Announcing Hurl 7.0.0
Hurl is a command line tool powered by curl, that runs HTTP requests defined in a simple plain text format:
GET https://example.org/api/tests/4567
HTTP 200
[Asserts]
jsonpath "$.status" == "RUNNING" # Check the status code
jsonpath "$.tests" count == 25 # Check the number of items
jsonpath "$.id" matches /\d{4}/ # Check the format of the id
# Some tests on the HTTP layer:
header "x-foo" contains "bar"
certificate "Expire-Date" daysAfterNow > 15
ip == "2001:0db8:85a3:0000:0000:8a2e:0370:733"
What’s New in This Release
More Redirections Checks
Like its HTTP engine libcurl, Hurl doesn’t follow redirection by default: on a 30x response status code, Hurl returns
the HTTP response and does not trigger a new request following Location
header.
Redirections have to be done manually:
# First request, users are redirected to /login
GET https://foo.com/home
HTTP 302
[Asserts]
header "Location" == "/login"
# We manually follow the redirection
GET https://foo.com/login
HTTP 200
This way, one can test each step of a redirection and insure that everything works as expected.
Like curl
, we can use --location
option to ask Hurl to follow redirection,
either globally using the command line option:
$ hurl --location foo.hurl
Or per request using [Options]
section:
GET https://foo.com/home
[Options]
location: true
HTT 200
Using --location
(or --location-trusted
),
Hurl obeys the redirection and will issue requests until redirection ends. Before Hurl 7.0.0, we were losing the ability
to check each redirection steps using this option. The only check we could have done was using url
query
to give us the final effective URL:
GET https://foo.com/home
[Options]
location: true
HTTP 200
[Asserts]
url == "https://foo.com/login"
Starting with Hurl 7.0.0, we’re introducing the redirects
query, that give us access to each redirection step:
GET https://foo.com/home
[Options]
location: true
HTTP 200
[Asserts]
redirects count == 3
redirects nth 0 location == "https://foo.com/redirect-1"
redirects nth 1 location == "https://foo.com/redirect-2"
redirects nth 2 location == "https://foo.com/landing"
The redirects
query returns the list of each step followed during redirection. By combining nth
and location
filters, we are now able to check redirection steps while letting
Hurl runs automatically to the final URL.
New Template Filters
Filters allow to transform data extracted from HTTP responses. In the following sample, replaceRegex
, split
, count
and nth
are filters that process input; they can be chained to transform values in asserts and captures:
GET https://example.org/api
HTTP 200
[Captures]
name: jsonpath "$.user.id" replaceRegex /\d/ "x"
[Asserts]
header "x-servers" split "," count == 2
header "x-servers" split "," nth 0 == "rec1"
header "x-servers" split "," nth 1 == "rec3"
jsonpath "$.books" count == 12
In Hurl 7.0.0, we’ve added new filters:
urlQueryParam
base64UrlSafeDecode
andbase64UrlSafeEncode
location
toHex
first
andlast
In detail,
urlQueryParam
: extracts the value of a query parameter from an URL
GET https://example.org/foo
HTTP 200
[Asserts]
jsonpath "$.url" urlQueryParam "x" == "шеллы"
This filter can be useful when you need to process URL received in payload, like a back URL.
base64UrlSafeDecode
andbase64UrlSafeEncode
: decodes and encodes using Base64 URL safe encoding. There is alsobase64Decode
andbase64Encode
for their Base 64 encoding variants.
GET https://example.org/api
HTTP 200
[Asserts]
jsonpath "$.token" base64UrlSafeDecode == hex,3c3c3f3f3f3e3e;
location
: returns the target URL location of a redirection. Combined with the newredirects
query, you can check each step of a redirection:
GET https://example.org/step1
[Options]
location: true
HTTP 200
[Asserts]
redirects count == 2
redirects nth 0 location == "https://example.org/step2"
redirects nth 1 location == "https://example.org/step3"
toHex
: converts bytes to an hexadecimal string.
GET https://example.org/foo
HTTP 200
[Asserts]
bytes toHex == "d188d0b5d0bbd0bbd18b"
first
andlast
: applied to a list, returns the first and last element:
GET https://example.org/api
HTTP 200
[Asserts]
jsonpath "$..books" last jsonpath "$.title" == "Dune"
Alongside first
and last
, nth
filter now supports negative index value for indexing from the end of the
collection:
GET https://example.org/api
HTTP 200
[Asserts]
jsonpath "$..books" nth -2 jsonpath "$.title" == "Dune"
New Supported curl Options
Using libcurl as its HTTP engine, Hurl exposes many curl options. In Hurl 7.0.0, we have added these two options:
--max-time
per request: allows you to configure timeout per request,--ntlm
: uses NTLM authentication,--negotiate
: uses Negotiate (SPNEGO) authentication,--pinnedpubkey
: compares the certificate public key to a local public key and abort connection if not match. Can be use either globally on command line or per request:
GET https://foo.com/hello
[Options]
# With a pinned public key local file
pinnedpubkey: tests_ssl/certs/server/key.pub.pem
# With a pinned public Hash
pinnedpubkey: "sha256//dGhpc2lzbm5vdGFyZWFsa2V5"
HTTP 200
That’s all for today!
There are a lot of other improvements with Hurl 7.0.0 and also a lot of bug fixes, you can check the complete list of enhancements and bug fixes in our release note.
If you like Hurl, don’t hesitate to support us with a star on GitHub and share it on [𝕏] and Bluesky!
We’ll be happy to hear from you, either for enhancement requests or for sharing your success story using Hurl!