Merge pull request lightbody#352 from jekh/require-method-when-blacklisting-connect

jekh · jekh · commit c2911127dde8 · 2016-01-01T13:30:09.000-08:00
Require HTTP method to blacklist CONNECTs
diff --git a/browsermob-core-littleproxy/src/main/java/net/lightbody/bmp/filters/BlacklistFilter.java b/browsermob-core-littleproxy/src/main/java/net/lightbody/bmp/filters/BlacklistFilter.java
@@ -3,6 +3,7 @@
 import io.netty.channel.ChannelHandlerContext;
 import io.netty.handler.codec.http.DefaultFullHttpResponse;
 import io.netty.handler.codec.http.HttpHeaders;
+import io.netty.handler.codec.http.HttpMethod;
 import io.netty.handler.codec.http.HttpObject;
 import io.netty.handler.codec.http.HttpRequest;
 import io.netty.handler.codec.http.HttpResponse;
@@ -37,6 +38,11 @@ public HttpResponse clientToProxyRequest(HttpObject httpObject) {
             String url = getFullUrl(httpRequest);
 
             for (BlacklistEntry entry : blacklistedUrls) {
+                if (HttpMethod.CONNECT.equals(httpRequest.getMethod()) && entry.getHttpMethodPatern() == null) {
+                    // do not allow CONNECTs to be blacklisted unless a method pattern is explicitly specified
+                    continue;
+                }
+
                 if (entry.matches(url, httpRequest.getMethod().name())) {
                     HttpResponseStatus status = HttpResponseStatus.valueOf(entry.getStatusCode());
                     HttpResponse resp = new DefaultFullHttpResponse(httpRequest.getProtocolVersion(), status);
diff --git a/browsermob-core-littleproxy/src/test/groovy/net/lightbody/bmp/proxy/BlacklistTest.groovy b/browsermob-core-littleproxy/src/test/groovy/net/lightbody/bmp/proxy/BlacklistTest.groovy
@@ -175,4 +175,31 @@ class BlacklistTest extends MockServerTest {
             assertThat("Expected blacklisted response to contain 0-length body", blacklistedResponseBody, isEmptyOrNullString())
         }
     }
+
+    @Test
+    void testBlacklistDoesNotApplyToCONNECT() {
+        mockServer.when(request()
+                .withMethod("GET")
+                .withPath("/connectNotBlacklisted"),
+                Times.unlimited())
+                .respond(response()
+                .withStatusCode(200)
+                .withBody("success"))
+
+        proxy = new BrowserMobProxyServer()
+        proxy.setTrustAllServers(true)
+        proxy.start()
+        int proxyPort = proxy.getPort()
+
+        // HTTP CONNECTs should not be blacklisted unless the method is explicitly specified
+        proxy.blacklistRequests("https://localhost:${mockServerPort}", 405)
+
+        ProxyServerTest.getNewHttpClient(proxyPort).withCloseable {
+            CloseableHttpResponse response = it.execute(new HttpGet("https://localhost:${mockServerPort}/connectNotBlacklisted"))
+            assertEquals("Expected to receive response from mock server after successful CONNECT", 200, response.getStatusLine().getStatusCode())
+
+            String responseBody = IOUtils.toStringAndClose(response.getEntity().getContent())
+            assertEquals("Expected to receive HTTP 200 and success message from server", "success", responseBody)
+        }
+    }
 }
