diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index ff90ffa..ba60908 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -25,13 +25,9 @@ jobs: pip3 install --user -r ./sites/requirements.txt sudo gem install jekyll - name: Check style - run: | - cd sites - ./check_fmt.sh + run: sites/check_fmt.sh - name: Build - run: | - cd sites - ./build.sh + run: sites/build.sh - name: Publish if: github.ref == 'refs/heads/master' env: diff --git a/sites/build.sh b/sites/build.sh index a1b52ad..1d5cc70 100755 --- a/sites/build.sh +++ b/sites/build.sh @@ -1,6 +1,9 @@ #!/usr/bin/env bash set -eu +original_dir="$(pwd)" +cd "$(dirname "$0")" + function echo_step () { echo '' echo -e "\033[32m\033[1m$1...\033[0m" @@ -39,8 +42,9 @@ python3 build_sitemap.py > hurl.dev/_site/sitemap.txt echo_step 'Generating feed.xml' cp hurl.dev/_posts/feed.xml hurl.dev/_site/blog/ +sites_dir=$(realpath --relative-to="$original_dir" "$(pwd)") echo '' echo 'Run local site' echo '-------------------' -echo ' Build & watch: jekyll serve --source hurl.dev --destination hurl.dev/_site' -echo ' Static: python3 -m http.server --dir hurl.dev/_site 4000' +echo " Build & watch: jekyll serve --source $sites_dir/hurl.dev --destination $sites_dir/hurl.dev/_site" +echo " Static: python3 -m http.server --dir $sites_dir/hurl.dev/_site 4000" diff --git a/sites/build_home_samples.py b/sites/build_home_samples.py index 2a3aec3..95fc8c8 100755 --- a/sites/build_home_samples.py +++ b/sites/build_home_samples.py @@ -324,7 +324,7 @@ def make_home_samples(): """, ), Sample( - name="SSL Certificate", + name="SSL/TLS Certificate", src="""\ # Check attributes of the SSL certificate GET https://example.org @@ -334,6 +334,9 @@ def make_home_samples(): certificate "Issuer" == "C=US, O=Let's Encrypt, CN=R3" certificate "Expire-Date" daysAfterNow > 15 certificate "Serial-Number" matches /[\\da-f]+/ +certificate "Subject-Alt-Name" contains "DNS:example.org" +certificate "Subject-Alt-Name" split "," count == 2 +certificate "Value" startsWith "-----BEGIN CERTIFICATE-----" """, ), Sample( diff --git a/sites/hurl.dev/_data/docs.yml b/sites/hurl.dev/_data/docs.yml index 14d391a..9264546 100644 --- a/sites/hurl.dev/_data/docs.yml +++ b/sites/hurl.dev/_data/docs.yml @@ -48,8 +48,13 @@ items: - title: Capturing values - title: Asserts - - title: Options - - title: Environment + - title: Configuration + - title: All Options + items: + - title: HTTP options + - title: Output options + - title: Report options + - title: Other options - title: Exit Codes - title: WWW - title: See Also @@ -211,6 +216,7 @@ - title: Cookie capture - title: Body capture - title: Bytes capture + - title: RawBytes capture - title: XPath capture - title: JSONPath capture - title: Regex capture @@ -250,6 +256,7 @@ - title: Cookie assert - title: Body assert - title: Bytes assert + - title: RawBytes assert - title: XPath assert - title: JSONPath assert - title: Regex assert @@ -272,11 +279,11 @@ - title: base64Encode - title: base64UrlSafeDecode - title: base64UrlSafeEncode + - title: charsetDecode - title: count - title: dateFormat - title: daysAfterNow - title: daysBeforeNow - - title: decode - title: first - title: htmlEscape - title: htmlUnescape diff --git a/sites/hurl.dev/_docs/asserting-response.md b/sites/hurl.dev/_docs/asserting-response.md index 2a45f96..785dc6f 100644 --- a/sites/hurl.dev/_docs/asserting-response.md +++ b/sites/hurl.dev/_docs/asserting-response.md @@ -26,8 +26,8 @@ jsonpath "$.cats[0].name" == "Felix" jsonpath "$.cats[0].lives" == 9 ``` -Body responses can be encoded by server (see [`Content-Encoding` HTTP header]) but asserts in Hurl files are not -affected by this content compression. All body asserts (`body`, `bytes`, `sha256` etc...) work _after_ content decoding. +Body responses can be encoded by server (see [`Content-Encoding` HTTP header][content-encoding]) but asserts in Hurl files are not +affected by this content compression. All body asserts (`body`, `bytes`, `sha256` etc...) except `rawbytes` work _after_ content decoding. Finally, body text asserts (`body`, `jsonpath`, `xpath` etc...) are also decoded to strings based on [`Content-Type` header] so these asserts can be written with usual strings. @@ -92,6 +92,7 @@ The asserts order in a Hurl file is: + ## Implicit asserts ### Version - Status @@ -344,7 +345,7 @@ to specify the root directory of all file nodes. Optional list of assertions on the HTTP response within an `[Asserts]` section. Assertions can describe checks on status code, on the received body (or part of it) and on response headers. -Structure of an assert: +__Structure of an explicit assert:__
@@ -375,6 +376,7 @@ can extract data from - body: - [`body`](#body-assert) - [`bytes`](#bytes-assert) + - [`rawbytes`](#rawbytes-assert) - [`xpath`](#xpath-assert) - [`jsonpath`](#jsonpath-assert) - [`regex`](#regex-assert) @@ -681,6 +683,25 @@ header "Content-Length" == "12424" Like `body` assert, `bytes` assert works _after_ content encoding decompression (so the predicates values are not affected by `Content-Encoding` response header value). +### RawBytes assert + +Check the value of the received HTTP response body as a raw bytestream. RawBytes assert consists of the keyword `rawbytes` +followed by a predicate function and value. + +```hurl +GET https://example.org/data.bin +HTTP 200 +Content-Encoding: gzip +[Asserts] +header "Content-Length" == "32" +rawbytes count == 32 # matches Content-Length (compressed size) +bytes count == 100 # decompressed size is larger +rawbytes startsWith hex,1f8b; # gzip magic bytes +bytes startsWith hex,48656c6c6f; # decompressed content starts with "Hello" +``` + +Unlike `bytes` assert, `rawbytes` returns the raw bytes _before_ any content decoding. For uncompressed responses, `rawbytes` and `bytes` return the same data. + ### XPath assert Check the value of a [XPath] query on the received HTTP body decoded as a string (using the `charset` value in the @@ -972,7 +993,8 @@ duration < 1000 # Check that response time is less than one second Check the SSL certificate properties. Certificate assert consists of the keyword `certificate`, followed by the certificate attribute value. -The following attributes are supported: `Subject`, `Issuer`, `Start-Date`, `Expire-Date` and `Serial-Number`. +The following attributes are supported: `Subject`, `Issuer`, `Start-Date`, `Expire-Date`, `Serial-Number`, +`Subject-Alt-Name` and `Value`. ```hurl GET https://example.org @@ -982,6 +1004,9 @@ certificate "Subject" == "CN=example.org" certificate "Issuer" == "C=US, O=Let's Encrypt, CN=R3" certificate "Expire-Date" daysAfterNow > 15 certificate "Serial-Number" matches "[0-9af]+" +certificate "Subject-Alt-Name" contains "DNS:example.org" +certificate "Subject-Alt-Name" split "," count == 2 +certificate "Value" startsWith "-----BEGIN CERTIFICATE-----" ``` [predicates]: #predicates @@ -1008,7 +1033,7 @@ certificate "Serial-Number" matches "[0-9af]+" [`decode` filter]: {% link _docs/filters.md %}#decode [headers implicit asserts]: #headers [RFC 3339]: https://www.rfc-editor.org/rfc/rfc3339 -[`Content-Encoding` HTTP header]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding +[content-encoding]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding [`Content-Type` header]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type [`body` assert]: #body-assert [`location` filter]: {% link _docs/filters.md %}#location diff --git a/sites/hurl.dev/_docs/capturing-response.md b/sites/hurl.dev/_docs/capturing-response.md index 6d55a69..9fe06e4 100644 --- a/sites/hurl.dev/_docs/capturing-response.md +++ b/sites/hurl.dev/_docs/capturing-response.md @@ -36,14 +36,14 @@ HTTP 302 {% endraw %} -Body responses can be encoded by server (see [`Content-Encoding` HTTP header]) but captures in Hurl files are not -affected by this content compression. All body captures (`body`, `bytes`, `sha256` etc...) work _after_ content decoding. +Body responses can be encoded by server (see [`Content-Encoding` HTTP header][content-encoding]) but captures in Hurl files are not +affected by this content compression. All body captures (`body`, `bytes`, `sha256` etc...) except `rawbytes` work _after_ content decoding. Finally, body text captures (`body`, `jsonpath`, `xpath` etc...) are also decoded to strings based on [`Content-Type` header] so these queries can be captures as usual strings. -Structure of a capture: +__Structure of a capture:__
@@ -71,6 +71,7 @@ A query can extract data from - body: - [`body`](#body-capture) - [`bytes`](#bytes-capture) + - [`rawbytes`](#bytes-capture) - [`xpath`](#xpath-capture) - [`jsonpath`](#jsonpath-capture) - [`regex`](#regex-capture) @@ -198,6 +199,19 @@ my_data: bytes Like `body` capture, `bytes` capture works _after_ content encoding decompression (so the captured value is not affected by `Content-Encoding` response header). +### RawBytes capture + +Capture the entire body as a raw bytestream from the received HTTP response, _before_ any content decoding. + +```hurl +GET https://example.org/data.bin +HTTP 200 +[Captures] +raw_data: rawbytes +``` + +Unlike `bytes` capture, `rawbytes` returns the raw bytes before content encoding decompression. For uncompressed responses, `rawbytes` and `bytes` capture the same data. + ### XPath capture Capture a [XPath] query from the received HTTP body decoded as a string. @@ -423,7 +437,8 @@ duration_in_ms: duration Capture the SSL certificate properties. Certificate capture consists of the keyword `certificate`, followed by the certificate attribute value. -The following attributes are supported: `Subject`, `Issuer`, `Start-Date`, `Expire-Date` and `Serial-Number`. +The following attributes are supported: `Subject`, `Issuer`, `Start-Date`, `Expire-Date`, `Serial-Number`, +`Subject-Alt-Name` and `Value`. ```hurl GET https://example.org @@ -433,6 +448,8 @@ cert_subject: certificate "Subject" cert_issuer: certificate "Issuer" cert_expire_date: certificate "Expire-Date" cert_serial_number: certificate "Serial-Number" +san: certificate "Serial-Number" +value: certificate "Value" ``` ## Redacting Secrets @@ -469,3 +486,5 @@ pass: header "token" redact [`--secret` option]: {% link _docs/templates.md %}#secrets [MD5]: https://en.wikipedia.org/wiki/MD5 [SHA-256]: https://en.wikipedia.org/wiki/SHA-2 +[content-encoding]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Encoding +[`Content-Type` header]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Type diff --git a/sites/hurl.dev/_docs/entry.md b/sites/hurl.dev/_docs/entry.md index 9de5f65..f4fb0a1 100644 --- a/sites/hurl.dev/_docs/entry.md +++ b/sites/hurl.dev/_docs/entry.md @@ -77,7 +77,8 @@ HTTP 200 ### Cookie storage -Requests in the same Hurl file share the cookie storage, enabling, for example, session based scenario. +By default, requests in the same Hurl file share cookie storage, enabling session-based scenario. The shared cookie store can +be disabled with [`--no-cookie-store`] option. ### Redirects @@ -260,3 +261,4 @@ For complete reference, below is a diagram for the executed entries. [`repeat`]: {% link _docs/manual.md %}#repeat [`redirects` query]: {% link _docs/asserting-response.md %}#redirects-assert [`url` query]: {% link _docs/asserting-response.md %}#url-assert +[`--no-coookie-store`]: {% link _docs/manual.md %}#no-cookie-store diff --git a/sites/hurl.dev/_docs/filters.md b/sites/hurl.dev/_docs/filters.md index 840c0b3..913fee3 100644 --- a/sites/hurl.dev/_docs/filters.md +++ b/sites/hurl.dev/_docs/filters.md @@ -71,11 +71,11 @@ jsonpath "$.books" count == 12 | [base64Encode](#base64encode) | Encodes bytes into [Base64 encoded string]. | bytes | string | | [base64UrlSafeDecode](#base64urlsafedecode) | Decodes a Base64 encoded string into bytes (using [Base64 URL safe encoding]). | string | bytes | | [base64UrlSafeEncode](#base64urlsafeencode) | Encodes bytes into Base64 encoded string (using [Base64 URL safe encoding]). | bytes | string | +| [charsetDecode](#charsetdecode) | Decodes bytes to string using a charset encoding. | bytes | string | | [count](#count) | Counts the number of items in a collection. | collection | number | | [dateFormat](#dateformat) | Formats a date to a string given [a specification format]. | date | string | | [daysAfterNow](#daysafternow) | Returns the number of days between now and a date in the future. | date | number | | [daysBeforeNow](#daysbeforenow) | Returns the number of days between now and a date in the past. | date | number | -| [decode](#decode) | Decodes bytes to string using encoding. | bytes | string | | [first](#first) | Returns the first element from a collection. | collection | any | | [htmlEscape](#htmlescape) | Converts the characters `&`, `<` and `>` to HTML-safe sequence. | string | string | | [htmlUnescape](#htmlunescape) | Converts all named and numeric character references (e.g. `>`, `>`, `>`) to the corresponding Unicode characters. | string | string | @@ -143,6 +143,23 @@ HTTP 200 bytes base64UrlSafeEncode == "PDw_Pz8-Pg" ``` +### charsetDecode + +Decodes bytes to string using a charset encoding. Encoding labels are defined in [Encoding Standard]. + +```hurl +# The 'Content-Type' HTTP response header does not precise the charset 'gb2312' +# so body must be decoded explicitly by Hurl before processing any text based assert +GET https://example.org/hello_china +HTTP 200 +[Asserts] +header "Content-Type" == "text/html" +# Content-Type has no encoding clue, we must decode ourselves the body response. +bytes charsetDecode "gb2312" xpath "string(//body)" == "你好世界" +``` + +When the encoding is UTF-8 (i.e. `charsetDecode "utf-8"`), [an `utf8Decode` filter] can be used instead. + ### count Counts the number of items in a collection. @@ -189,21 +206,6 @@ HTTP 200 certificate "Start-Date" daysBeforeNow < 100 ``` -### decode - -Decodes bytes to string using encoding. Encoding labels are defined in [Encoding Standard]. - -```hurl -# The 'Content-Type' HTTP response header does not precise the charset 'gb2312' -# so body must be decoded explicitly by Hurl before processing any text based assert -GET https://example.org/hello_china -HTTP 200 -[Asserts] -header "Content-Type" == "text/html" -# Content-Type has no encoding clue, we must decode ourselves the body response. -bytes decode "gb2312" xpath "string(//body)" == "你好世界" -``` - ### first Returns the first element from a collection. @@ -475,7 +477,6 @@ HTTP 200 bytes decode "gb2312" xpath "string(//body)" == "你好世界" ``` - [Captures]: {% link _docs/capturing-response.md %} [asserts]: {% link _docs/asserting-response.md %} [RFC3986]: https://www.rfc-editor.org/rfc/rfc3986 @@ -485,3 +486,5 @@ bytes decode "gb2312" xpath "string(//body)" == "你好世界" [Base64 encoded string]: https://datatracker.ietf.org/doc/html/rfc4648#section-4 [Base64 URL safe encoding]: https://datatracker.ietf.org/doc/html/rfc4648#section-5 [Encoding Standard]: https://encoding.spec.whatwg.org/#concept-encoding-get +[an `utf8Decode` filter]: {% link _docs/filters.md %}#utf8decode +[an `utf8Encode` filter]: {% link _docs/filters.md %}#utf8encode diff --git a/sites/hurl.dev/_docs/grammar.md b/sites/hurl.dev/_docs/grammar.md index 29292a1..ec553f6 100644 --- a/sites/hurl.dev/_docs/grammar.md +++ b/sites/hurl.dev/_docs/grammar.md @@ -238,7 +238,7 @@ Short description:
oneline-base64(used by end-with-predicatestart-with-predicatepredicate-valuebytes)
base64, [A-Z0-9+-= \n]+ ;
oneline-file(used by predicate-valuebytes)
file, filename ;
oneline-hex(used by end-with-predicatestart-with-predicatepredicate-valuebytes)
hex, hexdigit* ;
-

Strings

quoted-string(used by variable-valueheader-querycookie-queryxpath-queryjsonpath-queryregex-queryvariable-querycontain-predicateend-with-predicategreater-or-equal-predicategreater-predicateless-or-equal-predicateless-predicatematch-predicatestart-with-predicatepredicate-valuedate-format-filterjsonpath-filterregex-filterreplace-filterreplace-regex-filtersplit-filterto-date-filterurl-query-param-filterxpath-filter)
" (quoted-string-content|placeholder)* "
+

Strings

quoted-string(used by variable-valueheader-querycookie-queryxpath-queryjsonpath-queryregex-queryvariable-querycontain-predicateend-with-predicategreater-or-equal-predicategreater-predicateless-or-equal-predicateless-predicatematch-predicatestart-with-predicatepredicate-valuecharset-decode-filtercharset-encode-filterdate-format-filterjsonpath-filterregex-filterreplace-filterreplace-regex-filtersplit-filterto-date-filterurl-query-param-filterxpath-filter)
" (quoted-string-content|placeholder)* "
quoted-string-content(used by quoted-string)
(quoted-string-text|quoted-string-escaped-char)*
quoted-string-text(used by quoted-string-content)
~["\\]+
quoted-string-escaped-char(used by quoted-string-content)
\ ("|\|\b|\f|\n|\r|\t|\u unicode-char)
@@ -254,16 +254,15 @@ Short description:
oneline-string-content(used by oneline-string)
(oneline-string-text|oneline-string-escaped-char)*
oneline-string-text(used by oneline-string-content)
~[#\n\\] ~`
oneline-string-escaped-char(used by oneline-string-content)
\ (`|#|\|b|f|u unicode-char)
-
multiline-string(used by predicate-valuebytes)
``` multiline-string-type? (, multiline-string-attribute)* lt
+
multiline-string(used by predicate-valuebytes)
``` multiline-string-type? lt
(multiline-string-content|placeholder)* lt
```
multiline-string-type(used by multiline-string)
 base64
|hex
|json
|xml
-|graphql
-
multiline-string-attribute(used by multiline-string)
 escape
-|novariable
+|graphql
+|raw
multiline-string-content(used by multiline-string)
(multiline-string-text|multiline-string-escaped-char)*
multiline-string-text(used by multiline-string-content)
~[\\]+ ~```
multiline-string-escaped-char(used by multiline-string-content)
\ (\|b|f|n|r|t|`|u unicode-char)
@@ -305,10 +304,11 @@ Short description: |base64-encode-filter
|base64-url-safe-decode-filter
|base64-url-safe-encode-filter
+|charset-decode-filter
+|charset-encode-filter
|count-filter
|days-after-now-filter
|days-before-now-filter
-|decode-filter
|first-filter
|date-format-filter
|html-escape-filter
@@ -336,10 +336,11 @@ Short description:
base64-encode-filter(used by filter)
base64Encode
base64-url-safe-decode-filter(used by filter)
base64UrlSafeDecode
base64-url-safe-encode-filter(used by filter)
base64UrlSafeEncode
+
charset-decode-filter(used by filter)
charsetDecode sp quoted-string
+
charset-encode-filter(used by filter)
charsetEncode sp quoted-string
count-filter(used by filter)
count
days-after-now-filter(used by filter)
daysAfterNow
days-before-now-filter(used by filter)
daysBeforeNow
-
decode-filter(used by filter)
decode
first-filter(used by filter)
first
date-format-filter(used by filter)
dateFormat sp quoted-string
html-escape-filter(used by filter)
htmlEscape
@@ -373,7 +374,7 @@ Short description:
hexdigit(used by oneline-hexunicode-charjson-string-escaped-char)
[0-9A-Fa-f]
fraction(used by json-numberfloat)
. digit+
exponent(used by json-number)
(e|E) (+|-)? digit+
-
sp(used by requestresponsecaptureassertheader-querycertificate-querycookie-queryxpath-queryjsonpath-queryregex-queryvariable-querypredicateequal-predicatecontain-predicateend-with-predicategreater-or-equal-predicategreater-predicateinclude-predicateless-or-equal-predicateless-predicatematch-predicatenot-equal-predicatestart-with-predicateexprdate-format-filterjsonpath-filternth-filterregex-filterreplace-filterreplace-regex-filtersplit-filterto-date-filterurl-query-param-filterxpath-filterlt)
[ \t]
+
sp(used by requestresponsecaptureassertheader-querycertificate-querycookie-queryxpath-queryjsonpath-queryregex-queryvariable-querypredicateequal-predicatecontain-predicateend-with-predicategreater-or-equal-predicategreater-predicateinclude-predicateless-or-equal-predicateless-predicatematch-predicatenot-equal-predicatestart-with-predicateexprcharset-decode-filtercharset-encode-filterdate-format-filterjsonpath-filternth-filterregex-filterreplace-filterreplace-regex-filtersplit-filterto-date-filterurl-query-param-filterxpath-filterlt)
[ \t]
lt(used by hurl-filerequestresponseheaderbodyquery-string-params-sectionform-params-sectionmultipart-form-data-sectioncookies-sectioncaptures-sectionasserts-sectionbasic-auth-sectionoptions-sectionfilename-paramcaptureassertoptionaws-sigv4-optionca-certificate-optionclient-certificate-optionclient-key-optioncompressed-optionconnect-to-optionconnect-timeout-optiondelay-optionfollow-redirect-optionfollow-redirect-trusted-optionheader-optionhttp10-optionhttp11-optionhttp2-optionhttp3-optioninsecure-optionipv4-optionipv6-optionlimit-rate-optionmax-redirs-optionmax-time-optionnetrc-optionnetrc-file-optionnetrc-optional-optionoutput-optionpath-as-is-optionpinned-public-key-optionproxy-optionresolve-optionrepeat-optionretry-optionretry-interval-optionskip-optionunix-socket-optionuser-optionvariable-optionverbose-optionvery-verbose-optionmultiline-string)
sp* comment? [\n]?
comment(used by lt)
# ~[\n]*
regex(used by regex-querymatch-predicateregex-filterreplace-regex-filter)
/ regex-content /
diff --git a/sites/hurl.dev/_docs/installation.md b/sites/hurl.dev/_docs/installation.md index 723ea76..220a843 100644 --- a/sites/hurl.dev/_docs/installation.md +++ b/sites/hurl.dev/_docs/installation.md @@ -15,7 +15,7 @@ Precompiled binary (depending on libc >=2.35) is available at [Hurl latest GitHu ```shell $ INSTALL_DIR=/tmp -$ VERSION=7.1.0 +$ VERSION=8.0.0 $ curl --silent --location https://github.com/Orange-OpenSource/hurl/releases/download/$VERSION/hurl-$VERSION-x86_64-unknown-linux-gnu.tar.gz | tar xvz -C $INSTALL_DIR $ export PATH=$INSTALL_DIR/hurl-$VERSION-x86_64-unknown-linux-gnu/bin:$PATH ``` @@ -25,7 +25,7 @@ $ export PATH=$INSTALL_DIR/hurl-$VERSION-x86_64-unknown-linux-gnu/bin:$PATH For Debian >=12 / Ubuntu 22.04 and 24.04, Hurl can be installed using a binary .deb file provided in each Hurl release. ```shell -$ VERSION=7.1.0 +$ VERSION=8.0.0 $ curl --location --remote-name https://github.com/Orange-OpenSource/hurl/releases/download/$VERSION/hurl_${VERSION}_amd64.deb $ sudo apt update && sudo apt install ./hurl_${VERSION}_amd64.deb ``` @@ -33,7 +33,7 @@ $ sudo apt update && sudo apt install ./hurl_${VERSION}_amd64.deb For Ubuntu >=22.04, Hurl can be installed from `ppa:lepapareil/hurl` ```shell -$ VERSION=7.1.0 +$ VERSION=8.0.0 $ sudo apt-add-repository -y ppa:lepapareil/hurl $ sudo apt install hurl="${VERSION}"* ``` diff --git a/sites/hurl.dev/_docs/manual.md b/sites/hurl.dev/_docs/manual.md index 305c0fe..534a4a3 100644 --- a/sites/hurl.dev/_docs/manual.md +++ b/sites/hurl.dev/_docs/manual.md @@ -11,11 +11,11 @@ section: Getting Started hurl - run and test HTTP requests. - ## Synopsis -**hurl** [options] [FILE...] +**hurl** [OPTIONS] [FILES...] +**hurl** --test [OPTIONS] [FILES...] ## Description @@ -130,12 +130,12 @@ With the addition of asserts, Hurl can be used as a testing tool to run scenario More information on asserts can be found here [https://hurl.dev/docs/asserting-response.html](https://hurl.dev/docs/asserting-response.html) -## Options +## Configuration Options that exist in curl have exactly the same semantics. Options specified on the command line are defined for every Hurl file's entry, -except if they are tagged as cli-only (can not be defined in the Hurl request [Options] entry) +except if they are tagged as cli-only (can not be defined in the Hurl request `[Options]` entry) For instance: @@ -157,97 +157,115 @@ HTTP 200 will follow a redirection only for the second entry. -| Option | Description | -|-------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| --aws-sigv4 <PROVIDER1[:PROVIDER2[:REGION[:SERVICE]]]> | Generate an `Authorization` header with an AWS SigV4 signature.

Use [`-u, --user`](#user) to specify Access Key Id (username) and Secret Key (password).

To use temporary session credentials (e.g. for an AWS IAM Role), add the `X-Amz-Security-Token` header containing the session token.
| -| --cacert <FILE> | Specifies the certificate file for peer verification. The file may contain multiple CA certificates and must be in PEM format.
Normally Hurl is built to use a default file for this, so this option is typically used to alter that default file.
| -| -E, --cert <CERTIFICATE[:PASSWORD]> | Client certificate file and password.

See also [`--key`](#key).
| -| --color | Colorize debug output (the HTTP response output is not colorized).

This is a cli-only option.
| -| --compressed | Request a compressed response using one of the algorithms br, gzip, deflate and automatically decompress the content.
| -| --connect-timeout <SECONDS> | Maximum time in seconds that you allow Hurl's connection to take.

You can specify time units in the connect timeout expression. Set Hurl to use a connect timeout of 20 seconds with `--connect-timeout 20s` or set it to 35,000 milliseconds with `--connect-timeout 35000ms`. No spaces allowed.

See also [`-m, --max-time`](#max-time).
| -| --connect-to <HOST1:PORT1:HOST2:PORT2> | For a request to the given HOST1:PORT1 pair, connect to HOST2:PORT2 instead. This option can be used several times in a command line.

See also [`--resolve`](#resolve).
| -| --continue-on-error | Continue executing requests to the end of the Hurl file even when an assert error occurs.
By default, Hurl exits after an assert error in the HTTP response.

Note that this option does not affect the behavior with multiple input Hurl files.

All the input files are executed independently. The result of one file does not affect the execution of the other Hurl files.

This is a cli-only option.
| -| -b, --cookie <FILE> | Read cookies from FILE (using the Netscape cookie file format).

Combined with [`-c, --cookie-jar`](#cookie-jar), you can simulate a cookie storage between successive Hurl runs.

This is a cli-only option.
| -| -c, --cookie-jar <FILE> | Write cookies to FILE after running the session.
The file will be written using the Netscape cookie file format.

Combined with [`-b, --cookie`](#cookie), you can simulate a cookie storage between successive Hurl runs.

This is a cli-only option.
| -| --curl <FILE> | Export each request to a list of curl commands.

This is a cli-only option.
| -| --delay <MILLISECONDS> | Sets delay before each request (aka sleep). The delay is not applied to requests that have been retried because of [`--retry`](#retry). See [`--retry-interval`](#retry-interval) to space retried requests.

You can specify time units in the delay expression. Set Hurl to use a delay of 2 seconds with `--delay 2s` or set it to 500 milliseconds with `--delay 500ms`. Supported time units: ms, s, m, h. No spaces allowed.
| -| --error-format <FORMAT> | Control the format of error message (short by default or long)

This is a cli-only option.
| -| --file-root <DIR> | Set root directory to import files in Hurl. This is used for files in multipart form data, request body and response output.
When it is not explicitly defined, files are relative to the Hurl file's directory.

This is a cli-only option.
| -| --from-entry <ENTRY_NUMBER> | Execute Hurl file from ENTRY_NUMBER (starting at 1).

This is a cli-only option.
| -| --glob <GLOB> | Specify input files that match the given glob pattern.

Multiple glob flags may be used. This flag supports common Unix glob patterns like *, ? and [].
However, to avoid your shell accidentally expanding glob patterns before Hurl handles them, you must use single quotes or double quotes around each pattern.

This is a cli-only option.
| -| -H, --header <HEADER> | Add an extra header to include in information sent. Can be used several times in a command

Do not add newlines or carriage returns
| -| -0, --http1.0 | Tells Hurl to use HTTP version 1.0 instead of using its internally preferred HTTP version.
| -| --http1.1 | Tells Hurl to use HTTP version 1.1.
| -| --http2 | Tells Hurl to use HTTP version 2.
For HTTPS, this means Hurl negotiates HTTP/2 in the TLS handshake. Hurl does this by default.
For HTTP, this means Hurl attempts to upgrade the request to HTTP/2 using the Upgrade: request header.
| -| --http3 | Tells Hurl to try HTTP/3 to the host in the URL, but fallback to earlier HTTP versions if the HTTP/3 connection establishment fails. HTTP/3 is only available for HTTPS and not for HTTP URLs.
| -| --ignore-asserts | Ignore all asserts defined in the Hurl file.

This is a cli-only option.
| -| -i, --include | Include the HTTP headers in the output

This is a cli-only option.
| -| -k, --insecure | This option explicitly allows Hurl to perform "insecure" SSL connections and transfers.
| -| -4, --ipv4 | This option tells Hurl to use IPv4 addresses only when resolving host names, and not for example try IPv6.
| -| -6, --ipv6 | This option tells Hurl to use IPv6 addresses only when resolving host names, and not for example try IPv4.
| -| --jobs <NUM> | Maximum number of parallel jobs in parallel mode. Default value corresponds (in most cases) to the
current amount of CPUs.

See also [`--parallel`](#parallel).

This is a cli-only option.
| -| --json | Output each Hurl file result to JSON. The format is very closed to HAR format.

This is a cli-only option.
| -| --key <KEY> | Private key file name.
| -| --limit-rate <SPEED> | Specify the maximum transfer rate you want Hurl to use, for both downloads and uploads. This feature is useful if you have a limited pipe and you would like your transfer not to use your entire bandwidth. To make it slower than it otherwise would be.
The given speed is measured in bytes/second.
| -| -L, --location | Follow redirect. To limit the amount of redirects to follow use the [`--max-redirs`](#max-redirs) option
| -| --location-trusted | Like [`-L, --location`](#location), but allows sending the name + password to all hosts that the site may redirect to.
This may or may not introduce a security breach if the site redirects you to a site to which you send your authentication info (which is plaintext in the case of HTTP Basic authentication).
| -| --max-filesize <BYTES> | Specify the maximum size in bytes of a file to download. If the file requested is larger than this value, the transfer does not start.

This is a cli-only option.
| -| --max-redirs <NUM> | Set maximum number of redirection-followings allowed

By default, the limit is set to 50 redirections. Set this option to -1 to make it unlimited.
| -| -m, --max-time <SECONDS> | Maximum time in seconds that you allow a request/response to take. This is the standard timeout.

You can specify time units in the maximum time expression. Set Hurl to use a maximum time of 20 seconds with `--max-time 20s` or set it to 35,000 milliseconds with `--max-time 35000ms`. No spaces allowed.

See also [`--connect-timeout`](#connect-timeout).
| -| --negotiate | Tell Hurl to use Negotiate (SPNEGO) authentication.
| -| -n, --netrc | Scan the .netrc file in the user's home directory for the username and password.

See also [`--netrc-file`](#netrc-file) and [`--netrc-optional`](#netrc-optional).
| -| --netrc-file <FILE> | Like [`--netrc`](#netrc), but provide the path to the netrc file.

See also [`--netrc-optional`](#netrc-optional).
| -| --netrc-optional | Similar to [`--netrc`](#netrc), but make the .netrc usage optional.

See also [`--netrc-file`](#netrc-file).
| -| --no-color | Do not colorize output.

This is a cli-only option.
| -| --no-output | Suppress output. By default, Hurl outputs the body of the last response.

This is a cli-only option.
| -| --no-pretty | Do not prettify response output for supported content type (JSON only for the moment). By default, output is prettified if
standard output is a terminal.

This is a cli-only option.
| -| --noproxy <HOST(S)> | Comma-separated list of hosts which do not use a proxy.

Override value from Environment variable no_proxy.
| -| --ntlm | Tell Hurl to use NTLM authentication
| -| -o, --output <FILE> | Write output to FILE instead of stdout. Use '-' for stdout in [Options] sections.
| -| --parallel | Run files in parallel.

Each Hurl file is executed in its own worker thread, without sharing anything with the other workers. The default run mode is sequential. Parallel execution is by default in [`--test`](#test) mode.

See also [`--jobs`](#jobs).

This is a cli-only option.
| -| --path-as-is | Tell Hurl to not handle sequences of /../ or /./ in the given URL path. Normally Hurl will squash or merge them according to standards but with this option set you tell it not to do that.
| -| --pinnedpubkey <HASHES> | When negotiating a TLS or SSL connection, the server sends a certificate indicating its identity. A public key is extracted from this certificate and if it does not exactly match the public key provided to this option, Hurl aborts the connection before sending or receiving any data.
| -| --pretty | Prettify response output for supported content type (JSON only for the moment). By default, JSON response is prettified if standard output is a terminal, and colorized, see[`--no-color`](#no-color) to format without color.

This is a cli-only option.
| -| --progress-bar | Display a progress bar in test mode. The progress bar is displayed only in interactive TTYs. This option forces the progress bar to be displayed even in non-interactive TTYs.

This is a cli-only option.
| -| -x, --proxy <[PROTOCOL://]HOST[:PORT]> | Use the specified proxy.
| -| --repeat <NUM> | Repeat the input files sequence NUM times, -1 for infinite loop. Given a.hurl, b.hurl, c.hurl as input, repeat two
times will run a.hurl, b.hurl, c.hurl, a.hurl, b.hurl, c.hurl.
| -| --report-html <DIR> | Generate HTML report in DIR.

If the HTML report already exists, it will be updated with the new test results.

This is a cli-only option.
| -| --report-json <DIR> | Generate JSON report in DIR.

If the JSON report already exists, it will be updated with the new test results.

This is a cli-only option.
| -| --report-junit <FILE> | Generate JUnit File.

If the FILE report already exists, it will be updated with the new test results.

This is a cli-only option.
| -| --report-tap <FILE> | Generate TAP report.

If the FILE report already exists, it will be updated with the new test results.

This is a cli-only option.
| -| --resolve <HOST:PORT:ADDR> | Provide a custom address for a specific host and port pair. Using this, you can make the Hurl requests(s) use a specified address and prevent the otherwise normally resolved address to be used. Consider it a sort of /etc/hosts alternative provided on the command line.
| -| --retry <NUM> | Maximum number of retries, 0 for no retries, -1 for unlimited retries. Retry happens if any error occurs (asserts, captures, runtimes etc...).
| -| --retry-interval <MILLISECONDS> | Duration in milliseconds between each retry. Default is 1000 ms.

You can specify time units in the retry interval expression. Set Hurl to use a retry interval of 2 seconds with `--retry-interval 2s` or set it to 500 milliseconds with `--retry-interval 500ms`. No spaces allowed.
| -| --secret <NAME=VALUE> | Define secret value to be redacted from logs and report. When defined, secrets can be used as variable everywhere variables are used.

This is a cli-only option.
| -| --secrets-file <FILE> | Define a secrets file in which you define your secrets

Each secret is defined as name=value exactly as with [`--secret`](#secret) option.

Note that defining a secret twice produces an error.

This is a cli-only option.
| -| --ssl-no-revoke | (Windows) This option tells Hurl to disable certificate revocation checks. WARNING: this option loosens the SSL security, and by using this flag you ask for exactly that.

This is a cli-only option.
| -| --test | Activate test mode: with this, the HTTP response is not outputted anymore, progress is reported for each Hurl file tested, and a text summary is displayed when all files have been run.

In test mode, files are executed in parallel. To run test in a sequential way use `--job 1`.

See also [`--jobs`](#jobs).

This is a cli-only option.
| -| --to-entry <ENTRY_NUMBER> | Execute Hurl file to ENTRY_NUMBER (starting at 1).
Ignore the remaining of the file. It is useful for debugging a session.

This is a cli-only option.
| -| --unix-socket <PATH> | (HTTP) Connect through this Unix domain socket, instead of using the network.
| -| -u, --user <USER:PASSWORD> | Add basic Authentication header to each request.
| -| -A, --user-agent <NAME> | Specify the User-Agent string to send to the HTTP server.

This is a cli-only option.
| -| --variable <NAME=VALUE> | Define variable (name/value) to be used in Hurl templates.
| -| --variables-file <FILE> | Set properties file in which your define your variables.

Each variable is defined as name=value exactly as with [`--variable`](#variable) option.

Note that defining a variable twice produces an error.

This is a cli-only option.
| -| -v, --verbose | Turn on verbose output on standard error stream.
Useful for debugging.

A line starting with '>' means data sent by Hurl.
A line staring with '<' means data received by Hurl.
A line starting with '*' means additional info provided by Hurl.

If you only want HTTP headers in the output, [`-i, --include`](#include) might be the option you're looking for.
| -| --very-verbose | Turn on more verbose output on standard error stream.

In contrast to [`--verbose`](#verbose) option, this option outputs the full HTTP body request and response on standard error. In addition, lines starting with '**' are libcurl debug logs.
| -| -h, --help | Usage help. This lists all current command line options with a short description.
| -| -V, --version | Prints version information
| - -## Environment - -Environment variables can only be specified in lowercase. - -Using an environment variable to set the proxy has the same effect as using the [`-x, --proxy`](#proxy) option. - -| Variable | Description | -|--------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `http_proxy [PROTOCOL://][:PORT]` | Sets the proxy server to use for HTTP.
| -| `https_proxy [PROTOCOL://][:PORT]` | Sets the proxy server to use for HTTPS.
| -| `all_proxy [PROTOCOL://][:PORT]` | Sets the proxy server to use if no protocol-specific proxy is set.
| -| `no_proxy ` | List of host names that shouldn't go through any proxy.
| -| `HURL_VARIABLE_name value` | Define variable (name/value) to be used in Hurl templates. This is similar to [`--variable`](#variable) and [`--variables-file`](#variables-file) options.
| -| `HURL_SECRET_name value` | Define secret (name/value) to be used in Hurl templates. This is similar to [`--secret`](#secret) and [`--secrets-file`](#secrets-file) options.
| -| `NO_COLOR` | When set to a non-empty string, do not colorize output (see [`--no-color`](#no-color) option).
| +Most of the options can also be defined with environment variables (like `HURL_INSECURE` for [`--insecure`](#insecure)). So, in order +to configure Hurl, there are three sources from the lowest priority (most easily overridden) to highest (overrides all others): + +- Environment variables (ex: `HURL_INSECURE`) +- Command-line options (ex: `--insecure`) +- Options section options (ex: `insecure: true` in file) + +## All Options + +### HTTP options + +| Option | Description | +|-------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| --aws-sigv4 <PROVIDER1[:PROVIDER2[:REGION[:SERVICE]]]> | Generate an `Authorization` header with an AWS SigV4 signature.

Use [`-u, --user`](#user) to specify Access Key Id (username) and Secret Key (password).

To use temporary session credentials (e.g. for an AWS IAM Role), add the `X-Amz-Security-Token` header containing the session token.
| +| --cacert <FILE> | Specifies the certificate file for peer verification. The file may contain multiple CA certificates and must be in PEM format.
Normally Hurl is built to use a default file for this, so this option is typically used to alter that default file.
| +| -E, --cert <CERTIFICATE[:PASSWORD]> | Client certificate file and password.

See also [`--key`](#key).
| +| --compressed | Request a compressed response using one of the algorithms br, gzip, deflate and automatically decompress the content.

Environment variables: HURL_COMPRESSED
| +| --connect-timeout <SECONDS> | Maximum time in seconds that you allow Hurl's connection to take.

You can specify time units in the connect timeout expression. Set Hurl to use a connect timeout of 20 seconds with `--connect-timeout 20s` or set it to 35,000 milliseconds with `--connect-timeout 35000ms`. No spaces allowed.

See also [`-m, --max-time`](#max-time).

Environment variables: HURL_CONNECT_TIMEOUT
| +| --connect-to <HOST1:PORT1:HOST2:PORT2> | For a request to the given HOST1:PORT1 pair, connect to HOST2:PORT2 instead. This option can be used several times in a command line.

See also [`--resolve`](#resolve).
| +| --digest | Tell Hurl to use HTTP Digest authentication
| +| -H, --header <NAME:VALUE> | Add an extra header to include in information sent. Can be used several times in a command.

Do not add newlines or carriage returns.

Environment variables: HURL_HEADER='name1:value1|name2:value2' (headers are separated by |)
| +| -0, --http1.0 | Tells Hurl to use HTTP version 1.0 instead of using its internally preferred HTTP version.

Environment variables: HURL_HTTP10
| +| --http1.1 | Tells Hurl to use HTTP version 1.1.

Environment variables: HURL_HTTP11
| +| --http2 | Tells Hurl to use HTTP version 2.
For HTTPS, this means Hurl negotiates HTTP/2 in the TLS handshake. Hurl does this by default.
For HTTP, this means Hurl attempts to upgrade the request to HTTP/2 using the Upgrade: request header.

Environment variables: HURL_HTTP2
| +| --http3 | Tells Hurl to try HTTP version 3 to the host in the URL, but fallback to earlier HTTP versions if the HTTP/3 connection establishment fails. HTTP/3 is only available for HTTPS and not for HTTP URLs.

Environment variables: HURL_HTTP3
| +| -k, --insecure | This option explicitly allows Hurl to perform "insecure" SSL connections and transfers.

Environment variables: HURL_INSECURE
| +| -4, --ipv4 | This option tells Hurl to use IPv4 addresses only when resolving host names, and not for example try IPv6.

Environment variables: HURL_IPV4
| +| -6, --ipv6 | This option tells Hurl to use IPv6 addresses only when resolving host names, and not for example try IPv4.

Environment variables: HURL_IPV6
| +| --key <KEY> | Private key file name.
| +| --limit-rate <SPEED> | Specify the maximum transfer rate you want Hurl to use, for both downloads and uploads. This feature is useful if you have a limited pipe and you would like your transfer not to use your entire bandwidth. To make it slower than it otherwise would be.
The given speed is measured in bytes/second.

Environment variables: HURL_LIMIT_RATE
| +| -L, --location | Follow redirect. To limit the amount of redirects to follow use the [`--max-redirs`](#max-redirs) option

Environment variables: HURL_LOCATION
| +| --location-trusted | Like [`-L, --location`](#location), but allows sending the name + password to all hosts that the site may redirect to.
This may or may not introduce a security breach if the site redirects you to a site to which you send your authentication info (which is plaintext in the case of HTTP Basic authentication).

Environment variables: HURL_LOCATION_TRUSTED
| +| --max-filesize <BYTES> | Specify the maximum size in bytes of a file to download. If the file requested is larger than this value, the transfer does not start.

Environment variables: HURL_MAX_FILESIZE

This is a cli-only option.
| +| --max-redirs <NUM> | Set maximum number of redirection-followings allowed

By default, the limit is set to 50 redirections. Set this option to -1 to make it unlimited.

Environment variables: HURL_MAX_REDIRS
| +| -m, --max-time <SECONDS> | Maximum time in seconds that you allow a request/response to take. This is the standard timeout.

You can specify time units in the maximum time expression. Set Hurl to use a maximum time of 20 seconds with `--max-time 20s` or set it to 35,000 milliseconds with `--max-time 35000ms`. No spaces allowed.

See also [`--connect-timeout`](#connect-timeout).

Environment variables: HURL_MAX_TIME
| +| --negotiate | Tell Hurl to use Negotiate (SPNEGO) authentication.
| +| --no-cookie-store | Do not use cookie storage for requests/responses in a file. By default, requests in the same Hurl file share cookie storage, this option deactivates cookie engine.

Environment variables: HURL_NO_COOKIE_STORE

This is a cli-only option.
| +| --no-proxy <HOST(S)> | Comma-separated list of hosts which do not use a proxy.

Environment variables: no_proxy
| +| --ntlm | Tell Hurl to use NTLM authentication
| +| --path-as-is | Tell Hurl to not handle sequences of /../ or /./ in the given URL path. Normally Hurl will squash or merge them according to standards but with this option set you tell it not to do that.
| +| --pinnedpubkey <HASHES> | When negotiating a TLS or SSL connection, the server sends a certificate indicating its identity. A public key is extracted from this certificate and if it does not exactly match the public key provided to this option, Hurl aborts the connection before sending or receiving any data.
| +| -x, --proxy <[PROTOCOL://]HOST[:PORT]> | Use the specified proxy.

Environment variables: http_proxy https_proxy all_proxy
| +| --resolve <HOST:PORT:ADDR> | Provide a custom address for a specific host and port pair. Using this, you can make the Hurl requests(s) use a specified address and prevent the otherwise normally resolved address to be used. Consider it a sort of /etc/hosts alternative provided on the command line.
| +| --ssl-no-revoke | (Windows) This option tells Hurl to disable certificate revocation checks. WARNING: this option loosens the SSL security, and by using this flag you ask for exactly that.

This is a cli-only option.
| +| --unix-socket <PATH> | (HTTP) Connect through this Unix domain socket, instead of using the network.
| +| -u, --user <USER:PASSWORD> | Add basic Authentication header to each request.

Environment variables: HURL_USER
| +| -A, --user-agent <NAME> | Specify the User-Agent string to send to the HTTP server.

Environment variables: HURL_USER_AGENT

This is a cli-only option.
| + +### Output options + +| Option | Description | +|------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| --color | Colorize standard output and standard error.

By default, Hurl outputs a prettified and colorized response. When redirected through pipes, standard streams are not colorized and color can be forced with this option.

Environment variables: HURL_COLOR

This is a cli-only option.
| +| --curl <FILE> | Export each request to a list of curl commands.

This is a cli-only option.
| +| --error-format <FORMAT> | Control the format of error message (short by default or long). When using long, the response body is logged when there are errors.

Environment variables: HURL_ERROR_FORMAT

This is a cli-only option.
| +| -i, --include | Include the HTTP headers in the output

This is a cli-only option.
| +| --json | Output each Hurl file result to JSON. The format is very closed to HAR format.

This is a cli-only option.
| +| --no-color | Do not colorize standard output nor standard error.

Environment variables: HURL_NO_COLOR NO_COLOR

This is a cli-only option.
| +| --no-output | Suppress output. By default, Hurl outputs the body of the last response.

Environment variables: HURL_NO_OUTPUT

This is a cli-only option.
| +| --no-pretty | Do not prettify response output for supported content type (JSON only for the moment). By default, output is prettified if
standard output is a terminal.

Environment variables: HURL_NO_PRETTY

This is a cli-only option.
| +| -o, --output <FILE> | Write output to FILE instead of stdout. Use '-' for stdout in [Options] sections.
| +| --pretty | Prettify response output for supported content type (JSON only for the moment). By default, JSON response is prettified if standard output is a terminal, and colorized, see[`--no-color`](#no-color) to format without color.

Environment variables: HURL_PRETTY

This is a cli-only option.
| +| --progress-bar | Display a progress bar in test mode. The progress bar is displayed only in interactive TTYs. This option forces the progress bar to be displayed even in non-interactive TTYs.

This is a cli-only option.
| +| -v, --verbose | Turn on verbose output on standard error stream.
Useful for debugging.

A line starting with '>' means data sent by Hurl.
A line staring with '<' means data received by Hurl.
A line starting with '*' means additional info provided by Hurl.

If you only want HTTP headers in the output, [`-i, --include`](#include) might be the option you're looking for.

Environment variables: HURL_VERBOSE
| +| --verbosity <LEVEL> | Set the verbosity level for debug logs on standard error stream (brief, verbose or debug)

If you only want HTTP headers in the output, [`-i, --include`](#include) might be the option you're looking for.
[`-v, --verbose`](#verbose) is an alias for `--verbosity verbose`
[`--very-verbose`](#very-verbose) is an alias for `--verbosity debug`

Environment variables: HURL_VERBOSITY
| +| --very-verbose | Turn on more verbose output on standard error stream.

In contrast to [`--verbose`](#verbose) option, this option outputs the full HTTP body request and response on standard error. In addition, lines starting with '**' are libcurl debug logs.

Environment variables: HURL_VERY_VERBOSE
| + +### Run options + +| Option | Description | +|------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| --continue-on-error | Continue executing requests to the end of the Hurl file even when an assert error occurs. By default, Hurl exits after an assert error in the HTTP response.

Note that this option does not affect the behavior with multiple input Hurl files.

All the input files are executed independently. The result of one file does not affect the execution of the other Hurl files.

Environment variables: HURL_CONTINUE_ON_ERROR

This is a cli-only option.
| +| --delay <MILLISECONDS> | Sets delay before each request (aka sleep). The delay is not applied to requests that have been retried because of [`--retry`](#retry). See [`--retry-interval`](#retry-interval) to space retried requests.

You can specify time units in the delay expression. Set Hurl to use a delay of 2 seconds with `--delay 2s` or set it to 500 milliseconds with `--delay 500ms`. Supported time units: ms, s, m, h. No spaces allowed.

Environment variables: HURL_DELAY
| +| --from-entry <ENTRY_NUMBER> | Execute Hurl file from ENTRY_NUMBER (starting at 1).

This is a cli-only option.
| +| --jobs <NUM> | Maximum number of parallel jobs in parallel mode. Default value corresponds (in most cases) to the current amount of CPUs. Set to 1 to disable parallel execution of files.

See also [`--parallel`](#parallel).

Environment variables: HURL_JOBS

This is a cli-only option.
| +| --no-assert | Ignore all asserts defined in the Hurl file.

Environment variables: HURL_NO_ASSERT

This is a cli-only option.
| +| --parallel | Run files in parallel.

Each Hurl file is executed in its own worker thread, without sharing anything with the other workers. The default run mode is sequential. Parallel execution is by default in [`--test`](#test) mode.

See also [`--jobs`](#jobs).

This is a cli-only option.
| +| --repeat <NUM> | Repeat the input files sequence NUM times, -1 for infinite loop. Given a.hurl, b.hurl, c.hurl as input, repeat two
times will run a.hurl, b.hurl, c.hurl, a.hurl, b.hurl, c.hurl.
| +| --retry <NUM> | Maximum number of retries, 0 for no retries, -1 for unlimited retries. Retry happens if any error occurs (asserts, captures, runtimes etc...).

Environment variables: HURL_RETRY
| +| --retry-interval <MILLISECONDS> | Duration in milliseconds between each retry. Default is 1000 ms.

You can specify time units in the retry interval expression. Set Hurl to use a retry interval of 2 seconds with `--retry-interval 2s` or set it to 500 milliseconds with `--retry-interval 500ms`. No spaces allowed.

Environment variables: HURL_RETRY_INTERVAL
| +| --secret <NAME=VALUE> | Define secret value to be redacted from logs and report. When defined, secrets can be used as variable everywhere variables are used.

Environment variables: HURL_SECRET_name

This is a cli-only option.
| +| --secrets-file <FILE> | Define a secrets file in which you define your secrets

Each secret is defined as name=value exactly as with [`--secret`](#secret) option.

Note that defining a secret twice produces an error.

This is a cli-only option.
| +| --test | Activate test mode: with this, the HTTP response is not outputted anymore, progress is reported for each Hurl file tested, and a text summary is displayed when all files have been run.

In test mode, files are executed in parallel. To run test in a sequential way use `--jobs 1`.

See also [`--jobs`](#jobs).

Environment variables: HURL_TEST

This is a cli-only option.
| +| --to-entry <ENTRY_NUMBER> | Execute Hurl file to ENTRY_NUMBER (starting at 1).
Ignore the remaining of the file. It is useful for debugging a session.

This is a cli-only option.
| +| --variable <NAME=VALUE> | Define variable (name/value) to be used in Hurl templates.

Environment variables: HURL_VARIABLE_name
| +| --variables-file <FILE> | Set properties file in which your define your variables.

Each variable is defined as name=value exactly as with [`--variable`](#variable) option.

Note that defining a variable twice produces an error.

This is a cli-only option.
| + +### Report options + +| Option | Description | +|----------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------| +| --report-html <DIR> | Generate HTML report in DIR.

If the HTML report already exists, it will be updated with the new test results.

This is a cli-only option.
| +| --report-json <DIR> | Generate JSON report in DIR.

If the JSON report already exists, it will be updated with the new test results.

This is a cli-only option.
| +| --report-junit <FILE> | Generate JUnit File.

If the FILE report already exists, it will be updated with the new test results.

This is a cli-only option.
| +| --report-tap <FILE> | Generate TAP report.

If the FILE report already exists, it will be updated with the new test results.

This is a cli-only option.
| + +### Other options + +| Option | Description | +|--------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| -b, --cookie <FILE> | Read cookies from FILE (using the Netscape cookie file format).

Combined with [`-c, --cookie-jar`](#cookie-jar), you can simulate a cookie storage between successive Hurl runs.

This is a cli-only option.
| +| -c, --cookie-jar <FILE> | Write cookies to FILE after running the session.
The file will be written using the Netscape cookie file format.

Combined with [`-b, --cookie`](#cookie), you can simulate a cookie storage between successive Hurl runs.

This is a cli-only option.
| +| --file-root <DIR> | Set root directory to import files in Hurl. This is used for files in multipart form data, request body and response output.
When it is not explicitly defined, files are relative to the Hurl file's directory.

This is a cli-only option.
| +| --glob <GLOB> | Specify input files that match the given glob pattern.

Multiple glob flags may be used. This flag supports common Unix glob patterns like *, ? and [].
However, to avoid your shell accidentally expanding glob patterns before Hurl handles them, you must use single quotes or double quotes around each pattern.

This is a cli-only option.
| +| -n, --netrc | Scan the .netrc file in the user's home directory for the username and password.

See also [`--netrc-file`](#netrc-file) and [`--netrc-optional`](#netrc-optional).
| +| --netrc-file <FILE> | Like [`--netrc`](#netrc), but provide the path to the netrc file.

See also [`--netrc-optional`](#netrc-optional).
| +| --netrc-optional | Similar to [`--netrc`](#netrc), but make the .netrc usage optional.

See also [`--netrc-file`](#netrc-file).
| +| -h, --help | Usage help. This lists all current command line options with a short description.
| +| -V, --version | Prints version information
| ## Exit Codes @@ -255,9 +273,9 @@ Using an environment variable to set the proxy has the same effect as using the |-------|---------------------------------------------------------| | `0` | Success.
| | `1` | Failed to parse command-line options.
| -| `2` | Input File Parsing Error.
| +| `2` | Input file parsing error.
| | `3` | Runtime error (such as failure to connect to host).
| -| `4` | Assert Error.
| +| `4` | Assert error.
| ## WWW diff --git a/sites/hurl.dev/_docs/request.md b/sites/hurl.dev/_docs/request.md index d2e78fc..f459122 100644 --- a/sites/hurl.dev/_docs/request.md +++ b/sites/hurl.dev/_docs/request.md @@ -239,7 +239,6 @@ very-verbose: true # allow more verbose output > Variable defined in an `[Options]` section are defined also for the next entries. This is > the exception, all other options are defined only for the current request. - ### Query parameters Optional list of query parameters. @@ -361,7 +360,6 @@ Content-Type: text/html > When using a multiline string body to send a multipart form data, files content must be inlined in the Hurl file. - ### Cookies Optional list of session cookies for this request. @@ -490,6 +488,21 @@ POST https://example.org/api/dogs ``` ~~~ +If you don't want templates to be evaluated inside JSON body you can use [multiline string body] with `raw` identifier: + +{% raw %} +~~~hurl +# {{name}} is not a variable +POST https://example.org/api/cats +Content-Type: application/json +```raw +{ + "id": 42, + "name": "{{ name }}" +} +``` +~~~ +{% endraw %} #### XML body @@ -594,7 +607,6 @@ POST https://example.org/starwars/graphql > Hurl variables and GraphQL variables can be mixed in the same body. - #### Multiline string body For text based body that are neither JSON nor XML, one can use multiline string, started and ending with @@ -623,7 +635,26 @@ line3 is evaluated as "line1\nline2\nline3\n". -Multiline string body can use language identifier, like `json`, `xml` or `graphql`. Depending on the language identifier, +Multiline string body can be [templatized with variables]: + +{% raw %} +~~~hurl +POST https://example.org/models +[Options] +variable: var1=lemon +variable: var2=yellow +``` +Fruit,Color +{{var1}},{{var2}} +``` +~~~ +{% endraw %} + + +Escapes are not processed (i.e. [Hurl Unicode literals] are not supported): `\n` is two consecutive +chars (`\` followed by a `n`), not a single newline char. + +Multiline string body can use language identifier, like `json`, `xml`, `graphql` or `raw`. Depending on the language identifier, an additional 'Content-Type' request header is sent, and the real body (bytes sent over the wire) can be different from the raw multiline text. @@ -632,10 +663,28 @@ POST https://example.org/api/dogs ```json { "id": 0, - "name": "Frieda", + "name": "Frieda" +} +``` +~~~ + +Raw multiline string body don't evaluate templates: + +{% raw %} +~~~hurl +# {{name}} is not a variable +POST https://example.org/api/cats +Content-Type: application/json +```raw +{ + "id": 42, + "lives": {{ lives_count }}, + "name": "{{ name }}" } ``` ~~~ +{% endraw %} + #### Oneline string body @@ -646,7 +695,6 @@ POST https://example.org/helloworld `Hello world!` ~~~ - #### Base64 body Base64 body is used to set binary data as the request body. @@ -675,7 +723,6 @@ PUT https://example.org hex,636166c3a90a; ``` - #### File body To use the binary content of a local file as the body request, file body can be used. File body starts with @@ -690,7 +737,6 @@ file,data.bin; File are relative to the input Hurl file, and cannot contain implicit parent directory (`..`). You can use [`--file-root` option] to specify the root directory of all file nodes. - [method]: #method [URL]: #url [headers]: #headers @@ -724,3 +770,4 @@ File are relative to the input Hurl file, and cannot contain implicit parent dir [GraphQL queries]: #graphql-query [GraphQL variables]: https://graphql.org/learn/queries/#variables [options]: #options +[Hurl Unicode literals]: {% link _docs/hurl-file.md %}#special-characters-in-strings diff --git a/sites/hurl.dev/_docs/samples.md b/sites/hurl.dev/_docs/samples.md index 9a97ef6..74a8602 100644 --- a/sites/hurl.dev/_docs/samples.md +++ b/sites/hurl.dev/_docs/samples.md @@ -530,6 +530,9 @@ certificate "Subject" == "CN=example.org" certificate "Issuer" == "C=US, O=Let's Encrypt, CN=R3" certificate "Expire-Date" daysAfterNow > 15 certificate "Serial-Number" matches /[\da-f]+/ +certificate "Subject-Alt-Name" contains "DNS:example.org" +certificate "Subject-Alt-Name" split "," count == 2 +certificate "Value" startsWith "-----BEGIN CERTIFICATE-----" ``` [Doc]({% link _docs/asserting-response.md %}#ssl-certificate-assert) diff --git a/sites/hurl.dev/_docs/tutorial/ci-cd-integration.md b/sites/hurl.dev/_docs/tutorial/ci-cd-integration.md index f620523..4f6130e 100644 --- a/sites/hurl.dev/_docs/tutorial/ci-cd-integration.md +++ b/sites/hurl.dev/_docs/tutorial/ci-cd-integration.md @@ -466,7 +466,7 @@ Now, we can add more Hurl tests and start developing new features with confidenc [`integration/signup.hurl`]: https://github.com/jcamiel/hurl-express-tutorial/raw/main/integration/signup.hurl [GitHub Actions]: https://github.com/features/actions [GitLab CI/CD pipelines]: https://docs.gitlab.com/ee/ci/pipelines/ -[`bin/integration.sh`]: https://github.com/jcamiel/quiz/blob/master/bin/integration.sh +[`bin/integration.sh`]: https://github.com/jcamiel/hurl-express-tutorial/blob/master/bin/integration.sh [GitLab CI/CD here]: https://about.gitlab.com/blog/2022/12/14/how-to-continously-test-web-apps-apis-with-hurl-and-gitlab-ci-cd/ [GitLab CI/CD]: https://about.gitlab.com/why-gitlab/ [this detailed tutorial]: https://about.gitlab.com/blog/2022/12/14/how-to-continously-test-web-apps-apis-with-hurl-and-gitlab-ci-cd/ diff --git a/sites/hurl.dev/_posts/2026-04-27-announcing-hurl-8.0.0.md b/sites/hurl.dev/_posts/2026-04-27-announcing-hurl-8.0.0.md new file mode 100644 index 0000000..684863b --- /dev/null +++ b/sites/hurl.dev/_posts/2026-04-27-announcing-hurl-8.0.0.md @@ -0,0 +1,324 @@ +--- +title: Announcing Hurl 8.0.0 +layout: blog +section: Blog +permalink: /blog/:year/:month/:day/:title.html +--- + +# {{ page.title }} + +
{{ page.date | date: "%b. %d, %Y" }}
+ +

The Hurl team is thrilled to announce Hurl 8.0.0! +Partying Face +

+ +[Hurl] is a command line tool powered by [curl], that runs HTTP requests defined in a simple plain text format: + +```hurl +GET https://example.org/api/tests/4567 +HTTP 200 +[Asserts] +jsonpath "$.status" == "RUNNING" # Check the status code +jsonpath "$.tests" count == 25 # Check the number of items +jsonpath "$.id" matches /\d{4}/ # Check the format of the id + + +POST https://example.org/api/tests +{ + "name": "foo" +} +HTTP 201 +[Asserts] +header "x-foo" contains "bar" +certificate "Expire-Date" daysAfterNow > 15 +ip == "2001:0db8:85a3:0000:0000:8a2e:0370:733" +``` + +## What’s New in This Release + +- [Brand New JSONPath - RFC 9535 Support](#brand-new-jsonpath-rfc-9535-support) +- [Hurl Support in GitHub](#hurl-support-in-github) +- [Configure Hurl with Environment Variables](#configure-hurl-with-environment-variables) +- [--no-cookie-store Option to Test Cookie-less Workflows](#-no-cookie-store-option-to-test-cookie-less-workflows) +- [SSL/TLS Certificate Improvements](#ssltls-certificate-improvements) +- [Others](#others) + +### Brand New JSONPath - RFC 9535 Support + +In Feb 2024, the JSONPath RFC ([RFC 9535]) standard was published, 17 years after Stefan Gössner wrote his +influential blog post JSONPath – XPath for JSON that resulted in some 50 implementations in various languages (with, +unfortunately, differences among them). + +When the JSONPath was originally introduced in Hurl, no formal specification existed, the only reference was the original +article from [goessner.net], and we based our code on it. + +With [Hurl 8.0.0], the star of the show is our full [RFC 9535] implementation! + +You can now write more powerful queries such as `$[?length(@.authors) >= 5]` or +`$.store.book[?(@.category == 'fiction' && @.price >= 10)]` + +[RFC 9535] also defines functions `length`, `count`, `match`, `search` and `value`: + +```hurl +GET http://localhost:8000/jsonpath/function +HTTP 200 +[Asserts] +jsonpath "$.items[?length(@.name) > 3]" count == 2 +jsonpath "$.items[?count(@.tags) == 1]" count == 3 +jsonpath "$.items[?match(@.name, '^ca.*')].name" == "car" +jsonpath "$.items[?search(@.name, 'ca')].name" == "car" +jsonpath "$.items[?search(@.name, $.string)].name" == "car" +jsonpath "$.items[?value(@.heavy) == true]" count == 2 +``` + +Combining filters and booleans expression is now possible: + +```hurl +GET http://localhost:8000/json/store +HTTP 200 +[Asserts] +jsonpath "$.store.book[?(@.published==true)].title" == "Moby Dick" # filter on published books +jsonpath "$.store.book[?(@.category == 'fiction' && @.price >= 10)]" count == 2 # filter all fiction books with price >= 10 +``` + +#### Normalized JSONPath results + +With this brand-new implementation, JSONPath results in Hurl have been standardized and aligned with +other queries (like XPath). + +JSONPath queries always return arrays, the Hurl [jsonpath] filter/query now maps the results as follows: + +1. empty array → None value + + `jsonpath "$.store.book[5].title" not exists` + +2. single-element array → the element itself + + `jsonpath "$.store.book[1].title" == "Sword of Honour"` + +3. multiple elements → the full array of elements + + `jsonpath "$.store.book[0,2]" count == 2` + +#### Breaking Changes + +Unfortunately, this new [RFC 9535] support forces us to make breaking changes. While most of the +existing JSONPath queries works without any modification in your Hurl files when upgrading to 8.0.0, +you might have some changes to make. + +Notably, '-' in keypath: it's not supported by the new spec and this kind of JSONPath + +`$.headers.X-Custom` + +must be rewritten as + +`$.headers['X-Custom']` + +For instance, before Hurl 8.0.0: + +```hurl +GET http://localhost:8000/json/store +HTTP 200 +[Asserts] +jsonpath "$.not-exist" count == 5 +jsonpath "$.not-exist" startsWith "foo" +jsonpath "$.not-exist" endsWith "foo" +``` + +With Hurl 8.0.0: + +```hurl +GET http://localhost:8000/json/store +HTTP 200 +[Asserts] +jsonpath "$['not-exist']" count == 5 +jsonpath "$['not-exist']" startsWith "foo" +jsonpath "$['not-exist']" endsWith "foo" +``` + +You can test the validity of your JSONPath expression with , selecting RFC 9535: + +jsonpath.com + +Finally, our new JSONPath evaluation might also break existing tests written for previous versions. + +For example: + +`jsonpath "$..book[5:7].title" count == 0` + +If there are only 4 books, this query now returns no value instead of an empty array. You will therefore get the following +error: + +``` +error: Filter error + --> /tmp/test.hurl:4:31 + | + | GET http://localhost:8000/books.json + | ... + 4 | jsonpath "$..book[5:7].title" count == 0 + | ^^^^^ missing value to apply filter + | +``` + +You must fix the assertion as follows: + +`jsonpath "$..book[5:7].title" not exists` + +Because of the potential breaking changes, we're trying to contact public repos on GitHub that are using Hurl when we +detect that they may have some changes to make for Hurl 8.0.0. Usually the changes are simple so this should not be a +big issue. In exchange, we hope that the new RFC 9535 will give you some useful new test capabilities. + +### Hurl Support in GitHub + +Not specifically tied to this new 8.0.0 version, but Hurl is now an official language on GitHub! + +You can search for Hurl snippets: + +Search on GitHub for Hurl snippet + +Repo top languages shows Hurl support: + +Repo top languages with Hurl + +And Hurl code is syntactically colored: + +Repo top languages with Hurl + +Thanks to Niklas Mollenhauer ([@nikee](https://github.com/nikeee)) and all other people that have made this possible, you rock! + +### Configure Hurl with Environment Variables + +Hurl options can be used in command line like `--location` to follow redirection, and overridden per request in `[Options]` +section. For instance, this Hurl file: + +```hurl +GET https://example.org +HTTP 301 + +GET https://example.org +[Options] +location: true +HTTP 200 +``` + +will follow a redirection only for the second entry. + +With Hurl 8.0.0, most of the options can also be defined with environment variables (like `HURL_INSECURE` for [`--insecure`][insecure]). +So, in order to configure Hurl, there are three sources from the lowest priority (most easily overridden) to highest +(overrides all others): + +- Environment variables (ex: `HURL_INSECURE`) +- Command-line options (ex: `--insecure`) +- Options section options (ex: `insecure: true` in file) + +You can check the [Hurl manual] to see all the configurable environment variables, there are plenty (i.e. `HURL_COMPRESSED`, +`HURL_CONNECT_TIMEOUT`, `HURL_HEADER`, `HURL_HTTP3` etc...) + +### --no-cookie-store Option to Test Cookie-less Workflows + +By default, requests in the same Hurl file share cookie storage. A new option [`--no-cookie-store`][no-cookie-store] +deactivates cookie engine allowing you to test cookie-less workflows. And you can configure it by environment variable +with `export HURL_NO_COOKIE_STORE=1`. + +### SSL/TLS Certificate Improvements + +Certificate queries allow you to assert and capture TLS/SSL certificates attributes like: subject, issue, start date, +expire date and serial number. With Hurl 8.0.0, you can now get subject alternative name and certificate value. + +```hurl +GET https://example.org +HTTP 200 +[Asserts] +certificate "Subject" == "CN=example.org" +certificate "Issuer" == "C=US, O=Let's Encrypt, CN=R3" +certificate "Expire-Date" daysAfterNow > 15 +certificate "Serial-Number" matches "[0-9af]+" +certificate "Subject-Alt-Name" contains "DNS:example.org" +certificate "Subject-Alt-Name" split "," count == 2 +certificate "Value" startsWith "-----BEGIN CERTIFICATE-----" +``` + +### Others + +#### Raw multilines + +Making a JSON body request in Hurl is super simple, you just have to write a JSON body without any modification and it will be +sent as is, with the right `application/json` [Content-Type] header. With this body, templates are also supported, in order +to set variations on your requests. + +{% raw %} +~~~hurl +POST https://example.org/api/cats +{ + "id": 42, + "name": "{{ name }}" +} +~~~ + +`{{name}}` is evaluated as a template and the file will fail if there is no `name` variable. + +With Hurl 8.0.0, you can disable variable rendering and send `{{ foo }}` as it is, without Hurl trying to render it with + a variable. Using [multiline string body] and `raw` identifier you can send an unmodified body over the wire. + +~~~hurl +POST https://example.org/api/cats +Content-Type: application/json +```raw +{ + "id": 42, + "name": "{{ name }}" +} +``` +~~~ + +{% endraw %} + +Without the `raw` identifier, the body will be a classic multiline body and will render every variable. + +#### rawbytes query + +HTTP body responses can be encoded by server but captures and asserts in Hurl files are not affected by the content +compression. In Hurl, captures and asserts work automatically on the decompressed response body, as if there weren’t +any compression. + +Unlike `bytes` query, the new `rawbytes` query returns the raw bytes before any content decoding. For uncompressed responses, `rawbytes` +and `bytes` return the same data. + +```hurl +GET https://example.org/data.bin +HTTP 200 +Content-Encoding: gzip +[Asserts] +header "Content-Length" == "32" +rawbytes count == 32 # matches Content-Length (compressed size) +bytes count == 100 # decompressed size is larger +rawbytes startsWith hex,1f8b; # gzip magic bytes +bytes startsWith hex,48656c6c6f; # decompressed content starts with "Hello" +``` + +__That's all for today!__ + +There are a lot of other improvements with Hurl 8.0.0 and also a lot of bug fixes, you can check the complete list of +enhancements and bug fixes [in our release note]. + +If you like Hurl, don't hesitate to [support us with a star on GitHub] and share it on [𝕏 / Twitter] and [Bluesky]! + +We'll be happy to hear from you, either for enhancement requests or for sharing your success story using Hurl! + + +[Hurl]: https://hurl.dev +[curl]: https://curl.se +[in our release note]: https://github.com/Orange-OpenSource/hurl/releases/tag/8.0.0 +[𝕏 / Twitter]: https://x.com/HurlDev +[Bluesky]: https://bsky.app/profile/hurldev.bsky.social +[support us with a star on GitHub]: https://github.com/Orange-OpenSource/hurl/stargazers +[RFC 9535]: https://datatracker.ietf.org/doc/rfc9535 +[Hurl 8.0.0]: https://github.com/Orange-OpenSource/hurl/releases/tag/8.0.0 +[goessner.net]: https://goessner.net/articles/JsonPath +[jsonpath]: {% link _docs/filters.md %}#jsonpath +[insecure]: {% link _docs/manual.md %}#insecure +[no-cookie-store]: {% link _docs/manual.md %}#no-cookie-store +[Content-Type]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Content-Type +[multiline string body]: {% link _docs/request.md %}#multiline-string-body +[Hurl manual]: {% link _docs/manual.md %} diff --git a/sites/hurl.dev/_posts/feed.xml b/sites/hurl.dev/_posts/feed.xml index 9490f94..da7de58 100644 --- a/sites/hurl.dev/_posts/feed.xml +++ b/sites/hurl.dev/_posts/feed.xml @@ -3,8 +3,237 @@ Hurl Blog - 2025-11-26T00:00:00+01:00 + 2026-04-27T00:00:00+02:00 https://hurl.dev/blog/feed.xml + + Announcing Hurl 8.0.0 + + 2026-04-27T00:00:00+02:00 + 2026-04-27T00:00:00+02:00 + https://hurl.dev/blog/2026/04/27/announcing-hurl-8.0.0.html + Announcing Hurl 8.0.0 +
Apr. 27, 2026
+ +

The Hurl team is thrilled to announce Hurl 8.0.0! +Partying Face +

+ +

Hurl is a command line tool powered by curl, that runs HTTP requests defined in a simple plain text format:

+
GET https://example.org/api/tests/4567
+HTTP 200
+[Asserts]
+jsonpath "$.status" == "RUNNING"    # Check the status code
+jsonpath "$.tests" count == 25      # Check the number of items
+jsonpath "$.id" matches /\d{4}/     # Check the format of the id
+
+
+POST https://example.org/api/tests
+{
+  "name": "foo"
+}
+HTTP 201
+[Asserts]
+header "x-foo" contains "bar"
+certificate "Expire-Date" daysAfterNow > 15
+ip == "2001:0db8:85a3:0000:0000:8a2e:0370:733"
+
+

What’s New in This Release

+ +

Brand New JSONPath - RFC 9535 Support

+

In Feb 2024, the JSONPath RFC (RFC 9535) standard was published, 17 years after Stefan Gössner wrote his +influential blog post JSONPath – XPath for JSON that resulted in some 50 implementations in various languages (with, +unfortunately, differences among them).

+

When the JSONPath was originally introduced in Hurl, no formal specification existed, the only reference was the original +article from goessner.net, and we based our code on it.

+

With Hurl 8.0.0, the star of the show is our full RFC 9535 implementation!

+

You can now write more powerful queries such as $[?length(@.authors) >= 5] or +$.store.book[?(@.category == 'fiction' && @.price >= 10)]

+

RFC 9535 also defines functions length, count, match, search and value:

+
GET http://localhost:8000/jsonpath/function
+HTTP 200
+[Asserts]
+jsonpath "$.items[?length(@.name) > 3]" count == 2
+jsonpath "$.items[?count(@.tags) == 1]" count == 3
+jsonpath "$.items[?match(@.name, '^ca.*')].name" == "car"
+jsonpath "$.items[?search(@.name, 'ca')].name" == "car"
+jsonpath "$.items[?search(@.name, $.string)].name" == "car"
+jsonpath "$.items[?value(@.heavy) == true]" count == 2
+
+

Combining filters and booleans expression is now possible:

+
GET http://localhost:8000/json/store
+HTTP 200
+[Asserts]
+jsonpath "$.store.book[?(@.published==true)].title" == "Moby Dick"         # filter on published books
+jsonpath "$.store.book[?(@.category == 'fiction' && @.price >= 10)]" count == 2 # filter all fiction books with price >= 10
+
+

Normalized JSONPath results

+

With this brand-new implementation, JSONPath results in Hurl have been standardized and aligned with +other queries (like XPath).

+

JSONPath queries always return arrays, the Hurl jsonpath filter/query now maps the results as follows:

+
    +
  1. empty array → None value
    2. +
+

jsonpath "$.store.book[5].title" not exists

+
    +
  1. single-element array → the element itself
    2. +
+

jsonpath "$.store.book[1].title" == "Sword of Honour"

+
    +
  1. multiple elements → the full array of elements
    2. +
+

jsonpath "$.store.book[0,2]" count == 2

+

Breaking Changes

+

Unfortunately, this new RFC 9535 support forces us to make breaking changes. While most of the +existing JSONPath queries works without any modification in your Hurl files when upgrading to 8.0.0, +you might have some changes to make.

+

Notably, ‘-’ in keypath: it’s not supported by the new spec and this kind of JSONPath

+

$.headers.X-Custom

+

must be rewritten as

+

$.headers['X-Custom']

+

For instance, before Hurl 8.0.0:

+
GET http://localhost:8000/json/store
+HTTP 200
+[Asserts]
+jsonpath "$.not-exist" count == 5
+jsonpath "$.not-exist" startsWith "foo"
+jsonpath "$.not-exist" endsWith "foo"
+
+

With Hurl 8.0.0:

+
GET http://localhost:8000/json/store
+HTTP 200
+[Asserts]
+jsonpath "$['not-exist']" count == 5
+jsonpath "$['not-exist']" startsWith "foo"
+jsonpath "$['not-exist']" endsWith "foo"
+
+

You can test the validity of your JSONPath expression with https://jsonpath.com, selecting RFC 9535:

+

jsonpath.com

+

Finally, our new JSONPath evaluation might also break existing tests written for previous versions.

+

For example:

+

jsonpath "$..book[5:7].title" count == 0

+

If there are only 4 books, this query now returns no value instead of an empty array. You will therefore get the following +error:

+
error: Filter error
+  --> /tmp/test.hurl:4:31
+   |
+   | GET http://localhost:8000/books.json
+   | ...
+ 4 | jsonpath "$..book[5:7].title" count == 0
+   |                               ^^^^^ missing value to apply filter
+   |
+
+

You must fix the assertion as follows:

+

jsonpath "$..book[5:7].title" not exists

+

Because of the potential breaking changes, we’re trying to contact public repos on GitHub that are using Hurl when we +detect that they may have some changes to make for Hurl 8.0.0. Usually the changes are simple so this should not be a +big issue. In exchange, we hope that the new RFC 9535 will give you some useful new test capabilities.

+

Hurl Support in GitHub

+

Not specifically tied to this new 8.0.0 version, but Hurl is now an official language on GitHub!

+

You can search for Hurl snippets:

+

Search on GitHub for Hurl snippet

+

Repo top languages shows Hurl support:

+

Repo top languages with Hurl

+

And Hurl code is syntactically colored:

+

Repo top languages with Hurl

+

Thanks to Niklas Mollenhauer (@nikee) and all other people that have made this possible, you rock!

+

Configure Hurl with Environment Variables

+

Hurl options can be used in command line like --location to follow redirection, and overridden per request in [Options] +section. For instance, this Hurl file:

+
GET https://example.org
+HTTP 301
+
+GET https://example.org
+[Options]
+location: true
+HTTP 200
+
+

will follow a redirection only for the second entry.

+

With Hurl 8.0.0, most of the options can also be defined with environment variables (like HURL_INSECURE for --insecure). +So, in order to configure Hurl, there are three sources from the lowest priority (most easily overridden) to highest +(overrides all others):

+
    +
  • Environment variables (ex: HURL_INSECURE)
    • +
  • Command-line options (ex: --insecure)
    • +
  • Options section options (ex: insecure: true in file)
    • +
+

You can check the Hurl manual to see all the configurable environment variables, there are plenty (i.e. HURL_COMPRESSED, +HURL_CONNECT_TIMEOUT, HURL_HEADER, HURL_HTTP3 etc...)

+

–no-cookie-store Option to Test Cookie-less Workflows

+

By default, requests in the same Hurl file share cookie storage. A new option --no-cookie-store +deactivates cookie engine allowing you to test cookie-less workflows. And you can configure it by environment variable +with export HURL_NO_COOKIE_STORE=1.

+

SSL/TLS Certificate Improvements

+

Certificate queries allow you to assert and capture TLS/SSL certificates attributes like: subject, issue, start date, +expire date and serial number. With Hurl 8.0.0, you can now get subject alternative name and certificate value.

+
GET https://example.org
+HTTP 200
+[Asserts]
+certificate "Subject" == "CN=example.org"
+certificate "Issuer" == "C=US, O=Let's Encrypt, CN=R3"
+certificate "Expire-Date" daysAfterNow > 15
+certificate "Serial-Number" matches "[0-9af]+"
+certificate "Subject-Alt-Name" contains "DNS:example.org"
+certificate "Subject-Alt-Name" split "," count == 2
+certificate "Value" startsWith "-----BEGIN CERTIFICATE-----"
+
+

Others

+

Raw multilines

+

Making a JSON body request in Hurl is super simple, you just have to write a JSON body without any modification and it will be +sent as is, with the right application/json Content-Type header. With this body, templates are also supported, in order +to set variations on your requests.

+
POST https://example.org/api/cats
+{
+  "id": 42,
+  "name": "{{ name }}"
+}
+
+

{{name}} is evaluated as a template and the file will fail if there is no name variable.

+

With Hurl 8.0.0, you can disable variable rendering and send {{ foo }} as it is, without Hurl trying to render it with + a variable. Using multiline string body and raw identifier you can send an unmodified body over the wire.

+
POST https://example.org/api/cats
+Content-Type: application/json
+```raw
+{
+  "id": 42,
+  "name": "{{ name }}"
+}
+```
+
+

Without the raw identifier, the body will be a classic multiline body and will render every variable.

+

rawbytes query

+

HTTP body responses can be encoded by server but captures and asserts in Hurl files are not affected by the content +compression. In Hurl, captures and asserts work automatically on the decompressed response body, as if there weren’t +any compression.

+

Unlike bytes query, the new rawbytes query returns the raw bytes before any content decoding. For uncompressed responses, rawbytes +and bytes return the same data.

+
GET https://example.org/data.bin
+HTTP 200
+Content-Encoding: gzip
+[Asserts]
+header "Content-Length" == "32"
+rawbytes count == 32 # matches Content-Length (compressed size)
+bytes count == 100 # decompressed size is larger
+rawbytes startsWith hex,1f8b; # gzip magic bytes
+bytes startsWith hex,48656c6c6f; # decompressed content starts with "Hello"
+
+

That’s all for today!

+

There are a lot of other improvements with Hurl 8.0.0 and also a lot of bug fixes, you can check the complete list of +enhancements and bug fixes in our release note.

+

If you like Hurl, don’t hesitate to support us with a star on GitHub and share it on 𝕏 / Twitter and Bluesky!

+

We’ll be happy to hear from you, either for enhancement requests or for sharing your success story using Hurl!

]]> + + + + The Hurl team is thrilled to announce Hurl 8.0.0 + Hurl 7.1.0, the Pretty Edition