Skip to content

I 2 #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
MatteoDelOmbra wants to merge 11 commits into
base: main
Choose a base branch
from
Open

I 2 #38

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
4700217
added HTTP.UploadFile
julietpaw May 12, 2023
e3c589b
renamed
julietpaw May 12, 2023
4a719f9
Update README.md
julietpaw May 12, 2023
9639db0
tests renamed
julietpaw May 24, 2023
53d927a
Merge branch 'main' of https://github.com/juliapaw/Frends.HTTP
julietpaw May 24, 2023
e80e2de
Update according to comments
julietpaw Jun 13, 2023
7d2d03f
Merge branch 'i-2' into main
MatteoDelOmbra Jan 8, 2025
46a957a
Merge pull request #17 from julietpaw/main
MatteoDelOmbra Jan 8, 2025
374f7fe
refactori
Jan 10, 2025
139e48b
add coverlet
Jan 10, 2025
dcbb9fe
improve test coverage
Jan 10, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions .github/workflows/UploadFile_build_and_test_on_main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
name: UploadFile build_main

on:
push:
branches:
- main
paths:
- "Frends.HTTP.UploadFile/**"
workflow_dispatch:

jobs:
build:
uses: FrendsPlatform/FrendsTasks/.github/workflows/build_main.yml@main
with:
workdir: Frends.HTTP.UploadFile
secrets:
badge_service_api_key: ${{ secrets.BADGE_SERVICE_API_KEY }}
18 changes: 18 additions & 0 deletions .github/workflows/UploadFile_build_and_test_on_push.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: UploadFile push

on:
push:
branches-ignore:
- main
paths:
- "Frends.HTTP.UploadFile/**"
workflow_dispatch:

jobs:
build:
uses: FrendsPlatform/FrendsTasks/.github/workflows/build_test.yml@main
with:
workdir: Frends.HTTP.UploadFile
secrets:
badge_service_api_key: ${{ secrets.BADGE_SERVICE_API_KEY }}
test_feed_api_key: ${{ secrets.TASKS_TEST_FEED_API_KEY }}
12 changes: 12 additions & 0 deletions .github/workflows/UploadFile_release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
name: UploadFile release

on:
workflow_dispatch:

jobs:
build:
uses: FrendsPlatform/FrendsTasks/.github/workflows/release.yml@main
with:
workdir: Frends.HTTP.UploadFile
secrets:
feed_api_key: ${{ secrets.TASKS_FEED_API_KEY }}
5 changes: 5 additions & 0 deletions Frends.HTTP.UploadFile/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# Changelog

## [1.0.0] - 2025-01-09
### Added
- Initial implementation.
27 changes: 27 additions & 0 deletions Frends.HTTP.UploadFile/Frends.HTTP.UploadFile.Tests/Frends.HTTP.UploadFile.Tests.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
<Project Sdk="Microsoft.NET.Sdk">

<PropertyGroup>
<TargetFramework>net6.0</TargetFramework>

<IsPackable>false</IsPackable>
</PropertyGroup>

<ItemGroup>
<PackageReference Include="HttpMock" Version="2.3.1" />
<PackageReference Include="HttpMock.Verify.NUnit" Version="1.2.0" />
<PackageReference Include="Kayak" Version="0.7.2" />
<PackageReference Include="log4net" Version="2.0.15" />
<PackageReference Include="nunit" Version="3.13.3" />
<PackageReference Include="NUnit3TestAdapter" Version="4.5.0">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.0-preview.23280.1" />
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Jan 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Avoid preview versions in production code.

The Microsoft.NET.Test.Sdk is using a preview version (17.7.0-preview.23280.1). Consider using the latest stable version.

-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.0-preview.23280.1" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.6.3" />
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.0-preview.23280.1" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.6.3" />

<PackageReference Include="System.Net.Http" Version="4.3.4" />
</ItemGroup>

<ItemGroup>
<ProjectReference Include="..\Frends.HTTP.UploadFile\Frends.HTTP.UploadFile.csproj" />
</ItemGroup>

</Project>
50 changes: 50 additions & 0 deletions Frends.HTTP.UploadFile/Frends.HTTP.UploadFile.Tests/IntegrationTest.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
using Frends.HTTP.UploadFile.Definitions;
using HttpMock;
using HttpMock.Verify.NUnit;
using NUnit.Framework;
using System;
using System.IO;
using System.Text;
using System.Threading;
using System.Threading.Tasks;

namespace Frends.HTTP.UploadFile.Tests;

[TestFixture]
public class IntegrationTest
{
private IHttpServer _stubHttp;

[SetUp]
public void Setup()
{
_stubHttp = HttpMockRepository.At("http://localhost:9191");
}

[Test]
public async Task RequestShouldSetEncodingWithContentTypeCharsetIgnoringCase()
{
var filePath = Path.GetFullPath(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "../../..", "Test_files", "test_file.txt"));
var codePageName = "iso-8859-1";
var utf8ByteArray = File.ReadAllBytes(filePath);
var expectedContentType = $"text/plain; charset={codePageName}";
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Jan 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Improve file path handling and file operations.

Several improvements needed for better reliability:

  1. Use Path.Combine() with project-relative paths instead of hard-coded directory traversal
  2. Add file existence check
  3. Use async file operations
-var filePath = Path.GetFullPath(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "../../..", "Test_files", "test_file.txt"));
+var filePath = Path.Combine(TestContext.CurrentContext.TestDirectory, "Test_files", "test_file.txt");
+Assert.That(File.Exists(filePath), Is.True, "Test file not found");
-var utf8ByteArray = File.ReadAllBytes(filePath);
+var utf8ByteArray = await File.ReadAllBytesAsync(filePath);

Committable suggestion skipped: line range outside the PR's diff.


_stubHttp.Stub(x => x.Post("/endpoint"))
.AsContentType($"text/plain; charset={codePageName}")
.Return("foo ���")
.OK();

var contentType = new Header { Name = "cONTENT-tYpE", Value = expectedContentType };
var input = new Input { Method = Method.POST, Url = "http://localhost:9191/endpoint", Headers = new Header[1] { contentType }, FilePath = filePath };
var options = new Options { ConnectionTimeoutSeconds = 60 };
var result = await UploadFileTask.UploadFile(input, options, CancellationToken.None);
var request = _stubHttp.AssertWasCalled(called => called.Post("/endpoint")).LastRequest();
var requestHead = request.RequestHead;
var requestBodyByteArray = Encoding.GetEncoding(codePageName).GetBytes(request.Body);
var requestContentType = requestHead.Headers["cONTENT-tYpE"];

//Casing should not affect setting header.
Assert.That(requestContentType, Is.EqualTo(expectedContentType));
Assert.That(requestBodyByteArray, Is.EqualTo(utf8ByteArray));
}
}
Comment on lines +13 to +188
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Jan 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

The review comment is accurate - test coverage needs significant improvement

The implementation has error handling for several scenarios that are currently untested:

  • HTTP error responses (ThrowExceptionOnErrorResponse option)
  • Authentication with domain\username format
  • Certificate handling and validation
  • File not found scenarios

Additionally, the suggested scenarios from the review (large files, different content types, error scenarios, cancellation) are also missing.

🔗 Analysis chain

Consider adding more test scenarios.

The current test covers the basic case, but consider adding tests for:

  1. Large file uploads to verify streaming behavior
  2. Different content types (e.g., binary files, images)
  3. Error scenarios (network timeout, server errors)
  4. Cancellation token handling

Let me help you verify the current test coverage:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for all test methods in the test files
echo "Current test coverage:"
rg -l "public.*async.*Task.*Test" --type cs

# Look for existing error handling tests
echo -e "\nError handling coverage:"
rg "ThrowsAsync|Should.*Throw" --type cs

Length of output: 3832

Script:

#!/bin/bash
# Search specifically for UploadFile tests
echo "UploadFile test coverage:"
rg -t cs "class.*Test" "Frends.HTTP.UploadFile"

echo -e "\nTest methods in UploadFile:"
rg -t cs "public.*async.*Task.*Test|public.*void.*Test" "Frends.HTTP.UploadFile"

echo -e "\nError handling in UploadFile:"
rg -t cs "throw|catch|Exception" "Frends.HTTP.UploadFile"

Length of output: 1551

2 changes: 2 additions & 0 deletions Frends.HTTP.UploadFile/Frends.HTTP.UploadFile.Tests/Test_files/test_file.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Lorem lipsum
Sumpil merol
37 changes: 37 additions & 0 deletions Frends.HTTP.UploadFile/Frends.HTTP.UploadFile.sln
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 17
VisualStudioVersion = 17.4.33213.308
MinimumVisualStudioVersion = 10.0.40219.1
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Frends.HTTP.UploadFile", "Frends.HTTP.UploadFile\Frends.HTTP.UploadFile.csproj", "{35C305C0-8108-4A98-BB1D-AFE5C926239E}"
EndProject
Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Frends.HTTP.UploadFile.Tests", "Frends.HTTP.UploadFile.Tests\Frends.HTTP.UploadFile.Tests.csproj", "{8CA92187-8E4F-4414-803B-EC899479022E}"
EndProject
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{500C38D9-EBDF-49FE-ACFB-D22A5191B8BB}"
ProjectSection(SolutionItems) = preProject
CHANGELOG.md = CHANGELOG.md
README.md = README.md
EndProjectSection
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{35C305C0-8108-4A98-BB1D-AFE5C926239E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{35C305C0-8108-4A98-BB1D-AFE5C926239E}.Debug|Any CPU.Build.0 = Debug|Any CPU
{35C305C0-8108-4A98-BB1D-AFE5C926239E}.Release|Any CPU.ActiveCfg = Release|Any CPU
{35C305C0-8108-4A98-BB1D-AFE5C926239E}.Release|Any CPU.Build.0 = Release|Any CPU
{8CA92187-8E4F-4414-803B-EC899479022E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{8CA92187-8E4F-4414-803B-EC899479022E}.Debug|Any CPU.Build.0 = Debug|Any CPU
{8CA92187-8E4F-4414-803B-EC899479022E}.Release|Any CPU.ActiveCfg = Release|Any CPU
{8CA92187-8E4F-4414-803B-EC899479022E}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {55BC6629-85C9-48D8-8CA2-B0046AF1AF4B}
EndGlobalSection
EndGlobal
37 changes: 37 additions & 0 deletions Frends.HTTP.UploadFile/Frends.HTTP.UploadFile/Definitions/Authentication.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
namespace Frends.HTTP.UploadFile.Definitions;

/// <summary>
/// Represents the authentication method to be used with the request.
/// </summary>
public enum Authentication
{
/// <summary>
/// No authentication is used.
/// </summary>
None,

/// <summary>
/// Basic authentication is used, where the username and password are sent in plain text.
/// </summary>
Basic,
Comment on lines +13 to +16
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Jan 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Mark Basic authentication as obsolete or add security warning.

Basic authentication sends credentials in plain text and should only be used over HTTPS. Consider either marking it as obsolete or adding a security warning in the documentation.

Add a security warning like this:

 /// <summary>
 /// Basic authentication is used, where the username and password are sent in plain text.
+/// WARNING: Only use Basic authentication over HTTPS to prevent credential exposure.
 /// </summary>
+[System.Obsolete("Basic authentication is insecure. Consider using OAuth or ClientCertificate instead.")]
 Basic,
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
/// <summary>
/// Basic authentication is used, where the username and password are sent in plain text.
/// </summary>
Basic,
/// <summary>
/// Basic authentication is used, where the username and password are sent in plain text.
/// WARNING: Only use Basic authentication over HTTPS to prevent credential exposure.
/// </summary>
[System.Obsolete("Basic authentication is insecure. Consider using OAuth or ClientCertificate instead.")]
Basic,


/// <summary>
/// Windows authentication is used, where the user's Windows login credentials are used to authenticate the request.
/// </summary>
WindowsAuthentication,

/// <summary>
/// Windows integrated security is used, where the current Windows user's credentials are used to authenticate the request.
/// </summary>
WindowsIntegratedSecurity,

/// <summary>
/// OAuth token-based authentication is used, where a token is obtained from an authentication server and used to authenticate the request.
/// </summary>
OAuth,

/// <summary>
/// Client certificate-based authentication is used, where a client certificate is used to authenticate the request.
/// </summary>
ClientCertificate
}
19 changes: 19 additions & 0 deletions Frends.HTTP.UploadFile/Frends.HTTP.UploadFile/Definitions/Header.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
namespace Frends.HTTP.UploadFile.Definitions;
/// <summary>
/// Represents an HTTP header, which consists of a name-value pair.
/// </summary>
public class Header
{
/// <summary>
/// The name of the header.
/// </summary>
/// <example>Example Name</example>
public string Name { get; set; }

/// <summary>
/// The value of the header.
/// </summary>
/// <example>Example Value</example>
public string Value { get; set; }

}
37 changes: 37 additions & 0 deletions Frends.HTTP.UploadFile/Frends.HTTP.UploadFile/Definitions/Input.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
using System.ComponentModel.DataAnnotations;
using System.ComponentModel;

namespace Frends.HTTP.UploadFile.Definitions;

/// <summary>
/// Represents the input data for the HTTP file upload operation.
/// </summary>
public class Input
{
Comment on lines +9 to +10
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Jan 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Add input validation attributes to ensure data integrity.

Consider adding validation attributes to enforce required properties and their constraints. This will help prevent runtime errors from missing or invalid input.

 /// </summary>
+[Serializable]
 public class Input
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
public class Input
{
[Serializable]
public class Input
{

/// <summary>
/// The HTTP Method to be used with the request.
/// </summary>
/// <example>GET</example>
public Method Method { get; set; }
Comment on lines +11 to +15
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Jan 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Add validation and default value for the Method property.

The Method property should be required and have a default value to prevent undefined behavior.

     /// </summary>
     /// <example>GET</example>
+    [Required(ErrorMessage = "HTTP Method is required")]
+    [DefaultValue(Method.POST)]
     public Method Method { get; set; }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
/// <summary>
/// The HTTP Method to be used with the request.
/// </summary>
/// <example>GET</example>
public Method Method { get; set; }
/// <summary>
/// The HTTP Method to be used with the request.
/// </summary>
/// <example>GET</example>
[Required(ErrorMessage = "HTTP Method is required")]
[DefaultValue(Method.POST)]
public Method Method { get; set; }


/// <summary>
/// The URL with protocol and path. You can include query parameters directly in the url.
/// </summary>
/// <example>https://example.org/path/to</example>
[DefaultValue("https://example.org/path/to")]
[DisplayFormat(DataFormatString = "Text")]
public string Url { get; set; }
Comment on lines +17 to +23
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Jan 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Enhance URL validation for security and correctness.

The URL property needs additional validation to ensure security and proper formatting.

     /// </summary>
     /// <example>https://example.org/path/to</example>
     [DefaultValue("https://example.org/path/to")]
     [DisplayFormat(DataFormatString = "Text")]
+    [Required(ErrorMessage = "URL is required")]
+    [RegularExpression(@"^https?:\/\/.*", ErrorMessage = "URL must start with http:// or https://")]
+    [StringLength(2048, ErrorMessage = "URL length cannot exceed 2048 characters")]
+    [Url(ErrorMessage = "Invalid URL format")]
     public string Url { get; set; }
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
/// <summary>
/// The URL with protocol and path. You can include query parameters directly in the url.
/// </summary>
/// <example>https://example.org/path/to</example>
[DefaultValue("https://example.org/path/to")]
[DisplayFormat(DataFormatString = "Text")]
public string Url { get; set; }
/// <summary>
/// The URL with protocol and path. You can include query parameters directly in the url.
/// </summary>
/// <example>https://example.org/path/to</example>
[DefaultValue("https://example.org/path/to")]
[DisplayFormat(DataFormatString = "Text")]
[Required(ErrorMessage = "URL is required")]
[RegularExpression(@"^https?:\/\/.*", ErrorMessage = "URL must start with http:// or https://")]
[StringLength(2048, ErrorMessage = "URL length cannot exceed 2048 characters")]
[Url(ErrorMessage = "Invalid URL format")]
public string Url { get; set; }


/// <summary>
/// The file path to be posted
/// </summary>
/// <example>C:\Users</example>
public string FilePath { get; set; }
Comment on lines +25 to +29
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Jan 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

⚠️ Potential issue

Critical security validations needed for file handling

The implementation confirms the need for security measures. Current code reads files without any validation, potentially exposing several vulnerabilities:

  • No path traversal protection
  • Missing file existence validation
  • Loads entire file into memory without size limits (potential DoS)
  • No file access permission checks

The suggested property validations and runtime checks are necessary. Additionally, consider:

  • Implementing streaming for large files instead of File.ReadAllBytes
  • Adding configurable file size limits
  • Validating file existence before attempting to read
🔗 Analysis chain

Add critical security validations for file path.

The FilePath property requires validation to prevent security vulnerabilities like path traversal and to ensure proper file handling.

     /// </summary>
     /// <example>C:\Users</example>
+    [Required(ErrorMessage = "File path is required")]
+    [RegularExpression(@"^[^<>:""/\\|?*]+$", ErrorMessage = "File path contains invalid characters")]
+    [StringLength(260, ErrorMessage = "File path exceeds maximum length")]
     public string FilePath { get; set; }

Additionally, implement runtime validation in the task execution to:

  1. Verify file existence
  2. Check file size limits
  3. Validate file permissions
  4. Prevent path traversal attacks
🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check if the implementation includes file validation
rg -l "File\.(Exists|Length)" Frends.HTTP.UploadFile

Length of output: 54

Script:

#!/bin/bash
# Search for file upload implementation and validation patterns
echo "=== Searching for file handling code ==="
rg -l "new FileStream|File\." Frends.HTTP.UploadFile

echo -e "\n=== Searching for HTTP upload implementation ==="
ast-grep --pattern 'public static async Task<Output> UploadFile($$$)'

echo -e "\n=== Checking for validation patterns ==="
rg "throw new|Exception|validate|check" Frends.HTTP.UploadFile -A 2

Length of output: 3090

Script:

#!/bin/bash
# Examine the main implementation file
echo "=== Main implementation file content ==="
cat Frends.HTTP.UploadFile/Frends.HTTP.UploadFile/Frends.HTTP.UploadFile.cs

echo -e "\n=== Searching for file stream handling ==="
rg "new (FileStream|StreamContent)" Frends.HTTP.UploadFile -A 3

Length of output: 5880


/// <summary>
/// List of HTTP headers to be added to the request.
/// </summary>
/// <example>Name: Header, Value: HeaderValue</example>
public Header[] Headers { get; set; }
Comment on lines +31 to +35
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Jan 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Add validation for HTTP headers to prevent injection.

The Headers property needs validation to prevent header injection and ensure proper formatting.

     /// </summary>
     /// <example>Name: Header, Value: HeaderValue</example>
+    [ValidateHeaderArray(ErrorMessage = "Invalid headers")]
     public Header[] Headers { get; set; }

Create a custom validation attribute:

public class ValidateHeaderArrayAttribute : ValidationAttribute
{
    public override bool IsValid(object value)
    {
        if (value is Header[] headers)
        {
            foreach (var header in headers)
            {
                if (string.IsNullOrWhiteSpace(header.Name) ||
                    header.Name.Any(ch => ch <= 32 || ch >= 127) ||
                    header.Value?.Any(ch => ch <= 31 || ch >= 127) == true)
                {
                    return false;
                }
            }
        }
        return true;
    }
}

}

17 changes: 17 additions & 0 deletions Frends.HTTP.UploadFile/Frends.HTTP.UploadFile/Definitions/Method.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
namespace Frends.HTTP.UploadFile.Definitions;


/// <summary>
/// Represents the HTTP method to be used with the request.
/// </summary>
public enum Method
{
/// <summary>
/// The HTTP POST method is used to submit an entity to the specified resource, often causing a change in state or side effects on the server.
/// </summary>
POST,
/// <summary>
/// The HTTP PUT method is used to replace or update a current resource with new content.
/// </summary>
PUT
}
78 changes: 78 additions & 0 deletions Frends.HTTP.UploadFile/Frends.HTTP.UploadFile/Definitions/Options.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
using System.ComponentModel.DataAnnotations;
using System.ComponentModel;

namespace Frends.HTTP.UploadFile.Definitions;

/// <summary>
/// Options for the HTTP request.
/// </summary>
public class Options
{
/// <summary>
/// Method of authenticating request
/// </summary>
/// <example>Basic</example>
public Authentication Authentication { get; set; }

/// <summary>
/// If WindowsAuthentication is selected you should use domain\username
/// </summary>
/// <example>Domain\User</example>
[UIHint(nameof(Definitions.Authentication), "", Authentication.WindowsAuthentication, Authentication.Basic)]
public string Username { get; set; }

/// <summary>
/// Password for the user.
/// </summary>
/// <example>Example Password</example>
[PasswordPropertyText]
[UIHint(nameof(Definitions.Authentication), "", Authentication.WindowsAuthentication, Authentication.Basic)]
public string Password { get; set; }

/// <summary>
/// Bearer token to be used for request. Token will be added as Authorization header.
/// </summary>
/// <example>exampleOAuthToken</example>
[PasswordPropertyText]
[UIHint(nameof(Definitions.Authentication), "", Authentication.OAuth)]
public string Token { get; set; }

/// <summary>
/// Thumbprint for using client certificate authentication.
/// </summary>
/// <example>exampleCertificateThumbprint</example>
[UIHint(nameof(Definitions.Authentication), "", Authentication.ClientCertificate)]
public string CertificateThumbprint { get; set; }

/// <summary>
/// Timeout in seconds to be used for the connection and operation.
/// </summary>
/// <example>30</example>
[DefaultValue(30)]
public int ConnectionTimeoutSeconds { get; set; }

/// <summary>
/// If FollowRedirects is set to false, all responses with an HTTP status code from 300 to 399 is returned to the application.
/// </summary>
/// <example>true</example>
[DefaultValue(true)]
public bool FollowRedirects { get; set; }

/// <summary>
/// Do not throw an exception on certificate error.
/// </summary>
/// <example>true</example>
public bool AllowInvalidCertificate { get; set; }

/// <summary>
/// Some API's return faulty content-type charset header. This setting overrides the returned charset.
/// </summary>
/// <example>false</example>
public bool AllowInvalidResponseContentTypeCharSet { get; set; }

/// <summary>
/// Throw exception if return code of request is not successfull
/// </summary>
/// <example>true</example>
public bool ThrowExceptionOnErrorResponse { get; set; }
}
Loading