From 4001cd9e771cfc7d70d9414d483753b283e6e112 Mon Sep 17 00:00:00 2001 From: Patrick Boos Date: Tue, 27 Aug 2024 11:40:13 +0200 Subject: [PATCH] feature: Exclude graphql paths by default --- .../api/selector/DefaultTrafficSelector.java | 5 ++++- .../selector/DefaultTrafficSelectorTest.java | 18 +++++++++++++++++- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/openapi-validation-api/src/main/java/com/getyourguide/openapi/validation/api/selector/DefaultTrafficSelector.java b/openapi-validation-api/src/main/java/com/getyourguide/openapi/validation/api/selector/DefaultTrafficSelector.java index 6b9e29f..6695d24 100644 --- a/openapi-validation-api/src/main/java/com/getyourguide/openapi/validation/api/selector/DefaultTrafficSelector.java +++ b/openapi-validation-api/src/main/java/com/getyourguide/openapi/validation/api/selector/DefaultTrafficSelector.java @@ -12,6 +12,7 @@ public class DefaultTrafficSelector implements TrafficSelector { private final double sampleRate; private final Set excludedPaths; + private final Set defaultExcludedPaths; private final List excludedHeaders; private final Boolean shouldFailOnRequestViolation; private final Boolean shouldFailOnResponseViolation; @@ -28,6 +29,7 @@ public DefaultTrafficSelector( Boolean shouldFailOnResponseViolation ) { this.sampleRate = sampleRate; + this.defaultExcludedPaths = Set.of("/graphql", "/graphiql"); this.excludedPaths = excludedPaths != null ? excludedPaths : Set.of(); this.excludedHeaders = excludedHeaders != null ? excludedHeaders : Collections.emptyList(); this.shouldFailOnRequestViolation = shouldFailOnRequestViolation != null ? shouldFailOnRequestViolation : false; @@ -82,7 +84,8 @@ private boolean isRequestExcludedByHeader(RequestMetaData request) { } private boolean isRequestExcludedByPath(RequestMetaData request) { - return excludedPaths.contains(request.getUri().getPath()); + var path = request.getUri().getPath(); + return defaultExcludedPaths.contains(path) || excludedPaths.contains(path); } private static boolean methodEquals(String method, String expectedMethod) { diff --git a/openapi-validation-api/src/test/java/com/getyourguide/openapi/validation/api/selector/DefaultTrafficSelectorTest.java b/openapi-validation-api/src/test/java/com/getyourguide/openapi/validation/api/selector/DefaultTrafficSelectorTest.java index 822a725..3117672 100644 --- a/openapi-validation-api/src/test/java/com/getyourguide/openapi/validation/api/selector/DefaultTrafficSelectorTest.java +++ b/openapi-validation-api/src/test/java/com/getyourguide/openapi/validation/api/selector/DefaultTrafficSelectorTest.java @@ -31,11 +31,18 @@ public void testIsExcludedByHeaderPattern() { assertHeaderIsExcluded(true, "x-is-bot", "true"); assertHeaderIsExcluded(false, "x-is-bot", "truebot"); + } + + @Test + public void testIsExcludedByPath() { + // Default exclusions + assertPathIsExcluded(true, "/graphql"); + assertPathIsExcluded(true, "/graphiql"); + assertPathIsExcluded(false, "/v1/path"); } private void assertHeaderIsExcluded(boolean expectedExclusion, String headerName, String headerValue) { - var request = new RequestMetaData( "GET", URI.create("https://api.example.com/v1/path"), @@ -48,6 +55,15 @@ private void assertHeaderIsExcluded(boolean expectedExclusion, String headerName assertEquals(!expectedExclusion, trafficSelector.shouldRequestBeValidated(request)); } + private void assertPathIsExcluded(boolean expectedExclusion, String path) { + var request = new RequestMetaData( + "GET", + URI.create("https://api.example.com" + path), + Map.of("Content-Type", "application/json") + ); + assertEquals(!expectedExclusion, trafficSelector.shouldRequestBeValidated(request)); + } + private Map toCaseInsensitiveMap(Map map) { var newMap = new TreeMap(String.CASE_INSENSITIVE_ORDER); newMap.putAll(map);