69 lines
1.7 KiB
Go
69 lines
1.7 KiB
Go
package proxytarget
|
|
|
|
import (
|
|
"context"
|
|
"net"
|
|
"net/http"
|
|
"net/url"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
func TestValidateAllowsHTTPSTargetWithHostname(t *testing.T) {
|
|
if err := Validate("https://cdn.example.test/video/segment.ts"); err != nil {
|
|
t.Fatalf("Validate() error = %v, want nil", err)
|
|
}
|
|
}
|
|
|
|
func TestValidateRejectsUnsafeTargets(t *testing.T) {
|
|
tests := []string{
|
|
"ftp://cdn.example.test/video.ts",
|
|
"https:///video.ts",
|
|
"http://localhost/video.ts",
|
|
"http://127.0.0.1/video.ts",
|
|
"http://[::ffff:127.0.0.1]/video.ts",
|
|
"http://169.254.169.254/video.ts",
|
|
"https://[::1]/subtitle.vtt",
|
|
}
|
|
|
|
for _, targetURL := range tests {
|
|
t.Run(targetURL, func(t *testing.T) {
|
|
if err := Validate(targetURL); err == nil {
|
|
t.Fatal("Validate() error = nil, want error")
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestCheckRedirectRejectsUnsafeLocation(t *testing.T) {
|
|
req := &http.Request{URL: &url.URL{Scheme: "http", Host: "127.0.0.1", Path: "/video.ts"}}
|
|
|
|
if err := checkRedirect(req, nil); err == nil {
|
|
t.Fatal("checkRedirect() error = nil, want error")
|
|
}
|
|
}
|
|
|
|
func TestValidatingDialContextRejectsPrivateResolvedAddress(t *testing.T) {
|
|
dial := validatingDialContext(&net.Dialer{Timeout: time.Millisecond}, fakeResolver{
|
|
ips: []net.IPAddr{{IP: net.ParseIP("192.168.1.20")}},
|
|
})
|
|
|
|
_, err := dial(context.Background(), "tcp", "cdn.example.test:443")
|
|
if err == nil {
|
|
t.Fatal("dial error = nil, want error")
|
|
}
|
|
if !strings.Contains(err.Error(), "no allowed addresses") {
|
|
t.Fatalf("dial error = %v, want no allowed addresses", err)
|
|
}
|
|
}
|
|
|
|
type fakeResolver struct {
|
|
ips []net.IPAddr
|
|
err error
|
|
}
|
|
|
|
func (r fakeResolver) LookupIPAddr(context.Context, string) ([]net.IPAddr, error) {
|
|
return r.ips, r.err
|
|
}
|