From ffc737d1b7616997c92a2aa817fed70d31783597 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roberto=20Abdelkader=20Mart=C3=ADnez=20P=C3=A9rez?=
 <robertomartinezp@gmail.com>
Date: Mon, 21 Oct 2019 09:26:56 +0200
Subject: [PATCH] Pending test for header validation.

Co-authored-by: Hector Hurtado <hector.hurtado@bbva.com>
---
 internal/server/data/resource_test.go | 38 +++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/internal/server/data/resource_test.go b/internal/server/data/resource_test.go
index 99851a8..fe8a6b9 100644
--- a/internal/server/data/resource_test.go
+++ b/internal/server/data/resource_test.go
@@ -1136,3 +1136,41 @@ func TestSetResponseHeadersAddsGivenHeaderWhenAlreadySet(t *testing.T) {
 		t.Errorf(`Header mismatch. Expected ["BAZ", "QUX"]. Contents %v`, res.Header)
 	}
 }
+
+// TODO: Validate Header Key encoding
+func TestSetResponseHeaders400sOnInvalidHeaderKey(t *testing.T) {
+	t.Skip("Somebody has to validate header key, but net/http doesn't give us any facility (yet).")
+	hw := httptest.NewRecorder()
+	h := model.Handler{
+		Request: httptest.NewRequest("POST", "/", nil),
+		Writer:  hw,
+	}
+	r := createMuxRequest("/handlers/HANDLERID/response/headers/{name}", "/handlers/HANDLERID/response/headers/%0a", "PUT", strings.NewReader("BAZ"))
+	w := httptest.NewRecorder()
+
+	setResponseHeaders(w, r, &h)
+
+	res := w.Result()
+	if res.StatusCode != http.StatusBadRequest {
+		t.Errorf("Status code mismatch. Expected: 400, Got: %d", res.StatusCode)
+	}
+}
+
+// TODO: Validate Header Value encoding
+func TestSetResponseHeaders400sOnInvalidHeaderValue(t *testing.T) {
+	t.Skip("Somebody has to validate header value, but net/http doesn't give us any facility (yet).")
+	hw := httptest.NewRecorder()
+	h := model.Handler{
+		Request: httptest.NewRequest("POST", "/", nil),
+		Writer:  hw,
+	}
+	r := createMuxRequest("/handlers/HANDLERID/response/headers/{name}", "/handlers/HANDLERID/response/headers/foo", "PUT", strings.NewReader("\n"))
+	w := httptest.NewRecorder()
+
+	setResponseHeaders(w, r, &h)
+
+	res := w.Result()
+	if res.StatusCode != http.StatusBadRequest {
+		t.Errorf("Status code mismatch. Expected: 400, Got: %d", res.StatusCode)
+	}
+}