Copilot commented on code in PR #13290:
URL: https://github.com/apache/trafficserver/pull/13290#discussion_r3455822852


##########
tests/gold_tests/autest-site/ats_replay.test.ext:
##########
@@ -23,6 +23,15 @@ import re
 import yaml
 
 
+def _contains_expression(contains_entry: dict, default_description: str):
+    '''Create a ContainsExpression tester from a log validation entry.'''
+    expression = contains_entry['expression']
+    description = contains_entry.get('description', default_description)
+    reflags = re.M if contains_entry.get('multiline', False) else 0
+
+    return Testers.ContainsExpression(expression, description, reflags=reflags)

Review Comment:
   The `multiline` option is currently mapped to `re.M` (MULTILINE), which only 
changes how `^`/`$` behave and does not allow `.` to match newlines. In this 
test suite, multi-line log matching typically needs `re.DOTALL | re.MULTILINE` 
(aka `re.S | re.M`) so expressions can span multiple lines without requiring 
`([\s\S])` everywhere.



##########
tests/gold_tests/logging/replay/log-debug-client-ip-http.replay.yaml:
##########
@@ -0,0 +1,129 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+meta:
+  version: "1.0"
+
+autest:
+  description: 'Verify client-IP-filtered debug logging for HTTP/1.1'
+
+  server:
+    name: 'server-log-debug-client-ip-http'
+
+  client:
+    name: 'client-log-debug-client-ip-http'
+
+  ats:
+    name: 'ts-log-debug-client-ip-http'
+    process_config:
+      enable_cache: false
+
+    records_config:
+      proxy.config.diags.debug.enabled: 2
+      proxy.config.diags.debug.tags: 'http'
+      proxy.config.diags.debug.client_ip: '127.0.0.1'
+
+    remap_config:
+    - from: 'http://debug-client-ip-http.test/'
+      to: 'http://127.0.0.1:{SERVER_HTTP_PORT}/'
+
+    log_validation:
+      traffic_out:
+        contains:
+        - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after 
hooks \+)[\s\S])*?uuid: log-debug-http-1'
+          description: 'HTTP transaction 1 logs the incoming request headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming 
O.S. Response \+)[\s\S])*?uuid: log-debug-http-1'
+          description: 'HTTP transaction 1 logs the proxy request headers 
after hooks.'
+          multiline: true
+        - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response 
2 \+)[\s\S])*?uuid: log-debug-http-1'
+          description: 'HTTP transaction 1 logs the incoming origin response 
headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid: log-debug-http-1'
+          description: 'HTTP transaction 1 logs the proxy response headers.'
+          multiline: true
+        - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after 
hooks \+)[\s\S])*?uuid: log-debug-http-2'
+          description: 'HTTP transaction 2 logs the incoming request headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming 
O.S. Response \+)[\s\S])*?uuid: log-debug-http-2'
+          description: 'HTTP transaction 2 logs the proxy request headers 
after hooks.'
+          multiline: true
+        - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response 
2 \+)[\s\S])*?uuid: log-debug-http-2'
+          description: 'HTTP transaction 2 logs the incoming origin response 
headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid: log-debug-http-2'

Review Comment:
   This regex for the "Proxy's Response 2" section is not bounded to a single 
transaction; if the uuid is missing from transaction 2's proxy response dump, 
it could still match a later `uuid:` (e.g., from unrelated debug output) and 
incorrectly pass. Constrain it so it cannot run past the next transaction 
marker.



##########
tests/gold_tests/logging/replay/log-debug-client-ip-http.replay.yaml:
##########
@@ -0,0 +1,129 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+meta:
+  version: "1.0"
+
+autest:
+  description: 'Verify client-IP-filtered debug logging for HTTP/1.1'
+
+  server:
+    name: 'server-log-debug-client-ip-http'
+
+  client:
+    name: 'client-log-debug-client-ip-http'
+
+  ats:
+    name: 'ts-log-debug-client-ip-http'
+    process_config:
+      enable_cache: false
+
+    records_config:
+      proxy.config.diags.debug.enabled: 2
+      proxy.config.diags.debug.tags: 'http'
+      proxy.config.diags.debug.client_ip: '127.0.0.1'
+
+    remap_config:
+    - from: 'http://debug-client-ip-http.test/'
+      to: 'http://127.0.0.1:{SERVER_HTTP_PORT}/'
+
+    log_validation:
+      traffic_out:
+        contains:
+        - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after 
hooks \+)[\s\S])*?uuid: log-debug-http-1'
+          description: 'HTTP transaction 1 logs the incoming request headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming 
O.S. Response \+)[\s\S])*?uuid: log-debug-http-1'
+          description: 'HTTP transaction 1 logs the proxy request headers 
after hooks.'
+          multiline: true
+        - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response 
2 \+)[\s\S])*?uuid: log-debug-http-1'
+          description: 'HTTP transaction 1 logs the incoming origin response 
headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid: log-debug-http-1'

Review Comment:
   This regex for the "Proxy's Response 2" section is not bounded to a single 
transaction; if the uuid is missing from transaction 1's proxy response dump, 
it could still match a later `uuid:` from a subsequent transaction and 
incorrectly pass. Consider constraining the match so it cannot run past the 
next transaction's `+ Incoming Request +` marker.



##########
tests/gold_tests/logging/replay/log-debug-client-ip-https.replay.yaml:
##########
@@ -0,0 +1,134 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+meta:
+  version: "1.0"
+
+autest:
+  description: 'Verify client-IP-filtered debug logging for HTTPS'
+
+  server:
+    name: 'server-log-debug-client-ip-https'
+
+  client:
+    name: 'client-log-debug-client-ip-https'
+
+  ats:
+    name: 'ts-log-debug-client-ip-https'
+    process_config:
+      enable_cache: false
+      enable_tls: true
+
+    records_config:
+      proxy.config.diags.debug.enabled: 2
+      proxy.config.diags.debug.tags: 'http'
+      proxy.config.diags.debug.client_ip: '127.0.0.1'
+
+    remap_config:
+    - from: 'https://debug-client-ip-https.test/'
+      to: 'http://127.0.0.1:{SERVER_HTTP_PORT}/'
+
+    log_validation:
+      traffic_out:
+        contains:
+        - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after 
hooks \+)[\s\S])*?uuid: log-debug-https-1'
+          description: 'HTTPS transaction 1 logs the incoming request headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming 
O.S. Response \+)[\s\S])*?uuid: log-debug-https-1'
+          description: 'HTTPS transaction 1 logs the proxy request headers 
after hooks.'
+          multiline: true
+        - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response 
2 \+)[\s\S])*?uuid: log-debug-https-1'
+          description: 'HTTPS transaction 1 logs the incoming origin response 
headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid: 
log-debug-https-1'
+          description: 'HTTPS transaction 1 logs the proxy response headers.'
+          multiline: true
+        - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after 
hooks \+)[\s\S])*?uuid: log-debug-https-2'
+          description: 'HTTPS transaction 2 logs the incoming request headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming 
O.S. Response \+)[\s\S])*?uuid: log-debug-https-2'
+          description: 'HTTPS transaction 2 logs the proxy request headers 
after hooks.'
+          multiline: true
+        - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response 
2 \+)[\s\S])*?uuid: log-debug-https-2'
+          description: 'HTTPS transaction 2 logs the incoming origin response 
headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid: 
log-debug-https-2'

Review Comment:
   The "Proxy's Response 2" regex is currently unbounded; if the uuid is 
missing from this proxy response dump, it could still match a later `uuid:` and 
incorrectly pass. Consider constraining it to end before the next transaction's 
`+ Incoming Request +` marker.



##########
tests/gold_tests/logging/replay/log-debug-client-ip-http2.replay.yaml:
##########
@@ -0,0 +1,134 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+meta:
+  version: "1.0"
+
+autest:
+  description: 'Verify client-IP-filtered debug logging for HTTP/2'
+
+  server:
+    name: 'server-log-debug-client-ip-http2'
+
+  client:
+    name: 'client-log-debug-client-ip-http2'
+
+  ats:
+    name: 'ts-log-debug-client-ip-http2'
+    process_config:
+      enable_cache: false
+      enable_tls: true
+
+    records_config:
+      proxy.config.diags.debug.enabled: 2
+      proxy.config.diags.debug.tags: 'http'
+      proxy.config.diags.debug.client_ip: '127.0.0.1'
+
+    remap_config:
+    - from: 'https://debug-client-ip-http2.test/'
+      to: 'http://127.0.0.1:{SERVER_HTTP_PORT}/'
+
+    log_validation:
+      traffic_out:
+        contains:
+        - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after 
hooks \+)[\s\S])*?uuid: log-debug-http2-1'
+          description: 'HTTP/2 transaction 1 logs the incoming request 
headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming 
O.S. Response \+)[\s\S])*?uuid: log-debug-http2-1'
+          description: 'HTTP/2 transaction 1 logs the proxy request headers 
after hooks.'
+          multiline: true
+        - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response 
2 \+)[\s\S])*?uuid: log-debug-http2-1'
+          description: 'HTTP/2 transaction 1 logs the incoming origin response 
headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid: 
log-debug-http2-1'

Review Comment:
   This "Proxy's Response 2" matcher is not constrained to this transaction; if 
the response dump for transaction 1 omits the uuid, the regex could still find 
a later `uuid:` from a subsequent transaction and pass. Constrain it to stop 
before the next `+ Incoming Request +` marker.



##########
tests/gold_tests/logging/replay/log-debug-client-ip-https.replay.yaml:
##########
@@ -0,0 +1,134 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+meta:
+  version: "1.0"
+
+autest:
+  description: 'Verify client-IP-filtered debug logging for HTTPS'
+
+  server:
+    name: 'server-log-debug-client-ip-https'
+
+  client:
+    name: 'client-log-debug-client-ip-https'
+
+  ats:
+    name: 'ts-log-debug-client-ip-https'
+    process_config:
+      enable_cache: false
+      enable_tls: true
+
+    records_config:
+      proxy.config.diags.debug.enabled: 2
+      proxy.config.diags.debug.tags: 'http'
+      proxy.config.diags.debug.client_ip: '127.0.0.1'
+
+    remap_config:
+    - from: 'https://debug-client-ip-https.test/'
+      to: 'http://127.0.0.1:{SERVER_HTTP_PORT}/'
+
+    log_validation:
+      traffic_out:
+        contains:
+        - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after 
hooks \+)[\s\S])*?uuid: log-debug-https-1'
+          description: 'HTTPS transaction 1 logs the incoming request headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming 
O.S. Response \+)[\s\S])*?uuid: log-debug-https-1'
+          description: 'HTTPS transaction 1 logs the proxy request headers 
after hooks.'
+          multiline: true
+        - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response 
2 \+)[\s\S])*?uuid: log-debug-https-1'
+          description: 'HTTPS transaction 1 logs the incoming origin response 
headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid: 
log-debug-https-1'

Review Comment:
   The "Proxy's Response 2" regex is currently unbounded; if the uuid is absent 
from this transaction's proxy response dump, the pattern could still match a 
later `uuid:` from the next transaction and pass. Constrain the match so it 
stops before the next `+ Incoming Request +` marker.



##########
tests/gold_tests/logging/replay/log-debug-client-ip-http2.replay.yaml:
##########
@@ -0,0 +1,134 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+meta:
+  version: "1.0"
+
+autest:
+  description: 'Verify client-IP-filtered debug logging for HTTP/2'
+
+  server:
+    name: 'server-log-debug-client-ip-http2'
+
+  client:
+    name: 'client-log-debug-client-ip-http2'
+
+  ats:
+    name: 'ts-log-debug-client-ip-http2'
+    process_config:
+      enable_cache: false
+      enable_tls: true
+
+    records_config:
+      proxy.config.diags.debug.enabled: 2
+      proxy.config.diags.debug.tags: 'http'
+      proxy.config.diags.debug.client_ip: '127.0.0.1'
+
+    remap_config:
+    - from: 'https://debug-client-ip-http2.test/'
+      to: 'http://127.0.0.1:{SERVER_HTTP_PORT}/'
+
+    log_validation:
+      traffic_out:
+        contains:
+        - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after 
hooks \+)[\s\S])*?uuid: log-debug-http2-1'
+          description: 'HTTP/2 transaction 1 logs the incoming request 
headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming 
O.S. Response \+)[\s\S])*?uuid: log-debug-http2-1'
+          description: 'HTTP/2 transaction 1 logs the proxy request headers 
after hooks.'
+          multiline: true
+        - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response 
2 \+)[\s\S])*?uuid: log-debug-http2-1'
+          description: 'HTTP/2 transaction 1 logs the incoming origin response 
headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid: 
log-debug-http2-1'
+          description: 'HTTP/2 transaction 1 logs the proxy response headers.'
+          multiline: true
+        - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after 
hooks \+)[\s\S])*?uuid: log-debug-http2-2'
+          description: 'HTTP/2 transaction 2 logs the incoming request 
headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming 
O.S. Response \+)[\s\S])*?uuid: log-debug-http2-2'
+          description: 'HTTP/2 transaction 2 logs the proxy request headers 
after hooks.'
+          multiline: true
+        - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response 
2 \+)[\s\S])*?uuid: log-debug-http2-2'
+          description: 'HTTP/2 transaction 2 logs the incoming origin response 
headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid: 
log-debug-http2-2'

Review Comment:
   This "Proxy's Response 2" matcher is not constrained to this transaction; if 
the response dump for transaction 2 omits the uuid, the regex could still find 
a later `uuid:` and pass. Constrain it to stop before the next `+ Incoming 
Request +` marker (or end of log).



##########
tests/gold_tests/logging/replay/log-debug-client-ip-http3.replay.yaml:
##########
@@ -0,0 +1,136 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+meta:
+  version: "1.0"
+
+autest:
+  description: 'Verify client-IP-filtered debug logging for HTTP/3'
+
+  server:
+    name: 'server-log-debug-client-ip-http3'
+
+  client:
+    name: 'client-log-debug-client-ip-http3'
+
+  ats:
+    name: 'ts-log-debug-client-ip-http3'
+    process_config:
+      enable_cache: false
+      enable_tls: true
+      enable_quic: true
+
+    records_config:
+      proxy.config.diags.debug.enabled: 2
+      proxy.config.diags.debug.tags: 'http'
+      proxy.config.diags.debug.client_ip: '127.0.0.1'
+      proxy.config.quic.no_activity_timeout_in: 0
+
+    remap_config:
+    - from: 'https://debug-client-ip-http3.test/'
+      to: 'http://127.0.0.1:{SERVER_HTTP_PORT}/'
+
+    log_validation:
+      traffic_out:
+        contains:
+        - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after 
hooks \+)[\s\S])*?uuid: log-debug-http3-1'
+          description: 'HTTP/3 transaction 1 logs the incoming request 
headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming 
O.S. Response \+)[\s\S])*?uuid: log-debug-http3-1'
+          description: 'HTTP/3 transaction 1 logs the proxy request headers 
after hooks.'
+          multiline: true
+        - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response 
2 \+)[\s\S])*?uuid: log-debug-http3-1'
+          description: 'HTTP/3 transaction 1 logs the incoming origin response 
headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid: 
log-debug-http3-1'
+          description: 'HTTP/3 transaction 1 logs the proxy response headers.'
+          multiline: true
+        - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after 
hooks \+)[\s\S])*?uuid: log-debug-http3-2'
+          description: 'HTTP/3 transaction 2 logs the incoming request 
headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming 
O.S. Response \+)[\s\S])*?uuid: log-debug-http3-2'
+          description: 'HTTP/3 transaction 2 logs the proxy request headers 
after hooks.'
+          multiline: true
+        - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response 
2 \+)[\s\S])*?uuid: log-debug-http3-2'
+          description: 'HTTP/3 transaction 2 logs the incoming origin response 
headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid: 
log-debug-http3-2'

Review Comment:
   This "Proxy's Response 2" regex is unbounded and could match a `uuid:` that 
appears later in the log, making the assertion less specific to transaction 2. 
Constrain it so it cannot run past the next `+ Incoming Request +` marker.



##########
tests/gold_tests/logging/replay/log-debug-client-ip-http3.replay.yaml:
##########
@@ -0,0 +1,136 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+meta:
+  version: "1.0"
+
+autest:
+  description: 'Verify client-IP-filtered debug logging for HTTP/3'
+
+  server:
+    name: 'server-log-debug-client-ip-http3'
+
+  client:
+    name: 'client-log-debug-client-ip-http3'
+
+  ats:
+    name: 'ts-log-debug-client-ip-http3'
+    process_config:
+      enable_cache: false
+      enable_tls: true
+      enable_quic: true
+
+    records_config:
+      proxy.config.diags.debug.enabled: 2
+      proxy.config.diags.debug.tags: 'http'
+      proxy.config.diags.debug.client_ip: '127.0.0.1'
+      proxy.config.quic.no_activity_timeout_in: 0
+
+    remap_config:
+    - from: 'https://debug-client-ip-http3.test/'
+      to: 'http://127.0.0.1:{SERVER_HTTP_PORT}/'
+
+    log_validation:
+      traffic_out:
+        contains:
+        - expression: '\+ Incoming Request \+(?:(?!\+ Proxy''s Request after 
hooks \+)[\s\S])*?uuid: log-debug-http3-1'
+          description: 'HTTP/3 transaction 1 logs the incoming request 
headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Request after hooks \+(?:(?!\+ Incoming 
O.S. Response \+)[\s\S])*?uuid: log-debug-http3-1'
+          description: 'HTTP/3 transaction 1 logs the proxy request headers 
after hooks.'
+          multiline: true
+        - expression: '\+ Incoming O.S. Response \+(?:(?!\+ Proxy''s Response 
2 \+)[\s\S])*?uuid: log-debug-http3-1'
+          description: 'HTTP/3 transaction 1 logs the incoming origin response 
headers.'
+          multiline: true
+        - expression: '\+ Proxy''s Response 2 \+[\s\S]*?uuid: 
log-debug-http3-1'

Review Comment:
   This "Proxy's Response 2" regex can span multiple transactions; if 
transaction 1's proxy response dump is missing the uuid, the match could still 
succeed by consuming into later log output. Constrain it so it cannot cross the 
next `+ Incoming Request +` marker.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to