Merge pull request #195 from AikidoSec/test-blocking-on-spring-2.7

Add blocking & rate limiting e2e tests for SpringBoot2.7

Author: bitterpanda63

end2end/spring_boot_2.7_postgres.py

@@ -20,3 +20,5 @@
 )
 
 spring_boot_postgres_app.test_all_payloads()
+spring_boot_postgres_app.test_blocking()
+spring_boot_postgres_app.test_rate_limiting()

sample-apps/SpringBoot2.7Postgres/src/main/java/com/example/demo/HtmlController.java

@@ -44,4 +44,10 @@ public String benchmark_route() throws InterruptedException {
         Thread.sleep(1); // sleep 1ms
         return "OK";
     }
+
+    @GetMapping("/test_ratelimiting_1")
+    @ResponseBody
+    public String test_ratelimiting_route() throws InterruptedException {
+        return "OK";
+    }
 }

sample-apps/SpringBoot2.7Postgres/src/main/java/com/example/demo/SetUserFilter.java

@@ -1,11 +1,15 @@
 package com.example.demo;
 
+import dev.aikido.agent_api.SetUser;
 import org.springframework.core.annotation.Order;
 import org.springframework.stereotype.Component;
 
 import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
 import java.io.IOException;
 
+import static dev.aikido.agent_api.SetUser.setUser;
+
 
 @Component
 @Order(0)
@@ -16,7 +20,12 @@ public void doFilter(
             ServletRequest request,
             ServletResponse response,
             FilterChain chain) throws IOException, ServletException {
-        //setUser(new SetUser.UserObject("123", "John Doe"));
+        HttpServletRequest httpRequest = (HttpServletRequest) request;
+        if (httpRequest.getHeader("user") != null) {
+            // Useful for end2end tests:
+            String id = httpRequest.getHeader("user");
+            setUser(new SetUser.UserObject(id, "John Doe"));
+        }
         chain.doFilter(request, response);
     }
 }