() {\n HttpHeaders httpHeaders =\n HttpHeaders.builder()\n .addHeader(com.google.common.net.HttpHeaders.ACCEPT, \"*/*\")\n .addHeader(com.google.common.net.HttpHeaders.CONTENT_TYPE, \"text/html; charset=UTF-8\")\n .addHeader(com.google.common.net.HttpHeaders.ACCEPT, \"text/html\")\n .build();\n\n assertThat(httpHeaders.getAll(com.google.common.net.HttpHeaders.ACCEPT))\n .containsExactly(\"*/*\", \"text/html\");\n }\n\n @Test\n public void getAll_withKnownHeaderValue_canonicalizesRequestedHeader() {\n HttpHeaders httpHeaders =\n HttpHeaders.builder()\n .addHeader(com.google.common.net.HttpHeaders.ACCEPT, \"*/*\")\n .addHeader(com.google.common.net.HttpHeaders.CONTENT_TYPE, \"text/html; charset=UTF-8\")\n .addHeader(com.google.common.net.HttpHeaders.ACCEPT, \"text/html\")\n .build();\n\n assertThat(httpHeaders.getAll(com.google.common.net.HttpHeaders.ACCEPT.toUpperCase()))\n .containsExactly(\"*/*\", \"text/html\");\n }\n\n @Test\n public void getAll_whenRequestValueDoesNotExist_returnsEmptyList() {\n HttpHeaders httpHeaders =\n HttpHeaders.builder()\n .addHeader(com.google.common.net.HttpHeaders.ACCEPT, \"*/*\")\n .addHeader(com.google.common.net.HttpHeaders.CONTENT_TYPE, \"text/html; charset=UTF-8\")\n .addHeader(com.google.common.net.HttpHeaders.ACCEPT, \"text/html\")\n .build();\n\n assertThat(httpHeaders.getAll(com.google.common.net.HttpHeaders.COOKIE)).isEmpty();\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/net/http/HttpRequestTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.http;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static org.junit.Assert.assertThrows;\n\nimport com.google.protobuf.ByteString;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link HttpRequest}. */\n@RunWith(JUnit4.class)\npublic class HttpRequestTest {\n\n @Test\n public void get_always_buildsHttpGetRequest() {\n HttpRequest httpRequest = HttpRequest.get(\"http://localhost/url\").withEmptyHeaders().build();\n\n assertThat(httpRequest.method()).isEqualTo(HttpMethod.GET);\n assertThat(httpRequest.url()).isEqualTo(\"http://localhost/url\");\n }\n\n @Test\n public void head_always_buildsHttpHeadRequest() {\n HttpRequest httpRequest = HttpRequest.head(\"http://localhost/url\").withEmptyHeaders().build();\n\n assertThat(httpRequest.method()).isEqualTo(HttpMethod.HEAD);\n assertThat(httpRequest.url()).isEqualTo(\"http://localhost/url\");\n }\n\n @Test\n public void post_always_buildsHttpPostRequest() {\n HttpRequest httpRequest = HttpRequest.post(\"http://localhost/url\").withEmptyHeaders().build();\n\n assertThat(httpRequest.method()).isEqualTo(HttpMethod.POST);\n assertThat(httpRequest.url()).isEqualTo(\"http://localhost/url\");\n }\n\n @Test\n public void delete_always_buildsHttpDeleteRequest() {\n HttpRequest httpRequest = HttpRequest.delete(\"http://localhost/url\").withEmptyHeaders().build();\n\n assertThat(httpRequest.method()).isEqualTo(HttpMethod.DELETE);\n assertThat(httpRequest.url()).isEqualTo(\"http://localhost/url\");\n }\n\n @Test\n public void build_whenGetRequestHasRequestBody_throwsIllegalStateException() {\n assertThrows(\n IllegalStateException.class,\n () ->\n HttpRequest.builder()\n .setMethod(HttpMethod.GET)\n .setUrl(\"http://localhost\")\n .setHeaders(HttpHeaders.builder().build())\n .setRequestBody(ByteString.EMPTY)\n .build());\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/net/http/HttpResponseTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.http;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static org.junit.Assert.assertFalse;\nimport static org.junit.Assert.assertThrows;\nimport static org.junit.Assert.assertTrue;\n\nimport com.google.protobuf.ByteString;\nimport okhttp3.HttpUrl;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link HttpResponse}. */\n@RunWith(JUnit4.class)\npublic final class HttpResponseTest {\n\n private static final HttpUrl TEST_URL = HttpUrl.parse(\"https://example.com/\");\n\n @Test\n public void bodyJson_whenValidResponseBody_returnsParsedJson() {\n HttpResponse httpResponse =\n HttpResponse.builder()\n .setStatus(HttpStatus.OK)\n .setHeaders(HttpHeaders.builder().build())\n .setBodyBytes(ByteString.copyFromUtf8(\"{ \\\"test_value\\\": 1 }\"))\n .setResponseUrl(TEST_URL)\n .build();\n\n assertThat(httpResponse.bodyJson()).isPresent();\n assertThat(httpResponse.bodyJson().get().isJsonObject()).isTrue();\n assertThat(\n httpResponse\n .bodyJson()\n .get()\n .getAsJsonObject()\n .getAsJsonPrimitive(\"test_value\")\n .getAsInt())\n .isEqualTo(1);\n }\n\n @Test\n public void bodyJson_whenEmptyResponseBody_returnsEmptyOptional() {\n HttpResponse httpResponse =\n HttpResponse.builder()\n .setStatus(HttpStatus.OK)\n .setHeaders(HttpHeaders.builder().build())\n .setResponseUrl(TEST_URL)\n .build();\n\n assertThat(httpResponse.bodyJson()).isEmpty();\n }\n\n @Test\n public void bodyJson_whenNonJsonResponseBody_returnsEmptyOptional() {\n HttpResponse httpResponse =\n HttpResponse.builder()\n .setStatus(HttpStatus.OK)\n .setHeaders(HttpHeaders.builder().build())\n .setBodyBytes(ByteString.copyFromUtf8(\"not a json\"))\n .setResponseUrl(TEST_URL)\n .build();\n\n assertThat(httpResponse.bodyJson()).isEmpty();\n }\n\n @Test\n public void bodyJson_whenEmptyBodyResponseBody_throwsJsonSyntaxException() {\n HttpResponse httpResponse =\n HttpResponse.builder()\n .setStatus(HttpStatus.OK)\n .setHeaders(HttpHeaders.builder().build())\n .setBodyBytes(ByteString.copyFromUtf8(\"\"))\n .setResponseUrl(TEST_URL)\n .build();\n\n assertThrows(\n IllegalStateException.class, () -> httpResponse.jsonFieldEqualsToValue(\"field\", \"value\"));\n }\n\n @Test\n public void jsonFieldEqualsToValue_whenEmptyJsonResponseBody_returnsFalse() {\n HttpResponse httpResponse =\n HttpResponse.builder()\n .setStatus(HttpStatus.OK)\n .setHeaders(HttpHeaders.builder().build())\n .setBodyBytes(ByteString.copyFromUtf8(\"{}\"))\n .setResponseUrl(TEST_URL)\n .build();\n\n assertFalse(httpResponse.jsonFieldEqualsToValue(\"field\", \"value\"));\n }\n\n @Test\n public void jsonFieldEqualsToValue_whenNonJsonResponseBody_returnsEmptyOptional() {\n HttpResponse httpResponse =\n HttpResponse.builder()\n .setStatus(HttpStatus.OK)\n .setHeaders(HttpHeaders.builder().build())\n .setBodyBytes(ByteString.copyFromUtf8(\"not a json\"))\n .setResponseUrl(TEST_URL)\n .build();\n\n assertThat(httpResponse.bodyJson()).isEmpty();\n }\n\n @Test\n public void jsonFieldEqualsToValue_whenJsonFieldContainsValue_returnsTrue() {\n HttpResponse httpResponse =\n HttpResponse.builder()\n .setStatus(HttpStatus.OK)\n .setHeaders(HttpHeaders.builder().build())\n .setBodyBytes(ByteString.copyFromUtf8(\"{\\\"field\\\": \\\"value\\\"}\"))\n .setResponseUrl(TEST_URL)\n .build();\n\n assertTrue(httpResponse.jsonFieldEqualsToValue(\"field\", \"value\"));\n }\n\n @Test\n public void bodyJson_whenHttpStatusInvalid_parseSucceeds() {\n HttpResponse httpResponse =\n HttpResponse.builder()\n .setStatus(HttpStatus.HTTP_STATUS_UNSPECIFIED)\n .setHeaders(HttpHeaders.builder().build())\n .setResponseUrl(TEST_URL)\n .build();\n\n assertFalse(httpResponse.status().isSuccess());\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/net/http/OkHttpHttpClientTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.http;\n\nimport static com.google.common.base.Preconditions.checkNotNull;\nimport static com.google.common.base.Strings.nullToEmpty;\nimport static com.google.common.net.HttpHeaders.ACCEPT;\nimport static com.google.common.net.HttpHeaders.CONTENT_LENGTH;\nimport static com.google.common.net.HttpHeaders.CONTENT_TYPE;\nimport static com.google.common.net.HttpHeaders.HOST;\nimport static com.google.common.net.HttpHeaders.LOCATION;\nimport static com.google.common.net.HttpHeaders.USER_AGENT;\nimport static com.google.common.truth.Truth.assertThat;\nimport static com.google.tsunami.common.net.http.HttpRequest.get;\nimport static com.google.tsunami.common.net.http.HttpRequest.head;\nimport static com.google.tsunami.common.net.http.HttpRequest.post;\nimport static java.nio.charset.StandardCharsets.UTF_8;\nimport static org.junit.Assert.assertThrows;\n\nimport com.google.common.net.MediaType;\nimport com.google.common.util.concurrent.ListenableFuture;\nimport com.google.inject.AbstractModule;\nimport com.google.inject.Guice;\nimport com.google.protobuf.ByteString;\nimport com.google.tsunami.common.data.NetworkEndpointUtils;\nimport com.google.tsunami.proto.NetworkService;\nimport java.io.IOException;\nimport java.net.InetAddress;\nimport java.net.URL;\nimport java.security.GeneralSecurityException;\nimport java.security.KeyStore;\nimport java.util.Optional;\nimport java.util.concurrent.ExecutionException;\nimport javax.inject.Inject;\nimport javax.net.ssl.KeyManagerFactory;\nimport javax.net.ssl.SSLContext;\nimport javax.net.ssl.SSLException;\nimport javax.net.ssl.SSLSocketFactory;\nimport okhttp3.HttpUrl;\nimport okhttp3.mockwebserver.Dispatcher;\nimport okhttp3.mockwebserver.MockResponse;\nimport okhttp3.mockwebserver.MockWebServer;\nimport okhttp3.mockwebserver.RecordedRequest;\nimport org.junit.After;\nimport org.junit.Before;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link OkHttpHttpClient}. */\n@RunWith(JUnit4.class)\npublic final class OkHttpHttpClientTest {\n private static final String TESTING_KEYSTORE = \"testdata/tsunami_test_server.p12\";\n private static final char[] TESTING_KEYSTORE_PASSWORD = \"tsunamitest\".toCharArray();\n\n private MockWebServer mockWebServer;\n @Inject private HttpClient httpClient;\n\n @Before\n public void setUp() {\n mockWebServer = new MockWebServer();\n Guice.createInjector(new HttpClientModule.Builder().build()).injectMembers(this);\n }\n\n @After\n public void tearDown() throws IOException {\n mockWebServer.shutdown();\n }\n\n @Test\n public void sendAsIs_always_returnsExpectedHttpResponse()\n throws IOException, InterruptedException {\n mockWebServer.setDispatcher(new SendAsIsTestDispatcher());\n mockWebServer.start();\n String expectedResponseBody = SendAsIsTestDispatcher.buildBody(\"GET\", \"\");\n\n HttpUrl baseUrl = mockWebServer.url(\"/\");\n String requestUrl =\n new URL(\n baseUrl.scheme(),\n baseUrl.host(),\n baseUrl.port(),\n \"/send-as-is/%2e%2e/%2e%2e/etc/passwd\")\n .toString();\n\n HttpResponse response = httpClient.sendAsIs(get(requestUrl).withEmptyHeaders().build());\n\n assertThat(mockWebServer.takeRequest().getPath())\n .isEqualTo(\"/send-as-is/%2e%2e/%2e%2e/etc/passwd\");\n assertThat(response)\n .isEqualTo(\n HttpResponse.builder()\n .setStatus(HttpStatus.OK)\n .setHeaders(\n HttpHeaders.builder()\n .addHeader(CONTENT_TYPE, MediaType.PLAIN_TEXT_UTF_8.toString())\n // MockWebServer always adds this response header.\n .addHeader(CONTENT_LENGTH, String.valueOf(expectedResponseBody.length()))\n .build())\n .setBodyBytes(ByteString.copyFrom(expectedResponseBody, UTF_8))\n .build());\n }\n\n @Test\n public void sendAsIs_withPostRequest_returnsExpectedHttpResponse()\n throws IOException, InterruptedException {\n mockWebServer.setDispatcher(new SendAsIsTestDispatcher());\n mockWebServer.start();\n String requestBody = \"POST BODY\";\n String expectedResponseBody = SendAsIsTestDispatcher.buildBody(\"POST\", requestBody);\n\n HttpUrl baseUrl = mockWebServer.url(\"/\");\n String requestUrl =\n new URL(baseUrl.scheme(), baseUrl.host(), baseUrl.port(), \"/send-as-is/%2e%2e/%2e%2e/path\")\n .toString();\n\n HttpResponse response =\n httpClient.sendAsIs(\n post(requestUrl)\n .setRequestBody(ByteString.copyFrom(requestBody, UTF_8))\n .withEmptyHeaders()\n .build());\n\n assertThat(mockWebServer.takeRequest().getPath()).isEqualTo(\"/send-as-is/%2e%2e/%2e%2e/path\");\n assertThat(response)\n .isEqualTo(\n HttpResponse.builder()\n .setStatus(HttpStatus.OK)\n .setHeaders(\n HttpHeaders.builder()\n .addHeader(CONTENT_TYPE, MediaType.PLAIN_TEXT_UTF_8.toString())\n // MockWebServer always adds this response header.\n .addHeader(CONTENT_LENGTH, String.valueOf(expectedResponseBody.length()))\n .build())\n .setBodyBytes(ByteString.copyFrom(expectedResponseBody, UTF_8))\n .build());\n }\n\n @Test\n public void send_always_canonicalizesRequestUrl() throws IOException, InterruptedException {\n String responseBody = \"test response\";\n mockWebServer.enqueue(\n new MockResponse()\n .setResponseCode(HttpStatus.OK.code())\n .setHeader(CONTENT_TYPE, MediaType.PLAIN_TEXT_UTF_8.toString())\n .setBody(responseBody));\n mockWebServer.start();\n\n HttpUrl baseUrl = mockWebServer.url(\"/\");\n String requestUrl =\n new URL(baseUrl.scheme(), baseUrl.host(), baseUrl.port(), \"/%2e%2e/%2e%2e/etc/passwd\")\n .toString();\n\n httpClient.send(get(requestUrl).withEmptyHeaders().build());\n\n assertThat(mockWebServer.takeRequest().getPath()).isEqualTo(\"/etc/passwd\");\n }\n\n @Test\n public void send_whenGetRequest_returnsExpectedHttpResponse() throws IOException {\n String responseBody = \"test response\";\n mockWebServer.enqueue(\n new MockResponse()\n .setResponseCode(HttpStatus.OK.code())\n .setHeader(CONTENT_TYPE, MediaType.PLAIN_TEXT_UTF_8.toString())\n .setBody(responseBody));\n mockWebServer.start();\n\n String requestUrl = mockWebServer.url(\"/test/get\").toString();\n\n HttpResponse response = httpClient.send(get(requestUrl).withEmptyHeaders().build());\n\n assertThat(response)\n .isEqualTo(\n HttpResponse.builder()\n .setStatus(HttpStatus.OK)\n .setHeaders(\n HttpHeaders.builder()\n .addHeader(CONTENT_TYPE, MediaType.PLAIN_TEXT_UTF_8.toString())\n // MockWebServer always adds this response header.\n .addHeader(CONTENT_LENGTH, String.valueOf(responseBody.length()))\n .build())\n .setBodyBytes(ByteString.copyFrom(responseBody, UTF_8))\n .setResponseUrl(HttpUrl.parse(requestUrl))\n .build());\n }\n\n @Test\n public void sendAsync_whenGetRequest_returnsExpectedHttpResponse()\n throws IOException, ExecutionException, InterruptedException {\n String responseBody = \"test response\";\n mockWebServer.enqueue(\n new MockResponse()\n .setResponseCode(HttpStatus.OK.code())\n .setHeader(CONTENT_TYPE, MediaType.PLAIN_TEXT_UTF_8.toString())\n .setBody(responseBody));\n mockWebServer.start();\n\n String requestUrl = mockWebServer.url(\"/test/get\").toString();\n\n HttpResponse response = httpClient.sendAsync(get(requestUrl).withEmptyHeaders().build()).get();\n\n assertThat(response)\n .isEqualTo(\n HttpResponse.builder()\n .setStatus(HttpStatus.OK)\n .setHeaders(\n HttpHeaders.builder()\n .addHeader(CONTENT_TYPE, MediaType.PLAIN_TEXT_UTF_8.toString())\n // MockWebServer always adds this response header.\n .addHeader(CONTENT_LENGTH, String.valueOf(responseBody.length()))\n .build())\n .setBodyBytes(ByteString.copyFrom(responseBody, UTF_8))\n .setResponseUrl(HttpUrl.parse(requestUrl))\n .build());\n }\n\n @Test\n public void send_whenHeadRequest_returnsHttpResponseWithoutBody() throws IOException {\n String responseBody = \"test response\";\n mockWebServer.enqueue(\n new MockResponse()\n .setResponseCode(HttpStatus.OK.code())\n .setHeader(CONTENT_TYPE, MediaType.PLAIN_TEXT_UTF_8.toString())\n .setBody(responseBody));\n mockWebServer.start();\n\n String requestUrl = mockWebServer.url(\"/test/head\").toString();\n\n HttpResponse response = httpClient.send(head(requestUrl).withEmptyHeaders().build());\n\n assertThat(response)\n .isEqualTo(\n HttpResponse.builder()\n .setStatus(HttpStatus.OK)\n .setHeaders(\n HttpHeaders.builder()\n .addHeader(CONTENT_TYPE, MediaType.PLAIN_TEXT_UTF_8.toString())\n // MockWebServer always adds this response header.\n .addHeader(CONTENT_LENGTH, String.valueOf(responseBody.length()))\n .build())\n .setBodyBytes(Optional.empty())\n .setResponseUrl(HttpUrl.parse(requestUrl))\n .build());\n }\n\n @Test\n public void sendAsync_whenHeadRequest_returnsHttpResponseWithoutBody()\n throws IOException, ExecutionException, InterruptedException {\n String responseBody = \"test response\";\n mockWebServer.enqueue(\n new MockResponse()\n .setResponseCode(HttpStatus.OK.code())\n .setHeader(CONTENT_TYPE, MediaType.PLAIN_TEXT_UTF_8.toString())\n .setBody(responseBody));\n mockWebServer.start();\n\n String requestUrl = mockWebServer.url(\"/test/head\").toString();\n\n HttpResponse response = httpClient.sendAsync(head(requestUrl).withEmptyHeaders().build()).get();\n\n assertThat(response)\n .isEqualTo(\n HttpResponse.builder()\n .setStatus(HttpStatus.OK)\n .setHeaders(\n HttpHeaders.builder()\n .addHeader(CONTENT_TYPE, MediaType.PLAIN_TEXT_UTF_8.toString())\n // MockWebServer always adds this response header.\n .addHeader(CONTENT_LENGTH, String.valueOf(responseBody.length()))\n .build())\n .setBodyBytes(Optional.empty())\n .setResponseUrl(HttpUrl.parse(requestUrl))\n .build());\n }\n\n @Test\n public void send_whenPostRequest_returnsExpectedHttpResponse() throws IOException {\n String responseBody = \"{ \\\"test\\\": \\\"json\\\" }\";\n mockWebServer.enqueue(\n new MockResponse()\n .setResponseCode(HttpStatus.OK.code())\n .setHeader(CONTENT_TYPE, MediaType.JSON_UTF_8.toString())\n .setBody(responseBody));\n mockWebServer.start();\n\n String requestUrl = mockWebServer.url(\"/test/post\").toString();\n\n HttpResponse response =\n httpClient.send(\n post(requestUrl)\n .setHeaders(\n HttpHeaders.builder()\n .addHeader(ACCEPT, MediaType.JSON_UTF_8.toString())\n .build())\n .build());\n\n assertThat(response)\n .isEqualTo(\n HttpResponse.builder()\n .setStatus(HttpStatus.OK)\n .setHeaders(\n HttpHeaders.builder()\n .addHeader(CONTENT_TYPE, MediaType.JSON_UTF_8.toString())\n // MockWebServer always adds this response header.\n .addHeader(CONTENT_LENGTH, String.valueOf(responseBody.length()))\n .build())\n .setBodyBytes(ByteString.copyFrom(responseBody, UTF_8))\n .setResponseUrl(HttpUrl.parse(requestUrl))\n .build());\n }\n\n @Test\n public void sendAsync_whenPostRequest_returnsExpectedHttpResponse()\n throws IOException, ExecutionException, InterruptedException {\n String responseBody = \"{ \\\"test\\\": \\\"json\\\" }\";\n mockWebServer.enqueue(\n new MockResponse()\n .setResponseCode(HttpStatus.OK.code())\n .setHeader(CONTENT_TYPE, MediaType.JSON_UTF_8.toString())\n .setBody(responseBody));\n mockWebServer.start();\n\n String requestUrl = mockWebServer.url(\"/test/post\").toString();\n\n HttpResponse response =\n httpClient\n .sendAsync(\n post(requestUrl)\n .setHeaders(\n HttpHeaders.builder()\n .addHeader(ACCEPT, MediaType.JSON_UTF_8.toString())\n .build())\n .build())\n .get();\n\n assertThat(response)\n .isEqualTo(\n HttpResponse.builder()\n .setStatus(HttpStatus.OK)\n .setHeaders(\n HttpHeaders.builder()\n .addHeader(CONTENT_TYPE, MediaType.JSON_UTF_8.toString())\n // MockWebServer always adds this response header.\n .addHeader(CONTENT_LENGTH, String.valueOf(responseBody.length()))\n .build())\n .setBodyBytes(ByteString.copyFrom(responseBody, UTF_8))\n .setResponseUrl(HttpUrl.parse(requestUrl))\n .build());\n }\n\n @Test\n public void send_whenPostRequestWithEmptyHeaders_returnsExpectedHttpResponse()\n throws IOException {\n String responseBody = \"{ \\\"test\\\": \\\"json\\\" }\";\n mockWebServer.enqueue(\n new MockResponse()\n .setResponseCode(HttpStatus.OK.code())\n .setHeader(CONTENT_TYPE, MediaType.JSON_UTF_8.toString())\n .setBody(responseBody));\n mockWebServer.start();\n\n String requestUrl = mockWebServer.url(\"/test/post\").toString();\n\n HttpResponse response = httpClient.send(post(requestUrl).withEmptyHeaders().build());\n\n assertThat(response)\n .isEqualTo(\n HttpResponse.builder()\n .setStatus(HttpStatus.OK)\n .setHeaders(\n HttpHeaders.builder()\n .addHeader(CONTENT_TYPE, MediaType.JSON_UTF_8.toString())\n // MockWebServer always adds this response header.\n .addHeader(CONTENT_LENGTH, String.valueOf(responseBody.length()))\n .build())\n .setBodyBytes(ByteString.copyFrom(responseBody, UTF_8))\n .setResponseUrl(HttpUrl.parse(requestUrl))\n .build());\n }\n\n @Test\n public void sendAsync_whenPostRequestWithEmptyHeaders_returnsExpectedHttpResponse()\n throws IOException, ExecutionException, InterruptedException {\n String responseBody = \"{ \\\"test\\\": \\\"json\\\" }\";\n mockWebServer.enqueue(\n new MockResponse()\n .setResponseCode(HttpStatus.OK.code())\n .setHeader(CONTENT_TYPE, MediaType.JSON_UTF_8.toString())\n .setBody(responseBody));\n mockWebServer.start();\n\n String requestUrl = mockWebServer.url(\"/test/post\").toString();\n\n HttpResponse response = httpClient.sendAsync(post(requestUrl).withEmptyHeaders().build()).get();\n\n assertThat(response)\n .isEqualTo(\n HttpResponse.builder()\n .setStatus(HttpStatus.OK)\n .setHeaders(\n HttpHeaders.builder()\n .addHeader(CONTENT_TYPE, MediaType.JSON_UTF_8.toString())\n // MockWebServer always adds this response header.\n .addHeader(CONTENT_LENGTH, String.valueOf(responseBody.length()))\n .build())\n .setBodyBytes(ByteString.copyFrom(responseBody, UTF_8))\n .setResponseUrl(HttpUrl.parse(requestUrl))\n .build());\n }\n\n @Test\n public void send_whenFollowRedirect_returnsFinalHttpResponse() throws IOException {\n String responseBody = \"test response\";\n mockWebServer.setDispatcher(new RedirectDispatcher(responseBody));\n mockWebServer.start();\n\n HttpResponse response =\n httpClient\n .modify()\n .setFollowRedirects(true)\n .build()\n .send(\n get(mockWebServer.url(RedirectDispatcher.REDIRECT_PATH).toString())\n .withEmptyHeaders()\n .build());\n\n HttpUrl redirectDestinationUrl =\n HttpUrl.parse(mockWebServer.url(RedirectDispatcher.REDIRECT_DESTINATION_PATH).toString());\n\n assertThat(response)\n .isEqualTo(\n HttpResponse.builder()\n .setStatus(HttpStatus.OK)\n .setHeaders(\n HttpHeaders.builder()\n .addHeader(CONTENT_LENGTH, String.valueOf(responseBody.length()))\n .build())\n .setBodyBytes(ByteString.copyFrom(responseBody, UTF_8))\n .setResponseUrl(redirectDestinationUrl)\n .build());\n }\n\n @Test\n public void sendAsync_whenFollowRedirect_returnsFinalHttpResponse()\n throws IOException, ExecutionException, InterruptedException {\n String responseBody = \"test response\";\n mockWebServer.setDispatcher(new RedirectDispatcher(responseBody));\n mockWebServer.start();\n\n HttpUrl redirectDestinationUrl =\n HttpUrl.parse(mockWebServer.url(RedirectDispatcher.REDIRECT_DESTINATION_PATH).toString());\n\n HttpResponse response =\n httpClient\n .modify()\n .setFollowRedirects(true)\n .build()\n .sendAsync(\n get(mockWebServer.url(RedirectDispatcher.REDIRECT_PATH).toString())\n .withEmptyHeaders()\n .build())\n .get();\n\n assertThat(response)\n .isEqualTo(\n HttpResponse.builder()\n .setStatus(HttpStatus.OK)\n .setHeaders(\n HttpHeaders.builder()\n .addHeader(CONTENT_LENGTH, String.valueOf(responseBody.length()))\n .build())\n .setBodyBytes(ByteString.copyFrom(responseBody, UTF_8))\n .setResponseUrl(redirectDestinationUrl)\n .build());\n }\n\n @Test\n public void send_whenNotFollowRedirect_returnsFinalHttpResponse() throws IOException {\n String responseBody = \"test response\";\n mockWebServer.setDispatcher(new RedirectDispatcher(responseBody));\n mockWebServer.start();\n\n String redirectingUrl = mockWebServer.url(RedirectDispatcher.REDIRECT_PATH).toString();\n\n HttpResponse response =\n httpClient\n .modify()\n .setFollowRedirects(false)\n .build()\n .send(get(redirectingUrl).withEmptyHeaders().build());\n\n assertThat(response.status()).isEqualTo(HttpStatus.FOUND);\n assertThat(response.headers())\n .isEqualTo(\n HttpHeaders.builder()\n .addHeader(CONTENT_LENGTH, \"0\")\n .addHeader(LOCATION, RedirectDispatcher.REDIRECT_DESTINATION_PATH)\n .build());\n assertThat(response.bodyString()).hasValue(\"\");\n assertThat(response)\n .isEqualTo(\n HttpResponse.builder()\n .setStatus(HttpStatus.FOUND)\n .setHeaders(\n HttpHeaders.builder()\n .addHeader(CONTENT_LENGTH, \"0\")\n .addHeader(LOCATION, RedirectDispatcher.REDIRECT_DESTINATION_PATH)\n .build())\n .setBodyBytes(ByteString.EMPTY)\n .setResponseUrl(HttpUrl.parse(redirectingUrl))\n .build());\n }\n\n @Test\n public void sendAsync_whenNotFollowRedirect_returnsFinalHttpResponse()\n throws IOException, ExecutionException, InterruptedException {\n String responseBody = \"test response\";\n mockWebServer.setDispatcher(new RedirectDispatcher(responseBody));\n mockWebServer.start();\n\n String redirectingUrl = mockWebServer.url(RedirectDispatcher.REDIRECT_PATH).toString();\n\n HttpResponse response =\n httpClient\n .modify()\n .setFollowRedirects(false)\n .build()\n .sendAsync(get(redirectingUrl).withEmptyHeaders().build())\n .get();\n\n assertThat(response.status()).isEqualTo(HttpStatus.FOUND);\n assertThat(response.headers())\n .isEqualTo(\n HttpHeaders.builder()\n .addHeader(CONTENT_LENGTH, \"0\")\n .addHeader(LOCATION, RedirectDispatcher.REDIRECT_DESTINATION_PATH)\n .build());\n assertThat(response.bodyString()).hasValue(\"\");\n assertThat(response)\n .isEqualTo(\n HttpResponse.builder()\n .setStatus(HttpStatus.FOUND)\n .setHeaders(\n HttpHeaders.builder()\n .addHeader(CONTENT_LENGTH, \"0\")\n .addHeader(LOCATION, RedirectDispatcher.REDIRECT_DESTINATION_PATH)\n .build())\n .setBodyBytes(ByteString.EMPTY)\n .setResponseUrl(HttpUrl.parse(redirectingUrl))\n .build());\n }\n\n @Test\n public void send_whenNoUserAgentInRequest_setsCorrectUserAgentHeader() throws IOException {\n mockWebServer.setDispatcher(new UserAgentTestDispatcher());\n mockWebServer.start();\n\n HttpResponse response =\n httpClient.send(\n get(mockWebServer.url(UserAgentTestDispatcher.USERAGENT_TEST_PATH).toString())\n .withEmptyHeaders()\n .build());\n\n assertThat(response.status()).isEqualTo(HttpStatus.OK);\n }\n\n @Test\n public void send_whenUserAgentSetInRequest_overridesUserAgentHeader() throws IOException {\n mockWebServer.setDispatcher(new UserAgentTestDispatcher());\n mockWebServer.start();\n\n HttpResponse response =\n httpClient.send(\n get(mockWebServer.url(UserAgentTestDispatcher.USERAGENT_TEST_PATH).toString())\n .setHeaders(\n HttpHeaders.builder().addHeader(USER_AGENT, \"User Agent In Request\").build())\n .build());\n\n assertThat(response.status()).isEqualTo(HttpStatus.OK);\n }\n\n @Test\n public void send_whenRequestFailed_throwsException() {\n assertThrows(\n IOException.class,\n () -> httpClient.send(get(\"http://unknownhost/path\").withEmptyHeaders().build()));\n }\n\n @Test\n public void sendAsync_whenRequestFailed_returnsFutureWithException() {\n ListenableFuture responseFuture =\n httpClient.sendAsync(get(\"http://unknownhost/path\").withEmptyHeaders().build());\n\n ExecutionException ex = assertThrows(ExecutionException.class, responseFuture::get);\n assertThat(ex).hasCauseThat().isInstanceOf(IOException.class);\n }\n\n @Test\n public void send_whenHostnameAndIpInRequest_useHostnameAsProxy() throws IOException {\n InetAddress loopbackAddress = InetAddress.getLoopbackAddress();\n String host = \"host.com\";\n mockWebServer.setDispatcher(new HostnameTestDispatcher(host));\n mockWebServer.start(loopbackAddress, 0);\n int port = mockWebServer.url(\"/\").port();\n\n NetworkService networkService =\n NetworkService.newBuilder()\n .setNetworkEndpoint(\n NetworkEndpointUtils.forIpHostnameAndPort(\n loopbackAddress.getHostAddress(), host, port))\n .build();\n\n // The request to host.com should be sent through mockWebServer's IP.\n HttpResponse response =\n httpClient.send(\n get(String.format(\"http://host.com:%d/test/get\", port)).withEmptyHeaders().build(),\n networkService);\n\n assertThat(response.status()).isEqualTo(HttpStatus.OK);\n }\n\n @Test\n public void send_whenInvalidCertificatesAreIgnored_getResponseWithoutException()\n throws GeneralSecurityException, IOException {\n InetAddress loopbackAddress = InetAddress.getLoopbackAddress();\n String host = \"host.com\";\n MockWebServer mockWebServer = startMockWebServerWithSsl(loopbackAddress);\n int port = mockWebServer.url(\"/\").port();\n NetworkService networkService =\n NetworkService.newBuilder()\n .setNetworkEndpoint(\n NetworkEndpointUtils.forIpHostnameAndPort(\n loopbackAddress.getHostAddress(), host, port))\n .build();\n\n HttpClientCliOptions cliOptions = new HttpClientCliOptions();\n HttpClientConfigProperties configProperties = new HttpClientConfigProperties();\n cliOptions.trustAllCertificates = configProperties.trustAllCertificates = true;\n HttpClient httpClient =\n Guice.createInjector(\n new AbstractModule() {\n @Override\n protected void configure() {\n install(new HttpClientModule.Builder().build());\n bind(HttpClientCliOptions.class).toInstance(cliOptions);\n bind(HttpClientConfigProperties.class).toInstance(configProperties);\n }\n })\n .getInstance(HttpClient.class);\n\n HttpResponse response =\n httpClient.send(\n get(String.format(\"https://%s:%d\", host, port)).withEmptyHeaders().build(),\n networkService);\n assertThat(response.bodyString()).hasValue(\"body\");\n\n mockWebServer.shutdown();\n }\n\n @Test\n public void send_whenInvalidCertificatesAreNotIgnored_throws()\n throws GeneralSecurityException, IOException {\n InetAddress loopbackAddress = InetAddress.getLoopbackAddress();\n String host = \"host.com\";\n MockWebServer mockWebServer = startMockWebServerWithSsl(loopbackAddress);\n int port = mockWebServer.url(\"/\").port();\n NetworkService networkService =\n NetworkService.newBuilder()\n .setNetworkEndpoint(\n NetworkEndpointUtils.forIpHostnameAndPort(\n loopbackAddress.getHostAddress(), host, port))\n .build();\n\n HttpClientCliOptions cliOptions = new HttpClientCliOptions();\n HttpClientConfigProperties configProperties = new HttpClientConfigProperties();\n cliOptions.trustAllCertificates = configProperties.trustAllCertificates = false;\n HttpClient httpClient =\n Guice.createInjector(\n new AbstractModule() {\n @Override\n protected void configure() {\n install(new HttpClientModule.Builder().build());\n bind(HttpClientCliOptions.class).toInstance(cliOptions);\n bind(HttpClientConfigProperties.class).toInstance(configProperties);\n }\n })\n .getInstance(HttpClient.class);\n\n assertThrows(\n SSLException.class,\n () ->\n httpClient.send(\n get(String.format(\"https://%s:%d\", host, port)).withEmptyHeaders().build(),\n networkService));\n\n mockWebServer.shutdown();\n }\n\n @Test\n public void send_default_userAgent() throws IOException, InterruptedException {\n String responseBody = \"test response\";\n mockWebServer.enqueue(\n new MockResponse()\n .setResponseCode(HttpStatus.OK.code())\n .setHeader(CONTENT_TYPE, MediaType.PLAIN_TEXT_UTF_8.toString())\n .setBody(responseBody));\n mockWebServer.start();\n\n HttpUrl baseUrl = mockWebServer.url(\"/\");\n httpClient.send(get(baseUrl.toString()).withEmptyHeaders().build());\n\n assertThat(mockWebServer.takeRequest().getHeader(USER_AGENT))\n .isEqualTo(HttpClient.TSUNAMI_USER_AGENT);\n }\n\n @Test\n public void send_overridden_userAgent() throws IOException, InterruptedException {\n String responseBody = \"test response\";\n mockWebServer.enqueue(\n new MockResponse()\n .setResponseCode(HttpStatus.OK.code())\n .setHeader(CONTENT_TYPE, MediaType.PLAIN_TEXT_UTF_8.toString())\n .setBody(responseBody));\n mockWebServer.start();\n\n final String userAgentOverride = \"User Agent In Override\";\n\n HttpClientCliOptions cliOptions = new HttpClientCliOptions();\n cliOptions.userAgent = userAgentOverride;\n HttpClientConfigProperties configProperties = new HttpClientConfigProperties();\n cliOptions.trustAllCertificates = configProperties.trustAllCertificates = true;\n HttpClient httpClient =\n Guice.createInjector(\n new AbstractModule() {\n @Override\n protected void configure() {\n install(new HttpClientModule.Builder().build());\n bind(HttpClientCliOptions.class).toInstance(cliOptions);\n bind(HttpClientConfigProperties.class).toInstance(configProperties);\n }\n })\n .getInstance(HttpClient.class);\n\n HttpUrl baseUrl = mockWebServer.url(\"/\");\n httpClient.send(get(baseUrl.toString()).withEmptyHeaders().build());\n\n assertThat(mockWebServer.takeRequest().getHeader(USER_AGENT)).isEqualTo(userAgentOverride);\n }\n\n private MockWebServer startMockWebServerWithSsl(InetAddress serverAddress)\n throws GeneralSecurityException, IOException {\n MockWebServer mockWebServer = new MockWebServer();\n mockWebServer.enqueue(new MockResponse().setResponseCode(HttpStatus.OK.code()).setBody(\"body\"));\n mockWebServer.useHttps(getTestingSslSocketFactory(), false);\n mockWebServer.start(serverAddress, 0);\n return mockWebServer;\n }\n\n private SSLSocketFactory getTestingSslSocketFactory()\n throws GeneralSecurityException, IOException {\n final KeyManagerFactory keyManagerFactory =\n KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());\n KeyStore keyStore = KeyStore.getInstance(\"PKCS12\");\n keyStore.load(getClass().getResourceAsStream(TESTING_KEYSTORE), TESTING_KEYSTORE_PASSWORD);\n keyManagerFactory.init(keyStore, TESTING_KEYSTORE_PASSWORD);\n SSLContext sslContext = SSLContext.getInstance(\"TLS\");\n sslContext.init(keyManagerFactory.getKeyManagers(), null, null);\n return sslContext.getSocketFactory();\n }\n\n static final class RedirectDispatcher extends Dispatcher {\n static final String REDIRECT_PATH = \"/redirect\";\n static final String REDIRECT_DESTINATION_PATH = \"/redirect-dest\";\n\n private final String responseBody;\n\n RedirectDispatcher(String responseBody) {\n this.responseBody = checkNotNull(responseBody);\n }\n\n @Override\n public MockResponse dispatch(RecordedRequest recordedRequest) {\n switch (recordedRequest.getPath()) {\n case REDIRECT_PATH:\n return new MockResponse()\n .setResponseCode(HttpStatus.FOUND.code())\n .setHeader(LOCATION, \"/redirect-dest\");\n case REDIRECT_DESTINATION_PATH:\n return new MockResponse().setResponseCode(HttpStatus.OK.code()).setBody(responseBody);\n default:\n return new MockResponse().setResponseCode(HttpStatus.NOT_FOUND.code());\n }\n }\n }\n\n static final class UserAgentTestDispatcher extends Dispatcher {\n static final String USERAGENT_TEST_PATH = \"/useragent-test\";\n\n @Override\n public MockResponse dispatch(RecordedRequest recordedRequest) {\n if (recordedRequest.getPath().equals(USERAGENT_TEST_PATH)\n && nullToEmpty(recordedRequest.getHeader(USER_AGENT)).equals(\"TsunamiSecurityScanner\")) {\n return new MockResponse().setResponseCode(HttpStatus.OK.code());\n }\n return new MockResponse().setResponseCode(HttpStatus.NOT_FOUND.code());\n }\n }\n\n static final class HostnameTestDispatcher extends Dispatcher {\n private final String expectedHost;\n\n HostnameTestDispatcher(String expectedHost) {\n this.expectedHost = checkNotNull(expectedHost);\n }\n\n @Override\n public MockResponse dispatch(RecordedRequest recordedRequest) {\n if (nullToEmpty(recordedRequest.getHeader(HOST)).startsWith(expectedHost)) {\n return new MockResponse().setResponseCode(HttpStatus.OK.code());\n }\n return new MockResponse().setResponseCode(HttpStatus.NOT_FOUND.code());\n }\n }\n\n static final class SendAsIsTestDispatcher extends Dispatcher {\n static final String SEND_AS_IS_PATH = \"/send-as-is/\";\n\n static String buildBody(String method, String requestBody) {\n return String.format(\"Method: %s\\nRequest Body: %s\", method, requestBody);\n }\n\n @Override\n public MockResponse dispatch(RecordedRequest recordedRequest) {\n if (recordedRequest.getPath().startsWith(SEND_AS_IS_PATH)) {\n return new MockResponse()\n .setHeader(CONTENT_TYPE, MediaType.PLAIN_TEXT_UTF_8.toString())\n .setBody(buildBody(recordedRequest.getMethod(), recordedRequest.getBody().readUtf8()))\n .setResponseCode(HttpStatus.OK.code());\n }\n return new MockResponse().setResponseCode(HttpStatus.NOT_FOUND.code());\n }\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/net/socket/DefaultTsunamiSocketFactoryTest.java",
"content": "/*\n * Copyright 2025 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.socket;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static org.junit.Assert.assertThrows;\nimport static org.mockito.ArgumentMatchers.any;\nimport static org.mockito.ArgumentMatchers.anyBoolean;\nimport static org.mockito.ArgumentMatchers.anyInt;\nimport static org.mockito.ArgumentMatchers.anyString;\nimport static org.mockito.Mockito.mock;\nimport static org.mockito.Mockito.verify;\nimport static org.mockito.Mockito.when;\n\nimport java.io.IOException;\nimport java.net.InetAddress;\nimport java.net.InetSocketAddress;\nimport java.net.Socket;\nimport java.time.Duration;\nimport javax.net.SocketFactory;\nimport javax.net.ssl.SSLSocket;\nimport javax.net.ssl.SSLSocketFactory;\nimport org.junit.Before;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\nimport org.mockito.ArgumentCaptor;\n\n/** Unit tests for {@link DefaultTsunamiSocketFactory}. */\n@RunWith(JUnit4.class)\npublic final class DefaultTsunamiSocketFactoryTest {\n\n private static final Duration DEFAULT_CONNECT_TIMEOUT = Duration.ofSeconds(10);\n private static final Duration DEFAULT_READ_TIMEOUT = Duration.ofSeconds(30);\n\n private SocketFactory mockSocketFactory;\n private SSLSocketFactory mockSslSocketFactory;\n private Socket mockSocket;\n private SSLSocket mockSslSocket;\n private DefaultTsunamiSocketFactory tsunamiSocketFactory;\n\n @Before\n public void setUp() throws IOException {\n mockSocketFactory = mock(SocketFactory.class);\n mockSslSocketFactory = mock(SSLSocketFactory.class);\n mockSocket = mock(Socket.class);\n mockSslSocket = mock(SSLSocket.class);\n\n when(mockSocketFactory.createSocket()).thenReturn(mockSocket);\n when(mockSslSocketFactory.createSocket(any(Socket.class), anyString(), anyInt(), anyBoolean()))\n .thenReturn(mockSslSocket);\n\n tsunamiSocketFactory =\n new DefaultTsunamiSocketFactory(\n mockSocketFactory, mockSslSocketFactory, DEFAULT_CONNECT_TIMEOUT, DEFAULT_READ_TIMEOUT);\n }\n\n @Test\n public void constructor_withNullSocketFactory_throwsException() {\n assertThrows(\n NullPointerException.class,\n () ->\n new DefaultTsunamiSocketFactory(\n null, mockSslSocketFactory, DEFAULT_CONNECT_TIMEOUT, DEFAULT_READ_TIMEOUT));\n }\n\n @Test\n public void constructor_withNullSslSocketFactory_throwsException() {\n assertThrows(\n NullPointerException.class,\n () ->\n new DefaultTsunamiSocketFactory(\n mockSocketFactory, null, DEFAULT_CONNECT_TIMEOUT, DEFAULT_READ_TIMEOUT));\n }\n\n @Test\n public void constructor_withNegativeConnectTimeout_throwsException() {\n assertThrows(\n IllegalArgumentException.class,\n () ->\n new DefaultTsunamiSocketFactory(\n mockSocketFactory,\n mockSslSocketFactory,\n Duration.ofSeconds(-1),\n DEFAULT_READ_TIMEOUT));\n }\n\n @Test\n public void constructor_withNegativeReadTimeout_throwsException() {\n assertThrows(\n IllegalArgumentException.class,\n () ->\n new DefaultTsunamiSocketFactory(\n mockSocketFactory,\n mockSslSocketFactory,\n DEFAULT_CONNECT_TIMEOUT,\n Duration.ofSeconds(-1)));\n }\n\n @Test\n public void createSocket_withHostAndPort_setsTimeoutsAndConnects() throws IOException {\n var unused = tsunamiSocketFactory.createSocket(\"example.com\", 80);\n\n verify(mockSocket).setSoTimeout((int) DEFAULT_READ_TIMEOUT.toMillis());\n verify(mockSocket).setKeepAlive(true);\n verify(mockSocket).setTcpNoDelay(true);\n\n ArgumentCaptor addressCaptor =\n ArgumentCaptor.forClass(InetSocketAddress.class);\n ArgumentCaptor timeoutCaptor = ArgumentCaptor.forClass(Integer.class);\n verify(mockSocket).connect(addressCaptor.capture(), timeoutCaptor.capture());\n\n assertThat(addressCaptor.getValue().getHostString()).isEqualTo(\"example.com\");\n assertThat(addressCaptor.getValue().getPort()).isEqualTo(80);\n assertThat(timeoutCaptor.getValue()).isEqualTo((int) DEFAULT_CONNECT_TIMEOUT.toMillis());\n }\n\n @Test\n public void createSocket_withCustomTimeouts_usesProvidedValues() throws IOException {\n Duration customConnect = Duration.ofSeconds(5);\n Duration customRead = Duration.ofSeconds(15);\n\n var unused = tsunamiSocketFactory.createSocket(\"example.com\", 443, customConnect, customRead);\n\n verify(mockSocket).setSoTimeout((int) customRead.toMillis());\n\n ArgumentCaptor timeoutCaptor = ArgumentCaptor.forClass(Integer.class);\n verify(mockSocket).connect(any(), timeoutCaptor.capture());\n assertThat(timeoutCaptor.getValue()).isEqualTo((int) customConnect.toMillis());\n }\n\n @Test\n public void createSocket_withInetAddress_setsTimeoutsAndConnects() throws IOException {\n InetAddress address = InetAddress.getLoopbackAddress();\n\n var unused = tsunamiSocketFactory.createSocket(address, 8080);\n\n verify(mockSocket).setSoTimeout((int) DEFAULT_READ_TIMEOUT.toMillis());\n verify(mockSocket).setKeepAlive(true);\n verify(mockSocket).setTcpNoDelay(true);\n\n ArgumentCaptor addressCaptor =\n ArgumentCaptor.forClass(InetSocketAddress.class);\n verify(mockSocket).connect(addressCaptor.capture(), anyInt());\n\n assertThat(addressCaptor.getValue().getAddress()).isEqualTo(address);\n assertThat(addressCaptor.getValue().getPort()).isEqualTo(8080);\n }\n\n @Test\n public void createSocket_withInvalidPort_throwsException() {\n assertThrows(\n IllegalArgumentException.class, () -> tsunamiSocketFactory.createSocket(\"example.com\", 0));\n\n assertThrows(\n IllegalArgumentException.class, () -> tsunamiSocketFactory.createSocket(\"example.com\", -1));\n\n assertThrows(\n IllegalArgumentException.class,\n () -> tsunamiSocketFactory.createSocket(\"example.com\", 65536));\n }\n\n @Test\n public void createSocket_withNullHost_throwsException() {\n assertThrows(\n NullPointerException.class, () -> tsunamiSocketFactory.createSocket((String) null, 80));\n }\n\n @Test\n public void createUnconnectedSocket_setsReadTimeout() throws IOException {\n Socket socket = tsunamiSocketFactory.createUnconnectedSocket();\n\n assertThat(socket).isEqualTo(mockSocket);\n verify(mockSocket).setSoTimeout((int) DEFAULT_READ_TIMEOUT.toMillis());\n }\n\n @Test\n public void createSslSocket_withHostAndPort_createsAndConfigures() throws IOException {\n var unused = tsunamiSocketFactory.createSslSocket(\"secure.example.com\", 443);\n\n // Verify plain socket is created and connected first\n verify(mockSocketFactory).createSocket();\n verify(mockSocket).connect(any(InetSocketAddress.class), anyInt());\n\n // Verify SSL wrapping\n verify(mockSslSocketFactory).createSocket(mockSocket, \"secure.example.com\", 443, true);\n verify(mockSslSocket).setSoTimeout((int) DEFAULT_READ_TIMEOUT.toMillis());\n verify(mockSslSocket).startHandshake();\n }\n\n @Test\n public void createSslSocket_withCustomTimeouts_usesProvidedValues() throws IOException {\n Duration customConnect = Duration.ofSeconds(5);\n Duration customRead = Duration.ofSeconds(15);\n\n var unused =\n tsunamiSocketFactory.createSslSocket(\"secure.example.com\", 443, customConnect, customRead);\n\n verify(mockSocket).setSoTimeout((int) customRead.toMillis());\n verify(mockSslSocket).setSoTimeout((int) customRead.toMillis());\n\n ArgumentCaptor connectTimeoutCaptor = ArgumentCaptor.forClass(Integer.class);\n verify(mockSocket).connect(any(), connectTimeoutCaptor.capture());\n assertThat(connectTimeoutCaptor.getValue()).isEqualTo((int) customConnect.toMillis());\n }\n\n @Test\n public void createSslSocket_withInetAddress_createsAndConfigures() throws IOException {\n InetAddress address = InetAddress.getLoopbackAddress();\n\n var unused = tsunamiSocketFactory.createSslSocket(address, 443);\n\n verify(mockSocketFactory).createSocket();\n verify(mockSocket).connect(any(InetSocketAddress.class), anyInt());\n verify(mockSslSocketFactory).createSocket(mockSocket, address.getHostAddress(), 443, true);\n verify(mockSslSocket).startHandshake();\n }\n\n @Test\n public void wrapWithSsl_wrapsExistingSocket() throws IOException {\n when(mockSocket.getSoTimeout()).thenReturn(5000);\n\n var unused = tsunamiSocketFactory.wrapWithSsl(mockSocket, \"example.com\", 443, true);\n\n verify(mockSslSocketFactory).createSocket(mockSocket, \"example.com\", 443, true);\n verify(mockSslSocket).setSoTimeout(5000);\n verify(mockSslSocket).startHandshake();\n }\n\n @Test\n public void wrapWithSsl_withZeroOriginalTimeout_usesDefault() throws IOException {\n when(mockSocket.getSoTimeout()).thenReturn(0);\n\n var unused = tsunamiSocketFactory.wrapWithSsl(mockSocket, \"example.com\", 443, true);\n\n verify(mockSslSocket).setSoTimeout((int) DEFAULT_READ_TIMEOUT.toMillis());\n }\n\n @Test\n public void wrapWithSsl_withNullSocket_throwsException() {\n assertThrows(\n NullPointerException.class,\n () -> tsunamiSocketFactory.wrapWithSsl(null, \"example.com\", 443, true));\n }\n\n @Test\n public void wrapWithSsl_withInvalidPort_throwsException() {\n assertThrows(\n IllegalArgumentException.class,\n () -> tsunamiSocketFactory.wrapWithSsl(mockSocket, \"example.com\", 0, true));\n }\n\n @Test\n public void getDefaultConnectTimeout_returnsConfiguredValue() {\n assertThat(tsunamiSocketFactory.getDefaultConnectTimeout()).isEqualTo(DEFAULT_CONNECT_TIMEOUT);\n }\n\n @Test\n public void getDefaultReadTimeout_returnsConfiguredValue() {\n assertThat(tsunamiSocketFactory.getDefaultReadTimeout()).isEqualTo(DEFAULT_READ_TIMEOUT);\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/net/socket/TsunamiSocketFactoryCliOptionsTest.java",
"content": "/*\n * Copyright 2025 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.socket;\n\nimport static org.junit.Assert.assertThrows;\n\nimport com.beust.jcommander.ParameterException;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Unit tests for {@link TsunamiSocketFactoryCliOptions}. */\n@RunWith(JUnit4.class)\npublic final class TsunamiSocketFactoryCliOptionsTest {\n\n @Test\n public void validate_withNullValues_passes() {\n TsunamiSocketFactoryCliOptions options = new TsunamiSocketFactoryCliOptions();\n\n // Should not throw\n options.validate();\n }\n\n @Test\n public void validate_withPositiveConnectTimeout_passes() {\n TsunamiSocketFactoryCliOptions options = new TsunamiSocketFactoryCliOptions();\n options.connectTimeoutSeconds = 10;\n\n // Should not throw\n options.validate();\n }\n\n @Test\n public void validate_withPositiveReadTimeout_passes() {\n TsunamiSocketFactoryCliOptions options = new TsunamiSocketFactoryCliOptions();\n options.readTimeoutSeconds = 30;\n\n // Should not throw\n options.validate();\n }\n\n @Test\n public void validate_withNegativeConnectTimeout_throwsException() {\n TsunamiSocketFactoryCliOptions options = new TsunamiSocketFactoryCliOptions();\n options.connectTimeoutSeconds = -1;\n\n assertThrows(ParameterException.class, options::validate);\n }\n\n @Test\n public void validate_withNegativeReadTimeout_throwsException() {\n TsunamiSocketFactoryCliOptions options = new TsunamiSocketFactoryCliOptions();\n options.readTimeoutSeconds = -5;\n\n assertThrows(ParameterException.class, options::validate);\n }\n\n @Test\n public void validate_withZeroConnectTimeout_throwsException() {\n TsunamiSocketFactoryCliOptions options = new TsunamiSocketFactoryCliOptions();\n options.connectTimeoutSeconds = 0;\n\n assertThrows(ParameterException.class, options::validate);\n }\n\n @Test\n public void validate_withZeroReadTimeout_throwsException() {\n TsunamiSocketFactoryCliOptions options = new TsunamiSocketFactoryCliOptions();\n options.readTimeoutSeconds = 0;\n\n assertThrows(ParameterException.class, options::validate);\n }\n\n @Test\n public void validate_withTrustAllCertificates_passes() {\n TsunamiSocketFactoryCliOptions options = new TsunamiSocketFactoryCliOptions();\n options.trustAllCertificates = true;\n\n // Should not throw\n options.validate();\n }\n\n @Test\n public void validate_withAllValidOptions_passes() {\n TsunamiSocketFactoryCliOptions options = new TsunamiSocketFactoryCliOptions();\n options.connectTimeoutSeconds = 10;\n options.readTimeoutSeconds = 30;\n options.trustAllCertificates = false;\n\n // Should not throw\n options.validate();\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/net/socket/TsunamiSocketFactoryModuleTest.java",
"content": "/*\n * Copyright 2025 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.net.socket;\n\nimport static com.google.common.truth.Truth.assertThat;\n\nimport com.google.inject.AbstractModule;\nimport com.google.inject.Guice;\nimport com.google.inject.Injector;\nimport com.google.inject.Key;\nimport com.google.tsunami.common.net.socket.TsunamiSocketFactoryModule.ConnectTimeoutSeconds;\nimport com.google.tsunami.common.net.socket.TsunamiSocketFactoryModule.ReadTimeoutSeconds;\nimport com.google.tsunami.common.net.socket.TsunamiSocketFactoryModule.TrustAllCertificates;\nimport java.time.Duration;\nimport org.junit.Before;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Unit tests for {@link TsunamiSocketFactoryModule}. */\n@RunWith(JUnit4.class)\npublic final class TsunamiSocketFactoryModuleTest {\n\n private TsunamiSocketFactoryCliOptions cliOptions;\n private TsunamiSocketFactoryConfigProperties configProperties;\n\n @Before\n public void setUp() {\n cliOptions = new TsunamiSocketFactoryCliOptions();\n configProperties = new TsunamiSocketFactoryConfigProperties();\n }\n\n @Test\n public void provideTsunamiSocketFactory_returnsNonNullFactory() throws Exception {\n Injector injector = Guice.createInjector(getTestingModule());\n\n TsunamiSocketFactory factory = injector.getInstance(TsunamiSocketFactory.class);\n\n assertThat(factory).isNotNull();\n assertThat(factory).isInstanceOf(DefaultTsunamiSocketFactory.class);\n }\n\n @Test\n public void provideTsunamiSocketFactory_withDefaultConfig_usesDefaultTimeouts() throws Exception {\n Injector injector = Guice.createInjector(getTestingModule());\n\n TsunamiSocketFactory factory = injector.getInstance(TsunamiSocketFactory.class);\n\n assertThat(factory.getDefaultConnectTimeout()).isEqualTo(Duration.ofSeconds(10));\n assertThat(factory.getDefaultReadTimeout()).isEqualTo(Duration.ofSeconds(30));\n }\n\n @Test\n public void provideConnectTimeoutSeconds_withCliOption_usesCliValue() {\n cliOptions.connectTimeoutSeconds = 20;\n configProperties.connectTimeoutSeconds = 15;\n\n Injector injector = Guice.createInjector(getTestingModule());\n\n assertThat(injector.getInstance(Key.get(int.class, ConnectTimeoutSeconds.class))).isEqualTo(20);\n }\n\n @Test\n public void provideConnectTimeoutSeconds_withConfigOnly_usesConfigValue() {\n configProperties.connectTimeoutSeconds = 15;\n\n Injector injector = Guice.createInjector(getTestingModule());\n\n assertThat(injector.getInstance(Key.get(int.class, ConnectTimeoutSeconds.class))).isEqualTo(15);\n }\n\n @Test\n public void provideConnectTimeoutSeconds_withNoConfig_usesDefault() {\n Injector injector = Guice.createInjector(getTestingModule());\n\n assertThat(injector.getInstance(Key.get(int.class, ConnectTimeoutSeconds.class))).isEqualTo(10);\n }\n\n @Test\n public void provideReadTimeoutSeconds_withCliOption_usesCliValue() {\n cliOptions.readTimeoutSeconds = 60;\n configProperties.readTimeoutSeconds = 45;\n\n Injector injector = Guice.createInjector(getTestingModule());\n\n assertThat(injector.getInstance(Key.get(int.class, ReadTimeoutSeconds.class))).isEqualTo(60);\n }\n\n @Test\n public void provideReadTimeoutSeconds_withConfigOnly_usesConfigValue() {\n configProperties.readTimeoutSeconds = 45;\n\n Injector injector = Guice.createInjector(getTestingModule());\n\n assertThat(injector.getInstance(Key.get(int.class, ReadTimeoutSeconds.class))).isEqualTo(45);\n }\n\n @Test\n public void provideReadTimeoutSeconds_withNoConfig_usesDefault() {\n Injector injector = Guice.createInjector(getTestingModule());\n\n assertThat(injector.getInstance(Key.get(int.class, ReadTimeoutSeconds.class))).isEqualTo(30);\n }\n\n @Test\n public void provideTrustAllCertificates_withCliOptionTrue_returnsTrue() {\n cliOptions.trustAllCertificates = true;\n configProperties.trustAllCertificates = false;\n\n Injector injector = Guice.createInjector(getTestingModule());\n\n assertThat(injector.getInstance(Key.get(boolean.class, TrustAllCertificates.class))).isTrue();\n }\n\n @Test\n public void provideTrustAllCertificates_withCliOptionFalse_returnsFalse() {\n cliOptions.trustAllCertificates = false;\n\n Injector injector = Guice.createInjector(getTestingModule());\n\n assertThat(injector.getInstance(Key.get(boolean.class, TrustAllCertificates.class))).isFalse();\n }\n\n @Test\n public void provideTrustAllCertificates_withConfigOnly_usesConfigValue() {\n configProperties.trustAllCertificates = false;\n\n Injector injector = Guice.createInjector(getTestingModule());\n\n assertThat(injector.getInstance(Key.get(boolean.class, TrustAllCertificates.class))).isFalse();\n }\n\n @Test\n public void provideTrustAllCertificates_withNoConfig_usesDefaultTrue() {\n Injector injector = Guice.createInjector(getTestingModule());\n\n assertThat(injector.getInstance(Key.get(boolean.class, TrustAllCertificates.class))).isTrue();\n }\n\n @Test\n public void provideTsunamiSocketFactory_withCustomConfig_usesCustomValues() throws Exception {\n cliOptions.connectTimeoutSeconds = 5;\n cliOptions.readTimeoutSeconds = 15;\n\n Injector injector = Guice.createInjector(getTestingModule());\n TsunamiSocketFactory factory = injector.getInstance(TsunamiSocketFactory.class);\n\n assertThat(factory.getDefaultConnectTimeout()).isEqualTo(Duration.ofSeconds(5));\n assertThat(factory.getDefaultReadTimeout()).isEqualTo(Duration.ofSeconds(15));\n }\n\n private AbstractModule getTestingModule() {\n return new AbstractModule() {\n @Override\n protected void configure() {\n install(new TsunamiSocketFactoryModule());\n bind(TsunamiSocketFactoryCliOptions.class).toInstance(cliOptions);\n bind(TsunamiSocketFactoryConfigProperties.class).toInstance(configProperties);\n }\n };\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/server/CompactRunRequestHelperTest.java",
"content": "/*\n * Copyright 2024 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.server;\n\nimport static com.google.common.truth.Truth.assertThat;\n\nimport com.google.common.collect.ImmutableList;\nimport com.google.tsunami.proto.Hostname;\nimport com.google.tsunami.proto.MatchedPlugin;\nimport com.google.tsunami.proto.NetworkEndpoint;\nimport com.google.tsunami.proto.NetworkService;\nimport com.google.tsunami.proto.PluginDefinition;\nimport com.google.tsunami.proto.PluginInfo;\nimport com.google.tsunami.proto.RunCompactRequest;\nimport com.google.tsunami.proto.RunCompactRequest.PluginNetworkServiceTarget;\nimport com.google.tsunami.proto.RunRequest;\nimport com.google.tsunami.proto.TargetInfo;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n@RunWith(JUnit4.class)\npublic final class CompactRunRequestHelperTest {\n\n @Test\n public void compressingRunRequest_isMoreCompact() {\n NetworkService service1 = NetworkService.newBuilder().setServiceName(\"service1\").build();\n NetworkService service2 = NetworkService.newBuilder().setServiceName(\"service2\").build();\n PluginDefinition plugin1 =\n PluginDefinition.newBuilder()\n .setInfo(PluginInfo.newBuilder().setName(\"plugin1\").build())\n .build();\n PluginDefinition plugin2 =\n PluginDefinition.newBuilder()\n .setInfo(PluginInfo.newBuilder().setName(\"plugin2\").build())\n .build();\n PluginDefinition plugin3 =\n PluginDefinition.newBuilder()\n .setInfo(PluginInfo.newBuilder().setName(\"plugin3\").build())\n .build();\n MatchedPlugin matchedPlugin1 =\n MatchedPlugin.newBuilder().addServices(service1).setPlugin(plugin1).build();\n MatchedPlugin matchedPlugin2 =\n MatchedPlugin.newBuilder().addServices(service2).setPlugin(plugin2).build();\n MatchedPlugin matchedPlugin3 =\n MatchedPlugin.newBuilder().addServices(service1).setPlugin(plugin3).build();\n ImmutableList expectedMatchedPlugins =\n ImmutableList.of(matchedPlugin1, matchedPlugin2, matchedPlugin3);\n TargetInfo expectedTargetInfo =\n TargetInfo.newBuilder()\n .addNetworkEndpoints(\n NetworkEndpoint.newBuilder()\n .setHostname(Hostname.newBuilder().setName(\"example.com\").build())\n .build())\n .build();\n RunRequest expectedUncompressedRunRequest =\n RunRequest.newBuilder()\n .setTarget(expectedTargetInfo)\n .addAllPlugins(expectedMatchedPlugins)\n .build();\n var actualCompressedRunRequest =\n CompactRunRequestHelper.compress(expectedUncompressedRunRequest);\n\n var expectedCompressedRunRequest =\n RunCompactRequest.newBuilder()\n .setTarget(expectedTargetInfo)\n .addServices(service1)\n .addServices(service2)\n .addPlugins(plugin1)\n .addPlugins(plugin2)\n .addPlugins(plugin3)\n .addScanTargets(\n PluginNetworkServiceTarget.newBuilder()\n .setPluginIndex(0)\n .setServiceIndex(0)\n .build())\n .addScanTargets(\n PluginNetworkServiceTarget.newBuilder()\n .setPluginIndex(1)\n .setServiceIndex(1)\n .build())\n .addScanTargets(\n PluginNetworkServiceTarget.newBuilder()\n .setPluginIndex(2)\n .setServiceIndex(0)\n .build())\n .build();\n assertThat(actualCompressedRunRequest).isEqualTo(expectedCompressedRunRequest);\n\n // And now uncompressing it again:\n var actualUncompressedRunRequest =\n CompactRunRequestHelper.uncompress(actualCompressedRunRequest);\n\n // It should match the original setup\n assertThat(actualUncompressedRunRequest).isEqualTo(expectedUncompressedRunRequest);\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/time/SystemUtcClockModuleTest.java",
"content": "/*\n * Copyright 2019 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.time;\n\nimport static com.google.common.truth.Truth.assertThat;\n\nimport com.google.inject.Guice;\nimport com.google.inject.Key;\nimport java.time.Clock;\nimport java.time.ZoneOffset;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link SystemUtcClockModule}. */\n@RunWith(JUnit4.class)\npublic class SystemUtcClockModuleTest {\n\n @Test\n public void configure_always_bindsClockToSystemUtc() {\n Clock clock =\n Guice.createInjector(new SystemUtcClockModule())\n .getInstance(Key.get(Clock.class, UtcClock.class));\n\n assertThat(clock).isNotNull();\n assertThat(clock.getZone()).isEqualTo(ZoneOffset.UTC);\n // A hacky way of testing the instance is a SystemClock.\n assertThat(clock.toString()).contains(\"SystemClock\");\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/time/testing/FakeUtcClockModuleTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.time.testing;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static org.junit.Assert.assertThrows;\n\nimport com.google.inject.Guice;\nimport com.google.inject.Injector;\nimport com.google.inject.Key;\nimport com.google.tsunami.common.time.UtcClock;\nimport java.time.Clock;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link FakeUtcClockModule}. */\n@RunWith(JUnit4.class)\npublic class FakeUtcClockModuleTest {\n\n @Test\n public void constructor_withNullFakeClock_throwsNullPointerException() {\n assertThrows(NullPointerException.class, () -> new FakeUtcClockModule(null));\n }\n\n @Test\n public void configure_always_bindsToSameInstance() {\n FakeUtcClock fakeUtcClock = FakeUtcClock.create();\n\n Injector injector = Guice.createInjector(new FakeUtcClockModule(fakeUtcClock));\n\n assertThat(injector.getInstance(Key.get(Clock.class, UtcClock.class)))\n .isSameInstanceAs(fakeUtcClock);\n assertThat(injector.getInstance(Key.get(Clock.class, UtcClock.class)))\n .isSameInstanceAs(fakeUtcClock);\n assertThat(injector.getInstance(Key.get(FakeUtcClock.class, UtcClock.class)))\n .isSameInstanceAs(fakeUtcClock);\n assertThat(injector.getInstance(Key.get(FakeUtcClock.class, UtcClock.class)))\n .isSameInstanceAs(fakeUtcClock);\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/time/testing/FakeUtcClockTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.time.testing;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static org.junit.Assert.assertThrows;\n\nimport java.time.Duration;\nimport java.time.Instant;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link FakeUtcClock}. */\n@RunWith(JUnit4.class)\npublic class FakeUtcClockTest {\n private static final Instant TEST_INSTANT = Instant.ofEpochMilli(1927081738591L);\n private static final Duration TEST_DURATION = Duration.ofSeconds(20);\n\n @Test\n public void setNow_always_setsClockToGivenInstant() {\n assertThat(FakeUtcClock.create().setNow(TEST_INSTANT).instant()).isEqualTo(TEST_INSTANT);\n }\n\n @Test\n public void setNow_whenCallWithNull_throwsNullPointerException() {\n assertThrows(NullPointerException.class, () -> FakeUtcClock.create().setNow(null));\n }\n\n @Test\n public void advance_always_advancesGivenDuration() {\n FakeUtcClock fakeUtcClock = FakeUtcClock.create().setNow(TEST_INSTANT);\n\n FakeUtcClock advancedClock = fakeUtcClock.advance(TEST_DURATION);\n\n assertThat(advancedClock.instant()).isEqualTo(TEST_INSTANT.plus(TEST_DURATION));\n }\n\n @Test\n public void advance_whenCalledWithNull_throwsNullPointerException() {\n assertThrows(NullPointerException.class, () -> FakeUtcClock.create().advance(null));\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/version/ComparisonUtilityTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.version;\n\nimport static com.google.common.truth.Truth.assertThat;\n\nimport com.google.common.collect.Lists;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link ComparisonUtility}. */\n@RunWith(JUnit4.class)\npublic final class ComparisonUtilityTest {\n\n @Test\n public void compareWithFillValue_bothEmptyListWithFillValueEqualToZero_returnsZero() {\n assertThat(\n ComparisonUtility.compareListWithFillValue(\n Lists.newArrayList(), Lists.newArrayList(), 0))\n .isEqualTo(0);\n }\n\n @Test\n public void compareWithFillValue_bothEmptyListWithPositiveFillValue_returnsZero() {\n assertThat(\n ComparisonUtility.compareListWithFillValue(\n Lists.newArrayList(), Lists.newArrayList(), 1))\n .isEqualTo(0);\n }\n\n @Test\n public void compareWithFillValue_bothEmptyListWithNegativeFilValue_returnsZero() {\n assertThat(\n ComparisonUtility.compareListWithFillValue(\n Lists.newArrayList(), Lists.newArrayList(), -1))\n .isEqualTo(0);\n }\n\n @Test\n public void compareWithFillValue_oneEmptyListAndSmallFillValue_returnsNegative() {\n assertThat(\n ComparisonUtility.compareListWithFillValue(\n Lists.newArrayList(), Lists.newArrayList(1, 2, 3), 0))\n .isLessThan(0);\n }\n\n @Test\n public void compareWithFillValue_oneEmptyListAndLargeFillValue_returnsPositive() {\n assertThat(\n ComparisonUtility.compareListWithFillValue(\n Lists.newArrayList(), Lists.newArrayList(1, 2, 3), 100))\n .isGreaterThan(0);\n }\n\n @Test\n public void compareWithFillValue_nonEmptyListSameSizeGreaterValue_returnsPositive() {\n assertThat(\n ComparisonUtility.compareListWithFillValue(\n Lists.newArrayList(1, 3, 4), Lists.newArrayList(1, 2, 3), 100))\n .isGreaterThan(0);\n }\n\n @Test\n public void compareWithFillValue_nonEmptyListSameSizeEqualValue_returnsZero() {\n assertThat(\n ComparisonUtility.compareListWithFillValue(\n Lists.newArrayList(1, 2, 3), Lists.newArrayList(1, 2, 3), 100))\n .isEqualTo(0);\n }\n\n @Test\n public void compareWithFillValue_nonEmptyListSameSizeLessThanValue_returnsNegative() {\n assertThat(\n ComparisonUtility.compareListWithFillValue(\n Lists.newArrayList(1, 1, 3), Lists.newArrayList(1, 2, 3), 100))\n .isLessThan(0);\n }\n\n @Test\n public void compareWithFillValue_nonEmptyListVariedSizeWithPositiveFillValue_returnsNegative() {\n assertThat(\n ComparisonUtility.compareListWithFillValue(\n Lists.newArrayList(1, 1), Lists.newArrayList(1, 2, 3), 100))\n .isLessThan(0);\n }\n\n @Test\n public void compareWithFillValue_nonEmptyListVariedSizeWithZeroFillValue_returnsPositive() {\n assertThat(\n ComparisonUtility.compareListWithFillValue(\n Lists.newArrayList(1, 3), Lists.newArrayList(1, 2, 3), 0))\n .isGreaterThan(0);\n }\n\n @Test\n public void compareWithFillValue_nonEmptyListVariedSizeWithZeroFillValue_returnsNegative() {\n assertThat(\n ComparisonUtility.compareListWithFillValue(\n Lists.newArrayList(1, 2), Lists.newArrayList(1, 2, 3), 0))\n .isLessThan(0);\n }\n\n @Test\n public void compareWithFillValue_nonEmptyListVariedSizeWithPositiveFillValue_returnsPositive() {\n assertThat(\n ComparisonUtility.compareListWithFillValue(\n Lists.newArrayList(1, 2), Lists.newArrayList(1, 2, 3), 100))\n .isGreaterThan(0);\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/version/EqualsTestCase.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.version;\n\nimport com.google.auto.value.AutoValue;\nimport com.google.errorprone.annotations.Immutable;\n\n@Immutable(containerOf = \"T\")\n@AutoValue\nabstract class EqualsTestCase {\n abstract T first();\n abstract T second();\n\n static EqualsTestCase create(T first, T second) {\n return new AutoValue_EqualsTestCase<>(first, second);\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/version/KnownQualifierTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.version;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static org.junit.Assert.assertThrows;\n\nimport com.google.common.collect.ImmutableList;\nimport java.util.Arrays;\nimport java.util.EnumSet;\nimport org.junit.Test;\nimport org.junit.experimental.theories.DataPoints;\nimport org.junit.experimental.theories.FromDataPoints;\nimport org.junit.experimental.theories.Theories;\nimport org.junit.experimental.theories.Theory;\nimport org.junit.runner.RunWith;\n\n/** Tests for {@link KnownQualifier}. */\n@RunWith(Theories.class)\npublic final class KnownQualifierTest {\n\n @DataPoints(\"ValidKnownQualifierText\")\n public static ImmutableList validTextsForKnownQualifiers() {\n return Arrays.stream(KnownQualifier.values())\n .map(KnownQualifier::getQualifierText)\n .collect(ImmutableList.toImmutableList());\n }\n\n @Test\n public void compareTo_always_hasTheCorrectOrder() {\n // KnownQualifier should promise the following order to callers.\n assertThat(EnumSet.allOf(KnownQualifier.class))\n .containsExactly(\n KnownQualifier.ALPHA,\n KnownQualifier.BETA,\n KnownQualifier.PRE,\n KnownQualifier.R,\n KnownQualifier.RC,\n KnownQualifier.ABSENT,\n KnownQualifier.P,\n KnownQualifier.PATCH,\n KnownQualifier.PATCHED)\n .inOrder();\n }\n\n @Theory\n public void isKnownQualifier_validText_returnsTrue(\n @FromDataPoints(\"ValidKnownQualifierText\") String validText) {\n assertThat(KnownQualifier.isKnownQualifier(validText)).isTrue();\n }\n\n @Theory\n public void isKnownQualifier_invalidText_returnsFalse() {\n assertThat(KnownQualifier.isKnownQualifier(\"random\")).isFalse();\n }\n\n @Theory\n public void fromText_validText_returnsKnownQualifier(\n @FromDataPoints(\"ValidKnownQualifierText\") String validText) {\n assertThat(KnownQualifier.fromText(validText)).isIn(EnumSet.allOf(KnownQualifier.class));\n }\n\n @Test\n public void fromText_invalidText_throwsIllegalArgumentException() {\n assertThrows(IllegalArgumentException.class, () -> KnownQualifier.fromText(\"random\"));\n }\n\n @Test\n public void fromText_invalidTextUsingComposedValidTokens_throwsIllegalArgumentException() {\n assertThrows(IllegalArgumentException.class, () -> KnownQualifier.fromText(\"alpha-beta\"));\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/version/LessThanTestCase.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.version;\n\nimport com.google.auto.value.AutoValue;\nimport com.google.errorprone.annotations.Immutable;\n\n@Immutable(containerOf = \"T\")\n@AutoValue\nabstract class LessThanTestCase {\n abstract T smaller();\n abstract T larger();\n\n static LessThanTestCase create(T smaller, T larger) {\n return new AutoValue_LessThanTestCase<>(smaller, larger);\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/version/SegmentTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.version;\n\nimport static com.google.common.truth.Truth.assertThat;\n\nimport com.google.common.collect.ImmutableList;\nimport java.util.stream.Collectors;\nimport java.util.stream.Stream;\nimport org.junit.Test;\nimport org.junit.experimental.theories.DataPoints;\nimport org.junit.experimental.theories.FromDataPoints;\nimport org.junit.experimental.theories.Theories;\nimport org.junit.experimental.theories.Theory;\nimport org.junit.runner.RunWith;\n\n/** Tests for {@link Segment}. */\n@RunWith(Theories.class)\npublic final class SegmentTest {\n\n @Test\n public void fromTokenList_startsWithKnownQualifier_buildsFromInput() {\n ImmutableList tokens =\n ImmutableList.of(Token.fromKnownQualifier(KnownQualifier.ALPHA), Token.fromNumeric(1L));\n Segment segment = Segment.fromTokenList(tokens);\n\n assertThat(segment.tokens()).containsExactlyElementsIn(tokens);\n }\n\n @Test\n public void fromTokenList_noKnownQualifier_addsKnownQualifier() {\n ImmutableList tokens = ImmutableList.of(Token.fromText(\"abc\"), Token.fromNumeric(1L));\n Segment segment = Segment.fromTokenList(tokens);\n\n assertThat(segment.tokens())\n .containsExactlyElementsIn(\n Stream.concat(\n Stream.of(Token.fromKnownQualifier(KnownQualifier.ABSENT)), tokens.stream())\n .collect(Collectors.toList()));\n }\n\n @Test\n public void fromString_emptyString_returnsNullSegment() {\n assertThat(Segment.fromString(\"\")).isEqualTo(Segment.NULL);\n }\n\n @Test\n public void fromString_allExcludedTokens_returnsNullSegment() {\n assertThat(Segment.fromString(\"gg.N/A\")).isEqualTo(Segment.NULL);\n }\n\n @Test\n public void fromString_allEmptyTokens_returnsNullSegment() {\n assertThat(Segment.fromString(\"...\")).isEqualTo(Segment.NULL);\n }\n\n @Test\n public void fromString_textAndNumeric_returnsSeparatedTextAndNumber() {\n assertThat(Segment.fromString(\"abc1.0\").tokens())\n .containsExactly(\n Token.fromKnownQualifier(KnownQualifier.ABSENT),\n Token.fromText(\"abc\"),\n Token.fromNumeric(1L),\n Token.fromNumeric(0L));\n\n assertThat(Segment.fromString(\"gg1.0\").tokens())\n .containsExactly(\n Token.fromKnownQualifier(KnownQualifier.ABSENT),\n Token.fromNumeric(1L),\n Token.fromNumeric(0L));\n }\n\n @Test\n public void fromString_noKnownQualifier_addsKnownQualifier() {\n assertThat(Segment.fromString(\"2.1.1\").tokens())\n .containsExactly(\n Token.fromKnownQualifier(KnownQualifier.ABSENT),\n Token.fromNumeric(2L),\n Token.fromNumeric(1L),\n Token.fromNumeric(1L));\n }\n\n @Test\n public void fromString_startsWithKnownQualifier_parsesNumericAndTextTokens() {\n assertThat(Segment.fromString(\"alpha.1~text\").tokens())\n .containsExactly(\n Token.fromKnownQualifier(KnownQualifier.ALPHA),\n Token.fromNumeric(1L),\n Token.fromText(\"~\"),\n Token.fromText(\"text\"));\n }\n\n @DataPoints(\"Equals\")\n public static ImmutableList> equalTestCases() {\n return ImmutableList.of(\n EqualsTestCase.create(Segment.fromString(\"\"), Segment.fromString(\"\")),\n EqualsTestCase.create(Segment.fromString(\"\"), Segment.fromString(\"gg.N/A\")),\n EqualsTestCase.create(Segment.fromString(\"1.1\"), Segment.fromString(\"1.1\")),\n EqualsTestCase.create(Segment.fromString(\"1.1-\"), Segment.fromString(\"1.1-gg\")));\n }\n\n @Theory\n public void compareTo_equalTestCase_returnsZero(\n @FromDataPoints(\"Equals\") EqualsTestCase testCase) {\n assertThat(testCase.first()).isEquivalentAccordingToCompareTo(testCase.second());\n }\n\n @DataPoints(\"LessThan\")\n public static ImmutableList> lessThanTestCases() {\n return ImmutableList.of(\n // Null token.\n LessThanTestCase.create(Segment.fromString(\"2.1\"), Segment.fromString(\"2.1.1\")),\n LessThanTestCase.create(Segment.fromString(\"alpha\"), Segment.fromString(\"\")),\n\n // Numeric token.\n LessThanTestCase.create(Segment.fromString(\"2.1\"), Segment.fromString(\"2.2\")),\n LessThanTestCase.create(Segment.fromString(\"0.9\"), Segment.fromString(\"1.0\")),\n\n // Known qualifiers.\n LessThanTestCase.create(Segment.fromString(\"alpha\"), Segment.fromString(\"beta\")),\n LessThanTestCase.create(Segment.fromString(\"alpha.beta\"), Segment.fromString(\"alpha\")),\n LessThanTestCase.create(Segment.fromString(\"alpha.beta\"), Segment.fromString(\"alpha.rc\")),\n\n // Text token.\n LessThanTestCase.create(Segment.fromString(\"abc\"), Segment.fromString(\"def\")),\n LessThanTestCase.create(Segment.fromString(\"abc.def\"), Segment.fromString(\"abc.ghi\")),\n LessThanTestCase.create(Segment.fromString(\"abc\"), Segment.fromString(\"DEF\")),\n\n // Mixed type.\n LessThanTestCase.create(Segment.fromString(\"2.1.1\"), Segment.fromString(\"2.1.abc\")));\n }\n\n @Theory\n public void compareTo_lessThanTestCase_hasCorrectSymmetryResult(\n @FromDataPoints(\"LessThan\") LessThanTestCase testCase) {\n assertThat(testCase.smaller()).isLessThan(testCase.larger());\n assertThat(testCase.larger()).isGreaterThan(testCase.smaller());\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/version/TokenTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.version;\n\nimport static com.google.common.truth.Truth.assertThat;\n\nimport com.google.common.collect.ImmutableList;\nimport org.junit.Test;\nimport org.junit.experimental.theories.DataPoints;\nimport org.junit.experimental.theories.FromDataPoints;\nimport org.junit.experimental.theories.Theories;\nimport org.junit.experimental.theories.Theory;\nimport org.junit.runner.RunWith;\n\n/** Tests for {@link Token}. */\n@RunWith(Theories.class)\npublic final class TokenTest {\n\n @Test\n public void fromNumeric_always_returnsNumericToken() {\n Token numericToken = Token.fromNumeric(123L);\n assertThat(numericToken.isNumeric()).isTrue();\n assertThat(numericToken.getNumeric()).isEqualTo(123L);\n }\n\n @Test\n public void fromText_always_returnsTextToken() {\n Token textToken = Token.fromText(\"abc\");\n assertThat(textToken.isText()).isTrue();\n assertThat(textToken.isKnownQualifier()).isFalse();\n assertThat(textToken.getText()).isEqualTo(\"abc\");\n }\n\n @Test\n public void fromKnownQualifier_always_returnsTextToken() {\n Token textToken = Token.fromKnownQualifier(KnownQualifier.ALPHA);\n assertThat(textToken.isText()).isTrue();\n assertThat(textToken.isKnownQualifier()).isTrue();\n assertThat(textToken.getText()).isEqualTo(KnownQualifier.ALPHA.getQualifierText());\n }\n\n @DataPoints(\"Equal\")\n public static ImmutableList> equalTestCases() {\n return ImmutableList.of(\n EqualsTestCase.create(Token.EMPTY, Token.fromKnownQualifier(KnownQualifier.ABSENT)),\n EqualsTestCase.create(Token.EMPTY, Token.fromText(\"\")),\n EqualsTestCase.create(Token.fromNumeric(1L), Token.fromNumeric(1L)),\n EqualsTestCase.create(\n Token.fromKnownQualifier(KnownQualifier.P), Token.fromKnownQualifier(KnownQualifier.P)),\n EqualsTestCase.create(Token.fromKnownQualifier(KnownQualifier.P), Token.fromText(\"p\")),\n EqualsTestCase.create(Token.fromKnownQualifier(KnownQualifier.P), Token.fromText(\"P\")),\n EqualsTestCase.create(Token.fromText(\"abc\"), Token.fromText(\"ABC\")));\n }\n\n @Theory\n public void isEqualTo_equalTestCase_returnsZero(\n @FromDataPoints(\"Equal\") EqualsTestCase testCase) {\n assertThat(testCase.first()).isEquivalentAccordingToCompareTo(testCase.second());\n }\n\n @DataPoints(\"LessThan\")\n public static ImmutableList> lessThanTestCases() {\n return ImmutableList.of(\n // Empty token and Numeric token test cases.\n LessThanTestCase.create(Token.EMPTY, Token.fromNumeric(1L)),\n LessThanTestCase.create(Token.EMPTY, Token.fromNumeric(0L)),\n\n // Empty token and KnownQualifier test cases.\n LessThanTestCase.create(Token.fromKnownQualifier(KnownQualifier.ALPHA), Token.EMPTY),\n LessThanTestCase.create(Token.fromKnownQualifier(KnownQualifier.RC), Token.EMPTY),\n LessThanTestCase.create(Token.EMPTY, Token.fromKnownQualifier(KnownQualifier.P)),\n LessThanTestCase.create(Token.EMPTY, Token.fromKnownQualifier(KnownQualifier.PATCH)),\n\n // Empty token and Text token test case.\n LessThanTestCase.create(Token.EMPTY, Token.fromText(\"abc\")),\n LessThanTestCase.create(Token.EMPTY, Token.fromText(\"123\")),\n\n // Numeric token only test case.\n LessThanTestCase.create(Token.fromNumeric(0L), Token.fromNumeric(1L)),\n\n // KnownQualifier only test case.\n LessThanTestCase.create(\n Token.fromKnownQualifier(KnownQualifier.ALPHA),\n Token.fromKnownQualifier(KnownQualifier.ABSENT)),\n LessThanTestCase.create(\n Token.fromKnownQualifier(KnownQualifier.ABSENT),\n Token.fromKnownQualifier(KnownQualifier.PATCH)),\n\n // Text only test case.\n LessThanTestCase.create(Token.fromText(\"abc\"), Token.fromText(\"def\")),\n LessThanTestCase.create(Token.fromText(\"abc\"), Token.fromText(\"dEf\")),\n LessThanTestCase.create(\n Token.fromText(\"abc\"), Token.fromKnownQualifier(KnownQualifier.ALPHA)),\n\n // Numeric and Text test case\n LessThanTestCase.create(Token.fromNumeric(1L), Token.fromText(\"abc\")),\n LessThanTestCase.create(\n Token.fromNumeric(1L), Token.fromKnownQualifier(KnownQualifier.ALPHA)));\n }\n\n @Theory\n public void compareTo_lessThanTestCase_hasCorrectSymmetryResult(\n @FromDataPoints(\"LessThan\") LessThanTestCase testCase) {\n // Test symmetry.\n assertThat(testCase.smaller()).isLessThan(testCase.larger());\n assertThat(testCase.larger()).isGreaterThan(testCase.smaller());\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/version/VersionRangeTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.version;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static org.junit.Assert.assertThrows;\n\nimport com.google.tsunami.common.version.VersionRange.Inclusiveness;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link VersionRange}. */\n@RunWith(JUnit4.class)\npublic class VersionRangeTest {\n\n @Test\n public void parse_withNegativeInfinityRange_returnsCorrectVersionRange() {\n VersionRange versionRange = VersionRange.parse(\"(,1.0]\");\n\n assertThat(versionRange)\n .isEqualTo(\n VersionRange.builder()\n .setMinVersion(Version.minimum())\n .setMinVersionInclusiveness(Inclusiveness.EXCLUSIVE)\n .setMaxVersion(Version.fromString(\"1.0\"))\n .setMaxVersionInclusiveness(Inclusiveness.INCLUSIVE)\n .build());\n }\n\n @Test\n public void parse_withPositiveInfinityRange_returnsCorrectVersionRange() {\n VersionRange versionRange = VersionRange.parse(\"(1.0,)\");\n\n assertThat(versionRange)\n .isEqualTo(\n VersionRange.builder()\n .setMinVersion(Version.fromString(\"1.0\"))\n .setMinVersionInclusiveness(Inclusiveness.EXCLUSIVE)\n .setMaxVersion(Version.maximum())\n .setMaxVersionInclusiveness(Inclusiveness.EXCLUSIVE)\n .build());\n }\n\n @Test\n public void parse_withRegularRange_returnsCorrectVersionRange() {\n VersionRange versionRange = VersionRange.parse(\"(1.0,2.0]\");\n\n assertThat(versionRange)\n .isEqualTo(\n VersionRange.builder()\n .setMinVersion(Version.fromString(\"1.0\"))\n .setMinVersionInclusiveness(Inclusiveness.EXCLUSIVE)\n .setMaxVersion(Version.fromString(\"2.0\"))\n .setMaxVersionInclusiveness(Inclusiveness.INCLUSIVE)\n .build());\n }\n\n @Test\n public void parse_withEmptyRangeString_throwsIllegalArgumentException() {\n IllegalArgumentException exception =\n assertThrows(IllegalArgumentException.class, () -> VersionRange.parse(\"\"));\n assertThat(exception).hasMessageThat().isEqualTo(\"Range string cannot be empty.\");\n }\n\n @Test\n public void parse_withRangeNotStartingWithParenthesis_throwsIllegalArgumentException() {\n IllegalArgumentException exception =\n assertThrows(IllegalArgumentException.class, () -> VersionRange.parse(\",1.0]\"));\n assertThat(exception)\n .hasMessageThat()\n .isEqualTo(\"Version range must start with '[' or '(', got ',1.0]'\");\n }\n\n @Test\n public void parse_withRangeNotEndingWithParenthesis_throwsIllegalArgumentException() {\n IllegalArgumentException exception =\n assertThrows(IllegalArgumentException.class, () -> VersionRange.parse(\"(,1.0\"));\n assertThat(exception)\n .hasMessageThat()\n .isEqualTo(\"Version range must end with ']' or ')', got '(,1.0'\");\n }\n\n @Test\n public void parse_withTooManyParenthesis_throwsIllegalArgumentException() {\n IllegalArgumentException exception =\n assertThrows(IllegalArgumentException.class, () -> VersionRange.parse(\"(,1.0]]\"));\n assertThat(exception)\n .hasMessageThat()\n .isEqualTo(\"Parenthesis and/or brackets not allowed within version range, got '(,1.0]]'\");\n }\n\n @Test\n public void parse_withTooManyCommas_throwsIllegalArgumentException() {\n IllegalArgumentException exception =\n assertThrows(IllegalArgumentException.class, () -> VersionRange.parse(\"(,,,1.0]\"));\n assertThat(exception).hasMessageThat().isEqualTo(\"Invalid range of versions, got '(,,,1.0]'\");\n }\n\n @Test\n public void parse_withoutComma_throwsIllegalArgumentException() {\n IllegalArgumentException exception =\n assertThrows(IllegalArgumentException.class, () -> VersionRange.parse(\"[1.0]\"));\n assertThat(exception).hasMessageThat().isEqualTo(\"Invalid range of versions, got '[1.0]'\");\n }\n\n @Test\n public void parse_withMinimalToMaximalRange_throwsIllegalArgumentException() {\n IllegalArgumentException exception =\n assertThrows(IllegalArgumentException.class, () -> VersionRange.parse(\"(,)\"));\n assertThat(exception).hasMessageThat().isEqualTo(\"Infinity range is not supported, got '(,)'\");\n }\n\n @Test\n public void parse_withTheSameRangeEnds_throwsIllegalArgumentException() {\n IllegalArgumentException exception =\n assertThrows(IllegalArgumentException.class, () -> VersionRange.parse(\"[1.0,1.0]\"));\n assertThat(exception)\n .hasMessageThat()\n .isEqualTo(\"Min version in range must be less than max version in range, got '[1.0,1.0]'\");\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/version/VersionSetTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.version;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static org.junit.Assert.assertThrows;\n\nimport com.google.common.collect.ImmutableList;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link VersionSet}. */\n@RunWith(JUnit4.class)\npublic class VersionSetTest {\n\n @Test\n public void parse_withValidVersionsAndVersionRanges_returnsParsedVersionSet() {\n VersionSet versionSet =\n VersionSet.parse(ImmutableList.of(\"1.0\", \"1.3\", \"(1.4, 1.7]\", \"1.9\", \"[2.0,)\"));\n\n assertThat(versionSet.versions())\n .containsExactly(\n Version.fromString(\"1.0\"), Version.fromString(\"1.3\"), Version.fromString(\"1.9\"));\n assertThat(versionSet.versionRanges())\n .containsExactly(VersionRange.parse(\"(1.4,1.7]\"), VersionRange.parse(\"[2.0,)\"));\n }\n\n @Test\n public void parse_withEmptyInputList_throwsIllegalArgumentException() {\n IllegalArgumentException exception =\n assertThrows(IllegalArgumentException.class, () -> VersionSet.parse(ImmutableList.of()));\n assertThat(exception).hasMessageThat().isEqualTo(\"Versions and ranges list cannot be empty.\");\n }\n\n @Test\n public void parse_withInvalidVersion_throwsIllegalArgumentException() {\n IllegalArgumentException exception =\n assertThrows(\n IllegalArgumentException.class, () -> VersionSet.parse(ImmutableList.of(\"1,0\", \"abc\")));\n assertThat(exception)\n .hasMessageThat()\n .isEqualTo(\"String '1,0' is neither a discrete string nor a version range.\");\n }\n}\n"
},
{
"path": "common/src/test/java/com/google/tsunami/common/version/VersionTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.common.version;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static org.junit.Assert.assertThrows;\n\nimport com.google.common.collect.ImmutableList;\nimport org.junit.Test;\nimport org.junit.experimental.theories.DataPoints;\nimport org.junit.experimental.theories.FromDataPoints;\nimport org.junit.experimental.theories.Theories;\nimport org.junit.experimental.theories.Theory;\nimport org.junit.runner.RunWith;\n\n/** Tests for {@link Version}. */\n@RunWith(Theories.class)\npublic final class VersionTest {\n\n @Test\n public void create_whenNormalVersionAndValueIsNull_throwsException() {\n assertThrows(IllegalArgumentException.class, () -> Version.fromString(null));\n }\n\n @Test\n public void create_whnNormalVersionAndValueIsEmpty_throwsExceptionIfStringIsNull() {\n assertThrows(IllegalArgumentException.class, () -> Version.fromString(\"\"));\n }\n\n @Test\n public void create_whenNormalVersion_returnsTypeNormal() {\n Version version = Version.fromString(\"1.1\");\n\n assertThat(version.versionType()).isEqualTo(Version.Type.NORMAL);\n }\n\n @Test\n public void createMaximum_always_returnsTypeMaximum() {\n Version version = Version.maximum();\n\n assertThat(version.versionType()).isEqualTo(Version.Type.MAXIMUM);\n }\n\n @Test\n public void createMaximum_always_returnsTypeMinimum() {\n Version version = Version.minimum();\n\n assertThat(version.versionType()).isEqualTo(Version.Type.MINIMUM);\n }\n\n @DataPoints(\"InvalidVersion\")\n public static ImmutableList invalidVersionTestCases() {\n return ImmutableList.of(\"\", \"N/A\", \"...\", \"-\");\n }\n\n @Theory\n public void fromString_invalidVersionString_throwsIllegalArgumentException(\n @FromDataPoints(\"InvalidVersion\") String version) {\n assertThrows(IllegalArgumentException.class, () -> Version.fromString(version));\n }\n\n @Test\n public void fromString_validString_storesInputAsRawString() {\n assertThat(Version.fromString(\"1.0\").versionString()).isEqualTo(\"1.0\");\n }\n\n @Test\n public void fromString_noEpoch_appendsZeroEpoch() {\n assertThat(Version.fromString(\"1.0\").segments())\n .containsExactly(Segment.fromString(\"0\"), Segment.fromString(\"1.0\"));\n }\n\n @Test\n public void fromString_withEpoch_epochIsParsed() {\n assertThat(Version.fromString(\"1:1.0\").segments())\n .containsExactly(Segment.fromString(\"1\"), Segment.fromString(\"1.0\"));\n }\n\n @Test\n public void fromString_withMultipleSegments_segmentsParsedCorrectly() {\n assertThat(Version.fromString(\"1:9.7.0.dfsg.P1-gg3.0\").segments())\n .containsExactly(\n Segment.fromString(\"1\"),\n Segment.fromString(\"9.7.0.dfsg.P1\"),\n Segment.fromString(\"3.0\"));\n }\n\n @DataPoints(\"Equals\")\n public static ImmutableList> equalsTestCases() {\n return ImmutableList.of(\n EqualsTestCase.create(Version.fromString(\"1.0\"), Version.fromString(\"1.0\")),\n EqualsTestCase.create(Version.fromString(\"1.0\"), Version.fromString(\"0:1.0\")),\n EqualsTestCase.create(Version.fromString(\"1.0-\"), Version.fromString(\"1.0-gg\")),\n EqualsTestCase.create(Version.maximum(), Version.maximum()),\n EqualsTestCase.create(Version.minimum(), Version.minimum()));\n }\n\n @Theory\n public void compareTo_equalsTestCase_returnsZero(\n @FromDataPoints(\"Equals\") EqualsTestCase testCase) {\n assertThat(testCase.first()).isEquivalentAccordingToCompareTo(testCase.second());\n }\n\n @DataPoints(\"LessThan\")\n public static ImmutableList> lessThanTestCases() {\n return ImmutableList.of(\n LessThanTestCase.create(Version.minimum(), Version.fromString(\"1.0\")),\n LessThanTestCase.create(Version.minimum(), Version.maximum()),\n LessThanTestCase.create(Version.fromString(\"1.0\"), Version.maximum()),\n LessThanTestCase.create(Version.fromString(\"0.9\"), Version.fromString(\"1.0\")),\n LessThanTestCase.create(Version.fromString(\"1.0-0\"), Version.fromString(\"1.0-110313082\")),\n LessThanTestCase.create(\n Version.fromString(\"0.161-gg2.0\"), Version.fromString(\"0.165-gg1.0\")),\n LessThanTestCase.create(Version.fromString(\"0.87-gg1.2\"), Version.fromString(\"0.87-gg1.3\")),\n LessThanTestCase.create(\n Version.fromString(\"2017b-gg1.0\"), Version.fromString(\"2018b-gg0.\")),\n LessThanTestCase.create(Version.fromString(\"18-4\"), Version.fromString(\"19-1\")),\n LessThanTestCase.create(\n Version.fromString(\"1:9.7.0.dfsg.P1-gg3.0\"),\n Version.fromString(\"1:9.8.0.dfsg.P0-gg1.0\")),\n LessThanTestCase.create(Version.fromString(\"5.7-gg2.0\"), Version.fromString(\"5.8-gg1.0\")),\n LessThanTestCase.create(\n Version.fromString(\"2.4.6-12\"), Version.fromString(\"2.4.6-12+patched1\")),\n LessThanTestCase.create(Version.fromString(\"20170727-1\"), Version.fromString(\"20170801-1\")),\n LessThanTestCase.create(\n Version.fromString(\"3.12-443-ga51ea6dc8202-gg2.2\"),\n Version.fromString(\"3.13-440-ga51eadfe472-gg1.0\")),\n LessThanTestCase.create(Version.fromString(\"1.0a\"), Version.fromString(\"1.0b\")),\n LessThanTestCase.create(Version.fromString(\"1a\"), Version.fromString(\"2\")),\n LessThanTestCase.create(\n Version.fromString(\"4d01146f1679dd90bba45adb60d24ad11fe1155e\"),\n Version.fromString(\"e40b437401966fe06b0c4d5430c35e4494675c90\")),\n LessThanTestCase.create(Version.fromString(\"7.10\"), Version.fromString(\"1_7.9\")),\n LessThanTestCase.create(Version.fromString(\"9.10\"), Version.fromString(\"1_9.11\")),\n LessThanTestCase.create(\n Version.fromString(\"1.0.0-alpha\"), Version.fromString(\"1.0.0-alpha.1\")),\n LessThanTestCase.create(\n Version.fromString(\"1.0.0-alpha.1\"), Version.fromString(\"1.0.0-alpha.beta\")),\n LessThanTestCase.create(\n Version.fromString(\"1.0.0-alpha.beta\"), Version.fromString(\"1.0.0-beta\")),\n LessThanTestCase.create(\n Version.fromString(\"1.0.0-beta\"), Version.fromString(\"1.0.0-beta.2\")),\n LessThanTestCase.create(\n Version.fromString(\"1.0.0-beta.2\"), Version.fromString(\"1.0.0-beta.11\")),\n LessThanTestCase.create(\n Version.fromString(\"1.0.0-beta.11\"), Version.fromString(\"1.0.0-rc.1\")),\n LessThanTestCase.create(Version.fromString(\"1.0.0-rc.1\"), Version.fromString(\"1.0.0\")),\n LessThanTestCase.create(Version.fromString(\"1.0.0-alpha\"), Version.fromString(\"1.0.0\")),\n LessThanTestCase.create(Version.fromString(\"1.0.0-alpha.1\"), Version.fromString(\"1.0.0\")),\n LessThanTestCase.create(\n Version.fromString(\"1.0.0-alpha.beta\"), Version.fromString(\"1.0.0\")),\n LessThanTestCase.create(Version.fromString(\"1.0.0-beta\"), Version.fromString(\"1.0.0\")),\n LessThanTestCase.create(Version.fromString(\"1.0.0-beta.2\"), Version.fromString(\"1.0.0\")),\n LessThanTestCase.create(Version.fromString(\"1.0.0-beta.11\"), Version.fromString(\"1.0.0\")),\n LessThanTestCase.create(Version.fromString(\"7.6-0\"), Version.fromString(\"7.6p2-4\")),\n LessThanTestCase.create(Version.fromString(\"1.0-1\"), Version.fromString(\"1.0.3-3\")),\n LessThanTestCase.create(Version.fromString(\"1.2.2-2\"), Version.fromString(\"1.3\")),\n LessThanTestCase.create(Version.fromString(\"1.2.2\"), Version.fromString(\"1.3\")),\n LessThanTestCase.create(Version.fromString(\"0-pre\"), Version.fromString(\"0-pree\")),\n LessThanTestCase.create(Version.fromString(\"1.1.6r-1\"), Version.fromString(\"1.1.6r2-2\")),\n LessThanTestCase.create(Version.fromString(\"2.6b-2\"), Version.fromString(\"2.6b2-1\")),\n LessThanTestCase.create(\n Version.fromString(\"98.1-pre2-b6-2\"), Version.fromString(\"98.1p5-1\")),\n LessThanTestCase.create(Version.fromString(\"0.4-1\"), Version.fromString(\"0.4a6-2\")),\n LessThanTestCase.create(Version.fromString(\"1:3.0.5-2\"), Version.fromString(\"1:3.0.5.1\")),\n LessThanTestCase.create(Version.fromString(\"10.3\"), Version.fromString(\"1:0.4\")),\n LessThanTestCase.create(Version.fromString(\"1:1.25-4\"), Version.fromString(\"1:1.25-8\")),\n LessThanTestCase.create(Version.fromString(\"1.18.35\"), Version.fromString(\"1.18.36\")),\n LessThanTestCase.create(Version.fromString(\"1.18.35\"), Version.fromString(\"0:1.18.36\")),\n LessThanTestCase.create(\n Version.fromString(\"9:1.18.36:5.4-20\"), Version.fromString(\"10:0.5.1-22\")),\n LessThanTestCase.create(\n Version.fromString(\"9:1.18.36:5.4-20\"), Version.fromString(\"9:1.18.36:5.5-1\")),\n LessThanTestCase.create(\n Version.fromString(\"9:1.18.36:5.4-20\"), Version.fromString(\"9:1.18.37:4.3-22\")),\n LessThanTestCase.create(\n Version.fromString(\"1.18.36-0.17.35-18\"), Version.fromString(\"1.18.36-19\")),\n LessThanTestCase.create(\n Version.fromString(\"1:1.2.13-3\"), Version.fromString(\"1:1.2.13-3.1\")),\n LessThanTestCase.create(Version.fromString(\"2.0.7pre1-4\"), Version.fromString(\"2.0.7r-1\")),\n LessThanTestCase.create(Version.fromString(\"0.2\"), Version.fromString(\"1.0-0\")),\n LessThanTestCase.create(Version.fromString(\"1.0\"), Version.fromString(\"1.0-0+b1\")),\n LessThanTestCase.create(Version.fromString(\"1.2.3\"), Version.fromString(\"1.2.3-1\")),\n LessThanTestCase.create(Version.fromString(\"1.2.3\"), Version.fromString(\"1.2.4\")),\n LessThanTestCase.create(Version.fromString(\"1.2.3\"), Version.fromString(\"1.2.4\")),\n LessThanTestCase.create(Version.fromString(\"1.2.3\"), Version.fromString(\"1.2.24\")),\n LessThanTestCase.create(Version.fromString(\"0.8.7\"), Version.fromString(\"0.10.0\")),\n LessThanTestCase.create(Version.fromString(\"2.3\"), Version.fromString(\"3.2\")),\n LessThanTestCase.create(Version.fromString(\"1.3.2\"), Version.fromString(\"1.3.2a\")),\n LessThanTestCase.create(Version.fromString(\"0.5.0~git\"), Version.fromString(\"0.5.0~git2\")),\n LessThanTestCase.create(Version.fromString(\"2a\"), Version.fromString(\"21\")),\n LessThanTestCase.create(Version.fromString(\"1.3.2a\"), Version.fromString(\"1.3.2b\")),\n LessThanTestCase.create(Version.fromString(\"1.2.4\"), Version.fromString(\"1:1.2.3\")),\n LessThanTestCase.create(Version.fromString(\"1:1.2.3\"), Version.fromString(\"1:1.2.4\")),\n LessThanTestCase.create(Version.fromString(\"1.2a+~bCd3\"), Version.fromString(\"1.2a++\")),\n LessThanTestCase.create(Version.fromString(\"1.2a+~\"), Version.fromString(\"1.2a+~bCd3\")),\n LessThanTestCase.create(Version.fromString(\"304-2\"), Version.fromString(\"5:2\")),\n LessThanTestCase.create(Version.fromString(\"5:2\"), Version.fromString(\"304:2\")),\n LessThanTestCase.create(Version.fromString(\"3:2\"), Version.fromString(\"25:2\")),\n LessThanTestCase.create(Version.fromString(\"1:2:123\"), Version.fromString(\"1:12:3\")),\n LessThanTestCase.create(Version.fromString(\"1.2-3-5\"), Version.fromString(\"1.2-5\")),\n LessThanTestCase.create(Version.fromString(\"5.005\"), Version.fromString(\"5.10.0\")),\n LessThanTestCase.create(Version.fromString(\"3.10.2\"), Version.fromString(\"3a9.8\")),\n LessThanTestCase.create(Version.fromString(\"3~10\"), Version.fromString(\"3a9.8\")),\n LessThanTestCase.create(\n Version.fromString(\"1.4+OOo3.0.0~\"), Version.fromString(\"1.4+OOo3.0.0-4\")),\n LessThanTestCase.create(Version.fromString(\"3.0~rc1-1\"), Version.fromString(\"3.0-1\")),\n LessThanTestCase.create(Version.fromString(\"2.4.7-1\"), Version.fromString(\"2.4.7-z\")),\n LessThanTestCase.create(Version.fromString(\"1.00\"), Version.fromString(\"1.002-1+b2\")),\n LessThanTestCase.create(Version.fromString(\"5.36-r0\"), Version.fromString(\"5.36\")),\n LessThanTestCase.create(Version.fromString(\"5.36-r0\"), Version.fromString(\"5.36-gg1.0\")),\n LessThanTestCase.create(\n Version.fromString(\"5.36-r0\"), Version.fromString(\"5.36-r0-gg1.0\")));\n }\n\n @Theory\n public void compareTo_lessThanTestCase_hasCorrectSymmetryResult(\n @FromDataPoints(\"LessThan\") LessThanTestCase testCase) {\n assertThat(testCase.smaller()).isLessThan(testCase.larger());\n assertThat(testCase.larger()).isGreaterThan(testCase.smaller());\n }\n}\n"
},
{
"path": "common/src/test/resources/com/google/tsunami/common/net/http/testdata/README.md",
"content": "# HTTP Lib Testdata\n\n## tsunami_test_server.p12\n\nThis is a PKCS12 self-signed server key/cert file. This file was generated using\nthe following commands with the password `tsunamitest`:\n\n```shell\n$ openssl req -new -x509 -nodes -sha1 -days 3650 \\\n -out /tmp/tsunami_test_server.crt \\\n -keyout /tmp/tsunami_test_server.key\n# Password is \"tsunamitest\" without the quotes.\n$ openssl pkcs12 -export -clcerts \\\n -in /tmp/tsunami_test_server.crt \\\n -inkey /tmp/tsunami_test_server.key \\\n -out tsunami_test_server.p12\n```\n"
},
{
"path": "core.Dockerfile",
"content": "# Stage 1: Build phase\n\nFROM ghcr.io/google/tsunami-scanner-devel:latest AS build\n\n## build the core engine\nWORKDIR /usr/repos/tsunami-security-scanner\nCOPY . .\nRUN mkdir -p /usr/tsunami\nRUN gradle shadowJar\nRUN find . -name 'tsunami-main-*.jar' -exec cp {} /usr/tsunami/tsunami.jar \\;\nRUN cp ./tsunami_tcs.yaml /usr/tsunami/tsunami.yaml\nRUN cp plugin/src/main/resources/com/google/tsunami/plugin/payload/payload_definitions.yaml /usr/tsunami/payload_definitions.yaml\nRUN cp -r plugin_server/py/ /usr/tsunami/py_server\n\n## We perform a hotpatch of the path pointing to the payload definitions file\n## for easier usage in the Dockerized environment.\nRUN sed -i \"s%'../../plugin/src/main/resources/com/google/tsunami/plugin/payload/payload_definitions.yaml'%'/usr/tsunami/payload_definitions.yaml'%g\" \\\n /usr/tsunami/py_server/plugin/payload/payload_utility.py\n\n## generate the protos for Python plugins\nWORKDIR /usr/repos/tsunami-security-scanner/\nRUN python3 -m grpc_tools.protoc \\\n -I/usr/repos/tsunami-security-scanner/proto \\\n --python_out=/usr/tsunami/py_server/ \\\n --grpc_python_out=/usr/tsunami/py_server/ \\\n /usr/repos/tsunami-security-scanner/proto/*.proto\n\n# Stage 2: Release\n\nFROM scratch AS release\n\nCOPY --from=build /usr/tsunami/tsunami.jar /usr/tsunami/\nCOPY --from=build /usr/tsunami/tsunami.yaml /usr/tsunami/\nCOPY --from=build /usr/tsunami/payload_definitions.yaml /usr/tsunami/payload_definitions.yaml\n\n# Python server and the virtual environment\nCOPY --from=build /usr/tsunami/py_venv/ /usr/tsunami/py_venv\nCOPY --from=build /usr/tsunami/py_server/ /usr/tsunami/py_server\n"
},
{
"path": "devel.Dockerfile",
"content": "FROM ubuntu:latest\n\nRUN apt-get update \\\n && apt-get install -y --no-install-recommends git openjdk-21-jdk ca-certificates wget unzip python3 python3-venv \\\n && rm -rf /var/lib/apt/lists/* \\\n && rm -rf /usr/share/doc && rm -rf /usr/share/man \\\n && apt-get clean\n\n# Install a specific version of protoc for the templated plugins\nWORKDIR /usr/dependencies\nRUN mkdir /usr/dependencies/protoc \\\n && wget https://github.com/protocolbuffers/protobuf/releases/download/v25.5/protoc-25.5-linux-x86_64.zip -O /usr/dependencies/protoc.zip \\\n && unzip /usr/dependencies/protoc.zip -d /usr/dependencies/protoc/\nENV PATH=\"${PATH}:/usr/dependencies/protoc/bin\"\n\n# Install a specific version of Gradle\nWORKDIR /usr/dependencies\nRUN wget https://services.gradle.org/distributions/gradle-8.14.2-bin.zip -O /usr/dependencies/gradle.zip \\\n && unzip /usr/dependencies/gradle.zip -d /usr/dependencies/ \\\n && mv /usr/dependencies/gradle-8.14.2/ /usr/dependencies/gradle/\nENV PATH=\"${PATH}:/usr/dependencies/gradle/bin\"\n\n# Prepare the virtualenv for Python plugins\n# This is one of the few dependencies that will get carried to the final docker\n# images.\nWORKDIR /usr/tsunami/py_venv/\nCOPY plugin_server/py/requirements.in /usr/tsunami/py_venv/requirements.in\nCOPY plugin_server/py/requirements.txt /usr/tsunami/py_venv/requirements.txt\nRUN python3 -m venv /usr/tsunami/py_venv\nENV PATH=\"/usr/tsunami/py_venv/bin:${PATH}\"\nRUN pip install --require-hashes -r /usr/tsunami/py_venv/requirements.txt\n"
},
{
"path": "docs/_config.yml",
"content": "remote_theme: pages-themes/cayman@v0.2.0\nurl: https://google.github.io\nbaseurl: /tsunami-security-scanner\npaginate: 5\npaginate_path: \"/blog/page:num/\"\nplugins:\n- jekyll-remote-theme\n- jekyll-paginate\n"
},
{
"path": "docs/_data/nav.yml",
"content": "- title: \"What's new\"\n path: /\n\n- title: \"All articles\"\n path: /blog/\n\n- title: \"Documentation\"\n path: /howto/\n"
},
{
"path": "docs/_includes/nav.html",
"content": "{% for nav in site.data.nav %}\n {% if nav.subcategories != null %}\n {% for subcategory in nav.subcategories %}\n {{ subcategory.title }}\n {% endfor %}\n {% elsif nav.title == page.title %}\n {{ nav.title }}\n {% else %}\n {{ nav.title }}\n {% endif %}\n{% endfor %}\n"
},
{
"path": "docs/_layouts/default.html",
"content": "\n\n \n \n\n{% seo %}\n \n \n \n \n \n In the past, if you wanted to write a Tsunami detector, you would need to\n> implement your detector using Java or Python. For each, you would have to\n> write a set of tests and ensure that everything is compiling and working as\n> intended.\n\n> This process proved to be very time consuming; especially as most Tsunami\n> detectors are simply sending an HTTP request and checking the response code\n> and body content. That is why we introduced templated plugins.\n\n> We have abstracted most of the code required to write a plugin. All you need\n> to do is to write a .textproto file that describes the behavior of your plugin\n> and a _test.textproto file that describes the tests for the plugin.\n\nIn short, templated plugins allow contributors to write Tsunami plugins as if\nthey were configuration files.\n\n### Why this change?\n\nFirst and foremost, this makes writing Tsunami plugins much easier. It reduces\nadherence to the build system and to the language, which makes it accessible to\nmore contributors. Because the plugins are now in a structured format, we can\nalso perform analysis on detectors and find common mistakes in these detectors:\nthis should overall improve the quality of plugins.\n\nBut that is only from the contributors’ perspective. From a maintainer\nperspective, that also means that we can work more efficiently on changes at\nscale in the Tsunami engine. Currently, whenever we need to make a change to the\nengine, we often have to change about 100 plugins.\n\nFinally, we are having very active discussions internally to rewrite Tsunami\nentirely in Golang. If we were to decide to take this path, templated plugins\nwould help us make the migration easier.\n\n### Why not YAML?\n\nThe most frequently asked question about templated plugins is: Why not use YAML\ninstead of textproto? First, we believe that\n[YAML has a lot of issues](https://ruudvanasseldonk.com/2023/01/11/the-yaml-document-from-hell).\n\nBut the most important reason is that textprotos are checked at compilation time\nand enforce a strong structure to our plugins (on top of being smaller).\n\n### How does this affect the Patch Reward Program (PRP)?\n\nTemplated plugins are now the default for writing plugins. **We will stop\naccepting Java and Python plugins unless there is a good reason for it (we\nunderstand that templated plugins can be limiting in some use cases)**.\n\nOther than that, no big changes. The rewards will stay the same and so will the\nqueue system. If our bet shows to be successful and templated plugins really\nreduce the time for plugins to be merged, we plan to increase the contributor\nqueue as well. This would mean that a contributor could work on more plugins in\nparallel. Stay tuned.\n\n### Will older plugins be rewritten?\n\nMost likely. We have not yet come-up with a detailed plan on how to do it, but\nwe would like to rewrite as many plugins as possible to unify them.\n\n## Tsunami releases\n\n## Tsunami version 1.0.0\n\nFor a long time, Tsunami has been in Alpha release. Internally, we have been\nusing Tsunami consistently and at scale for a while now. Thus we believe that\nTsunami is ready to be officially released in version 1.0.0.\n\n### Maven releases\n\nFor now, we are releasing most of Tsunami’s library to maven on repo central. If\nyou are depending on these artifacts, you will soon have to migrate away. We are\nplanning to change the way we are publishing Tsunami’s dependencies. The plan is\nnot finalized yet, but most likely we will publish Tsunami directly on GitHub.\n"
},
{
"path": "docs/_posts/2025-10-16-october-update-tsunami-prp.md",
"content": "# October update - Tsunami reward program\n\n## Improving the PRP situation\n\nSince our\n[last update in June](https://google.github.io/tsunami-security-scanner/2025/06/18/changes-to-tsunami.html),\nwe have made good progress on merging incoming pull requests. Not only do we now\nhave a very low amount of requests to process, but most of them are now\nimplemented with the\n[new templated language system](https://google.github.io/tsunami-security-scanner/howto/new-detector/templated/00-getting-started)\nwhich is usually faster for us to merge.\n\n**A big thank you to all of our contributors for their patience\\!**\n\n## An update on the payouts\n\nNote:\n[Our official rules](https://bughunters.google.com/about/rules/open-source/5067456626688000/tsunami-patch-rewards-program-rules)\nhave been updated accordingly.\n\nWe recently came to realize that our current payout system made the decision for\nthe reward difficult. To ensure everyone is rewarded fairly and adequately, we\nhave decided to simplify the payout system:\n\nType of detector | Reward (up to dollars)\n:--------------------------------------------------: | :--------------------:\nWishlist detector | 3177.13\nExposed interface detector Weak credentials detector | 2000\nOther detectors | 1500\n\n### What is a wishlist detector?\n\nThis is a detector for a vulnerability that Google cares deeply about. We\nunderstand that this is outside of the control of the contributors but this is\ngenerally based on internal priorities.\n\nWe will generally make it explicit that a contribution falls in that category\nbut on the other hand, we might request that the detector is completed in a\nfaster timeline (less than a week) to justify the higher payout. Sometimes we\nwill release a wishlist to the public – if you pick up an item from that\nwishlist, you are guaranteed to fall into this category.\n\n### What happened to fingerprints?\n\nWe are not accepting new fingerprinting contributions for now. **Note that pull\nrequests already opened will be processed and paid as previously agreed upon.**\n\nWe are currently working on completely changing the way Tsunami performs\nfingerprinting. Amongst other things, we are experimenting with rewriting that\nspecific portion of the scanner in Golang to measure how well the language\nmatches our needs.\n\n## An insight into our triage decisions\n\nWe also understand that it might be difficult to understand how and why we\ndecide to accept some contributions and not others, so we wanted to provide some\nvisibility into that process.\n\nFirst and foremost, the goal of Tsunami is to find impactful vulnerabilities.\n**This generally means that we want to identify security issues that have a\nstrong impact; this generally translates to remote code execution (RCE).**\n\n**The questions that we are always asking ourselves:**\n\n* Can this be turned into a full-chain to remote code execution?\n* Can the full-chain be implemented in the detector? Or be reliable enough\n that it can ascertain the full chain exploitability?\n\nHere is an example table for common vulnerability types:\n\n| Category | Decision |\n| :----------------------: | :-------------: |\n| XSS | Rejected |\n| CSRF | Rejected |\n| SSRF | Likely rejected |\n| SQLi | Likely rejected |\n| Local file include | It depends |\n| Path traversal | It depends |\n| XXE | It depends |\n| Remote file include | Likely accepted |\n| File upload | Likely accepted |\n| Exposed interface | Likely accepted |\n| Authentication bypass | Likely accepted |\n| Weak credentials | Likely accepted |\n| OS command injection | Likely accepted |\n\nAs mentioned before, that decision depends heavily on the ability to create a\nfull chain of exploitation that leads to remote code execution.\n\n## Tsunami versioning\n\nAs we previously announced, we are slowly dropping Maven releases in favor of\nour Docker images and direct dependencies to GitHub. We are already not\npublishing any new artifacts to Maven and encourage you **strongly** to migrate\nto building with the GitHub code.\n\nThis change slightly increases overall maintenance of plugins for larger changes\nof the core but ensures that issues do not go unnoticed and also makes\ndependencies management a lot easier for us.\n"
},
{
"path": "docs/about/index.md",
"content": "# About Tsunami\n\n## Why Tsunami?\n\nWhen security vulnerabilities or misconfigurations are actively exploited by\nattackers, organizations need to react quickly in order to protect potentially\nvulnerable assets. As attackers increasingly invest in automation, the time\nwindow to react to a newly released, high severity vulnerability is usually\nmeasured in hours. This poses a significant challenge for large organizations\nwith thousands or even millions of internet-connected systems. In such\nhyperscale environments, security vulnerabilities must be detected and ideally\nremediated in a fully automated fashion. To do so, information security teams\nneed to have the ability to implement and roll out detectors for novel security\nissues at scale in a very short amount of time. Furthermore, it is important\nthat the detection quality is consistently very high. To solve these challenges,\nwe created Tsunami - an extensible network scanning engine for detecting high\nseverity vulnerabilities with high confidence in an unauthenticated manner.\n\n## Goals and Philosophy\n\n* Tsunami supports small manually curated set of vulnerabilities\n* Tsunami detects high severity, RCE-like vulnerabilities, which often\n actively exploited in the wild\n* Tsunami generates scan results with high confidence and minimal\n false-positive rate.\n* Tsunami detectors are easy to implement.\n* Tsunami is easy to scale, executes fast and scans non-intrusively.\n\n## Naming\n\nThe name \"Tsunami\" comes from the fact that this scanner is meant be used as part of a larger system to warn owners about automated \"attack waves\". Automated attacks are similar to tsunamis in the way that they come suddenly, without prior warning and can cause a lot of damage to organizations if no precautions are taken. The term \"Tsunami Early Warning System Security Scanning Engine\" is quite long and thus the name got abbreviated to Tsunami Scanning Engine, or Tsunami. Hence, the name is not an analogy to tsunamis itself, but to a system that detects them and warns everyone about them.\n"
},
{
"path": "docs/assets/css/style.scss",
"content": "---\n---\n\n@import '{{ site.theme }}';\n\n.pagination {\n text-align: center;\n background-color: #eee;\n border-radius: 0.3rem;\n padding: 3px;\n margin-top: 0.75rem;\n margin-bottom: 0.75rem;\n}\n"
},
{
"path": "docs/blog/index.html",
"content": "---\ntitle: Posts\nlayout: default\n---\n\n{% for post in paginator.posts %}\n
\n Posted on {{ post.date | date_to_long_string: \"ordinal\" }}\n
\n
\n {{ post.excerpt }}\n
\n{% endfor %}\n\n
\n {% if paginator.previous_page %}\n \n Previous\n ::\n {% endif %}\n \n {{ paginator.page }} of {{ paginator.total_pages }}\n \n {% if paginator.next_page %}\n :: Next\n {% endif %}\n
\n"
},
{
"path": "docs/contribute/code-of-conduct.md",
"content": "# Google Open Source Community Guidelines\n\nAt Google, we recognize and celebrate the creativity and collaboration of open\nsource contributors and the diversity of skills, experiences, cultures, and\nopinions they bring to the projects and communities they participate in.\n\nEvery one of Google's open source projects and communities are inclusive\nenvironments, based on treating all individuals respectfully, regardless of\ngender identity and expression, sexual orientation, disabilities,\nneurodiversity, physical appearance, body size, ethnicity, nationality, race,\nage, religion, or similar personal characteristic.\n\nWe value diverse opinions, but we value respectful behavior more.\n\nRespectful behavior includes:\n\n* Being considerate, kind, constructive, and helpful.\n* Not engaging in demeaning, discriminatory, harassing, hateful, sexualized,\n or physically threatening behavior, speech, and imagery.\n* Not engaging in unwanted physical contact.\n\nSome Google open source projects [may adopt][] an explicit project code of\nconduct, which may have additional detailed expectations for participants. Most\nof those projects will use our [modified Contributor Covenant][].\n\n[may adopt]: https://opensource.google/docs/releasing/preparing/#conduct\n[modified Contributor Covenant]: https://opensource.google/docs/releasing/template/CODE_OF_CONDUCT/\n\n## Resolve peacefully\n\nWe do not believe that all conflict is necessarily bad; healthy debate and\ndisagreement often yields positive results. However, it is never okay to be\ndisrespectful.\n\nIf you see someone behaving disrespectfully, you are encouraged to address the\nbehavior directly with those involved. Many issues can be resolved quickly and\neasily, and this gives people more control over the outcome of their dispute. If\nyou are unable to resolve the matter for any reason, or if the behavior is\nthreatening or harassing, report it. We are dedicated to providing an\nenvironment where participants feel welcome and safe.\n\n## Reporting problems\n\nSome Google open source projects may adopt a project-specific code of conduct.\nIn those cases, a Google employee will be identified as the Project Steward, who\nwill receive and handle reports of code of conduct violations. In the event that\na project hasn’t identified a Project Steward, you can report problems by\nemailing opensource@google.com.\n\nWe will investigate every complaint, but you may not receive a direct response.\nWe will use our discretion in determining when and how to follow up on reported\nincidents, which may range from not taking action to permanent expulsion from\nthe project and project-sponsored spaces. We will notify the accused of the\nreport and provide them an opportunity to discuss it before any action is taken.\nThe identity of the reporter will be omitted from the details of the report\nsupplied to the accused. In potentially harmful situations, such as ongoing\nharassment or threats to anyone's safety, we may take action without notice.\n\n*This document was adapted from the [IndieWeb Code of Conduct][] and can also be\nfound at .*\n\n[IndieWeb Code of Conduct]: https://indieweb.org/code-of-conduct\n"
},
{
"path": "docs/contribute/contributing.md",
"content": "# How to Contribute\n\nWe'd love to accept your patches and contributions to this project. There are\njust a few small guidelines you need to follow.\n\n## Contributor License Agreement\n\nContributions to this project must be accompanied by a Contributor License\nAgreement. You (or your employer) retain the copyright to your contribution;\nthis simply gives us permission to use and redistribute your contributions as\npart of the project. Head over to to see\nyour current agreements on file or to sign a new one.\n\nYou generally only need to submit a CLA once, so if you've already submitted one\n(even if it was for a different project), you probably don't need to do it\nagain.\n\n## Code reviews\n\nAll submissions, including submissions by project members, require review. We\nuse GitHub pull requests for this purpose. Consult\n[GitHub Help](https://help.github.com/articles/about-pull-requests/) for more\ninformation on using pull requests.\n\n## Community Guidelines\n\nThis project follows\n[Google's Open Source Community Guidelines](https://opensource.google/conduct/).\n"
},
{
"path": "docs/contribute/index.md",
"content": "# Contributing to Tsunami\n\n{% include_relative contributing.md %}\n\n{% include_relative code-of-conduct.md %}\n"
},
{
"path": "docs/howto/common-patterns.md",
"content": "# Common detector patterns\n\n### Running only for a specific service\n\n*Use case: I want my detector to only run for web applications or for\napplication X.*\n\nThere exist currently two way in Tsunami to filter the service type:\n\n1. Using annotations (preferred)\n\nThe\n[`@ForWebService`](https://github.com/google/tsunami-security-scanner/blob/master/plugin/src/main/java/com/google/tsunami/plugin/annotations/ForWebService.java)\nand\n[`@ForServiceName({\"X\", \"Y\"})`](https://github.com/google/tsunami-security-scanner/blob/master/plugin/src/main/java/com/google/tsunami/plugin/annotations/ForServiceName.java)\nannotations can be used to instruct the core engine of Tsunami to only run this\nplugin if the service was a web service or a service with name `X` or `Y`. The\nname of the service is obtained during the discovery phase. It currently is the\nexact same service name as NMAP would report (e.g. `http`, `https`, `ssh`).\n\n2. Using filtering (web service only)\n\nThe\n[`NetworkServiceUtils.isWebService()`](https://github.com/google/tsunami-security-scanner/blob/483f9ea5b7c69e8802353e0dcd293c2f35eaa4aa/common/src/main/java/com/google/tsunami/common/data/NetworkServiceUtils.java#L69)\ncan be used when performing filtering to ensure only `NetworkService` that were\nidentified as web service will be processed.\n\nExample usage:\n\n```java\nsomeNetworkServiceCollection.stream()\n .filter(NetworkServiceUtils::isWebService)\n // {...}\n```\n\n### Building URLs\n\n*Use case: My detector targets a web application. How do I build the URL?*\n\nWhen writing your plugins, there are a few things that you should NOT have to\ncare about and that the Tsunami core engine should resolve for you:\n\n- Is the service using HTTP or HTTPS?\n- How do I construct the URL from the `NetworkService`?\n- What if NMAP fails to identify the service as HTTP and I still want to build\n an URL?\n\nAll of these concerns are addressed in the core engine of Tsunami and you can\nsimply use the URL building API:\n[`NetworkServiceUtils.buildWebApplicationRootUrl()`](https://github.com/google/tsunami-security-scanner/blob/483f9ea5b7c69e8802353e0dcd293c2f35eaa4aa/common/src/main/java/com/google/tsunami/common/data/NetworkServiceUtils.java#L173)\n\n#### DO\n\n```java\nString myUrl = NetworkServiceUtils.buildWebApplicationRootUrl(networkService)\n + MY_VULNERABLE_ENDPOINT;\n```\n\n#### DO NOT\n\nThe following **SHOULD NOT BE USED**:\n\n1. Defining a `buildTarget` intermediate function is redundant and most of the\ntime not necessary:\n\n```java\n private static StringBuilder buildTarget(NetworkService networkService) {\n StringBuilder targetUrlBuilder = new StringBuilder();\n if (NetworkServiceUtils.isWebService(networkService)) {\n targetUrlBuilder.append(NetworkServiceUtils.buildWebApplicationRootUrl(networkService));\n } else {\n targetUrlBuilder\n .append(\"http://\")\n .append(toUriAuthority(networkService.getNetworkEndpoint()))\n .append(\"/\");\n }\n targetUrlBuilder.append(MY_VULNERABLE_ENDPOINT);\n return targetUrlBuilder;\n }\n```\n\n2. Using `String.Format` does not make use of the information obtained during\nthe discovery phase and is error prone:\n\n```java\nvar uriAuthority = NetworkEndpointUtils.toUriAuthority(networkService.getNetworkEndpoint());\nvar loginPageUrl = String.format(\"http://%s/%s\", uriAuthority, MY_VULNERABLE_ENDPOINT);\n```\n\n### Adding command line arguments consumed by the detector\n\n*Use case: I need command line arguments for my detector*\n\nTsunami uses [jCommander](https://jcommander.org/) for command line argument\nparsing. In order to add new CLI arguments for your plugin, first define the\ndata class for holding all the arguments. You can follow the jCommander tutorial\nto learn more about this tool.\n\nFor example:\n\n```java\n@Parameters(separators = \"=\")\npublic final class MyPluginArgs implements CliOption {\n @Parameter(names = \"--param\", description = \"Description for param.\")\n public String param;\n\n @Override\n public void validate() {\n // Validate the command line value.\n }\n}\n```\n\nThen, the CLI flags will be parsed and an instance of this class will be created\nby the main scanner at start-up time. In order to use this class in your plugin,\nyou can directly inject this data class into your plugin's constructor.\n\n```java\npublic final class MyVulnDetector implements VulnDetector {\n private final MyPluginArgs args;\n\n @Inject\n MyVulnDetector(MyPluginArgs args) {\n this.args = checkNotNull(args);\n }\n\n // {...}\n}\n```\n\n### Adding configuration properties consumed by the detector\n\n*Use case: How do I add configurable option for my detector?*\n\nTsunami supports loading configs from a YAML file and uses\n[snakeyaml](https://bitbucket.org/asomov/snakeyaml/wiki/Documentation) to parse\nthe YAML config files. In order to add configuration properties to your plugin,\nfirst you need to define a data class for holding all the configuration values.\n\nNOTE: Currently Tsunami only supports standard Java data types for\nconfigurations like `String`, numbers (`int`, `long`, `float`, `double`, etc),\n`List` and `Map`.\n\n```java\n// All config classes must be annotated by this ConfigProperties annotation in\n// order for Tsunami to recognize the config class.\n@ConfigProperties(prefix = \"my.plugin.configs\")\npublic class MyPluginConfigs {\n String stringValue;\n long longValue;\n List listValues;\n Map mapValues;\n}\n```\n\nThen, similar to the command line arguments, you can inject an instance of this\ndata class into your plugin's constructor.\n\n```java\npublic final class MyVulnDetector implements VulnDetector {\n private final MyPluginConfigs configs;\n\n @Inject\n MyVulnDetector(MyPluginConfigs configs) {\n this.configs = checkNotNull(configs);\n }\n\n // {...}\n}\n```\n\nThe scanner will parse the configuration file when it starts, create an instance\nof the data class from the config data, and inject the instance into your\nplugin.\n\nFollowing is an example config file for the previously defined `MyPluginConfigs`\nobject.\n\n```yaml\nmy:\n plugin:\n configs:\n # Config name can be exact match.\n stringValue: \"example value\"\n # Or matching via snake_case.\n long_value: 123\n list_values:\n - \"a\"\n - \"b\"\n - \"c\"\n mapValues:\n key1: \"value1\"\n key2: \"value2\"\n```\n\nTo use the configuration file, you need to set the `tsunami.config.location`\noption when calling Tsunami.\n\n### Creating TCP sockets with proper timeouts\n\n*Use case: My detector needs to create raw TCP or SSL sockets to communicate\nwith a service.*\n\nWhen writing detectors that need to create raw TCP or SSL sockets, you **must**\nuse the `TsunamiSocketFactory` API instead of directly creating sockets through\n`javax.net.SocketFactory` or `javax.net.ssl.SSLSocketFactory`. This ensures that\nall sockets have proper timeout configurations, preventing plugins from hanging\nindefinitely when servers don't respond.\n\n#### Injecting the socket factory\n\n```java\npublic final class MyVulnDetector implements VulnDetector {\n private final TsunamiSocketFactory socketFactory;\n\n @Inject\n MyVulnDetector(TsunamiSocketFactory socketFactory) {\n this.socketFactory = checkNotNull(socketFactory);\n }\n\n // {...}\n}\n```\n\n#### Creating a plain TCP socket with default timeouts\n\n```java\nprivate final TsunamiSocketFactory socketFactory;\n\n// Socket will have connect timeout of 10s and read timeout of 30s (configurable)\nSocket socket = socketFactory.createSocket(\"example.com\", 80);\ntry {\n // Use the socket...\n OutputStream out = socket.getOutputStream();\n InputStream in = socket.getInputStream();\n // ...\n} finally {\n socket.close();\n}\n```\n\n#### Creating a socket with custom timeouts\n\n```java\nSocket socket = socketFactory.createSocket(\n \"example.com\",\n 80,\n Duration.ofSeconds(5), // Connect timeout\n Duration.ofSeconds(15) // Read timeout\n);\n```\n\n#### Creating an SSL/TLS socket\n\n```java\n// Create an SSL socket with default timeouts\nSSLSocket sslSocket = socketFactory.createSslSocket(\"secure.example.com\", 443);\n\n// Or with custom timeouts\nSSLSocket sslSocket = socketFactory.createSslSocket(\n \"secure.example.com\",\n 443,\n Duration.ofSeconds(5),\n Duration.ofSeconds(15)\n);\n```\n\n#### Upgrading a plain socket to SSL (STARTTLS)\n\n```java\n// First, create a plain socket\nSocket plainSocket = socketFactory.createSocket(\"mail.example.com\", 25);\n\n// Send STARTTLS command...\n// ...\n\n// Then upgrade to SSL\nSSLSocket sslSocket = socketFactory.wrapWithSsl(\n plainSocket,\n \"mail.example.com\",\n 25,\n true // autoClose\n);\n```\n\n#### Configuring socket timeouts\n\nSocket timeouts can be configured via:\n\n1. **Configuration file** (tsunami.yaml):\n\n```yaml\ncommon:\n net:\n socket:\n connect_timeout_seconds: 10\n read_timeout_seconds: 30\n trust_all_certificates: true\n```\n\n1. **Command line options**:\n\n```bash\n--socket-connect-timeout-seconds=10\n--socket-read-timeout-seconds=30\n--socket-trust-all-certificates=true\n```\n\nCLI options take precedence over configuration file settings.\n\n#### DO NOT create sockets directly\n\n**NEVER** create sockets directly like this:\n\n```java\n// BAD: No timeout configured, socket may hang forever\nSocket socket = new Socket(\"example.com\", 80);\n\n// BAD: Even with SocketFactory, timeout is missing\nSocket socket = SocketFactory.getDefault().createSocket(\"example.com\", 80);\n```\n\nAlways use `TsunamiSocketFactory` to ensure proper timeout handling.\n"
},
{
"path": "docs/howto/howto.md",
"content": "# Build and run Tsunami\n\n## Tsunami docker's environment\n\nWe provide a set of Docker images to help you build and use Tsunami. We provide\na minimal (scratch) image for:\n\n- The core engine only;\n- The callback server only;\n- Each category of plugin;\n\nUsing these minimal images is not recommended, instead we recommend composing\non top of them.\n\n\n\n## Running the latest version of Tsunami\n\nIf you just want to run the latest version of Tsunami, without having to\nrecompile anything, you can directly use the latest full image of Tsunami.\n\n```sh\n# Important: If you built a local version of the container, do not pull as it\n# will overwrite your changes. Otherwise, do pull as you would be using a stale\n# version of the image.\n$ docker pull ghcr.io/google/tsunami-scanner-full\n\n# Run the image\n$ docker run -it --rm ghcr.io/google/tsunami-scanner-full bash\n\n# If you want to use Python plugins\n(docker) $ tsunami-py-server >/tmp/py_server.log 2>&1 &\n\n# If you want to use the callback server\n(docker) $ tsunami-tcs >/tmp/tcs_server.log 2>&1 &\n\n# Run Tsunami\n# Note: If you did not start the python server, omit the `--python-` arguments.\n(docker) $ tsunami --ip-v4-target=127.0.0.1 --python-plugin-server-address=127.0.0.1 --python-plugin-server-port=34567\n```\n\nThis images contains everything necessary under the `/usr/tsunami` directory.\n\nTo use the callback server, you might have to setup port forwarding with your\ndocker container when starting it. We encourage you to refer to the `-p` option\nof Docker.\n\nA few tips:\n\n- Only scan one port: `--port-ranges-target`\n- Only run your detector: `--detectors-include=\"detector-name\"`; where detector\nname is the name defined in `PluginInfo` section for Java and Python plugins and\nthe `info.name` section on templated plugins.\n\n## Using docker to build Tsunami\n\nIn this section, we go through the different ways to compile the core engine\nor a plugin locally so that you can test your changes.\n\nIt assumes that you have cloned both the `tsunami-security-scanner` and\n`tsunami-security-scanner-plugins` repositories.\n\n### Rebuilding the core engine\n\nIf you need to make changes to the core engine during the development cycle, you\nwill have to perform the following actions to test your change:\n\n- Rebuild the core engine container;\n\n```sh\n# Build the core engine container\n$ cd tsunami-security-scanner\n$ docker build -t ghcr.io/google/tsunami-scanner-core:latest -f core.Dockerfile .\n```\n\n- Rebuild all plugins to ensure your change is compatible\n\nIMPORTANT: Your changes must be committed via git to be picked. They do not need\nto be pushed to GitHub, they can be local only.\n\nIn the following example, we will use docker volumes to mount our changes to\n`/usr/tsunami/repos/tsunami-security-scanner`. This assumes that our\n`tsunami-security-scanner` and `tsunami-security-scanner-plugins` clones are in\n`/tsunami/` on our host. Also, our changes are committed to the `master` branch.\nYou can change the commands accordingly if your repositories path or branch are\ndifferent.\n\n```sh\n$ cd tsunami-security-scanner-plugins\n```\n\nFirst, we need to change the `Dockerfile` to use our changes:\n\n```diff\n-ENV GITREPO_TSUNAMI_CORE=\"https://github.com/google/tsunami-security-scanner.git\"\n-ENV GITBRANCH_TSUNAMI_CORE=\"stable\"\n+ENV GITREPO_TSUNAMI_CORE=\"/usr/tsunami/repos/tsunami-security-scanner\"\n+ENV GITBRANCH_TSUNAMI_CORE=\"master\"\n```\n\nWe also need to instruct docker to bind our changes in `/usr/tsunami/repos`:\n\n```diff\n- RUN gradle build\n+ RUN --mount=type=bind,source=/tsunami-security-scanner,target=/usr/tsunami/repos/tsunami-security-scanner \\\n+ gradle build\n+\n```\n\nThen we can rebuild all plugins in one swoop:\n\n```sh\n$ docker build -t ghcr.io/google/tsunami-plugins-all:latest --build-arg=TSUNAMI_PLUGIN_FOLDER=tsunami-security-scanner-plugins -f tsunami-security-scanner-plugins/Dockerfile /tsunami/\n```\n\n- Rebuild the `-full` container;\n\n```sh\n$ cd tsunami-security-scanner\n```\n\nWe need to change the `full.Dockerfile` to use our newly created container:\n\n```diff\n# Plugins\n- FROM ghcr.io/google/tsunami-plugins-google:latest AS plugins-google\n- FROM ghcr.io/google/tsunami-plugins-templated:latest AS plugins-templated\n- FROM ghcr.io/google/tsunami-plugins-doyensec:latest AS plugins-doyensec\n- FROM ghcr.io/google/tsunami-plugins-community:latest AS plugins-community\n- FROM ghcr.io/google/tsunami-plugins-govtech:latest AS plugins-govtech\n- FROM ghcr.io/google/tsunami-plugins-facebook:latest AS plugins-facebook\n- FROM ghcr.io/google/tsunami-plugins-python:latest AS plugins-python\n+ FROM ghcr.io/google/tsunami-plugins-all:latest AS plugins-all\n\n{...}\n\n- COPY --from=plugins-google /usr/tsunami/plugins/ /usr/tsunami/plugins/\n- COPY --from=plugins-templated /usr/tsunami/plugins/ /usr/tsunami/plugins/\n- COPY --from=plugins-doyensec /usr/tsunami/plugins/ /usr/tsunami/plugins/\n- COPY --from=plugins-community /usr/tsunami/plugins/ /usr/tsunami/plugins/\n- COPY --from=plugins-govtech /usr/tsunami/plugins/ /usr/tsunami/plugins/\n- COPY --from=plugins-facebook /usr/tsunami/plugins/ /usr/tsunami/plugins/\n- COPY --from=plugins-python /usr/tsunami/py_plugins/ /usr/tsunami/py_plugins/\n+ COPY --from=plugins-all /usr/tsunami/plugins/ /usr/tsunami/plugins/\n```\n\nAnd then rebuild it:\n\n```sh\n$ docker build -t ghcr.io/google/tsunami-scanner-full:latest -f full.Dockerfile .\n```\n\n- Run the scanner to check that everything works.\n\nSee the \"Running the latest version of Tsunami\" section on this page to run\nTsunami with the newly built image. DO NOT perform a docker pull.\n\n### Rebuilding a whole category of plugins\n\nTsunami groups plugins per categories. From the root folder of the plugin\nrepository, you can see that the categories are `google`, `community`,\n`templated` and so on.\n\nOur docker images are built separately for each category. The same Dockerfile\nis used, but it is parameterized to use a different folder with\n`TSUNAMI_PLUGIN_FOLDER`.\n\n```sh\n$ cd tsunami-security-scanner-plugins\n$ build -t ghcr.io/google/tsunami-plugins-category:latest --build-arg TSUNAMI_PLUGIN_FOLDER=category .\n\n# For example with the community category:\n$ build -t ghcr.io/google/tsunami-plugins-community:latest --build-arg TSUNAMI_PLUGIN_FOLDER=community .\n```\n\nFor **Python plugins**, you need to use the dedicated Dockerfile, which only\nsupports bundling all plugins:\n\n```sh\n$ cd tsunami-security-scanner-plugins\n$ build -t ghcr.io/google/tsunami-plugins-python:latest -f python.Dockerfile .\n```\n\nOnce you have rebuilt the categories that you need, you can rebuild the `-full`\nimage:\n\n```sh\n$ cd tsunami-security-scanner\n$ docker build -t ghcr.io/google/tsunami-scanner-full:latest -f full.Dockerfile .\n```\n\nThen follow \"Running the latest version of Tsunami\" to use this new image. DO\nNOT perform a `docker pull`.\n\n### Building an image for one plugin\n\nNow, if during development you only wish to build your plugin, you can do so\nby creating a new local-only category.\n\nBefore you start, you will need to change the definition of the\n`full.Dockerfile` file:\n\n- Add a `FROM` directive in the Plugins section:\n\n```diff\nFROM ghcr.io/google/tsunami-plugins-python:latest AS plugins-python\n+ FROM ghcr.io/google/tsunami-plugins-local:latest AS plugins-local\n```\n\n- Add a `COPY` directive in the section that copies everything:\n\n```diff\nCOPY --from=plugins-python /usr/tsunami/py_plugins/ /usr/tsunami/py_plugins/\n+ COPY --from=plugins-local /usr/tsunami/plugins/ /usr/tsunami/plugins/\n```\n\nThen, you can build the actual image containing only your plugin:\n\n```sh\n$ cd tsunami-security-scanner-plugins\n$ build -t ghcr.io/google/tsunami-plugins-local:latest --build-arg TSUNAMI_PLUGIN_FOLDER=path/to/my/plugin .\n```\n\nFinally, compile the `-full` image:\n\n```sh\n$ cd tsunami-security-scanner\n$ docker build -t ghcr.io/google/tsunami-scanner-full:latest -f full.Dockerfile .\n```\n\nThen follow \"Running the latest version of Tsunami\" to use this new image. DO\nNOT perform a `docker pull`.\n\n**Python plugins** do not support building only one plugin. See building the\nwhole category instead.\n\n## Building Tsunami without docker\n\nWe do not provide support for building Tsunami outside of our docker\nenvironment.\n\nYou can use the Dockerfile provided in the repositories to build your own\ntoolchain if you so wish.\n"
},
{
"path": "docs/howto/index.md",
"content": "# Tsunami documentation\n\nWelcome to the Tsunami community, we are thrilled that you want to contribute.\nThis page contains information to get you started with your first contributions.\n\n## Contributing to Google code\n\n- [Contributing rules]({{ site.baseurl }}/contribute/index)\n\n## Understanding Tsunami\n\n- [About Tsunami]({{ site.baseurl }}/about/index)\n- [How tsunami works]({{ site.baseurl }}/howto/orchestration)\n\n## Building and running Tsunami\n\n- [How to build and run Tsumami]({{ site.baseurl }}/howto/howto)\n\n## Writing plugins\n\n### Vulnerability detectors\n\n- [Using our custom configuration format]({{ site.baseurl }}/howto/new-detector/templated/00-getting-started) (preferred approach)\n- [Using Java]({{ site.baseurl }}/howto/new-detector/new-detector-java)\n- Using Python *(not documented yet)*\n\n### Weak credentials detectors\n\nNot documented yet.\n\n### Fingerprinting plugins\n\nNot documented yet.\n\n## Other guides\n\n- [Common detector patterns for Java plugins]({{ site.baseurl }}/howto/common-patterns)\n (i.e. \"How do I do that?!\")\n"
},
{
"path": "docs/howto/new-detector/new-detector-java.md",
"content": "# Writing a Tsunami detector (Java)\n\nNOTE: We now expect you to write plugins using the templated format first. Only\nresort to Java or Python if the plugin cannot be written with the templated\nformat.\n\n## Overview\n\nEach Tsunami detector needs the following pieces which we will create in this\ntutorial:\n\n* A plugin name that is unique among all enabled Tsunami plugins.\n* A set of build rules for [Gradle](https://gradle.org/) (external build)\n* A `VulnDetector` that implements the vulnerability detection logic.\n* A `PluginBootstrapModule` that provides necessary Guice bindings for the\n detector.\n* An optional `CliOption` that captures all the supported command line flags\n for the detector.\n* An optional `ConfigProperties` that captures all the supported configuration\n for the detector.\n\n## 1. Fork the examples\n\nTsunami provides a few example implementations of a `VulnDetector` plugin. The\nexamples live in the\n[examples directory](https://github.com/google/tsunami-security-scanner-plugins/tree/master/examples)\n\n* Update Java package names. The example `VulnDetector` plugin is defined\n under `com.google.tsunami.plugins.example` package. Refactor the package and\n class name according to your detector implementation.\n* Give a meaningful description to the Gradle build rule at `build.gradle`. We\n will work on the Gradle build rule later.\n* Rewrite the `README.md` file to have a good explanation of your\n `VulnDetector` plugin.\n\n## 2. Putting the detector together\n\n### 2.a - `PluginInfo` annotation\n\nAll Tsunami plugins must be annotated by the `PluginInfo` annotation. Otherwise\nit cannot be identified by Tsunami scanner at runtime. This annotation provides\nthe general information about the plugin to the core scanner.\n\nFollowing is an example usage of the `PluginInfo` annotation from our\n`WordPressInstallPageDetector`.\n\n```java\n@PluginInfo(\n // VULN_DETECTION PluginType is required for a VulnDetector plugin.\n type = PluginType.VULN_DETECTION,\n // This gives a human readable name for your VulnDetector. Can be different\n // from your class name.\n name = \"WordPressInstallPageDetector\",\n // The current version of your plugin.\n version = \"0.1\",\n // A detailed description about what this plugin does.\n description =\n \"This detector checks whether a WordPress install is unfinished. An unfinished WordPress\"\n + \" installation exposes the /wp-admin/install.php page, which allows attacker to set\"\n + \" the admin password and possibly compromise the system.\",\n // The author of this plugin.\n author = \"Tsunami Team (tsunami-dev@google.com)\",\n // The guice module that bootstraps this plugin.\n bootstrapModule = WordPressInstallPageDetectorBootstrapModule.class)\n```\n\n### 2.b - Define the `VulnDetector` plugin\n\nEach vulnerability detector plugin is an implementation of the `VulnDetector`\ninterface. For this step we only explain the placeholder code, later you'll need\nto provide implementations for the class itself.\n\nFollowing is an example placeholder code from the\n`WordPressInstallPageDetector`:\n\n```java\n// ...\n// annotations\n// ...\npublic final class WordPressInstallPageDetector implements VulnDetector {\n // See https://github.com/google/flogger for details.\n private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();\n\n // Tsunami uses Guice (https://github.com/google/guice) to manage the\n // dependencies.\n @Inject\n WordPressInstallPageDetector(\n // Tsunami provides a UtcClock for production and FakeUtcClock for\n // testing purposes.\n @UtcClock Clock utcClock,\n // You can also inject other useful dependencies to your plugin code, e.g.\n // inject HttpClient if you need to interact with a web server.\n HttpClient httpClient) {\n }\n\n // The entrypoint of the VulnDetector. We will explain this later.\n @Override\n public DetectionReportList detect(\n TargetInfo targetInfo, ImmutableList matchedServices) {\n // implement me.\n }\n}\n```\n\n### 2.c - Implement the main detection logic\n\nThe main logic of the detection is expected to happen in the `detect` method,\nwhich expects two arguments:\n\n1. [The `TargetInfo` proto](https://github.com/google/tsunami-security-scanner/blob/master/proto/reconnaissance.proto).\n This proto contains information that were gathered during the fingerprinting\n and discovery phase.\n1. [The `NetworkService` list](https://github.com/google/tsunami-security-scanner/blob/master/proto/network_service.proto).\n This list contains all the identified network services that match the\n service filtering annotations.\n\nThe main detection logic usually iterates over all the elements of the\n`matchedServices` parameter and checks whether the `NetworkService` is\nvulnerable to the vulnerability your plugin checks for. If any service is\nvulnerable, you'll need to build a `DetectionReport` proto that explains the\nidentified vulnerability.\n\nFollowing is an example implementation from our `WordPressInstallPageDetector`:\n\n```java\n@Override\npublic DetectionReportList detect(\n TargetInfo targetInfo, ImmutableList matchedServices) {\n return DetectionReportList.newBuilder()\n .addAllDetectionReports(\n matchedServices.stream()\n // The WordPressInstallPageDetector only works for web services.\n .filter(NetworkServiceUtils::isWebService)\n // Detection logic that checks whether a web service exposes\n // a wordpress installation page. Omitted here for simplicity.\n .filter(this::isServiceVulnerable)\n // Build a DetectionReport when the web service is vulnerable.\n .map(networkService -> buildDetectionReport(targetInfo, networkService))\n .collect(toImmutableList()))\n .build();\n}\n\nprivate DetectionReport buildDetectionReport(\n TargetInfo scannedTarget, NetworkService vulnerableNetworkService) {\n return DetectionReport.newBuilder()\n .setTargetInfo(scannedTarget)\n .setNetworkService(vulnerableNetworkService)\n .setDetectionTimestamp(Timestamps.fromMillis(Instant.now(utcClock).toEpochMilli()))\n .setDetectionStatus(DetectionStatus.VULNERABILITY_VERIFIED)\n .setVulnerability(\n Vulnerability.newBuilder()\n .setMainId(\n VulnerabilityId.newBuilder()\n .setPublisher(\"GOOGLE\")\n .setValue(\"UNFINISHED_WORD_PRESS_INSTALLATION\"))\n .setSeverity(Severity.CRITICAL)\n .setTitle(\"Unfinished WordPress Installation\")\n .setDescription(\n \"An unfinished WordPress installation exposes the /wp-admin/install.php page,\"\n + \" which allows attacker to set the admin password and possibly\"\n + \" compromise the system.\"))\n .build();\n}\n```\n\n## 3. Preparing the `PluginBootstrapModule`\n\nEach Tsunami plugin must have a companion `PluginBootstrapModule` that provides\nthe required Guice bindings and registers the plugin to the core engine.\n\nCreating a `PluginBootstrampModule` is rather simple if you only need to\nregister the plugin. You only need to call `registerPlugin` within the\n`configurePlugin` method (e.g.\n[`ExampleVulnDetectorBootstrapModule`](https://github.com/google/tsunami-security-scanner-plugins/tree/master/examples/example_vuln_detector/src/main/java/com/google/tsunami/plugins/example/ExampleVulnDetectorBootstrapModule.java)).\n\nA more complete example is the\n[GenericWeakCredentialDetectorBootstrapModule](https://github.com/google/tsunami-security-scanner-plugins/blob/master/google/detectors/credentials/generic_weak_credential_detector/src/main/java/com/google/tsunami/plugins/detectors/credentials/genericweakcredentialdetector/GenericWeakCredentialDetectorBootstrapModule.java)\n"
},
{
"path": "docs/howto/new-detector/templated/00-getting-started.md",
"content": "\n# Getting started with templated plugins\n\nIn this documentation, you will learn how to write a plugin for Tsunami in the\ntemplated format.\n\n## What will be covered\n\n- [Introduction](01-introduction)\n\n * What is a templated plugin?\n * How does it work?\n * How do I know how to write a templated plugin?\n * Execution workflow of a templated plugin\n\n\n- [Bootstrapping the plugin](02-bootstrapping)\n\n * Understanding the vulnerability\n * Providing information about our plugin and the vulnerability\n * Configuring the plugin\n\n\n- [Writing the first actions](03-first-actions)\n\n- [Putting it together in workflows](04-workflows)\n\n- [Using variables](05-variables)\n\n * Using variables\n * Extracting information to local variables\n * Predefined variables\n\n\n- [Using the callback server](06-callback-server)\n\n- [Using cleanup actions](07-cleanup-actions)\n\n- [Writing unit tests](08-writing-unit-tests)\n\n- Glossaries\n\n * [Predefined variables](glossary-predefined-variables)\n * [Magic tests URIs when mocking HTTP](glossary-tests-magic-uri)\n\n\n- Appendixes\n\n * [Convention: How to name a plugin](appendix-naming-plugin)\n * [Convention: How to name an action](appendix-naming-actions)\n * [Convention: Naming tests](appendix-naming-tests)\n * [Using the linter](appendix-using-linter)\n\n## Let's get started!\n\n[Introduction](01-introduction)\n"
},
{
"path": "docs/howto/new-detector/templated/01-introduction.md",
"content": "\n# Introduction\n\n## What is a templated plugin?\n\nIn the past, if you wanted to write a Tsunami detector, you would need to\nimplement your detector using Java or Python. For each, you would have to write\na set of tests and ensure that everything is compiling and working as intended.\n\nThis process proved to be very time consuming; especially as most Tsunami\ndetectors are simply sending an HTTP request and checking the response code and\nbody content. That is why we introduced templated plugins.\n\n## How does it work?\n\nWe have abstracted most of the code required to write a plugin. All you need to\ndo is to write a `.textproto` file that describes the behavior of your\nplugin and a `_test.textproto` file that describes the tests for the plugin.\n\nA `.textproto` is a human-readable text representation of a protocol buffer\nmessage. If you are not familiar with protocol buffers, we recommend checking\nthe [official documentation](https://protobuf.dev/), but for our use case, you\ncan think of it as a strongly typed JSON or YAML.\n\nThe `.textproto` files are compiled into binary format and embedded as resources\nto a meta plugin that we will refer to as the templated Tsunami plugin. At\nruntime, the templated plugin will interpret the behavior described in each file\nand dynamically create a new detector for it.\n\n\n\n## How do I know how to write a templated plugin?\n\nWe have tried to cover as much as possible in this documentation. But the\nconfiguration language is bound to evolve with time. If you have any doubt, the\nsource of truth will always be the\n[proto definition](https://github.com/google/tsunami-security-scanner-plugins/tree/master/templated/templateddetector/proto)\nwhich we aim at keeping as straightforward and commented as possible.\n\n## Execution workflow of a templated plugin\n\nEach plugin is defined by a set of two high-level concepts: **Actions** and\n**workflows**.\n\n- **Actions** are the basic unit of execution in a templated plugin. They are\nresponsible for performing one specific... well... action and returning a\nboolean value that defines whether it was successful. An example action, in\nplain English, could be:\n\n> Send an HTTP request to the target and verify that the returned status code\n> is 200\n\n- Once you have defined a set of actions, you need to be able to define an order\nin which they will be executed: this is the role of **workflows**.\n\nTo write a plugin, we need to define a set of actions and put them in a\nspecific order with workflows. But how are things executed? The engine processes\nplugins in the following way:\n\n1. Extracts all the workflows and actions defined in the plugin;\n2. Performs very basic checks to ensure that everything is well defined;\n3. Goes through all the defined workflows and execute the first that matches\nthe conditions it was defined with;\n4. Executes every action of the workflow in order until one fails or all actions\nare successful;\n5. If any action failed, there is no vulnerability. If all actions were\nsuccessful, the vulnerability is present.\n\nSteps 4 and 5 are repeated for every network service found during the port\nscanning phase of Tsunami. We call steps 4 and 5 a **run of the workflow**.\n\n## What is next\n\n[Bootstrapping the plugin](02-bootstrapping)\n"
},
{
"path": "docs/howto/new-detector/templated/02-bootstrapping.md",
"content": "\n# Bootstrapping the plugin\n\n*This section assumes that you already know how to\n[build and run Tsunami](https://google.github.io/tsunami-security-scanner/howto/howto).*\n\n## Before starting\n\nBefore we start, we encourage you to take a quick look at the setup guide for\nthe linter of the configuration language. Your plugin will be expected to pass\nall the checks in this linter. Warnings will have to be justified before being\nmerged as well.\n\n[See the instructions for the linter](appendix-using-linter)\n\n## Our vulnerable application\n\nFor this tutorial series, we will write a simple detector for a non-existing\nvulnerability `CVE-0123-12345`. We want our detector to:\n\n- *Fingerprint the application*: we only want to send other requests if we are\nsure that we are dealing with the potentially vulnerable application; So we are\ngoing to send an HTTP request to `/version` and check for the presence of the\nbanner `MyVulnerableApp` in the `Server` header;\n\n- *Exploit the application*: once we are sure that we are dealing with the right\napplication, we are going to send a `POST` request to `/exploit` with a custom\npayload `%{ print(\"tsunami_%d_marker\", 1250*1+3) }%` in the `process` field.\nThen we are going to verify that it gets executed by verifying that the answer\ncontains `tsunami_1253_marker`;\n\n*Note: In this example, we simulate a template injection vulnerability that is\ngoing to cause `%{ print(\"tsunami_%d_marker\", 1250*1+3) }%` to be interpreted.\nThe vulnerable language or the syntax have no importance. The result of\n`1250*1+3` is going to be replaced at the `%d` placeholder, resulting in\n`tsunami_1253_marker` being printed in the response.*\n\n## Providing information about our plugin\n\nLet's create a new file in our local copy of the\n[Tsunami plugin repository](https://github.com/google/tsunami-security-scanner-plugins)\nas `templated/templateddetector/plugins/cve/0123/MyVulnerableApp_CVE_0123_12345.textproto`.\n\nLet's add the header that will help linters to understand which proto definition\nwe are using:\n\n```proto\n# proto-file: third_party/tsunami_plugins/templated/templateddetector/proto/templated_plugin.proto\n# proto-message: TemplatedPlugin\n```\n\nThen we provide basic information about our plugin. Note that the name of the\nplugin is used to **uniquely identify it and thus should be unique across all\nplugins**.\n\n```proto\ninfo: {\n type: VULN_DETECTION\n name: \"MyVulnerableApp_CVE_0123_12345\"\n author: \"Some developper \"\n version: \"1.0\"\n}\n```\n\nNow is a good time to read about our\n[naming conventions for plugins](appendix-naming-plugin).\n\n## Information about the vulnerability\n\nLet's add information about the vulnerability itself. These are the information\nthat will be used to generate the vulnerability report and notify about the\nvulnerability.\n\nImportant: whenever a CVE is associated with the vulnerability the `related_id`\nfield must be filled with the associated CVE reference.\n\n```proto\nfinding: {\n main_id: {\n publisher: \"GOOGLE\"\n value: \"SOME_PLUGIN_DETECTION\"\n }\n title: \"Example templated plugin\"\n description: \"This is an example templated plugin.\"\n recommendation: \"No recommendation, this is an example.\"\n related_id: {\n publisher: \"CVE\"\n value: \"CVE-0123-12345\"\n }\n}\n```\n\n## Configuring the plugin\n\nThe next section in our file, is the `config` section. It allows some basic\ntuning of the plugin. For now, let's keep it empty:\n\n```proto\nconfig: {}\n```\n\nBut it is important to keep in mind that this section allows:\n\n- To enable `debug` mode. In debug mode, the plugin will generate highly verbose\ndebugging messages. For example, it will log every HTTP request and response;\n- To switch the plugin to be `disabled`. Note that even when disabled (unless\nexplicitly specified in the test file) the tests for that plugin will still be\nexecuted.\n\nIf we were to run our plugin now, we would see the plugin being registered but\nwe would get a non-blocking error at runtime because we have no workflow or\naction defined:\n\n```sh\n{ ... }\nDec 31, 2024 11:07:58 AM com.google.tsunami.plugin.PluginBootstrapModule registerDynamicPlugin\nINFO: Dynamic plugin registered: MyVulnerableApp_CVE_0123_12345\n{ ... }\nDec 31, 2024 11:08:15 AM com.google.tsunami.plugins.detectors.templateddetector.TemplatedDetector detect\nINFO: Starting detector: MyVulnerableApp_CVE_0123_12345\nDec 31, 2024 11:08:15 AM com.google.tsunami.plugins.detectors.templateddetector.TemplatedDetector detect\nSEVERE: No workflow matched the current setup. Is plugin 'MyVulnerableApp_CVE_0123_12345' misconfigured?\n{ ... }\n```\n\n## What is next\n\n[Writing the first actions](03-first-actions)\n"
},
{
"path": "docs/howto/new-detector/templated/03-first-actions.md",
"content": "\n# Writing the first actions\n\nEach action is defined by a name and a subtype. A subtype defines what the\naction is able to do: For example \"HTTP request\" is a subtype that allows to\nsend an HTTP request and inspect responses.\n\nLet's start building our fingerprinting step with a very simple action:\n\n```proto\nactions: {\n name: \"fingerprinting\"\n http_request: {\n method: GET\n uri: \"/version\"\n }\n}\n```\n\nIn that action, named `fingerprinting` we simply send a `GET` HTTP request to\n`/version` on the currently targeted service.\n\n*Note that Tsunami will only send HTTP requests to services that have been\nidentified as HTTP services during the port scanning phase.*\n\nBut that action will always succeed because it does not verify anything in the\nresponse. Let's use the `response` field and add a condition on the status code:\n\n```proto\nactions: {\n name: \"fingerprinting\"\n http_request: {\n method: GET\n uri: \"/version\"\n response: {\n http_status: 200\n }\n }\n}\n```\n\nNow we want to ensure the header contains `MyVulnerableApp`: we need to use\n**expectations**. We can either use `expect_all` or `expect_any`, which perform\nchecks on the response that must respectively \"all be true\" or\n\"at least one true\". Here, we have only one expectation, so we will use\n`expect_all` with one `conditions`:\n\n```proto\nactions: {\n name: \"fingerprinting\"\n http_request: {\n method: GET\n uri: \"/version\"\n response: {\n http_status: 200\n expect_all: {\n conditions: [\n { header: { name: \"Server\" } contains: \"MyVulnerableApp\" }\n ]\n }\n }\n }\n}\n```\n\nThe condition is that the `header` with `name` `Server` `contains` the string\n`MyVulnerableApp`.\n\nNow, let's build a `POST` request for our exploitation step:\n\n```proto\nactions: {\n name: \"exploitation\"\n http_request: {\n method: POST\n uri: \"/exploit\"\n data: \"process=%{ print(\\\"tsunami_%d_marker\\\", 1250*1+3) }%\"\n response: {\n http_status: 200\n expect_all: {\n conditions: [\n { body: {} contains: \"tsunami_1253_marker\" }\n ]\n }\n }\n }\n}\n```\n\nThis action is very similar to the previous one but:\n\n- It sends a `POST` request instead of a `GET` one;\n- As part of the `POST` it sends\n`process=%{ print(\\\"tsunami_%d_marker\\\", 1250*1+3) }%` as data;\n- The expectation has been changed to check that the response body\ncontains `tsunami_1253_marker`.\n\n## Redirects\n\nNote that by default, the HTTP client will follow any HTTP redirects.\nIf you wish to change that behavior, you can configure your HTTP request using\nthe `client_options` stanza. For example, with our previous request:\n\n```proto\nactions: {\n name: \"exploitation\"\n http_request: {\n method: POST\n uri: \"/exploit\"\n data: \"process=%{ print(\\\"tsunami_%d_marker\\\", 1250*1+3) }%\"\n client_options: {\n disable_follow_redirects: true\n }\n response: {\n http_status: 200\n expect_all: {\n conditions: [\n { body: {} contains: \"tsunami_1253_marker\" }\n ]\n }\n }\n }\n}\n```\n\n## What is next\n\n[Putting it together in workflows](04-workflows)\n"
},
{
"path": "docs/howto/new-detector/templated/04-workflows.md",
"content": "\n# Assembling the workflow\n\nA workflow is simply a list of the actions to be executed, in order:\n\n```proto\nworkflows: {\n actions: [\n \"fingerprinting\",\n \"exploitation\"\n ]\n}\n```\n\nAnd that's it! We have written our first templated plugin. What happens if we\nrun it against a default HTTP server?\n\n```sh\n{ ... }\nDec 31, 2024 11:29:58 AM com.google.tsunami.plugin.PluginBootstrapModule registerDynamicPlugin\nINFO: Dynamic plugin registered: MyVulnerableApp_CVE_0123_12345\n{ ... }\nDec 31, 2024 11:30:15 AM com.google.tsunami.plugins.detectors.templateddetector.TemplatedDetector detect\nINFO: Starting detector: MyVulnerableApp_CVE_0123_12345\nDec 31, 2024 11:30:15 AM com.google.tsunami.common.net.http.OkHttpHttpClient send\nINFO: Sending HTTP 'GET' request to 'http://127.0.0.1:9090/version'.\nDec 31, 2024 11:30:15 AM com.google.tsunami.common.net.http.OkHttpHttpClient parseResponse\nINFO: Received HTTP response with code '404' for request to 'http://127.0.0.1:9090/version'.\nDec 31, 2024 11:30:15 AM com.google.tsunami.plugins.detectors.templateddetector.TemplatedDetector runWorkflowForService\nINFO: No vulnerability found because action 'Fingerprint' failed.\nDec 31, 2024 11:30:15 AM com.google.tsunami.plugin.PluginExecutorImpl buildSucceededResult\nINFO: MyVulnerableApp_CVE_0123_12345 plugin execution finished in 119 (ms)\n{ ... }\n```\n\nAs expected, a default HTTP server does not have a `Server` header that contains\n`MyVulnerableApp`.\n\n## What is next\n\n[Using variables](05-variables)\n"
},
{
"path": "docs/howto/new-detector/templated/05-variables.md",
"content": "\n# Using variables\n\nIn our action, we have hardcoded our payload, which is not super convenient and\nreadable:\n\n```proto\nactions: {\n name: \"exploitation\"\n http_request: {\n method: POST\n uri: \"/exploit\"\n data: \"process=%{ print(\\\"tsunami_%d_marker\\\", 1250*1+3) }%\"\n response: {\n http_status: 200\n expect_all: {\n conditions: [\n { body: {} contains: \"tsunami_1253_marker\" }\n ]\n }\n }\n }\n}\n```\n\nLet's try to move our payload into a variable. For this, we will define\nvariables in our workflow:\n\n```proto\nworkflows: {\n variables: [\n { name: \"payload\" value: \"%{ print(\\\"tsunami_%d_marker\\\", 1250*1+3) }%\" },\n { name: \"payload_result\" value: \"tsunami_1253_marker\" }\n ]\n\n actions: [\n \"fingerprinting\",\n \"exploitation\"\n ]\n}\n```\n\nWhich can then be used in the action:\n\n{% raw %}\n```proto\nactions: {\n name: \"exploitation\"\n http_request: {\n method: POST\n uri: \"/exploit\"\n data: \"process={{ payload }}\"\n response: {\n http_status: 200\n expect_all: {\n conditions: [\n { body: {} contains: \"{{ payload_result }}\" }\n ]\n }\n }\n }\n}\n```\n{% endraw %}\n\nIMPORTANT: The syntax for variables is requires **exactly** one space before and\nafter the variable name, between the brackets. Otherwise, substitution will not\nhappen.\n\n## Extracting information to local variables\n\nExpectations are sufficient if we need to check that the response has a very\nspecific content. But what if we need to extract some information from the\nresponse for later use? For example, what if we have an action that creates a\njob and we need the job name in a follow-up action to trigger the vulnerability?\n\nIn that case we can use **extractions** and **local variables**. But what are\nlocal variables? There are two types of variables:\n\n- **Workflow variables**: Defined at the workflow level they mostly define\nstatic content. They will exist for the whole lifecycle of the workflow and will\nbe reset to their defined value between workflow runs. Note that workflow\nvariables are technically mutable, but we strongly recommend not mutating\nthem (i.e. not using them in extractions). We used this type of variable in the\nprevious example.\n- **Local variables**: These variables are more dynamic. They are defined from\n**extractions** and are only valid for the current workflow run. They are mostly\nused to extract information that will be used in a later action.\n\nFor our previous example, let us assume that the `/version` page returns a CSRF\ntoken that we will need to use in the `/exploit` request. We can use a local\nvariable to store that value:\n\n```proto\nactions: {\n name: \"fingerprinting\"\n http_request: {\n method: GET\n uri: \"/version\"\n response: {\n http_status: 200\n expect_all: {\n conditions: [\n { header: { name: \"Server\" } contains: \"MyVulnerableApp\" }\n ]\n }\n extract_all: {\n patterns: [\n {\n from_body: {}\n regexp: \"CSRFToken=([a-zA-Z0-9_]+)\"\n variable_name: \"csrf_token\"\n },\n ]\n }\n }\n }\n}\n```\n\nIn that example, we:\n\n- still verify that the server has the `Server` header that we expect;\n- also try to `extract_all` `patterns` `from_body` given regular expression\n`regexp` and store the result in the variable `variable_name` (here\n\"csrf_token\").\n\nThe extraction system offers **exactly** one capture group and extracting\nseveral information should be set into different patterns.\n\nWARNING: The use of extractions with `extract_any` should be done carefully. We\nvery strongly recommend to only use `extract_any` with the\n**same variable name** between extractions. Doing otherwise makes the plugin\npotentially flaky and difficult to debug.\n\n## Predefined variables\n\nNow would be a good time to look at the\n[list of variables](glossary-predefined-variables) that Tsunami provides.\n\n## What is next\n\n[Using the callback server](06-callback-server)\n"
},
{
"path": "docs/howto/new-detector/templated/06-callback-server.md",
"content": "\n# Using the callback server\n\nIf you wrote plugins for Tsunami before, you know about the callback server. If\nyou have not, the callback server is a mechanism that allows us to check for\nvulnerabilities via an out-of-band mechanism. You can read more about it on the\n[dedicated GitHub repository](https://github.com/google/tsunami-security-scanner-callback-server).\n\nIn a nutshell, the callback server works this way:\n\n1. A secret is generated (and stored in `T_CBS_SECRET`);\n2. This secret is hashed;\n3. The exploit uses the hashed secret and the URL of the callback server\n(`T_CBS_URI`) to trigger an out-of-band communication with the callback server;\n4. The secret can be used to ask the callback server if a communication using\nthe hashed secret has been logged (i.e. if the vulnerability has been\ntriggered);\n\nCurrently, the templated plugin system does not support payload generation,\nso communication with the callback server has to be handled semi-manually.\n\nEvery workflow run will automatically generate a new secret, its hash and the\nadequate trigger URL. That means that, as part of your exploit, you will need to\nmake sure a request to the callback server is made with the trigger URL. The\ntrigger URL is stored in the `T_CBS_URI` variable. For example, in our previous\nexample we could change the payload to:\n\n{% raw %}\n```proto\n{ name: \"payload\" value: \"%{ import os; os.system('curl {{ T_CBS_URI }}') }%\" }\n```\n{% endraw %}\n\n`T_CBS_URI` would be replaced with the trigger URL and the callback server\nwould receive a request on that endpoint if the vulnerability is triggered.\nChecking if the vulnerability was triggered then simply requires defining a new\naction:\n\n```proto\nactions: {\n name: \"check_callback_server_logs\"\n callback_server: { action_type: CHECK }\n}\n```\n\nAnd, voila! But wait... How do we know, in our plugin, if the callback server\nis currently running? Do we not want to support both use cases? That is one of\nthe features offered by workflows: `condition` allows you to define a condition\nfor the workflow to be executed. With our example:\n\n{% raw %}\n```proto\n# Workflow that uses the callback server.\nworkflows: {\n condition: REQUIRES_CALLBACK_SERVER\n variables: [\n { name: \"payload\" value: \"%{ import os; os.system('curl {{ T_CBS_URI }}') }%\" }\n ## note: empty string is always present in the body. This cancels out the\n ## body content expectation.\n { name: \"payload_result\" value: \"\" }\n ]\n\n actions: [\n \"fingerprinting\",\n \"exploitation\",\n \"check_callback_server_logs\"\n ]\n}\n\n# Workflow that does not use the callback server.\nworkflows: {\n variables: [\n { name: \"payload\" value: \"%{ print(\\\"tsunami_%d_marker\\\", 1250*1+3) }%\" },\n { name: \"payload_result\" value: \"tsunami_1253_marker\" }\n ]\n\n actions: [\n \"fingerprinting\",\n \"exploitation\"\n ]\n}\n```\n{% endraw %}\n\nNote: Because workflow are interpreted in order, the one that is more\nrestrictive needs to be defined first. Otherwise, the less restrictive workflow\nwould always be the one running.\n\n## What is next\n\n[Using cleanup actions](07-cleanup-actions)\n"
},
{
"path": "docs/howto/new-detector/templated/07-cleanup-actions.md",
"content": "\n# Cleanup actions\n\nIn our example, none of the defined actions will modify the target. But what if\nwe had some actions that we want to clean-up after? Cleanup actions are the\nsolution.\n\nLet us assume an arbitrary example that would cause a change on the target:\n\n```proto\nactions: {\n name: \"create_docker_container\"\n http_request: {\n method: POST\n uri: \"/api/v1/create\"\n data: \"name=MySuperContainer\"\n response: {\n http_status: 200\n }\n }\n}\n```\n\nIn that example, if the request is successful, a new container will be created\non the target, but we want to make sure to delete that container afterwards.\nBecause cleanup actions are normal actions, we can start by writing the deletion\nrequest:\n\n```proto\nactions: {\n name: \"cleanup_container\"\n http_request: {\n method: POST\n uri: \"/api/v1/delete\"\n data: \"name=MySuperContainer\"\n response: {\n http_status: 200\n }\n }\n}\n```\n\nThis action will ensure the container is deleted. But now, how do we make sure\nit is executed after and only if the container has been created? We register\nit as a cleanup of the initial action:\n\n```proto\nactions: {\n name: \"create_docker_container\"\n http_request: {\n method: POST\n uri: \"/api/v1/create\"\n data: \"name=MySuperContainer\"\n response: {\n http_status: 200\n }\n }\n cleanup_actions: \"cleanup_container\"\n}\n```\n\nNote the newly added `cleanup_actions` entry. This will ensure the following:\n\n- If `create_docker_container` is not executed or fail, the cleanup action will\nnot be executed;\n- If the `create_docker_container` is executed successfully, the cleanup action\nwill always be executed at the end of the current workflow run;\n\n## What is next\n\n[Writing unit tests](08-writing-unit-tests)\n"
},
{
"path": "docs/howto/new-detector/templated/08-writing-unit-tests.md",
"content": "\n# Writing unit tests\n\nFor every workflow, we expect to see associated unit tests for each of your\ncontributions. If unit tests are not as reliable as integration testing,\nespecially in the context of the scanner, they provide some insurance that\nchanges are not breaking detectors.\n\n## Configuration of the unit test\n\nThe tests for a specific plugin are defined in a test file that is named exactly\nlike the detector, with the `_test` suffix. For example, for a\n`NodeRED_ExposedUI.textproto` you can find its\n`NodeRED_ExposedUI_test.textproto` counterpart.\n\nOnce created, the file needs to contain a minimal configuration:\n\n```proto\nconfig: {\n tested_plugin: \"nameOfTheTestedPlugin\"\n}\n```\n\nWhere `nameOfTheTestedPlugin` is the name of the plugin. The `tested_plugin`\nconfiguration indicates to the test engine which detector to bind the test to.\nWithout this option, your test will not work.\n\nYou can additionally define the `disabled` configuration option, but in most\ncases you will not need to use it.\n\n## Defining tests\n\nOnce you have configured the general option for your unit tests, you need to\nactually define each tests.\n\nMost test will rely on a mock server to simulate the target application that\nwe wrote a detector for. But before we dig deeper into mock servers, each\ntest needs to have a name and whether the vulnerability will be found, for\nexample:\n\n```proto\ntests: {\n name: \"whenVulnerable_returnsTrue\"\n expect_vulnerability: true\n}\n\ntests: {\n name: \"whenNotVulnerable_returnsFalse\"\n expect_vulnerability: false\n}\n```\n\nSee our [convention on naming tests](appendix-naming-tests).\n\n## Using mock servers\n\nNow we can start simulating the behavior of our vulnerable application. Two mock\ncapabilities are currently integrated in the templated plugin system:\n\n- An HTTP server;\n- A fake Callback server;\n\nSeveral mocks can be used at the same time.\n\nLet us take a simplified version of our previously defined plugin:\n\n```proto\nactions: {\n name: \"exploitation\"\n http_request: {\n method: POST\n uri: \"/exploit\"\n data: \"process=%{ import os; os.system('curl {{ T_CBS_URI }}') }%\"\n response: {\n http_status: 200\n }\n }\n}\n\nactions: {\n name: \"check_callback_server_logs\"\n callback_server: { action_type: CHECK }\n}\n\nworkflows: {\n condition: REQUIRES_CALLBACK_SERVER\n actions: [\n \"exploitation\",\n \"check_callback_server_logs\"\n ]\n}\n```\n\nTo validate vulnerability detection of this plugin, we will need:\n\n- To simulate the callback server to return true. This can easily be done with\nthe `mock_callback_server` directive;\n- To simulate the answer to `/exploit` with the HTTP server which can easily be\ndone with the `mock_http_server` directive;\n\n```proto\ntests: {\n name: \"whenVulnerable_returnsTrue\"\n expect_vulnerability: true\n\n mock_callback_server: {\n enabled: true\n has_interaction: true\n }\n\n mock_http_server: {\n mock_responses: [\n {\n uri: \"/exploit\"\n status: 200\n },\n ]\n }\n}\n```\n\nAnd that is it. If we wanted to check a case where the server is not vulnerable\nwe could use the following test case:\n\n```proto\ntests: {\n name: \"whenNotVulnerable_returnFalse\"\n expect_vulnerability: false\n\n mock_http_server: {\n mock_responses: [\n {\n uri: \"/exploit\"\n status: 403\n },\n ]\n }\n}\n```\n\nNote that we do not need the callback server anymore as the workflow will fail\nbefore. Additionally, the `/exploit` endpoint now returns a `403`.\n\n## Adding a bit of magic to our world\n\nWhen mocking HTTP responses, Tsunami provides a few magic endpoints (to be\nused in the `uri` field).\n\nYou can view them in the [glossary](glossary-tests-magic-uri).\n\n## Generating things for you\n\nFinally, under the hood, Tsunami will also generate unit tests for you. This\nhelps us detecting flaky detectors: for example when a detector fails to pass\nthe \"echo server\" test (when the server is just repeating the request, a\ndetector should not raise a vulnerability).\n\n## Congratulations!\n\nCongratulations, you have finished writing your first templated plugin!\n"
},
{
"path": "docs/howto/new-detector/templated/appendix-naming-actions.md",
"content": "# Convention: How to name actions\n\nActions must be named using the `[a-zA-Z0-9_]` character set. For example\n`this_is_my_action`. This naming convention helps improving discoverability of\nactions.\n"
},
{
"path": "docs/howto/new-detector/templated/appendix-naming-plugin.md",
"content": "# Convention: How to name a plugin\n\nThe plugin name and filename should be identical as it makes for easier\ndiscoverability. Plugins should be named using the following convention:\n\n- All plugins should be named using the following character set: `[a-zA-Z0-9_]`\nso no spaces or special characters.\n- If the vulnerability has an associated CVE:\n`VulnerableApplicationName_CVE_YYYY_NNNNN` and the plugin should be placed in\nthe `cve/YYYY/` directory.\n- If the vulnerability does not have an associated CVE:\n`VulnerableApplicationName_YYYY_VulnerabilityName`; if a vulnerability has no\nname you can try to describe it, for example `PreauthRCE`. The vulnerability\nwill then be placed in the directory that matches the type of vulnerability,\nfor example `rce/YYYY/VulnerableApplicationName_YYYY_VulnerabilityName`.\n- When the name of a plugin contains an acronym (e.g. `HTTP`, `UI`, `RCE`),\nthat acronym must be in uppercase.\n"
},
{
"path": "docs/howto/new-detector/templated/appendix-naming-tests.md",
"content": "# How to name unit tests\n\nUse `condition_outcome` as the naming schema for your tests. That explicitly\nmeans that you should not prefix the test function name with \"test\".\n\nExample: `whenVulnerable_returnsTrue`.\n"
},
{
"path": "docs/howto/new-detector/templated/appendix-using-linter.md",
"content": "\n# Using the linter\n\nFor all plugins written using our configuration format, we expect the plugins to\nbe linted.\n\nThe linter ensures that the plugin has the right format but also performs a\nseries of checks that make sure it is behaving correctly.\n\n## Installing the linter\n\n### Using our docker image\n\nThe linter is bundled in our docker image and will automatically run.\n\n### Custom setup\n\nThe linter is a Go binary that can very easily be installed:\n\n```\n$ go install github.com/google/tsunami-security-scanner-plugins/templated/utils/linter@latest\n$ linter \n```\n\nNote that depending on your current configuration, you might have to extend your\n`PATH`. See the\n[Golang documentation](https://go.dev/doc/tutorial/compile-install) for details.\n"
},
{
"path": "docs/howto/new-detector/templated/glossary-predefined-variables.md",
"content": "# Predefined variables\n\nTsunami will provide a predefined set of variable to the environment that you\ncan make use of in your actions. We try to maintain a strong naming convention\nfor these :\n\n- `T_` stands for Tsunami and identifies a variable that is provided by the\ncore engine;\n- `_UTL_` stands for utility and provides various utility variables;\n- `_NS_` stands for network service and provide information about the currently\nscanned network service;\n- `_CBS_` stands for callback server and provides information about the\ncallback server.\n\nHere is the list of variables that are provided:\n\n- `T_UTL_CURRENT_TIMESTAMP_MS`: Provides the current timestamp in milliseconds.\nNote that the timestamp is computed at the beginning of a workflow run. It will\nthus be different between services but always return the same value within one\nrun;\n- `T_NS_BASEURL`: The base URL of the network service being scanned. For example\n`http://127.0.0.1:9090` or `http://hostname.lan:1000`;\n- `T_NS_PROTOCOL`: The protocol used by the network service being scanned (e.g.\n`tcp`);\n- `T_NS_HOSTNAME`: The hostname of the network service being scanned. Note that\nthis variable is only available if Tsunami was invoked with a hostname target\n(e.g. `hostname.lan`);\n- `T_NS_PORT`: The port of the network service being scanned (e.g. `1000`);\n- `T_NS_IP`: The IP of the network service being scanned (e.g. `127.0.0.1`);\n- `T_CBS_URI`: The callback server URL used to trigger the callback server. This\nis the main variable used when using the callback server. It contains the\naddress and hashed secret (e.g. `http://tsunami-callback.lan/8fe7d878787d65`\nwhere `8fe7d878787d65` is the **hashed** secret);\n- `T_CBS_SECRET`: The callback server secret generated for the current workflow\nrun; note that it is not hashed and is not relevant in most cases (e.g.\n`somesecret`);\n- `T_CBS_ADDRESS`: Address of the callback server (e.g. `tsunami-callback.lan`);\n- `T_CBS_PORT`: Port of the callback server (e.g. `80`);\n"
},
{
"path": "docs/howto/new-detector/templated/glossary-tests-magic-uri.md",
"content": "## Magic tests URIs\n\nThe following URIs are considered \"magic\" in tests when using the mock HTTP\nserver:\n\n- `TSUNAMI_MAGIC_ANY_URI`: Will match any URI; so this answer will match any\nrequest;\n- `TSUNAMI_MAGIC_ECHO_SERVER`: Force Tsunami to repeat the request in the\nresponse. This is used internally to detect flaky detectors;\n"
},
{
"path": "docs/howto/orchestration.md",
"content": "# Tsunami Scan Orchestration\n\n## Overview\n\nTsunami follows a hardcoded 2-step process when scanning a publicly\nexposed network endpoint:\n\n* **Reconnaissance**: First, Tsunami identifies open ports and\n subsequently fingerprints protocols, services and other software running on\n the target host via a set of fingerprinting plugins. To not reinvent the\n wheel, Tsunami leverages existing tools such as [nmap](https://nmap.org/)\n for some of these tasks.\n* **Vulnerability verification**: Based on the information gathered in step 1,\n Tsunami selects all vulnerability verification plugins matching the\n identified services and executes them in order to verify vulnerabilities\n without false positives.\n\n## Overall Scanning Workflow\n\nFollowing diagram shows the overall workflow for a Tsunami scan.\n\n\n\n## Reconnaissance\n\nIn the reconnaissance step, Tsunami probes the scan target and gathers as much\ninformation about the scan target as possible, including:\n\n* open ports,\n* protocols,\n* network services & their banners,\n* potential software & corresponding version.\n\nTsunami performs the Reconnaissance step in 2 separate phases.\n\n### Port Scanning Phase\n\nIn the port scanning phase, Tsunami performs port sweeping in order to identify\nopen ports, protocols and network services on the scan target. The output of\nPort Scanning is a `PortScanReport` protobuf that contains all the identified\n`NetworkService`s from the port scanner.\n\n`PortScanner` is a special type of Tsunami plugins design for Port Scanning\npurpose. This allows users to swap the port scanning implementations. To not\nreinvent the wheel, users could choose a Tsunami plugin wrapper around existing\ntools like [nmap](https://nmap.org/) or\n[masscan](https://github.com/robertdavidgraham/masscan). You may find useful\n`PortScanner` implementations in\n[tsunami-security-scanner-plugins](https://github.com/google/tsunami-security-scanner-plugins/tree/master/google/portscan)\nrepo.\n\n### Fingerprinting Phase\n\nUsually port scanners only provide very basic service detection capability. When\nthe scan target hosts complicated network services, like web servers, the\nscanner needs to perform further fingerprinting work to learn more about the\nexposed network services.\n\nFor example, the scan target might choose to serve multiple web applications on\nthe same TCP port 443 using nginx for reverse proxy, `/blog` for WordPress, and\n`/forum` for phpBB, etc. Port scanner will only be able to tell port 443 is\nrunning nginx. A Web Application Fingerprinter with a comprehensive crawler is\nrequired to identify these applications.\n\n`ServiceFingerprinter` is a special type of Tsunami plugin that allows users to\ndefine fingerprinters for a specific network service. By using filtering\nannotations, Tsunami will be able to automatically invoke appropriate\n`ServiceFingerprinter`s when it identifies matching network services.\n\nTsunami only performs service fingerprinting for web services,\nusing the\n[`WebServiceFingerprinter`](https://github.com/google/tsunami-security-scanner-plugins/blob/71c57f6bc151a3d97675d74c904a175172c77df4/google/fingerprinters/web/src/main/java/com/google/tsunami/plugins/fingerprinters/web/WebServiceFingerprinter.java)\nplugin.\n\n### Reconnaissance Report\n\nAt the end of the reconnaissance step, Tsunami compiles both the port scanner\noutputs and service fingerprinter outputs into a single `ReconnaissanceReport`\nprotobuf for Vulnerability Verification.\n\n## Vulnerability Verification\n\nIn the Vulnerability Verification step, Tsunami executes the `VulnDetector`\nplugins in parallel to verify certain vulnerabilities on the scan target based\non the information gathered in the Reconnaissance step. `VulnDetector`'s\ndetection logic could either be implemented as plain Java code, or as a separate\nbinary / script using a different language like python or go. External binaries\nand scripts have to be executed as separate processes outside of Tsunami using\nTsunami's command execution util.\n\n### Detector Selection\n\nUsually one `VulnDetector` only verifies one vulnerability and the vulnerability\noften only affects one type of network service or software. In order to avoid\ndoing wasteful work, Tsunami allows plugins to be annotated by some filtering\nannotations to limit the scope of the plugin.\n\nThen before the Vulnerability Verification step starts, Tsunami will select\nmatching `VulnDetector`s to run based on the exposed network services and\nrunning software on the scan target. Non-matching `VulnDetector`s will stay\ninactive throughout the entire scan.\n"
},
{
"path": "docs/index.md",
"content": ""
},
{
"path": "full.Dockerfile",
"content": "# Core engine\nFROM ghcr.io/google/tsunami-scanner-core:latest AS core\n\n# Callback server\nFROM ghcr.io/google/tsunami-security-scanner-callback-server:latest AS tcs\n\n# Plugins\nFROM ghcr.io/google/tsunami-plugins-google:latest AS plugins-google\nFROM ghcr.io/google/tsunami-plugins-templated:latest AS plugins-templated\nFROM ghcr.io/google/tsunami-plugins-doyensec:latest AS plugins-doyensec\nFROM ghcr.io/google/tsunami-plugins-community:latest AS plugins-community\nFROM ghcr.io/google/tsunami-plugins-govtech:latest AS plugins-govtech\nFROM ghcr.io/google/tsunami-plugins-facebook:latest AS plugins-facebook\nFROM ghcr.io/google/tsunami-plugins-python:latest AS plugins-python\n\n# Release a full version\nFROM ubuntu:latest AS release\n\nRUN apt-get update \\\n && apt-get install -y --no-install-recommends ca-certificates openjdk-21-jre golang python3 python3-venv \\\n && rm -rf /var/lib/apt/lists/* \\\n && rm -rf /usr/share/doc && rm -rf /usr/share/man \\\n && apt-get clean \\\n && mkdir logs/\n\nCOPY --from=core /usr/tsunami/ /usr/tsunami/\nCOPY --from=tcs /usr/tsunami/ /usr/tsunami/\n\nCOPY --from=plugins-google /usr/tsunami/plugins/ /usr/tsunami/plugins/\nCOPY --from=plugins-templated /usr/tsunami/plugins/ /usr/tsunami/plugins/\nCOPY --from=plugins-doyensec /usr/tsunami/plugins/ /usr/tsunami/plugins/\nCOPY --from=plugins-community /usr/tsunami/plugins/ /usr/tsunami/plugins/\nCOPY --from=plugins-govtech /usr/tsunami/plugins/ /usr/tsunami/plugins/\nCOPY --from=plugins-facebook /usr/tsunami/plugins/ /usr/tsunami/plugins/\nCOPY --from=plugins-python /usr/tsunami/py_plugins/ /usr/tsunami/py_plugins/\n\n# Install the linter\nRUN go install github.com/google/tsunami-security-scanner-plugins/templated/utils/linter@latest \\\n && ln -s /root/go/bin/linter /usr/bin/tsunami-linter\n\n# Symlink the Python plugins so that they are discoverable by Python.\nRUN ln -s /usr/tsunami/py_plugins/ /usr/tsunami/py_server/py_plugins\n\n# Create the __init__.py files to ensure all plugins are discoverable.\nRUN find /usr/tsunami/py_plugins/ \\\n -type d \\\n ! -name '__pycache__' \\\n -exec touch '{}/__init__.py' \\;\n\n# Create wrapper scripts\nWORKDIR /usr/tsunami\nRUN echo '#!/bin/bash\\njava -cp /usr/tsunami/tsunami.jar:/usr/tsunami/plugins/* -Dtsunami.config.location=/usr/tsunami/tsunami.yaml com.google.tsunami.main.cli.TsunamiCli $*\\n' > /usr/bin/tsunami \\\n && chmod +x /usr/bin/tsunami \\\n && echo '#!/bin/bash\\njava -cp /usr/tsunami/tsunami-tcs.jar com.google.tsunami.callbackserver.main.TcsMain --custom-config=/usr/tsunami/tcs_config.yaml $*\\n' > /usr/bin/tsunami-tcs \\\n && chmod +x /usr/bin/tsunami-tcs \\\n && echo '#!/bin/bash\\n/usr/tsunami/py_venv/bin/python3 /usr/tsunami/py_server/plugin_server.py $*\\n' > /usr/bin/tsunami-py-server \\\n && chmod +x /usr/bin/tsunami-py-server\n"
},
{
"path": "go.mod",
"content": "module github.com/google/tsunami-security-scanner\n\ngo 1.22.0\n"
},
{
"path": "main/README.md",
"content": "# Tsunami Main\n\n## Overview\n\nThis module provides the entry point for starting up Tsunami Security Scanner.\n"
},
{
"path": "main/build.gradle",
"content": "plugins {\n id 'application'\n id 'com.gradleup.shadow' version \"8.3.6\"\n}\n\ndescription = 'Tsunami: main'\n\ndependencies {\n implementation project(':tsunami-common')\n implementation project(':tsunami-plugin')\n implementation project(':tsunami-proto')\n implementation project(':tsunami-workflow')\n\n implementation \"com.beust:jcommander:1.48\"\n implementation \"com.doyensec:libajp:1.0.0\"\n implementation \"com.google.cloud:google-cloud-storage:1.103.1\"\n implementation \"com.google.flogger:flogger:0.9\"\n implementation \"com.google.flogger:google-extensions:0.9\"\n implementation \"com.google.guava:guava:33.0.0-jre\"\n implementation \"com.google.inject:guice:6.0.0\"\n implementation \"com.google.protobuf:protobuf-java:3.25.5\"\n implementation \"io.github.classgraph:classgraph:4.8.65\"\n implementation \"io.grpc:grpc-netty:1.60.0\"\n implementation \"javax.inject:javax.inject:1\"\n implementation \"org.jsoup:jsoup:1.9.2\"\n\n runtimeOnly \"org.glassfish.jaxb:jaxb-runtime:2.3.1\"\n\n testImplementation \"com.google.truth:truth:1.4.4\"\n testImplementation \"com.google.truth.extensions:truth-java8-extension:1.4.4\"\n testImplementation \"com.google.truth.extensions:truth-proto-extension:1.4.4\"\n testImplementation \"junit:junit:4.13.2\"\n testImplementation \"org.mockito:mockito-core:5.18.0\"\n}\n\napplication {\n mainClassName = 'com.google.tsunami.main.cli.TsunamiCli'\n}\n\nshadowJar {\n exclude '*.proto'\n}\n\ntasks.named(\"distZip\") {\n dependsOn(\":tsunami-main:shadowJar\")\n}\n\ntasks.named(\"distTar\") {\n dependsOn(\":tsunami-main:shadowJar\")\n}\n\ntasks.named(\"startScripts\") {\n dependsOn(\":tsunami-main:shadowJar\")\n}\n\ntasks.named(\"startShadowScripts\") {\n dependsOn(\":tsunami-main:jar\")\n}\n\ntasks.named(\"compileJava\") {\n dependsOn(\":tsunami-plugin:shadowJar\")\n}\n\ntasks.named('compileJava') {\n dependsOn(':tsunami-proto:shadowJar')\n dependsOn(':tsunami-workflow:shadowJar')\n}\n"
},
{
"path": "main/src/main/java/com/google/tsunami/main/cli/LanguageServerOptions.java",
"content": "/*\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.main.cli;\n\nimport com.beust.jcommander.Parameter;\nimport com.beust.jcommander.ParameterException;\nimport com.beust.jcommander.Parameters;\nimport com.google.common.collect.ImmutableList;\nimport com.google.tsunami.common.cli.CliOption;\nimport com.google.tsunami.common.data.NetworkEndpointUtils;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\nimport java.util.List;\n\n/** Command line arguments for Tsunami language servers. */\n@Parameters(separators = \"=\")\npublic final class LanguageServerOptions implements CliOption {\n\n @Parameter(\n names = \"--plugin-server-paths\",\n description = \"The filename of the language server to run language-specific plugins.\")\n public List pluginServerFilenames = ImmutableList.of();\n\n @Parameter(\n names = \"--plugin-server-ports\",\n description =\n \"The port of the plugin server to open connection with. If not enough ports were\"\n + \" specified for the number of language servers specified, an open port will be\"\n + \" chosen.\")\n public List pluginServerPorts = ImmutableList.of();\n\n @Parameter(\n names = \"--plugin-server-rpc-deadline-seconds\",\n description = \"The RPC deadline in seconds for the plugin servers.\")\n public List pluginServerRpcDeadlineSeconds = ImmutableList.of();\n\n @Parameter(\n names = {\"--remote-plugin-server-addresses\", \"--python-plugin-server-address\"},\n description = \"The address for remote language server (e.g. Python).\")\n public List remotePluginServerAddress = ImmutableList.of();\n\n @Parameter(\n names = {\"--remote-plugin-server-ports\", \"--python-plugin-server-port\"},\n description = \"The port of the remote plugin server to open connection with.\")\n public List remotePluginServerPort = ImmutableList.of();\n\n @Parameter(\n names = \"--remote-plugin-server-rpc-deadline-seconds\",\n description = \"The RPC deadline in seconds for this plugin server.\")\n public List remotePluginServerRpcDeadlineSeconds = ImmutableList.of();\n\n @Override\n public void validate() {\n if (!pluginServerFilenames.isEmpty() || !pluginServerPorts.isEmpty()) {\n if (pluginServerFilenames != null && !pluginServerFilenames.isEmpty()) {\n for (String pluginServerFilename : pluginServerFilenames) {\n if (!Files.exists(Paths.get(pluginServerFilename))) {\n throw new ParameterException(\n String.format(\"Language server path %s does not exist\", pluginServerFilename));\n }\n }\n }\n\n if (pluginServerPorts != null && !pluginServerPorts.isEmpty()) {\n for (String pluginServerPort : pluginServerPorts) {\n try {\n int port = Integer.parseInt(pluginServerPort);\n if (!(port <= NetworkEndpointUtils.MAX_PORT_NUMBER && port > 0)) {\n throw new ParameterException(\n String.format(\n \"Port out of range. Expected [0, %s], actual %s.\",\n NetworkEndpointUtils.MAX_PORT_NUMBER, pluginServerPort));\n }\n } catch (NumberFormatException e) {\n throw new ParameterException(\n String.format(\"Port number must be an integer. Got %s instead.\", pluginServerPort),\n e);\n }\n }\n }\n\n var pathCounts = pluginServerFilenames == null ? 0 : pluginServerFilenames.size();\n var portCounts = pluginServerPorts == null ? 0 : pluginServerPorts.size();\n if (pathCounts != portCounts) {\n throw new ParameterException(\n String.format(\n \"Number of plugin server paths must be equal to number of plugin server ports.\"\n + \" Paths: %s. Ports: %s.\",\n pathCounts, portCounts));\n }\n\n if (!pluginServerRpcDeadlineSeconds.isEmpty()) {\n if (pluginServerRpcDeadlineSeconds.size() != pathCounts) {\n throw new ParameterException(\n String.format(\n \"Number of plugin server rpc deadlines must be equal to number of plugin server\"\n + \" ports. Paths: %s. Ports: %s. Deadlines: %s\",\n pathCounts, portCounts, pluginServerRpcDeadlineSeconds.size()));\n }\n }\n }\n\n if (!remotePluginServerAddress.isEmpty()) {\n var addrCounts = remotePluginServerAddress.size();\n var portCounts = remotePluginServerPort.size();\n if (addrCounts != portCounts) {\n throw new ParameterException(\n String.format(\n \"Number of remote plugin server paths must be equal to number of plugin server \"\n + \"ports. Addresses: %s. Ports: %s.\",\n addrCounts, portCounts));\n }\n\n if (!remotePluginServerRpcDeadlineSeconds.isEmpty()) {\n if (remotePluginServerRpcDeadlineSeconds.size() != addrCounts) {\n throw new ParameterException(\n String.format(\n \"Number of plugin server rpc deadlines must be equal to number of plugin server\"\n + \" ports. Paths: %s. Ports: %s. Deadlines: %s\",\n addrCounts, portCounts, pluginServerRpcDeadlineSeconds.size()));\n }\n }\n\n for (int port : remotePluginServerPort) {\n if (!(port <= NetworkEndpointUtils.MAX_PORT_NUMBER && port > 0)) {\n throw new ParameterException(\n String.format(\n \"Remote plugin server port out of range. Expected [0, %s], actual %s.\",\n NetworkEndpointUtils.MAX_PORT_NUMBER, port));\n }\n }\n }\n }\n}\n"
},
{
"path": "main/src/main/java/com/google/tsunami/main/cli/ScanResultsArchiver.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.main.cli;\n\nimport static com.google.common.base.Preconditions.checkNotNull;\nimport static com.google.tsunami.common.io.archiving.GoogleCloudStorageArchiver.GS_URL_PATTERN;\n\nimport com.beust.jcommander.Parameter;\nimport com.beust.jcommander.ParameterException;\nimport com.beust.jcommander.Parameters;\nimport com.google.cloud.storage.Storage;\nimport com.google.cloud.storage.StorageOptions;\nimport com.google.common.base.Strings;\nimport com.google.common.flogger.GoogleLogger;\nimport com.google.protobuf.InvalidProtocolBufferException;\nimport com.google.protobuf.util.JsonFormat;\nimport com.google.tsunami.common.cli.CliOption;\nimport com.google.tsunami.common.io.archiving.Archiver;\nimport com.google.tsunami.common.io.archiving.GoogleCloudStorageArchiver;\nimport com.google.tsunami.common.io.archiving.RawFileArchiver;\nimport com.google.tsunami.main.cli.option.OutputDataFormat;\nimport com.google.tsunami.proto.ScanResults;\nimport javax.inject.Inject;\n\nclass ScanResultsArchiver {\n\n @Parameters(separators = \"=\")\n static final class Options implements CliOption {\n\n @Parameter(\n names = \"--scan-results-local-output-filename\",\n description = \"The local output filename of the scanning results.\")\n public String localOutputFilename;\n\n @Parameter(\n names = \"--scan-results-local-output-format\",\n description = \"The format of the scanning results saved as local file.\")\n public OutputDataFormat localOutputFormat;\n\n @Parameter(\n names = \"--scan-results-gcs-output-file-url\",\n description = \"The GCS file url for the uploaded scanning results.\")\n public String gcsOutputFileUrl;\n\n @Parameter(\n names = \"--scan-results-gcs-output-format\",\n description = \"The format of the scanning results uploaded to GCS bucket.\")\n public OutputDataFormat gcsOutputFormat;\n\n @Parameter(\n names = \"--scan-results-logging-enabled\",\n description = \"Enable logging of the scan results.\",\n arity = 1)\n public Boolean loggingEnabled = false;\n\n @Override\n public void validate() {\n if (!Strings.isNullOrEmpty(gcsOutputFileUrl)\n && !GS_URL_PATTERN.matcher(gcsOutputFileUrl).matches()) {\n throw new ParameterException(String.format(\"Malformed GCS URL: '%s'\", gcsOutputFileUrl));\n }\n }\n }\n\n private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();\n\n private final Options options;\n private final RawFileArchiver rawFileArchiver;\n private final GoogleCloudStorageArchiver.Factory googleCloudStorageArchiverFactory;\n\n @Inject\n // TODO(b/145315535): inject archivers using multibinder instead.\n ScanResultsArchiver(\n Options options,\n RawFileArchiver rawFileArchiver,\n GoogleCloudStorageArchiver.Factory googleCloudStorageArchiverFactory) {\n this.options = checkNotNull(options);\n this.rawFileArchiver = checkNotNull(rawFileArchiver);\n this.googleCloudStorageArchiverFactory = checkNotNull(googleCloudStorageArchiverFactory);\n }\n\n Storage getGcsStorage() {\n return StorageOptions.getDefaultInstance().getService();\n }\n\n void archive(ScanResults scanResults) throws InvalidProtocolBufferException {\n if (!Strings.isNullOrEmpty(options.localOutputFilename)) {\n archive(rawFileArchiver, options.localOutputFilename, options.localOutputFormat, scanResults);\n }\n\n if (!Strings.isNullOrEmpty(options.gcsOutputFileUrl)) {\n GoogleCloudStorageArchiver archiver =\n googleCloudStorageArchiverFactory.create(getGcsStorage());\n archive(archiver, options.gcsOutputFileUrl, options.gcsOutputFormat, scanResults);\n }\n\n if (options.loggingEnabled) {\n logger.atInfo().log(\"Scan results for RVD efficacy: %s\", scanResults);\n }\n }\n\n private static void archive(\n Archiver archiver, String location, OutputDataFormat outputFormat, ScanResults scanResults)\n throws InvalidProtocolBufferException {\n switch (outputFormat) {\n case BIN_PROTO:\n archiver.archive(location, scanResults.toByteArray());\n break;\n case JSON:\n archiver.archive(location, JsonFormat.printer().print(scanResults));\n break;\n }\n }\n}\n"
},
{
"path": "main/src/main/java/com/google/tsunami/main/cli/ScanResultsArchiverModule.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.main.cli;\n\nimport com.google.inject.AbstractModule;\n\n/** Installs {@link ScanResultsArchiver}. */\nfinal class ScanResultsArchiverModule extends AbstractModule {\n\n @Override\n protected void configure() {\n }\n}\n"
},
{
"path": "main/src/main/java/com/google/tsunami/main/cli/TsunamiCli.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.main.cli;\n\nimport static com.google.common.base.Preconditions.checkNotNull;\nimport static com.google.tsunami.common.data.NetworkEndpointUtils.forHostname;\nimport static com.google.tsunami.common.data.NetworkEndpointUtils.forIp;\nimport static com.google.tsunami.common.data.NetworkEndpointUtils.forIpAndHostname;\nimport static com.google.tsunami.common.data.NetworkServiceUtils.buildUriNetworkService;\n\nimport com.google.common.base.Stopwatch;\nimport com.google.common.base.Strings;\nimport com.google.common.collect.ImmutableList;\nimport com.google.common.collect.Lists;\nimport com.google.common.flogger.GoogleLogger;\nimport com.google.inject.AbstractModule;\nimport com.google.inject.Guice;\nimport com.google.inject.Injector;\nimport com.google.tsunami.common.cli.CliOptionsModule;\nimport com.google.tsunami.common.command.CommandExecutorModule;\nimport com.google.tsunami.common.config.ConfigLoader;\nimport com.google.tsunami.common.config.ConfigModule;\nimport com.google.tsunami.common.config.TsunamiConfig;\nimport com.google.tsunami.common.config.YamlConfigLoader;\nimport com.google.tsunami.common.io.archiving.GoogleCloudStorageArchiverModule;\nimport com.google.tsunami.common.net.http.HttpClientCliOptions;\nimport com.google.tsunami.common.net.http.HttpClientModule;\nimport com.google.tsunami.common.net.socket.TsunamiSocketFactoryModule;\nimport com.google.tsunami.common.reflection.ClassGraphModule;\nimport com.google.tsunami.common.server.LanguageServerCommand;\nimport com.google.tsunami.common.time.SystemUtcClockModule;\nimport com.google.tsunami.main.cli.option.MainCliOptions;\nimport com.google.tsunami.main.cli.server.RemoteServerLoader;\nimport com.google.tsunami.main.cli.server.RemoteServerLoaderModule;\nimport com.google.tsunami.plugin.PluginExecutionModule;\nimport com.google.tsunami.plugin.PluginLoadingModule;\nimport com.google.tsunami.plugin.RemoteVulnDetectorLoadingModule;\nimport com.google.tsunami.plugin.payload.PayloadGeneratorModule;\nimport com.google.tsunami.proto.ScanResults;\nimport com.google.tsunami.proto.ScanStatus;\nimport com.google.tsunami.proto.ScanTarget;\nimport com.google.tsunami.workflow.AdvisoriesWorkflow;\nimport com.google.tsunami.workflow.DefaultScanningWorkflow;\nimport com.google.tsunami.workflow.ScanningWorkflowException;\nimport io.github.classgraph.ClassGraph;\nimport io.github.classgraph.ScanResult;\nimport java.io.IOException;\nimport java.nio.file.Path;\nimport java.security.SecureRandom;\nimport java.time.Duration;\nimport java.util.List;\nimport java.util.Map;\nimport java.util.Optional;\nimport java.util.concurrent.ExecutionException;\nimport javax.inject.Inject;\n\n/** Command line interface for the Tsunami Security Scanner. */\npublic final class TsunamiCli {\n private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();\n\n private final DefaultScanningWorkflow scanningWorkflow;\n private final AdvisoriesWorkflow advisoriesWorkflow;\n private final ScanResultsArchiver scanResultsArchiver;\n private final MainCliOptions mainCliOptions;\n private final RemoteServerLoader remoteServerLoader;\n\n @Inject\n TsunamiCli(\n DefaultScanningWorkflow scanningWorkflow,\n AdvisoriesWorkflow advisoriesWorkflow,\n ScanResultsArchiver scanResultsArchiver,\n MainCliOptions mainCliOptions,\n RemoteServerLoader remoteServerLoader) {\n this.scanningWorkflow = checkNotNull(scanningWorkflow);\n this.advisoriesWorkflow = checkNotNull(advisoriesWorkflow);\n this.scanResultsArchiver = checkNotNull(scanResultsArchiver);\n this.mainCliOptions = checkNotNull(mainCliOptions);\n this.remoteServerLoader = checkNotNull(remoteServerLoader);\n }\n\n public boolean run()\n throws ExecutionException, InterruptedException, ScanningWorkflowException, IOException {\n String logId = mainCliOptions.getLogId();\n // TODO(b/171405612): Find a way to print the log ID at every log line.\n logger.atInfo().log(\"%sTsunamiCli starting...\", logId);\n\n ImmutableList languageServerProcesses = remoteServerLoader.runServerProcesses();\n if (mainCliOptions.dumpAdvisoriesPath != null && !mainCliOptions.dumpAdvisoriesPath.isEmpty()) {\n logger.atInfo().log(\"No scan will be performed. Dumping advisories.\");\n advisoriesWorkflow.run(mainCliOptions.dumpAdvisoriesPath);\n return true;\n }\n\n ScanResults scanResults = scanningWorkflow.run(buildScanTarget());\n languageServerProcesses.forEach(Process::destroy);\n\n logger.atInfo().log(\"Tsunami scan finished, saving results.\");\n saveResults(scanResults);\n\n if (hasSuccessfulResults(scanResults)) {\n logger.atInfo().log(\"TsunamiCli finished...\");\n return true;\n } else {\n logger.atInfo().log(\n \"Tsunami scan has failed status, message = %s.\", scanResults.getStatusMessage());\n return false;\n }\n }\n\n private static boolean hasSuccessfulResults(ScanResults scanResults) {\n return scanResults.getScanStatus().equals(ScanStatus.SUCCEEDED)\n || scanResults.getScanStatus().equals(ScanStatus.PARTIALLY_SUCCEEDED);\n }\n\n private ScanTarget buildScanTarget() {\n ScanTarget.Builder scanTargetBuilder = ScanTarget.newBuilder();\n\n String ip = null;\n if (mainCliOptions.ipV4Target != null) {\n ip = mainCliOptions.ipV4Target;\n } else if (mainCliOptions.ipV6Target != null) {\n ip = mainCliOptions.ipV6Target;\n }\n if (ip != null && mainCliOptions.hostnameTarget != null) {\n scanTargetBuilder.setNetworkEndpoint(forIpAndHostname(ip, mainCliOptions.hostnameTarget));\n } else if (ip != null) {\n scanTargetBuilder.setNetworkEndpoint(forIp(ip));\n } else if (mainCliOptions.uriTarget != null) {\n scanTargetBuilder.setNetworkService(buildUriNetworkService(mainCliOptions.uriTarget));\n } else {\n scanTargetBuilder.setNetworkEndpoint(forHostname(mainCliOptions.hostnameTarget));\n }\n\n return scanTargetBuilder.build();\n }\n\n private void saveResults(ScanResults scanResults) throws IOException {\n scanResultsArchiver.archive(scanResults);\n }\n\n private static final class TsunamiCliFirstStageModule extends AbstractModule {\n private final ScanResult classScanResult;\n private final String[] args;\n private final TsunamiConfig tsunamiConfig;\n\n TsunamiCliFirstStageModule(\n ScanResult classScanResult, String[] args, TsunamiConfig tsunamiConfig) {\n this.classScanResult = checkNotNull(classScanResult);\n this.args = checkNotNull(args);\n this.tsunamiConfig = checkNotNull(tsunamiConfig);\n }\n\n @Override\n protected void configure() {\n install(new ClassGraphModule(classScanResult));\n install(new ConfigModule(classScanResult, tsunamiConfig));\n install(new CliOptionsModule(classScanResult, \"TsunamiCli\", args));\n }\n }\n\n private static final class TsunamiCliModule extends AbstractModule {\n private final ScanResult classScanResult;\n private final Injector parentInjector;\n private final TsunamiConfig tsunamiConfig;\n\n TsunamiCliModule(\n Injector parentInjector, ScanResult classScanResult, TsunamiConfig tsunamiConfig) {\n this.classScanResult = checkNotNull(classScanResult);\n this.parentInjector = checkNotNull(parentInjector);\n this.tsunamiConfig = checkNotNull(tsunamiConfig);\n }\n\n @Override\n protected void configure() {\n MainCliOptions mco = parentInjector.getInstance(MainCliOptions.class);\n LanguageServerOptions lso = parentInjector.getInstance(LanguageServerOptions.class);\n HttpClientCliOptions hcco = parentInjector.getInstance(HttpClientCliOptions.class);\n ScanResultsArchiver.Options srao =\n parentInjector.getInstance(ScanResultsArchiver.Options.class);\n\n ImmutableList commands = extractPluginServerArgs(mco, lso, hcco, srao);\n\n install(new SystemUtcClockModule());\n install(new CommandExecutorModule());\n install(new HttpClientModule.Builder().setLogId(mco.getLogId()).build());\n install(new TsunamiSocketFactoryModule());\n install(new GoogleCloudStorageArchiverModule());\n install(new ScanResultsArchiverModule());\n install(new PluginExecutionModule());\n install(new PluginLoadingModule(classScanResult));\n install(new PayloadGeneratorModule(new SecureRandom()));\n install(new RemoteServerLoaderModule(commands));\n install(new RemoteVulnDetectorLoadingModule(commands));\n }\n\n private ImmutableList extractPluginServerArgs(\n MainCliOptions mco,\n LanguageServerOptions lso,\n HttpClientCliOptions hcco,\n ScanResultsArchiver.Options srao) {\n List commands = Lists.newArrayList();\n Boolean trustAllSslCertCli = hcco.trustAllCertificates;\n var logId = mco.getLogId();\n var paths = lso.pluginServerFilenames;\n var ports = lso.pluginServerPorts;\n var rpcDeadline = lso.pluginServerRpcDeadlineSeconds;\n var remoteServerAddresses = lso.remotePluginServerAddress;\n var remoteServerPorts = lso.remotePluginServerPort;\n var remoteRpcDeadlines = lso.remotePluginServerRpcDeadlineSeconds;\n if (paths.isEmpty() && remoteServerAddresses.isEmpty()) {\n return ImmutableList.of();\n }\n\n Map callbackConfig = tsunamiConfig.readConfigValue(\"plugin.callbackserver\");\n Map httpClientConfig = tsunamiConfig.readConfigValue(\"common.net.http\");\n boolean trustAllSslCertConfig =\n (boolean) httpClientConfig.getOrDefault(\"trust_all_certificates\", false);\n\n String lngOutputDir = extractOutputDir(srao);\n boolean lngTrustAllSslCertCli =\n trustAllSslCertCli != null ? trustAllSslCertCli.booleanValue() : trustAllSslCertConfig;\n Duration lngConnectDuration =\n Duration.ofSeconds((int) httpClientConfig.getOrDefault(\"connect_timeout_seconds\", 0));\n String lngCallbackAddress = (String) callbackConfig.getOrDefault(\"callback_address\", \"\");\n Integer lngCallbackPort = (Integer) callbackConfig.getOrDefault(\"callback_port\", 0);\n String lngPollingUri = (String) callbackConfig.getOrDefault(\"polling_uri\", \"\");\n\n for (int i = 0; i < paths.size(); ++i) {\n commands.add(\n LanguageServerCommand.create(\n paths.get(i),\n \"\",\n ports.get(i),\n logId,\n lngOutputDir,\n lngTrustAllSslCertCli,\n lngConnectDuration,\n lngCallbackAddress,\n lngCallbackPort,\n lngPollingUri,\n rpcDeadline.isEmpty() ? 0 : rpcDeadline.get(i)));\n }\n for (int i = 0; i < remoteServerAddresses.size(); ++i) {\n commands.add(\n LanguageServerCommand.create(\n \"\",\n remoteServerAddresses.get(i),\n remoteServerPorts.get(i).toString(),\n logId,\n lngOutputDir,\n lngTrustAllSslCertCli,\n lngConnectDuration,\n lngCallbackAddress,\n lngCallbackPort,\n lngPollingUri,\n remoteRpcDeadlines.isEmpty() ? 0 : remoteRpcDeadlines.get(i)));\n }\n return ImmutableList.copyOf(commands);\n }\n\n private String extractOutputDir(ScanResultsArchiver.Options sra) {\n if (!Strings.isNullOrEmpty(sra.localOutputFilename)) {\n return Path.of(sra.localOutputFilename).getParent().toString();\n }\n return \"\";\n }\n }\n\n public static int doMain(String[] args) {\n Stopwatch stopwatch = Stopwatch.createStarted();\n\n TsunamiConfig tsunamiConfig = loadConfig();\n\n try (ScanResult scanResult =\n new ClassGraph()\n .enableAllInfo()\n .blacklistPackages(\"com.google.tsunami.plugin.testing\")\n .scan()) {\n logger.atInfo().log(\"Full classpath scan took %s\", stopwatch);\n\n Injector firstStageInjector =\n Guice.createInjector(new TsunamiCliFirstStageModule(scanResult, args, tsunamiConfig));\n\n Injector injector =\n firstStageInjector.createChildInjector(\n new TsunamiCliModule(firstStageInjector, scanResult, tsunamiConfig));\n\n // Exit with non-zero code if scan failed.\n if (!injector.getInstance(TsunamiCli.class).run()) {\n return 1;\n }\n logger.atInfo().log(\"Full Tsunami scan took %s.\", stopwatch.stop());\n return 0;\n } catch (Throwable e) {\n logger.atSevere().withCause(e).log(\"Exiting due to workflow execution exceptions.\");\n if (e instanceof InterruptedException) {\n Thread.currentThread().interrupt();\n }\n return 1;\n }\n }\n\n public static void main(String[] args) {\n System.exit(doMain(args));\n }\n\n private static TsunamiConfig loadConfig() {\n try (ScanResult scanResult = new ClassGraph().enableAllInfo().scan()) {\n ConfigLoader configLoader;\n Optional loaderClass = TsunamiConfig.getSystemProperty(\"tsunami.config.loader\");\n if (loaderClass.isPresent()\n && scanResult.getAllClassesAsMap().containsKey(loaderClass.get())) {\n configLoader =\n scanResult\n .getClassInfo(loaderClass.get())\n .loadClass(ConfigLoader.class)\n .getConstructor()\n .newInstance();\n } else {\n configLoader = new YamlConfigLoader();\n }\n\n return configLoader.loadConfig();\n } catch (ReflectiveOperationException e) {\n throw new LinkageError(\"Error loading config.\", e);\n }\n }\n}\n"
},
{
"path": "main/src/main/java/com/google/tsunami/main/cli/option/MainCliOptions.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.main.cli.option;\n\nimport com.beust.jcommander.Parameter;\nimport com.beust.jcommander.ParameterException;\nimport com.beust.jcommander.Parameters;\nimport com.google.tsunami.common.cli.CliOption;\nimport com.google.tsunami.main.cli.option.validator.IpV4Validator;\nimport com.google.tsunami.main.cli.option.validator.IpV6Validator;\nimport java.util.ArrayList;\nimport java.util.List;\n\n/** Command line arguments for Tsunami. */\n@Parameters(separators = \"=\")\npublic final class MainCliOptions implements CliOption {\n\n @Parameter(\n names = \"--ip-v4-target\",\n description = \"The IP v4 address of the scanning target.\",\n validateWith = IpV4Validator.class)\n public String ipV4Target;\n\n @Parameter(\n names = \"--ip-v6-target\",\n description = \"The IP v6 address of the scanning target.\",\n validateWith = IpV6Validator.class)\n public String ipV6Target;\n\n @Parameter(names = \"--hostname-target\", description = \"The hostname of the scanning target.\")\n public String hostnameTarget;\n\n @Parameter(names = \"--log-id\", description = \"A log ID to print in front of the logs.\")\n public String logId;\n\n @Parameter(\n names = \"--uri-target\",\n description =\n \"The URI of the scanning target that supports both http & https schemes. When this\"\n + \" parameter is set, port scan is automatically skipped.\")\n public String uriTarget;\n\n @Parameter(\n names = \"--dump-advisories\",\n description =\n \"Disable scanning. Reports the list of currently enabled advisories to the specified\"\n + \" file, in textproto format.\")\n public String dumpAdvisoriesPath;\n\n @Override\n public void validate() {\n if (dumpAdvisoriesPath != null && !dumpAdvisoriesPath.isEmpty()) {\n return;\n }\n\n List portScanEnabledTargets = new ArrayList<>();\n List portScanDisabledTargets = new ArrayList<>();\n if (ipV4Target != null) {\n portScanEnabledTargets.add(\"--ip-v4-target\");\n }\n if (ipV6Target != null) {\n portScanEnabledTargets.add(\"--ip-v6-target\");\n }\n if (hostnameTarget != null) {\n portScanEnabledTargets.add(\"--hostname-target\");\n }\n if (uriTarget != null) {\n portScanDisabledTargets.add(\"--uri-target\");\n }\n\n if (portScanEnabledTargets.isEmpty() && portScanDisabledTargets.isEmpty()) {\n throw new ParameterException(\n \"One of the following parameters is expected: --ip-v4-target, --ip-v6-target,\"\n + \" --hostname-target, --uri-target\");\n }\n if (!portScanEnabledTargets.isEmpty() && !portScanDisabledTargets.isEmpty()) {\n throw new ParameterException(\n \"Parameters that require port scan (--ip-v4-target, --ip-v6-target, --hostname-target)\"\n + \" should not be passed along with parameters that skip port scan (--uri-target)\");\n }\n }\n\n /** Returns the log ID to print in front of the logs. */\n public String getLogId() {\n return (logId == null) ? \"\" : (logId + \": \");\n }\n}\n"
},
{
"path": "main/src/main/java/com/google/tsunami/main/cli/option/OutputDataFormat.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.main.cli.option;\n\nimport com.google.common.base.Ascii;\nimport java.util.Optional;\n\n/** Output format of Tsunami's scanning results. */\npublic enum OutputDataFormat {\n BIN_PROTO,\n JSON;\n\n /**\n * Parses the given {@code value} into {@link OutputDataFormat} enum.\n *\n * @param value the string representation of the {@link OutputDataFormat} enum.\n * @return the parsed {@link OutputDataFormat} enum.\n */\n public static Optional parse(String value) {\n for (OutputDataFormat outputDataFormat : OutputDataFormat.values()) {\n if (Ascii.equalsIgnoreCase(outputDataFormat.name(), value)) {\n return Optional.of(outputDataFormat);\n }\n }\n\n return Optional.empty();\n }\n}\n"
},
{
"path": "main/src/main/java/com/google/tsunami/main/cli/option/validator/IpV4Validator.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.main.cli.option.validator;\n\nimport java.net.Inet4Address;\nimport java.net.InetAddress;\n\n/** Command line flag validator for an IP v4 address. */\npublic class IpV4Validator extends IpValidator {\n\n @Override\n protected int ipVersion() {\n return 4;\n }\n\n @Override\n protected boolean shouldAccept(InetAddress inetAddress) {\n return inetAddress instanceof Inet4Address;\n }\n}\n"
},
{
"path": "main/src/main/java/com/google/tsunami/main/cli/option/validator/IpV6Validator.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.main.cli.option.validator;\n\nimport java.net.Inet6Address;\nimport java.net.InetAddress;\n\n/** Command line flag validator for an IP v6 address. */\npublic class IpV6Validator extends IpValidator {\n\n @Override\n protected int ipVersion() {\n return 6;\n }\n\n @Override\n protected boolean shouldAccept(InetAddress inetAddress) {\n return inetAddress instanceof Inet6Address;\n }\n}\n"
},
{
"path": "main/src/main/java/com/google/tsunami/main/cli/option/validator/IpValidator.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.main.cli.option.validator;\n\nimport com.beust.jcommander.IParameterValidator;\nimport com.beust.jcommander.ParameterException;\nimport com.google.common.base.Strings;\nimport com.google.common.net.InetAddresses;\nimport java.net.InetAddress;\n\n/** Base command line flag validator for an IP address. */\npublic abstract class IpValidator implements IParameterValidator {\n\n @Override\n public void validate(String name, String value) {\n if (Strings.isNullOrEmpty(value)\n || !InetAddresses.isInetAddress(value)\n || !shouldAccept(InetAddresses.forString(value))) {\n throw new ParameterException(\n String.format(\n \"Parameter %s should point to a valid IP v%d address, got '%s'\",\n name, ipVersion(), value));\n }\n }\n\n protected abstract int ipVersion();\n\n protected abstract boolean shouldAccept(InetAddress inetAddress);\n}\n"
},
{
"path": "main/src/main/java/com/google/tsunami/main/cli/server/RemoteServerLoader.java",
"content": "/*\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.main.cli.server;\n\nimport static com.google.common.base.Preconditions.checkNotNull;\nimport static com.google.common.collect.ImmutableList.toImmutableList;\nimport static java.lang.annotation.RetentionPolicy.RUNTIME;\n\nimport com.google.common.base.Strings;\nimport com.google.common.collect.ImmutableList;\nimport com.google.common.flogger.GoogleLogger;\nimport com.google.tsunami.common.command.CommandExecutor;\nimport com.google.tsunami.common.command.CommandExecutorFactory;\nimport com.google.tsunami.common.server.LanguageServerCommand;\nimport java.io.IOException;\nimport java.lang.annotation.Retention;\nimport java.util.List;\nimport java.util.Optional;\nimport java.util.concurrent.ExecutionException;\nimport javax.inject.Inject;\nimport javax.inject.Qualifier;\n\n/** Loader to run language servers. */\npublic class RemoteServerLoader {\n private static final GoogleLogger logger = GoogleLogger.forEnclosingClass();\n\n private final List commands;\n\n @Inject\n RemoteServerLoader(@LanguageServerCommands List commands) {\n this.commands = checkNotNull(commands);\n }\n\n public ImmutableList runServerProcesses() {\n logger.atInfo().log(\"Starting language server processes (if any)...\");\n return commands.stream()\n // Filter out commands that don't need server start up\n .filter(command -> !Strings.isNullOrEmpty(command.serverCommand()))\n .map(\n command ->\n runProcess(\n CommandExecutorFactory.create(\n command.serverCommand(),\n getCommand(\"--port=\", command.port()),\n getCommand(\"--log_id=\", command.logId()),\n getCommand(\"--log_output=\", command.outputDir()),\n \"--trust_all_ssl_cert=\" + command.trustAllSslCert(),\n getCommand(\"--timeout_seconds=\", command.timeoutSeconds().getSeconds()),\n getCommand(\"--callback_address=\", command.callbackAddress()),\n getCommand(\"--callback_port=\", command.callbackPort()),\n getCommand(\"--polling_uri=\", command.pollingUri()))))\n .filter(Optional::isPresent)\n .map(Optional::get)\n .collect(toImmutableList());\n }\n\n private String getCommand(String flag, Object command) {\n return command.toString().isEmpty() || command.toString().equals(\"0\") ? \"\" : flag + command;\n }\n\n private Optional runProcess(CommandExecutor executor) {\n try {\n return Optional.of(executor.executeAsync());\n } catch (IOException | InterruptedException | ExecutionException e) {\n logger.atWarning().withCause(e).log(\"Could not execute language server binary.\");\n }\n return Optional.empty();\n }\n\n /** Guice interface for injecting {@link LanguageServerCommand} object lists. */\n @Qualifier\n @Retention(RUNTIME)\n public @interface LanguageServerCommands {}\n}\n"
},
{
"path": "main/src/main/java/com/google/tsunami/main/cli/server/RemoteServerLoaderModule.java",
"content": "/*\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.main.cli.server;\n\n\nimport com.google.common.collect.ImmutableList;\nimport com.google.inject.AbstractModule;\nimport com.google.inject.Provides;\nimport com.google.tsunami.common.server.LanguageServerCommand;\nimport java.util.List;\n\n/** Installs {@link RemoteServerLoaderModule}. */\npublic final class RemoteServerLoaderModule extends AbstractModule {\n\n private final ImmutableList commands;\n\n public RemoteServerLoaderModule(ImmutableList commands) {\n this.commands = commands;\n }\n\n @Provides\n @RemoteServerLoader.LanguageServerCommands\n List provideLanguageServerCommands() {\n return commands;\n }\n}\n"
},
{
"path": "main/src/test/java/com/google/tsunami/main/cli/LanguageServerOptionsTest.java",
"content": "/*\n * Copyright 2022 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.main.cli;\n\nimport static org.junit.Assert.assertThrows;\n\nimport com.beust.jcommander.ParameterException;\nimport com.google.common.collect.ImmutableList;\nimport com.google.tsunami.common.data.NetworkEndpointUtils;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n@RunWith(JUnit4.class)\npublic final class LanguageServerOptionsTest {\n\n @Test\n public void validate_whenPluginServerFilenameDoesNotExist_throwsParameterException() {\n LanguageServerOptions options = new LanguageServerOptions();\n\n options.pluginServerFilenames = ImmutableList.of(\"nonexistingfile\");\n\n assertThrows(ParameterException.class, options::validate);\n }\n\n @Test\n public void validate_whenPortNumberNotInteger_throwsParameterException() {\n LanguageServerOptions options = new LanguageServerOptions();\n\n options.pluginServerPorts = ImmutableList.of(\"test\");\n\n assertThrows(ParameterException.class, options::validate);\n }\n\n @Test\n public void validate_whenPortNumberOutOfRange_throwsParameterException() {\n LanguageServerOptions options = new LanguageServerOptions();\n\n options.pluginServerPorts = ImmutableList.of(\"34567\", \"-1\");\n\n assertThrows(\n \"Port out of range. Expected [0, \"\n + NetworkEndpointUtils.MAX_PORT_NUMBER\n + \"]\"\n + \", actual -1\",\n ParameterException.class,\n options::validate);\n }\n\n @Test\n public void validate_whenPythonPluginServerPortNumberOutOfRange_throwsParameterException() {\n LanguageServerOptions options = new LanguageServerOptions();\n options.remotePluginServerAddress = ImmutableList.of(\"127.0.0.1\");\n options.remotePluginServerPort = ImmutableList.of(-1);\n\n assertThrows(\n \"Remote plugin server port out of range. Expected [0, \"\n + NetworkEndpointUtils.MAX_PORT_NUMBER\n + \"]\"\n + \", actual -1\",\n ParameterException.class,\n options::validate);\n }\n\n @Test\n public void validate_whenPythonPluginServerInvalidNumberOfDeadlines_throwsParameterException() {\n LanguageServerOptions options = new LanguageServerOptions();\n options.remotePluginServerAddress = ImmutableList.of(\"127.0.0.1\");\n options.remotePluginServerPort = ImmutableList.of(10000);\n options.remotePluginServerRpcDeadlineSeconds = ImmutableList.of(100, 200);\n\n assertThrows(\n \"Number of plugin server rpc deadlines must be equal to number of plugin server. ports.\"\n + \" Paths: 1. Ports: 1. Deadlines: 2\",\n ParameterException.class,\n options::validate);\n }\n\n @Test\n public void validate_whenPythonPluginServerValidNumberOfDeadlines_succeeds() {\n LanguageServerOptions options = new LanguageServerOptions();\n options.remotePluginServerAddress = ImmutableList.of(\"127.0.0.1\");\n options.remotePluginServerPort = ImmutableList.of(10000);\n options.remotePluginServerRpcDeadlineSeconds = ImmutableList.of(150);\n\n options.validate();\n }\n}\n"
},
{
"path": "main/src/test/java/com/google/tsunami/main/cli/ScanResultsArchiverTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.main.cli;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static org.junit.Assert.assertThrows;\nimport static org.mockito.Mockito.doReturn;\nimport static org.mockito.Mockito.spy;\n\nimport com.beust.jcommander.ParameterException;\nimport com.google.cloud.storage.Storage;\nimport com.google.inject.AbstractModule;\nimport com.google.inject.Guice;\nimport com.google.inject.Provides;\nimport com.google.protobuf.InvalidProtocolBufferException;\nimport com.google.protobuf.util.JsonFormat;\nimport com.google.tsunami.common.io.archiving.testing.FakeGoogleCloudStorageArchivers;\nimport com.google.tsunami.common.io.archiving.testing.FakeGoogleCloudStorageArchiversModule;\nimport com.google.tsunami.common.io.archiving.testing.FakeRawFileArchiver;\nimport com.google.tsunami.common.io.archiving.testing.FakeRawFileArchiverModule;\nimport com.google.tsunami.main.cli.option.OutputDataFormat;\nimport com.google.tsunami.proto.ScanResults;\nimport com.google.tsunami.proto.ScanStatus;\nimport java.lang.annotation.Retention;\nimport java.lang.annotation.RetentionPolicy;\nimport javax.inject.Inject;\nimport javax.inject.Qualifier;\nimport org.junit.Before;\nimport org.junit.Rule;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\nimport org.mockito.Mock;\nimport org.mockito.junit.MockitoJUnit;\nimport org.mockito.junit.MockitoRule;\n\n/** Tests for {@link ScanResultsArchiver}. */\n@RunWith(JUnit4.class)\npublic final class ScanResultsArchiverTest {\n private static final ScanResults SCAN_RESULTS =\n ScanResults.newBuilder().setScanStatus(ScanStatus.SUCCEEDED).build();\n\n @Rule public MockitoRule mockitoRule = MockitoJUnit.rule();\n\n @Mock Storage mockStorage;\n\n @Qualifier\n @Retention(RetentionPolicy.RUNTIME)\n private @interface SpyArchiver {}\n\n @Inject private FakeRawFileArchiver fakeRawFileArchiver;\n @Inject private FakeGoogleCloudStorageArchivers fakeGoogleCloudStorageArchivers;\n @Inject private ScanResultsArchiver.Options options;\n @Inject @SpyArchiver private ScanResultsArchiver scanResultsArchiver;\n\n @Before\n public void setUp() {\n Guice.createInjector(\n new AbstractModule() {\n @Override\n protected void configure() {\n bind(ScanResultsArchiver.Options.class)\n .toInstance(new ScanResultsArchiver.Options());\n install(new ScanResultsArchiverModule());\n install(new FakeRawFileArchiverModule());\n install(new FakeGoogleCloudStorageArchiversModule());\n }\n\n // TODO(b/145315535): wrap GCS API into a client library to get rid of this spy.\n @Provides\n @SpyArchiver\n ScanResultsArchiver getScanResultsArchiverSpy(ScanResultsArchiver delegate) {\n return spy(delegate);\n }\n })\n .injectMembers(this);\n }\n\n @Test\n public void optionsValidate_whenInvalidGcsUrl_throwsParameterException() {\n options.gcsOutputFileUrl = \"invalid_url\";\n assertThrows(ParameterException.class, options::validate);\n }\n\n @Test\n public void optionsValidate_defaultLoggingEnabled_isFalse() {\n assertThat(options.loggingEnabled).isFalse();\n }\n\n @Test\n public void archive_withNoStorageEnabled_storesNothing() throws InvalidProtocolBufferException {\n options.localOutputFilename = \"\";\n options.gcsOutputFileUrl = \"\";\n\n scanResultsArchiver.archive(SCAN_RESULTS);\n\n fakeRawFileArchiver.assertNoDataStored();\n fakeGoogleCloudStorageArchivers.assertNoDataStored();\n }\n\n @Test\n public void archive_withLocalFileEnabledForJsonOutput_storesStringDataLocally()\n throws InvalidProtocolBufferException {\n options.localOutputFilename = \"/tmp/result.json\";\n options.localOutputFormat = OutputDataFormat.JSON;\n options.gcsOutputFileUrl = \"\";\n\n scanResultsArchiver.archive(SCAN_RESULTS);\n\n assertThat(\n parseJsonScanResults(\n fakeRawFileArchiver.getStoredCharSequence(\"/tmp/result.json\").toString()))\n .isEqualTo(SCAN_RESULTS);\n fakeGoogleCloudStorageArchivers.assertNoDataStored();\n }\n\n @Test\n public void archive_withLocalFileEnabledForBinProtoOutput_storesBytesDataLocally()\n throws InvalidProtocolBufferException {\n options.localOutputFilename = \"/tmp/test.binproto\";\n options.localOutputFormat = OutputDataFormat.BIN_PROTO;\n options.gcsOutputFileUrl = \"\";\n\n scanResultsArchiver.archive(SCAN_RESULTS);\n\n assertThat(\n ScanResults.parseFrom(\n fakeRawFileArchiver.getStoredByteArrays(\"/tmp/test.binproto\")))\n .isEqualTo(SCAN_RESULTS);\n fakeGoogleCloudStorageArchivers.assertNoDataStored();\n }\n\n @Test\n public void archive_withGcsEnabledForJsonOutput_uploadsStringDataToGcs()\n throws InvalidProtocolBufferException {\n options.localOutputFilename = \"\";\n options.gcsOutputFileUrl = \"gs://test/object/result.json\";\n options.gcsOutputFormat = OutputDataFormat.JSON;\n doReturn(mockStorage).when(scanResultsArchiver).getGcsStorage();\n\n scanResultsArchiver.archive(SCAN_RESULTS);\n\n assertThat(\n parseJsonScanResults(\n fakeGoogleCloudStorageArchivers\n .getStoredCharSequence(mockStorage, \"gs://test/object/result.json\")\n .toString()))\n .isEqualTo(SCAN_RESULTS);\n fakeRawFileArchiver.assertNoDataStored();\n }\n\n @Test\n public void archive_withGcsEnabledForBinProtoOutput_uploadsBytesDataToGcs()\n throws InvalidProtocolBufferException {\n options.localOutputFilename = \"\";\n options.gcsOutputFileUrl = \"gs://test/object/result.binproto\";\n options.gcsOutputFormat = OutputDataFormat.BIN_PROTO;\n doReturn(mockStorage).when(scanResultsArchiver).getGcsStorage();\n\n scanResultsArchiver.archive(SCAN_RESULTS);\n\n assertThat(\n ScanResults.parseFrom(\n fakeGoogleCloudStorageArchivers.getStoredByteArrays(\n mockStorage, \"gs://test/object/result.binproto\")))\n .isEqualTo(SCAN_RESULTS);\n fakeRawFileArchiver.assertNoDataStored();\n }\n\n @Test\n public void archive_withLocalAndGcsOptionEnabled_archivesToBothLocation()\n throws InvalidProtocolBufferException {\n options.localOutputFilename = \"/tmp/result.json\";\n options.localOutputFormat = OutputDataFormat.JSON;\n options.gcsOutputFileUrl = \"gs://test/object/result.binproto\";\n options.gcsOutputFormat = OutputDataFormat.BIN_PROTO;\n doReturn(mockStorage).when(scanResultsArchiver).getGcsStorage();\n\n scanResultsArchiver.archive(SCAN_RESULTS);\n\n assertThat(\n parseJsonScanResults(\n fakeRawFileArchiver.getStoredCharSequence(\"/tmp/result.json\").toString()))\n .isEqualTo(SCAN_RESULTS);\n assertThat(\n ScanResults.parseFrom(\n fakeGoogleCloudStorageArchivers.getStoredByteArrays(\n mockStorage, \"gs://test/object/result.binproto\")))\n .isEqualTo(SCAN_RESULTS);\n }\n\n private static ScanResults parseJsonScanResults(String jsonScanResults)\n throws InvalidProtocolBufferException {\n ScanResults.Builder scanResultsBuilder = ScanResults.newBuilder();\n JsonFormat.parser().merge(jsonScanResults, scanResultsBuilder);\n return scanResultsBuilder.build();\n }\n}\n"
},
{
"path": "main/src/test/java/com/google/tsunami/main/cli/TsunamiCliTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.main.cli;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static org.mockito.Mockito.times;\nimport static org.mockito.Mockito.verify;\n\nimport com.google.common.collect.ImmutableList;\nimport com.google.common.collect.ImmutableMap;\nimport com.google.inject.AbstractModule;\nimport com.google.inject.Guice;\nimport com.google.tsunami.common.cli.CliOptionsModule;\nimport com.google.tsunami.common.config.ConfigModule;\nimport com.google.tsunami.common.config.TsunamiConfig;\nimport com.google.tsunami.common.data.NetworkEndpointUtils;\nimport com.google.tsunami.common.net.http.HttpClientModule;\nimport com.google.tsunami.common.time.testing.FakeUtcClockModule;\nimport com.google.tsunami.main.cli.server.RemoteServerLoaderModule;\nimport com.google.tsunami.plugin.payload.PayloadGeneratorModule;\nimport com.google.tsunami.plugin.testing.FailedVulnDetectorBootstrapModule;\nimport com.google.tsunami.plugin.testing.FakePluginExecutionModule;\nimport com.google.tsunami.plugin.testing.FakePortScanner;\nimport com.google.tsunami.plugin.testing.FakePortScannerBootstrapModule;\nimport com.google.tsunami.plugin.testing.FakePortScannerBootstrapModule2;\nimport com.google.tsunami.plugin.testing.FakeServiceFingerprinter;\nimport com.google.tsunami.plugin.testing.FakeServiceFingerprinterBootstrapModule;\nimport com.google.tsunami.plugin.testing.FakeVulnDetector;\nimport com.google.tsunami.plugin.testing.FakeVulnDetector2;\nimport com.google.tsunami.plugin.testing.FakeVulnDetectorBootstrapModule;\nimport com.google.tsunami.plugin.testing.FakeVulnDetectorBootstrapModule2;\nimport com.google.tsunami.proto.AddressFamily;\nimport com.google.tsunami.proto.DetectionReport;\nimport com.google.tsunami.proto.Hostname;\nimport com.google.tsunami.proto.IpAddress;\nimport com.google.tsunami.proto.NetworkEndpoint;\nimport com.google.tsunami.proto.NetworkService;\nimport com.google.tsunami.proto.Port;\nimport com.google.tsunami.proto.ReconnaissanceReport;\nimport com.google.tsunami.proto.ScanFinding;\nimport com.google.tsunami.proto.ScanResults;\nimport com.google.tsunami.proto.ScanStatus;\nimport com.google.tsunami.proto.ServiceContext;\nimport com.google.tsunami.proto.TargetInfo;\nimport com.google.tsunami.proto.TransportProtocol;\nimport com.google.tsunami.proto.WebServiceContext;\nimport com.google.tsunami.workflow.ScanningWorkflowException;\nimport io.github.classgraph.ClassGraph;\nimport io.github.classgraph.ScanResult;\nimport java.io.File;\nimport java.io.IOException;\nimport java.net.Inet4Address;\nimport java.net.InetAddress;\nimport java.net.URL;\nimport java.nio.file.Files;\nimport java.nio.file.Path;\nimport java.security.SecureRandom;\nimport java.util.concurrent.ExecutionException;\nimport java.util.stream.Stream;\nimport javax.inject.Inject;\nimport org.junit.Rule;\nimport org.junit.Test;\nimport org.junit.rules.TemporaryFolder;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\nimport org.mockito.ArgumentCaptor;\nimport org.mockito.Captor;\nimport org.mockito.Mock;\nimport org.mockito.junit.MockitoJUnit;\nimport org.mockito.junit.MockitoRule;\n\n/** Tests for {@link TsunamiCli}. */\n@RunWith(JUnit4.class)\npublic final class TsunamiCliTest {\n private static final String IP_TARGET = \"127.0.0.1\";\n private static final String HOSTNAME_TARGET = \"localhost\";\n private static final String URI_TARGET = \"https://localhost/function1\";\n\n @Rule public MockitoRule mockitoRule = MockitoJUnit.rule();\n @Rule public TemporaryFolder tempFolder = new TemporaryFolder();\n\n @Mock ScanResultsArchiver scanResultsArchiver;\n\n @Captor ArgumentCaptor scanResultsCaptor;\n\n @Inject private TsunamiCli tsunamiCli;\n\n private boolean runCli(ImmutableMap rawConfigData, String... args)\n throws InterruptedException, ExecutionException, ScanningWorkflowException, IOException {\n try (ScanResult scanResult = new ClassGraph().enableAllInfo().scan()) {\n Guice.createInjector(\n new AbstractModule() {\n @Override\n protected void configure() {\n bind(ScanResultsArchiver.class).toInstance(scanResultsArchiver);\n install(new HttpClientModule.Builder().build());\n install(new PayloadGeneratorModule(new SecureRandom()));\n install(new ConfigModule(scanResult, TsunamiConfig.fromYamlData(rawConfigData)));\n install(new CliOptionsModule(scanResult, \"TsunamiCliTest\", args));\n install(new FakeUtcClockModule());\n install(new FakePluginExecutionModule());\n install(new FakePortScannerBootstrapModule());\n install(new FakePortScannerBootstrapModule2());\n install(new FakeServiceFingerprinterBootstrapModule());\n install(new FakeVulnDetectorBootstrapModule());\n install(new FakeVulnDetectorBootstrapModule2());\n install(new RemoteServerLoaderModule(ImmutableList.of()));\n }\n })\n .injectMembers(this);\n return tsunamiCli.run();\n }\n }\n\n @Test\n public void run_whenIpTarget_generatesAndArchivesCorrectResult()\n throws InterruptedException, ExecutionException, ScanningWorkflowException, IOException {\n NetworkService expectedNetworkService =\n FakeServiceFingerprinter.addWebServiceContext(\n FakePortScanner.getFakeNetworkService(NetworkEndpointUtils.forIp(IP_TARGET)));\n\n boolean scanSucceeded = runCli(ImmutableMap.of(), \"--ip-v4-target=\" + IP_TARGET);\n\n assertThat(scanSucceeded).isTrue();\n TargetInfo targetInfo =\n TargetInfo.newBuilder().addNetworkEndpoints(NetworkEndpointUtils.forIp(IP_TARGET)).build();\n verify(scanResultsArchiver, times(1)).archive(scanResultsCaptor.capture());\n ScanResults storedScanResult = scanResultsCaptor.getValue();\n assertThat(storedScanResult.getScanStatus()).isEqualTo(ScanStatus.SUCCEEDED);\n assertThat(storedScanResult.getScanFindingsList())\n .containsExactlyElementsIn(\n Stream.of(\n FakeVulnDetector.getFakeDetectionReport(targetInfo, expectedNetworkService),\n FakeVulnDetector2.getFakeDetectionReport(targetInfo, expectedNetworkService))\n .map(TsunamiCliTest::buildScanFindingFromDetectionReport)\n .toArray());\n assertThat(storedScanResult.getReconnaissanceReport())\n .isEqualTo(\n ReconnaissanceReport.newBuilder()\n .setTargetInfo(\n TargetInfo.newBuilder()\n .addNetworkEndpoints(NetworkEndpointUtils.forIp(IP_TARGET)))\n .addNetworkServices(\n FakeServiceFingerprinter.addWebServiceContext(\n FakePortScanner.getFakeNetworkService(\n NetworkEndpointUtils.forIp(IP_TARGET))))\n .build());\n }\n\n @Test\n public void run_whenHostnameTarget_generatesAndArchivesCorrectResult()\n throws InterruptedException, ExecutionException, ScanningWorkflowException, IOException {\n NetworkService expectedNetworkService =\n FakeServiceFingerprinter.addWebServiceContext(\n FakePortScanner.getFakeNetworkService(\n NetworkEndpointUtils.forHostname(HOSTNAME_TARGET)));\n\n boolean scanSucceeded = runCli(ImmutableMap.of(), \"--hostname-target=\" + HOSTNAME_TARGET);\n\n assertThat(scanSucceeded).isTrue();\n\n TargetInfo targetInfo =\n TargetInfo.newBuilder()\n .addNetworkEndpoints(NetworkEndpointUtils.forHostname(HOSTNAME_TARGET))\n .build();\n verify(scanResultsArchiver, times(1)).archive(scanResultsCaptor.capture());\n ScanResults storedScanResult = scanResultsCaptor.getValue();\n assertThat(storedScanResult.getScanStatus()).isEqualTo(ScanStatus.SUCCEEDED);\n assertThat(storedScanResult.getScanFindingsList())\n .containsExactlyElementsIn(\n Stream.of(\n FakeVulnDetector.getFakeDetectionReport(targetInfo, expectedNetworkService),\n FakeVulnDetector2.getFakeDetectionReport(targetInfo, expectedNetworkService))\n .map(TsunamiCliTest::buildScanFindingFromDetectionReport)\n .toArray());\n assertThat(storedScanResult.getReconnaissanceReport())\n .isEqualTo(\n ReconnaissanceReport.newBuilder()\n .setTargetInfo(\n TargetInfo.newBuilder()\n .addNetworkEndpoints(NetworkEndpointUtils.forHostname(HOSTNAME_TARGET)))\n .addNetworkServices(\n FakeServiceFingerprinter.addWebServiceContext(\n FakePortScanner.getFakeNetworkService(\n NetworkEndpointUtils.forHostname(HOSTNAME_TARGET))))\n .build());\n }\n\n @Test\n public void run_whenUriTarget_generatesCorrectResult()\n throws InterruptedException, ExecutionException, IOException {\n\n boolean scanSucceeded = runCli(ImmutableMap.of(), \"--uri-target=\" + URI_TARGET);\n assertThat(scanSucceeded).isTrue();\n\n URL url = new URL(URI_TARGET);\n String hostname = url.getHost();\n String ipaddress = InetAddress.getByName(hostname).getHostAddress();\n InetAddress inetAddress = InetAddress.getByName(url.getHost());\n AddressFamily addressFamily =\n inetAddress instanceof Inet4Address ? AddressFamily.IPV4 : AddressFamily.IPV6;\n\n NetworkEndpoint networkEndpoint =\n NetworkEndpoint.newBuilder()\n .setType(NetworkEndpoint.Type.IP_HOSTNAME_PORT)\n .setHostname(Hostname.newBuilder().setName(\"localhost\"))\n .setPort(Port.newBuilder().setPortNumber(443))\n .setIpAddress(\n IpAddress.newBuilder().setAddressFamily(addressFamily).setAddress(ipaddress))\n .build();\n\n verify(scanResultsArchiver, times(1)).archive(scanResultsCaptor.capture());\n ScanResults storedScanResult = scanResultsCaptor.getValue();\n assertThat(storedScanResult.getScanStatus()).isEqualTo(ScanStatus.SUCCEEDED);\n assertThat(storedScanResult.getReconnaissanceReport())\n .isEqualTo(\n ReconnaissanceReport.newBuilder()\n .setTargetInfo(TargetInfo.newBuilder().addNetworkEndpoints(networkEndpoint))\n .addNetworkServices(\n NetworkService.newBuilder()\n .setNetworkEndpoint(networkEndpoint)\n .setTransportProtocol(TransportProtocol.TCP)\n .setServiceName(\"https\")\n .setServiceContext(\n ServiceContext.newBuilder()\n .setWebServiceContext(\n WebServiceContext.newBuilder()\n .setApplicationRoot(url.getPath()))))\n .build());\n }\n\n @Test\n public void run_whenIpAndHostnameTarget_generatesCorrectResult()\n throws InterruptedException, ExecutionException, IOException {\n\n boolean scanSucceeded =\n runCli(\n ImmutableMap.of(),\n \"--ip-v4-target=\" + IP_TARGET,\n \"--hostname-target=\" + HOSTNAME_TARGET);\n\n assertThat(scanSucceeded).isTrue();\n\n verify(scanResultsArchiver, times(1)).archive(scanResultsCaptor.capture());\n ScanResults storedScanResult = scanResultsCaptor.getValue();\n assertThat(storedScanResult.getScanStatus()).isEqualTo(ScanStatus.SUCCEEDED);\n assertThat(storedScanResult.getReconnaissanceReport())\n .isEqualTo(\n ReconnaissanceReport.newBuilder()\n .setTargetInfo(\n TargetInfo.newBuilder()\n .addNetworkEndpoints(\n NetworkEndpointUtils.forIpAndHostname(IP_TARGET, HOSTNAME_TARGET)))\n .addNetworkServices(\n FakeServiceFingerprinter.addWebServiceContext(\n FakePortScanner.getFakeNetworkService(\n NetworkEndpointUtils.forIpAndHostname(IP_TARGET, HOSTNAME_TARGET))))\n .build());\n }\n\n @Test\n public void run_whenScanFailed_generatesFailedScanResults()\n throws InterruptedException, ExecutionException, IOException {\n\n try (ScanResult scanResult = new ClassGraph().enableAllInfo().scan()) {\n Guice.createInjector(\n new AbstractModule() {\n @Override\n protected void configure() {\n bind(ScanResultsArchiver.class).toInstance(scanResultsArchiver);\n install(new HttpClientModule.Builder().build());\n install(new PayloadGeneratorModule(new SecureRandom()));\n install(\n new ConfigModule(scanResult, TsunamiConfig.fromYamlData(ImmutableMap.of())));\n install(\n new CliOptionsModule(\n scanResult,\n \"TsunamiCliTest\",\n new String[] {\n \"--ip-v4-target=\" + IP_TARGET, \"--hostname-target=\" + HOSTNAME_TARGET\n }));\n install(new FakeUtcClockModule());\n install(new FakePluginExecutionModule());\n install(new FakePortScannerBootstrapModule());\n install(new FailedVulnDetectorBootstrapModule());\n install(new RemoteServerLoaderModule(ImmutableList.of()));\n }\n })\n .injectMembers(this);\n\n boolean scanSucceeded = tsunamiCli.run();\n\n assertThat(scanSucceeded).isFalse();\n\n verify(scanResultsArchiver, times(1)).archive(scanResultsCaptor.capture());\n ScanResults storedScanResult = scanResultsCaptor.getValue();\n assertThat(storedScanResult.getScanStatus()).isEqualTo(ScanStatus.FAILED);\n assertThat(storedScanResult.getStatusMessage()).isEqualTo(\"All VulnDetectors failed.\");\n }\n }\n\n @Test\n public void run_whenAdvisoryMode_generatesAdvisories()\n throws InterruptedException, ExecutionException, ScanningWorkflowException, IOException {\n File tempFile = tempFolder.newFile(\"advisories.csv\");\n Path tempPath = tempFile.toPath();\n boolean scanSucceeded = runCli(ImmutableMap.of(), \"--dump-advisories=\" + tempPath.toString());\n\n String advisories = Files.readString(tempPath);\n String expectedAdvisories =\n \"\"\"\n vulnerabilities {\n main_id {\n publisher: \"GOOGLE\"\n value: \"FakeVuln1\"\n }\n severity: CRITICAL\n title: \"FakeTitle1\"\n description: \"FakeDescription1\"\n }\n vulnerabilities {\n main_id {\n publisher: \"GOOGLE\"\n value: \"FakeVuln2\"\n }\n severity: MEDIUM\n title: \"FakeTitle2\"\n description: \"FakeDescription2\"\n }\n \"\"\";\n assertThat(scanSucceeded).isTrue();\n assertThat(advisories).isEqualTo(expectedAdvisories);\n }\n\n private static ScanFinding buildScanFindingFromDetectionReport(DetectionReport detectionReport) {\n return ScanFinding.newBuilder()\n .setTargetInfo(detectionReport.getTargetInfo())\n .setNetworkService(detectionReport.getNetworkService())\n .setVulnerability(detectionReport.getVulnerability())\n .build();\n }\n}\n"
},
{
"path": "main/src/test/java/com/google/tsunami/main/cli/option/MainCliOptionsTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.main.cli.option;\n\nimport static org.junit.Assert.assertThrows;\n\nimport com.beust.jcommander.ParameterException;\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link MainCliOptions}. */\n@RunWith(JUnit4.class)\npublic class MainCliOptionsTest {\n\n @Test\n public void validate_whenDumpAdvisoriesPathPassed_doesNotThrowParameterException() {\n MainCliOptions cliOptions = new MainCliOptions();\n\n cliOptions.dumpAdvisoriesPath = \"path/to/dump/advisories\";\n cliOptions.validate();\n }\n\n @Test\n public void validate_whenMissingScanTarget_throwsParameterException() {\n MainCliOptions cliOptions = new MainCliOptions();\n\n assertThrows(ParameterException.class, cliOptions::validate);\n }\n\n @Test\n public void validate_whenUriTargetPassedWithHostnameTarget_throwsParameterException() {\n MainCliOptions cliOptions = new MainCliOptions();\n\n cliOptions.hostnameTarget = \"localhost\";\n cliOptions.uriTarget = \"https://localhost/function1\";\n\n assertThrows(ParameterException.class, cliOptions::validate);\n }\n}\n"
},
{
"path": "main/src/test/java/com/google/tsunami/main/cli/option/OutputDataFormatTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.main.cli.option;\n\nimport static com.google.common.truth.Truth.assertThat;\n\nimport org.junit.Test;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link OutputDataFormat}. */\n@RunWith(JUnit4.class)\npublic class OutputDataFormatTest {\n\n @Test\n public void parse_whenStringMatchesExactly_returnsParsedOutputDataFormat() {\n assertThat(OutputDataFormat.parse(\"BIN_PROTO\")).hasValue(OutputDataFormat.BIN_PROTO);\n assertThat(OutputDataFormat.parse(\"JSON\")).hasValue(OutputDataFormat.JSON);\n }\n\n @Test\n public void parse_whenStringMatchesIgnoringCases_returnsParsedOutputDataFormat() {\n assertThat(OutputDataFormat.parse(\"bin_proto\")).hasValue(OutputDataFormat.BIN_PROTO);\n assertThat(OutputDataFormat.parse(\"Json\")).hasValue(OutputDataFormat.JSON);\n }\n\n @Test\n public void parse_whenStringNotMatch_returnsEmpty() {\n assertThat(OutputDataFormat.parse(\"xml\")).isEmpty();\n }\n}\n"
},
{
"path": "main/src/test/java/com/google/tsunami/main/cli/option/validator/IpV4ValidatorTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.main.cli.option.validator;\n\nimport com.google.common.collect.ImmutableList;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link IpV4Validator}. */\n@RunWith(JUnit4.class)\npublic class IpV4ValidatorTest extends IpValidatorTest {\n\n @Override\n protected String flagName() {\n return \"ip-v4-target\";\n }\n\n @Override\n protected IpValidator getValidator() {\n return new IpV4Validator();\n }\n\n @Override\n protected ImmutableList validIps() {\n return ImmutableList.of(\"127.0.0.1\", \"8.8.8.8\");\n }\n\n @Override\n protected ImmutableList invalidIps() {\n return ImmutableList.of(\"\", \"bogus_string\", \"1234\", \"2002:af4:9b91::\", \"www.google.com\");\n }\n}\n"
},
{
"path": "main/src/test/java/com/google/tsunami/main/cli/option/validator/IpV6ValidatorTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.main.cli.option.validator;\n\nimport com.google.common.collect.ImmutableList;\nimport org.junit.runner.RunWith;\nimport org.junit.runners.JUnit4;\n\n/** Tests for {@link IpV6Validator}. */\n@RunWith(JUnit4.class)\npublic class IpV6ValidatorTest extends IpValidatorTest {\n\n @Override\n protected String flagName() {\n return \"ip-v6-target\";\n }\n\n @Override\n protected IpValidator getValidator() {\n return new IpV6Validator();\n }\n\n @Override\n protected ImmutableList validIps() {\n return ImmutableList.of(\n \"0:0:0:0:0:0:0:1\",\n \"fe80::a\",\n \"fe80::1\",\n \"fe80::2\",\n \"fe80::42\",\n \"fe80::3dd0:7f8e:57b7:34d5\",\n \"fe80:3dd0:7f8e:57b7:0:0:0:0\",\n \"::4:0:0:0:ffff\",\n \"0:0:3::ffff\",\n \"7::0.128.0.127\");\n }\n\n @Override\n protected ImmutableList invalidIps() {\n return ImmutableList.of(\n \"\", \"bogus_string\", \"1234\", \"127.0.0.1\", \"www.google.com\", \"[1:2e]\", \"[fe80:a\");\n }\n}\n"
},
{
"path": "main/src/test/java/com/google/tsunami/main/cli/option/validator/IpValidatorTest.java",
"content": "/*\n * Copyright 2020 Google LLC\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\npackage com.google.tsunami.main.cli.option.validator;\n\nimport static com.google.common.truth.Truth.assertThat;\nimport static org.junit.Assert.assertThrows;\n\nimport com.beust.jcommander.ParameterException;\nimport com.google.common.collect.ImmutableList;\nimport org.junit.Test;\n\n/** Base class for IP validators. */\npublic abstract class IpValidatorTest {\n\n @Test\n public void validate_withValidIpValue_doesNotThrows() {\n for (String validIp : validIps()) {\n try {\n getValidator().validate(flagName(), validIp);\n } catch (ParameterException e) {\n throw new AssertionError(\"Unexpected ParameterException for IP: \" + validIp, e);\n }\n }\n }\n\n @Test\n public void validate_withInvalidIpValue_throwsParameterException() {\n for (String invalidIp : invalidIps()) {\n ParameterException exception =\n assertThrows(\n ParameterException.class, () -> getValidator().validate(flagName(), invalidIp));\n assertThat(exception)\n .hasMessageThat()\n .isEqualTo(\n String.format(\n \"Parameter %s should point to a valid IP v%d address, got '%s'\",\n flagName(), getValidator().ipVersion(), invalidIp));\n }\n }\n\n protected abstract String flagName();\n\n protected abstract IpValidator getValidator();\n\n protected abstract ImmutableList validIps();\n\n protected abstract ImmutableList