From 4f3e91351407572094a88de2f91b9c91f2453218 Mon Sep 17 00:00:00 2001
From: Monu Lakshkar <mlakshkar@newrelic.com>
Date: Mon, 11 Sep 2023 18:01:50 +0530
Subject: [PATCH] async-http-client: added unit test cases

---
 .../async-http-client-2.1.0/build.gradle      |   1 +
 .../AsyncHttpClientTest.java                  | 603 ++++++++++++++++++
 2 files changed, 604 insertions(+)
 create mode 100644 instrumentation-security/async-http-client-2.1.0/src/test/java/com/nr/agent/instrumentation/asynchttpclient210/AsyncHttpClientTest.java

diff --git a/instrumentation-security/async-http-client-2.1.0/build.gradle b/instrumentation-security/async-http-client-2.1.0/build.gradle
index 0a31a0d88..b043cd72b 100644
--- a/instrumentation-security/async-http-client-2.1.0/build.gradle
+++ b/instrumentation-security/async-http-client-2.1.0/build.gradle
@@ -3,6 +3,7 @@ dependencies {
     implementation("com.newrelic.agent.java:newrelic-weaver-api:${nrAPIVersion}")
     implementation("com.newrelic.agent.java:newrelic-api:${nrAPIVersion}")
     implementation("org.asynchttpclient:async-http-client:2.1.1")
+    testImplementation("org.nanohttpd:nanohttpd-websocket:2.2.0")
 }
 
 jar {
diff --git a/instrumentation-security/async-http-client-2.1.0/src/test/java/com/nr/agent/instrumentation/asynchttpclient210/AsyncHttpClientTest.java b/instrumentation-security/async-http-client-2.1.0/src/test/java/com/nr/agent/instrumentation/asynchttpclient210/AsyncHttpClientTest.java
new file mode 100644
index 000000000..1287b5dc6
--- /dev/null
+++ b/instrumentation-security/async-http-client-2.1.0/src/test/java/com/nr/agent/instrumentation/asynchttpclient210/AsyncHttpClientTest.java
@@ -0,0 +1,603 @@
+package com.nr.agent.instrumentation.asynchttpclient210;
+
+import com.newrelic.agent.security.introspec.InstrumentationTestConfig;
+import com.newrelic.agent.security.introspec.SecurityInstrumentationTestRunner;
+import com.newrelic.agent.security.introspec.SecurityIntrospector;
+import com.newrelic.agent.security.introspec.internal.HttpServerRule;
+import com.newrelic.api.agent.Trace;
+import com.newrelic.api.agent.security.instrumentation.helpers.ServletHelper;
+import com.newrelic.api.agent.security.schema.AbstractOperation;
+import com.newrelic.api.agent.security.schema.VulnerabilityCaseType;
+import com.newrelic.api.agent.security.schema.operation.SSRFOperation;
+import com.newrelic.security.test.marker.Java11IncompatibleTest;
+import com.newrelic.security.test.marker.Java17IncompatibleTest;
+import org.asynchttpclient.*;
+import org.junit.Assert;
+import org.junit.FixMethodOrder;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.experimental.categories.Category;
+import org.junit.runner.RunWith;
+import org.junit.runners.MethodSorters;
+
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+import java.util.concurrent.ExecutionException;
+import java.util.concurrent.Future;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+@Category({ Java11IncompatibleTest.class, Java17IncompatibleTest.class })
+@RunWith(SecurityInstrumentationTestRunner.class)
+@FixMethodOrder(MethodSorters.NAME_ASCENDING)
+@InstrumentationTestConfig(includePrefixes = {"org.asynchttpclient"})
+public class AsyncHttpClientTest {
+
+    @Rule
+    public HttpServerRule server = new HttpServerRule();
+
+    @Test
+    public void testExecuteGet() throws URISyntaxException, IOException {
+        String headerValue = String.valueOf(UUID.randomUUID());
+
+        SecurityIntrospector introspector = SecurityInstrumentationTestRunner.getIntrospector();
+        introspector.setK2FuzzRequestId(headerValue);
+        introspector.setK2TracingData(headerValue);
+
+        makeAsyncRequestGet(server.getEndPoint().toURL().toString());
+
+        List<AbstractOperation> operations = introspector.getOperations();
+        Assert.assertTrue("No operations detected", operations.size() > 0);
+        assertEquals("Invalid number of operations detected", 1, operations.size());
+        SSRFOperation operation = (SSRFOperation) operations.get(0);
+        Map<String, String> headers = server.getHeaders();
+        Assert.assertEquals("Invalid executed parameters.", server.getEndPoint().toString(), operation.getArg());
+        Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.HTTP_REQUEST, operation.getCaseType());
+        Assert.assertEquals("Invalid executed method name.", AsynchttpHelper.METHOD_EXECUTE, operation.getMethodName());
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headers.containsKey(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headerValue, headers.get(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), String.format("%s;DUMMY_UUID/dummy-api-id/dummy-exec-id;", headerValue), headers.get(
+                ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+    }
+
+    @Test
+    public void testExecutePost() throws URISyntaxException, IOException {
+        String headerValue = String.valueOf(UUID.randomUUID());
+
+        SecurityIntrospector introspector = SecurityInstrumentationTestRunner.getIntrospector();
+        introspector.setK2FuzzRequestId(headerValue);
+        introspector.setK2TracingData(headerValue);
+
+        makeAsyncRequestPost(server.getEndPoint().toURL().toString());
+
+        List<AbstractOperation> operations = introspector.getOperations();
+        Assert.assertTrue("No operations detected", operations.size() > 0);
+        assertEquals("Invalid number of operations detected", 1, operations.size());
+        SSRFOperation operation = (SSRFOperation) operations.get(0);
+        Map<String, String> headers = server.getHeaders();
+        Assert.assertEquals("Invalid executed parameters.", server.getEndPoint().toString(), operation.getArg());
+        Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.HTTP_REQUEST, operation.getCaseType());
+        Assert.assertEquals("Invalid executed method name.", AsynchttpHelper.METHOD_EXECUTE, operation.getMethodName());
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headers.containsKey(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headerValue, headers.get(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), String.format("%s;DUMMY_UUID/dummy-api-id/dummy-exec-id;", headerValue), headers.get(
+                ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+    }
+
+    @Test
+    public void testExecutePut() throws URISyntaxException, IOException {
+        String headerValue = String.valueOf(UUID.randomUUID());
+
+        SecurityIntrospector introspector = SecurityInstrumentationTestRunner.getIntrospector();
+        introspector.setK2FuzzRequestId(headerValue);
+        introspector.setK2TracingData(headerValue);
+
+        makeAsyncRequestPut(server.getEndPoint().toURL().toString());
+
+        List<AbstractOperation> operations = introspector.getOperations();
+        Assert.assertTrue("No operations detected", operations.size() > 0);
+        assertEquals("Invalid number of operations detected", 1, operations.size());
+        SSRFOperation operation = (SSRFOperation) operations.get(0);
+        Map<String, String> headers = server.getHeaders();
+        Assert.assertEquals("Invalid executed parameters.", server.getEndPoint().toString(), operation.getArg());
+        Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.HTTP_REQUEST, operation.getCaseType());
+        Assert.assertEquals("Invalid executed method name.", AsynchttpHelper.METHOD_EXECUTE, operation.getMethodName());
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headers.containsKey(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headerValue, headers.get(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), String.format("%s;DUMMY_UUID/dummy-api-id/dummy-exec-id;", headerValue), headers.get(
+                ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+    }
+
+    @Test
+    public void testExecuteDelete() throws URISyntaxException, IOException {
+        String headerValue = String.valueOf(UUID.randomUUID());
+
+        SecurityIntrospector introspector = SecurityInstrumentationTestRunner.getIntrospector();
+        introspector.setK2FuzzRequestId(headerValue);
+        introspector.setK2TracingData(headerValue);
+
+        makeAsyncRequestDelete(server.getEndPoint().toURL().toString());
+
+        List<AbstractOperation> operations = introspector.getOperations();
+        Assert.assertTrue("No operations detected", operations.size() > 0);
+        assertEquals("Invalid number of operations detected", 1, operations.size());
+        SSRFOperation operation = (SSRFOperation) operations.get(0);
+        Map<String, String> headers = server.getHeaders();
+        Assert.assertEquals("Invalid executed parameters.", server.getEndPoint().toString(), operation.getArg());
+        Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.HTTP_REQUEST, operation.getCaseType());
+        Assert.assertEquals("Invalid executed method name.", AsynchttpHelper.METHOD_EXECUTE, operation.getMethodName());
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headers.containsKey(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headerValue, headers.get(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), String.format("%s;DUMMY_UUID/dummy-api-id/dummy-exec-id;", headerValue), headers.get(
+                ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+    }
+
+    @Test
+    public void testExecuteHead() throws URISyntaxException, IOException {
+        String headerValue = String.valueOf(UUID.randomUUID());
+
+        SecurityIntrospector introspector = SecurityInstrumentationTestRunner.getIntrospector();
+        introspector.setK2FuzzRequestId(headerValue);
+        introspector.setK2TracingData(headerValue);
+
+        makeAsyncRequestHead(server.getEndPoint().toURL().toString());
+
+        List<AbstractOperation> operations = introspector.getOperations();
+        Assert.assertTrue("No operations detected", operations.size() > 0);
+        assertEquals("Invalid number of operations detected", 1, operations.size());
+        SSRFOperation operation = (SSRFOperation) operations.get(0);
+        Map<String, String> headers = server.getHeaders();
+        Assert.assertEquals("Invalid executed parameters.", server.getEndPoint().toString(), operation.getArg());
+        Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.HTTP_REQUEST, operation.getCaseType());
+        Assert.assertEquals("Invalid executed method name.", AsynchttpHelper.METHOD_EXECUTE, operation.getMethodName());
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headers.containsKey(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headerValue, headers.get(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), String.format("%s;DUMMY_UUID/dummy-api-id/dummy-exec-id;", headerValue), headers.get(
+                ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+    }
+
+    @Test
+    public void testExecuteOptions() throws URISyntaxException, IOException {
+        String headerValue = String.valueOf(UUID.randomUUID());
+
+        SecurityIntrospector introspector = SecurityInstrumentationTestRunner.getIntrospector();
+        introspector.setK2FuzzRequestId(headerValue);
+        introspector.setK2TracingData(headerValue);
+
+        makeAsyncRequestOptions(server.getEndPoint().toURL().toString());
+
+        List<AbstractOperation> operations = introspector.getOperations();
+        Assert.assertTrue("No operations detected", operations.size() > 0);
+        assertEquals("Invalid number of operations detected", 1, operations.size());
+        SSRFOperation operation = (SSRFOperation) operations.get(0);
+        Map<String, String> headers = server.getHeaders();
+        Assert.assertEquals("Invalid executed parameters.", server.getEndPoint().toString(), operation.getArg());
+        Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.HTTP_REQUEST, operation.getCaseType());
+        Assert.assertEquals("Invalid executed method name.", AsynchttpHelper.METHOD_EXECUTE, operation.getMethodName());
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headers.containsKey(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headerValue, headers.get(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), String.format("%s;DUMMY_UUID/dummy-api-id/dummy-exec-id;", headerValue), headers.get(
+                ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+    }
+
+    @Test
+    public void testExecuteConnect() throws URISyntaxException, IOException {
+        String headerValue = String.valueOf(UUID.randomUUID());
+
+        SecurityIntrospector introspector = SecurityInstrumentationTestRunner.getIntrospector();
+        introspector.setK2FuzzRequestId(headerValue);
+        introspector.setK2TracingData(headerValue);
+
+        makeAsyncRequestConnect(server.getEndPoint().toURL().toString());
+
+        List<AbstractOperation> operations = introspector.getOperations();
+        Assert.assertTrue("No operations detected", operations.size() > 0);
+        assertEquals("Invalid number of operations detected", 1, operations.size());
+        SSRFOperation operation = (SSRFOperation) operations.get(0);
+        Map<String, String> headers = server.getHeaders();
+        Assert.assertEquals("Invalid executed parameters.", server.getEndPoint().toString(), operation.getArg());
+        Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.HTTP_REQUEST, operation.getCaseType());
+        Assert.assertEquals("Invalid executed method name.", AsynchttpHelper.METHOD_EXECUTE, operation.getMethodName());
+        Assert.assertFalse(String.format("Unexpected K2 header: %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headers.containsKey(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertFalse(String.format("Unexpected K2 header: %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+    }
+
+    @Test
+    public void testExecuteRequest() throws URISyntaxException, IOException {
+        String headerValue = String.valueOf(UUID.randomUUID());
+
+        SecurityIntrospector introspector = SecurityInstrumentationTestRunner.getIntrospector();
+        introspector.setK2FuzzRequestId(headerValue);
+        introspector.setK2TracingData(headerValue);
+
+        makeAsyncRequest(server.getEndPoint().toURL().toString());
+
+        List<AbstractOperation> operations = introspector.getOperations();
+        Assert.assertTrue("No operations detected", operations.size() > 0);
+        assertEquals("Invalid number of operations detected", 1, operations.size());
+        SSRFOperation operation = (SSRFOperation) operations.get(0);
+        Map<String, String> headers = server.getHeaders();
+        Assert.assertEquals("Invalid executed parameters.", server.getEndPoint().toString(), operation.getArg());
+        Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.HTTP_REQUEST, operation.getCaseType());
+        Assert.assertEquals("Invalid executed method name.", AsynchttpHelper.METHOD_EXECUTE, operation.getMethodName());
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headers.containsKey(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headerValue, headers.get(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), String.format("%s;DUMMY_UUID/dummy-api-id/dummy-exec-id;", headerValue), headers.get(
+                ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+    }
+
+    @Test
+    public void testExecuteRequestBuilder() throws URISyntaxException, IOException {
+        String headerValue = String.valueOf(UUID.randomUUID());
+
+        SecurityIntrospector introspector = SecurityInstrumentationTestRunner.getIntrospector();
+        introspector.setK2FuzzRequestId(headerValue);
+        introspector.setK2TracingData(headerValue);
+
+        makeAsyncRequestBuilder(server.getEndPoint().toURL().toString());
+
+        List<AbstractOperation> operations = introspector.getOperations();
+        Assert.assertTrue("No operations detected", operations.size() > 0);
+        assertEquals("Invalid number of operations detected", 1, operations.size());
+        SSRFOperation operation = (SSRFOperation) operations.get(0);
+        Map<String, String> headers = server.getHeaders();
+        Assert.assertEquals("Invalid executed parameters.", server.getEndPoint().toString(), operation.getArg());
+        Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.HTTP_REQUEST, operation.getCaseType());
+        Assert.assertEquals("Invalid executed method name.", AsynchttpHelper.METHOD_EXECUTE, operation.getMethodName());
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headers.containsKey(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headerValue, headers.get(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), String.format("%s;DUMMY_UUID/dummy-api-id/dummy-exec-id;", headerValue), headers.get(
+                ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+    }
+
+    @Test
+    public void testExecuteTrace() throws URISyntaxException, IOException {
+        String headerValue = String.valueOf(UUID.randomUUID());
+
+        SecurityIntrospector introspector = SecurityInstrumentationTestRunner.getIntrospector();
+        introspector.setK2FuzzRequestId(headerValue);
+        introspector.setK2TracingData(headerValue);
+
+        makeAsyncRequestTrace(server.getEndPoint().toURL().toString());
+
+        List<AbstractOperation> operations = introspector.getOperations();
+        Assert.assertTrue("No operations detected", operations.size() > 0);
+        assertEquals("Invalid number of operations detected", 1, operations.size());
+        SSRFOperation operation = (SSRFOperation) operations.get(0);
+        Map<String, String> headers = server.getHeaders();
+        Assert.assertEquals("Invalid executed parameters.", server.getEndPoint().toString(), operation.getArg());
+        Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.HTTP_REQUEST, operation.getCaseType());
+        Assert.assertEquals("Invalid executed method name.", AsynchttpHelper.METHOD_EXECUTE, operation.getMethodName());
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headers.containsKey(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headerValue, headers.get(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), String.format("%s;DUMMY_UUID/dummy-api-id/dummy-exec-id;", headerValue), headers.get(
+                ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+    }
+
+    @Test
+    public void testExecute1() throws URISyntaxException, IOException {
+        String headerValue = String.valueOf(UUID.randomUUID());
+
+        SecurityIntrospector introspector = SecurityInstrumentationTestRunner.getIntrospector();
+        introspector.setK2FuzzRequestId(headerValue);
+        introspector.setK2TracingData(headerValue);
+
+        makeAsyncRequest1(server.getEndPoint().toURL().toString());
+
+        List<AbstractOperation> operations = introspector.getOperations();
+        Assert.assertTrue("No operations detected", operations.size() > 0);
+        assertEquals("Invalid number of operations detected", 1, operations.size());
+        SSRFOperation operation = (SSRFOperation) operations.get(0);
+        Map<String, String> headers = server.getHeaders();
+        Assert.assertEquals("Invalid executed parameters.", server.getEndPoint().toString(), operation.getArg());
+        Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.HTTP_REQUEST, operation.getCaseType());
+        Assert.assertEquals("Invalid executed method name.", AsynchttpHelper.METHOD_EXECUTE, operation.getMethodName());
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headers.containsKey(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headerValue, headers.get(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), String.format("%s;DUMMY_UUID/dummy-api-id/dummy-exec-id;", headerValue), headers.get(
+                ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+    }
+
+    @Test
+    public void testExecute2() throws URISyntaxException, IOException {
+        String headerValue = String.valueOf(UUID.randomUUID());
+
+        SecurityIntrospector introspector = SecurityInstrumentationTestRunner.getIntrospector();
+        introspector.setK2FuzzRequestId(headerValue);
+        introspector.setK2TracingData(headerValue);
+
+        makeAsyncRequest2(server.getEndPoint().toURL().toString());
+
+        List<AbstractOperation> operations = introspector.getOperations();
+        Assert.assertTrue("No operations detected", operations.size() > 0);
+        assertEquals("Invalid number of operations detected", 1, operations.size());
+        SSRFOperation operation = (SSRFOperation) operations.get(0);
+        Map<String, String> headers = server.getHeaders();
+        Assert.assertEquals("Invalid executed parameters.", server.getEndPoint().toString(), operation.getArg());
+        Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.HTTP_REQUEST, operation.getCaseType());
+        Assert.assertEquals("Invalid executed method name.", AsynchttpHelper.METHOD_EXECUTE, operation.getMethodName());
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headers.containsKey(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headerValue, headers.get(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), String.format("%s;DUMMY_UUID/dummy-api-id/dummy-exec-id;", headerValue), headers.get(
+                ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+    }
+
+    @Test
+    public void testExecute3() throws URISyntaxException, IOException {
+        String headerValue = String.valueOf(UUID.randomUUID());
+
+        SecurityIntrospector introspector = SecurityInstrumentationTestRunner.getIntrospector();
+        introspector.setK2FuzzRequestId(headerValue);
+        introspector.setK2TracingData(headerValue);
+
+        makeAsyncRequest3(server.getEndPoint().toURL().toString());
+
+        List<AbstractOperation> operations = introspector.getOperations();
+        Assert.assertTrue("No operations detected", operations.size() > 0);
+        assertEquals("Invalid number of operations detected", 1, operations.size());
+        SSRFOperation operation = (SSRFOperation) operations.get(0);
+        Map<String, String> headers = server.getHeaders();
+        Assert.assertEquals("Invalid executed parameters.", server.getEndPoint().toString(), operation.getArg());
+        Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.HTTP_REQUEST, operation.getCaseType());
+        Assert.assertEquals("Invalid executed method name.", AsynchttpHelper.METHOD_EXECUTE, operation.getMethodName());
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headers.containsKey(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headerValue, headers.get(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), String.format("%s;DUMMY_UUID/dummy-api-id/dummy-exec-id;", headerValue), headers.get(
+                ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+    }
+
+    @Test
+    public void testExecute4() throws URISyntaxException, IOException {
+        String headerValue = String.valueOf(UUID.randomUUID());
+
+        SecurityIntrospector introspector = SecurityInstrumentationTestRunner.getIntrospector();
+        introspector.setK2FuzzRequestId(headerValue);
+        introspector.setK2TracingData(headerValue);
+
+        makeAsyncRequest4(server.getEndPoint().toURL().toString());
+
+        List<AbstractOperation> operations = introspector.getOperations();
+        Assert.assertTrue("No operations detected", operations.size() > 0);
+        assertEquals("Invalid number of operations detected", 1, operations.size());
+        SSRFOperation operation = (SSRFOperation) operations.get(0);
+        Map<String, String> headers = server.getHeaders();
+        Assert.assertEquals("Invalid executed parameters.", server.getEndPoint().toString(), operation.getArg());
+        Assert.assertEquals("Invalid event category.", VulnerabilityCaseType.HTTP_REQUEST, operation.getCaseType());
+        Assert.assertEquals("Invalid executed method name.", AsynchttpHelper.METHOD_EXECUTE, operation.getMethodName());
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headers.containsKey(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID), headerValue, headers.get(ServletHelper.CSEC_IAST_FUZZ_REQUEST_ID));
+        Assert.assertTrue(String.format("Missing K2 header: %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), headers.containsKey(ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+        Assert.assertEquals(String.format("Invalid K2 header value for:  %s", ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER), String.format("%s;DUMMY_UUID/dummy-api-id/dummy-exec-id;", headerValue), headers.get(
+                ServletHelper.CSEC_DISTRIBUTED_TRACING_HEADER.toLowerCase()));
+    }
+
+    @Trace(dispatcher = true)
+    private static void makeAsyncRequestGet(String url) {
+        DefaultAsyncHttpClientConfig.Builder clientBuilder = Dsl.config()
+                .setConnectTimeout(500);
+
+        try (AsyncHttpClient client = Dsl.asyncHttpClient(clientBuilder)) {
+            BoundRequestBuilder builder = client.prepareGet(url);
+            Future<Response> future = builder.execute();
+            Response response = future.get();
+            response.getStatusCode();
+        } catch (Exception e) {
+        }
+    }
+
+    @Trace(dispatcher = true)
+    private static void makeAsyncRequestPost(String url) {
+        DefaultAsyncHttpClientConfig.Builder clientBuilder = Dsl.config()
+                .setConnectTimeout(500);
+
+        try (AsyncHttpClient client = Dsl.asyncHttpClient(clientBuilder)) {
+            BoundRequestBuilder builder = client.preparePost(url);
+            Future<Response> future = builder.execute();
+            Response response = future.get();
+            response.getStatusCode();
+        } catch (Exception e) {
+        }
+    }
+
+    @Trace(dispatcher = true)
+    private static void makeAsyncRequestPut(String url) {
+        DefaultAsyncHttpClientConfig.Builder clientBuilder = Dsl.config()
+                .setConnectTimeout(500);
+
+        try (AsyncHttpClient client = Dsl.asyncHttpClient(clientBuilder)) {
+            BoundRequestBuilder builder = client.preparePut(url);
+            Future<Response> future = builder.execute();
+            Response response = future.get();
+            response.getStatusCode();
+        } catch (Exception e) {
+        }
+    }
+
+    @Trace(dispatcher = true)
+    private static void makeAsyncRequestDelete(String url) {
+        DefaultAsyncHttpClientConfig.Builder clientBuilder = Dsl.config()
+                .setConnectTimeout(500);
+
+        try (AsyncHttpClient client = Dsl.asyncHttpClient(clientBuilder)) {
+            BoundRequestBuilder builder = client.prepareDelete(url);
+            Future<Response> future = builder.execute();
+            Response response = future.get();
+            response.getStatusCode();
+        } catch (Exception e) {
+        }
+    }
+
+    @Trace(dispatcher = true)
+    private static void makeAsyncRequestHead(String url) {
+        DefaultAsyncHttpClientConfig.Builder clientBuilder = Dsl.config()
+                .setConnectTimeout(500);
+
+        try (AsyncHttpClient client = Dsl.asyncHttpClient(clientBuilder)) {
+            BoundRequestBuilder builder = client.prepareHead(url);
+            Future<Response> future = builder.execute();
+            Response response = future.get();
+            response.getStatusCode();
+        } catch (Exception e) {
+        }
+    }
+
+    @Trace(dispatcher = true)
+    private static void makeAsyncRequestOptions(String url) {
+        DefaultAsyncHttpClientConfig.Builder clientBuilder = Dsl.config()
+                .setConnectTimeout(500);
+
+        try (AsyncHttpClient client = Dsl.asyncHttpClient(clientBuilder)) {
+            BoundRequestBuilder builder = client.prepareOptions(url);
+            Future<Response> future = builder.execute();
+            Response response = future.get();
+            response.getStatusCode();
+        } catch (Exception e) {
+        }
+    }
+
+    @Trace(dispatcher = true)
+    private static void makeAsyncRequestConnect(String url) {
+        DefaultAsyncHttpClientConfig.Builder clientBuilder = Dsl.config()
+                .setConnectTimeout(500);
+
+        try (AsyncHttpClient client = Dsl.asyncHttpClient(clientBuilder)) {
+            BoundRequestBuilder builder = client.prepareConnect(url);
+            Future<Response> future = builder.execute();
+//            future.get();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+    @Trace(dispatcher = true)
+    private static void makeAsyncRequest(String url) {
+        DefaultAsyncHttpClientConfig.Builder clientBuilder = Dsl.config()
+                .setConnectTimeout(500);
+
+        try (AsyncHttpClient client = Dsl.asyncHttpClient(clientBuilder)) {
+            RequestBuilder requestBuilder = new RequestBuilder();
+            requestBuilder.setUrl(url);
+            BoundRequestBuilder builder = client.prepareRequest(requestBuilder.build());
+            Future<Response> future = builder.execute();
+            Response response = future.get();
+            response.getStatusCode();
+        } catch (Exception e) {
+        }
+    }
+
+    @Trace(dispatcher = true)
+    private static void makeAsyncRequestBuilder(String url) {
+        DefaultAsyncHttpClientConfig.Builder clientBuilder = Dsl.config()
+                .setConnectTimeout(500);
+
+        try (AsyncHttpClient client = Dsl.asyncHttpClient(clientBuilder)) {
+            RequestBuilder requestBuilder = new RequestBuilder();
+            requestBuilder.setUrl(url);
+            BoundRequestBuilder builder = client.prepareRequest(requestBuilder);
+            Future<Response> future = builder.execute();
+            Response response = future.get();
+            response.getStatusCode();
+        } catch (Exception e) {
+        }
+    }
+
+    @Trace(dispatcher = true)
+    private static void makeAsyncRequestTrace(String url) {
+        DefaultAsyncHttpClientConfig.Builder clientBuilder = Dsl.config()
+                .setConnectTimeout(500);
+
+        try (AsyncHttpClient client = Dsl.asyncHttpClient(clientBuilder)) {
+            BoundRequestBuilder builder = client.prepareTrace(url);
+            Future<Response> future = builder.execute();
+            Response response = future.get();
+            response.getStatusCode();
+        } catch (Exception e) {
+        }
+    }
+
+    @Trace(dispatcher = true)
+    private static void makeAsyncRequest1(String url) {
+        try(AsyncHttpClient client = new DefaultAsyncHttpClient()){
+            RequestBuilder requestBuilder = new RequestBuilder();
+            requestBuilder.setUrl(url);
+            ListenableFuture<Response> future = client.executeRequest(requestBuilder.build());
+            Response response = null;
+            response = future.get();
+            response.getStatusCode();
+        } catch (InterruptedException | ExecutionException | IOException e) {
+        }
+    }
+
+    @Trace(dispatcher = true)
+    private static void makeAsyncRequest2(String url) {
+        try(AsyncHttpClient client = new DefaultAsyncHttpClient(new DefaultAsyncHttpClientConfig.Builder().build())){
+            RequestBuilder requestBuilder = new RequestBuilder();
+            requestBuilder.setUrl(url);
+            ListenableFuture<Response> future = client.executeRequest(requestBuilder);
+            Response response = null;
+            response = future.get();
+            response.getStatusCode();
+        } catch (InterruptedException | ExecutionException | IOException e) {
+        }
+    }
+
+    @Trace(dispatcher = true)
+    private static void makeAsyncRequest3(String url) {
+        try(AsyncHttpClient client = new DefaultAsyncHttpClient(new DefaultAsyncHttpClientConfig.Builder().build())){
+            RequestBuilder requestBuilder = new RequestBuilder();
+            requestBuilder.setUrl(url);
+            Future<Response> f = client.executeRequest(requestBuilder.build(), new AsyncCompletionHandler<Response>() {
+
+                @Override
+                public Response onCompleted(Response response) throws IOException {
+                    return response;
+                }
+
+                @Override
+                public void onThrowable(Throwable t) {
+                }
+            });
+            Response response = f.get();
+            response.getStatusCode();
+        } catch (InterruptedException | ExecutionException | IOException e) {
+        }
+    }
+
+    @Trace(dispatcher = true)
+    private static void makeAsyncRequest4(String url) {
+        try(AsyncHttpClient client = new DefaultAsyncHttpClient(new DefaultAsyncHttpClientConfig.Builder().build())){
+            RequestBuilder requestBuilder = new RequestBuilder();
+            requestBuilder.setUrl(url);
+            Future<Response> f = client.executeRequest(requestBuilder, new AsyncCompletionHandler<Response>() {
+
+                @Override
+                public Response onCompleted(Response response) throws IOException {
+                    return response;
+                }
+
+                @Override
+                public void onThrowable(Throwable t) {
+                }
+            });
+            Response response = f.get();
+            response.getStatusCode();
+        } catch (InterruptedException | ExecutionException | IOException e) {
+        }
+    }
+}