🧹 chore: Mark unused tests with t.SkipNow (#3366)

alexandear · web-flow · commit f6ac929fde9c · 2025-03-20T14:35:59.000+01:00
* 🚨 test: uncomment test and mark it with t.SkipNow

* fix lint issues
diff --git a/middleware/csrf/csrf_test.go b/middleware/csrf/csrf_test.go
@@ -1331,56 +1331,65 @@ func Test_CSRF_Cookie_Injection_Exploit(t *testing.T) {
 }
 
 // TODO: use this test case and make the unsafe header value bug from https://github.com/gofiber/fiber/issues/2045 reproducible and permanently fixed/tested by this testcase
-// func Test_CSRF_UnsafeHeaderValue(t *testing.T) {
-//  t.Parallel()
-// 	app := fiber.New()
-
-// 	app.Use(New())
-// 	app.Get("/", func(c fiber.Ctx) error {
-// 		return c.SendStatus(fiber.StatusOK)
-// 	})
-// 	app.Get("/test", func(c fiber.Ctx) error {
-// 		return c.SendStatus(fiber.StatusOK)
-// 	})
-// 	app.Post("/", func(c fiber.Ctx) error {
-// 		return c.SendStatus(fiber.StatusOK)
-// 	})
-
-// 	resp, err := app.Test(httptest.NewRequest(fiber.MethodGet, "/", nil))
-// 	require.NoError(t, err)
-// 	require.Equal(t, fiber.StatusOK, resp.StatusCode)
-
-// 	var token string
-// 	for _, c := range resp.Cookies() {
-// 		if c.Name != ConfigDefault.CookieName {
-// 			continue
-// 		}
-// 		token = c.Value
-// 		break
-// 	}
-
-// 	fmt.Println("token", token)
-
-// 	getReq := httptest.NewRequest(fiber.MethodGet, "/", nil)
-// 	getReq.Header.Set(HeaderName, token)
-// 	resp, err = app.Test(getReq)
-
-// 	getReq = httptest.NewRequest(fiber.MethodGet, "/test", nil)
-// 	getReq.Header.Set("X-Requested-With", "XMLHttpRequest")
-// 	getReq.Header.Set(fiber.HeaderCacheControl, "no")
-// 	getReq.Header.Set(HeaderName, token)
-
-// 	resp, err = app.Test(getReq)
-
-// 	getReq.Header.Set(fiber.HeaderAccept, "*/*")
-// 	getReq.Header.Del(HeaderName)
-// 	resp, err = app.Test(getReq)
-
-// 	postReq := httptest.NewRequest(fiber.MethodPost, "/", nil)
-// 	postReq.Header.Set("X-Requested-With", "XMLHttpRequest")
-// 	postReq.Header.Set(HeaderName, token)
-// 	resp, err = app.Test(postReq)
-// }
+func Test_CSRF_UnsafeHeaderValue(t *testing.T) {
+	t.SkipNow()
+	t.Parallel()
+	app := fiber.New()
+
+	app.Use(New())
+	app.Get("/", func(c fiber.Ctx) error {
+		return c.SendStatus(fiber.StatusOK)
+	})
+	app.Get("/test", func(c fiber.Ctx) error {
+		return c.SendStatus(fiber.StatusOK)
+	})
+	app.Post("/", func(c fiber.Ctx) error {
+		return c.SendStatus(fiber.StatusOK)
+	})
+
+	resp, err := app.Test(httptest.NewRequest(fiber.MethodGet, "/", nil))
+	require.NoError(t, err)
+	require.Equal(t, fiber.StatusOK, resp.StatusCode)
+
+	var token string
+	for _, c := range resp.Cookies() {
+		if c.Name != ConfigDefault.CookieName {
+			continue
+		}
+		token = c.Value
+		break
+	}
+
+	t.Log("token", token)
+
+	getReq := httptest.NewRequest(fiber.MethodGet, "/", nil)
+	getReq.Header.Set(HeaderName, token)
+	resp, err = app.Test(getReq)
+	require.NoError(t, err)
+	require.Equal(t, fiber.StatusOK, resp.StatusCode)
+
+	getReq = httptest.NewRequest(fiber.MethodGet, "/test", nil)
+	getReq.Header.Set("X-Requested-With", "XMLHttpRequest")
+	getReq.Header.Set(fiber.HeaderCacheControl, "no")
+	getReq.Header.Set(HeaderName, token)
+
+	resp, err = app.Test(getReq)
+	require.NoError(t, err)
+	require.Equal(t, fiber.StatusOK, resp.StatusCode)
+
+	getReq.Header.Set(fiber.HeaderAccept, "*/*")
+	getReq.Header.Del(HeaderName)
+	resp, err = app.Test(getReq)
+	require.NoError(t, err)
+	require.Equal(t, fiber.StatusOK, resp.StatusCode)
+
+	postReq := httptest.NewRequest(fiber.MethodPost, "/", nil)
+	postReq.Header.Set("X-Requested-With", "XMLHttpRequest")
+	postReq.Header.Set(HeaderName, token)
+	resp, err = app.Test(postReq)
+	require.NoError(t, err)
+	require.Equal(t, fiber.StatusOK, resp.StatusCode)
+}
 
 // go test -v -run=^$ -bench=Benchmark_Middleware_CSRF_Check -benchmem -count=4
 func Benchmark_Middleware_CSRF_Check(b *testing.B) {
