aboutsummaryrefslogtreecommitdiffstats
path: root/modules/hostmatcher/hostmatcher_test.go
diff options
context:
space:
mode:
authorwxiaoguang <wxiaoguang@gmail.com>2021-11-01 16:39:52 +0800
committerGitHub <noreply@github.com>2021-11-01 16:39:52 +0800
commit599ff1c054e436daa4dc3f049aa8661d9c2395f9 (patch)
tree800983fd2e9d9de3dd1977738d18b64df34dd9ea /modules/hostmatcher/hostmatcher_test.go
parent4e8a81780ed4ff0423e3a2ac7f75265e362ca46d (diff)
downloadgitea-599ff1c054e436daa4dc3f049aa8661d9c2395f9.tar.gz
gitea-599ff1c054e436daa4dc3f049aa8661d9c2395f9.zip
Only allow webhook to send requests to allowed hosts (#17482)
Diffstat (limited to 'modules/hostmatcher/hostmatcher_test.go')
-rw-r--r--modules/hostmatcher/hostmatcher_test.go119
1 files changed, 119 insertions, 0 deletions
diff --git a/modules/hostmatcher/hostmatcher_test.go b/modules/hostmatcher/hostmatcher_test.go
new file mode 100644
index 0000000000..8eaafbdbc8
--- /dev/null
+++ b/modules/hostmatcher/hostmatcher_test.go
@@ -0,0 +1,119 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package hostmatcher
+
+import (
+ "net"
+ "testing"
+
+ "github.com/stretchr/testify/assert"
+)
+
+func TestHostOrIPMatchesList(t *testing.T) {
+ type tc struct {
+ host string
+ ip net.IP
+ expected bool
+ }
+
+ // for IPv6: "::1" is loopback, "fd00::/8" is private
+
+ hl := ParseHostMatchList("private, External, *.myDomain.com, 169.254.1.0/24")
+ cases := []tc{
+ {"", net.IPv4zero, false},
+ {"", net.IPv6zero, false},
+
+ {"", net.ParseIP("127.0.0.1"), false},
+ {"", net.ParseIP("::1"), false},
+
+ {"", net.ParseIP("10.0.1.1"), true},
+ {"", net.ParseIP("192.168.1.1"), true},
+ {"", net.ParseIP("fd00::1"), true},
+
+ {"", net.ParseIP("8.8.8.8"), true},
+ {"", net.ParseIP("1001::1"), true},
+
+ {"mydomain.com", net.IPv4zero, false},
+ {"sub.mydomain.com", net.IPv4zero, true},
+
+ {"", net.ParseIP("169.254.1.1"), true},
+ {"", net.ParseIP("169.254.2.2"), false},
+ }
+ for _, c := range cases {
+ assert.Equalf(t, c.expected, hl.MatchesHostOrIP(c.host, c.ip), "case %s(%v)", c.host, c.ip)
+ }
+
+ hl = ParseHostMatchList("loopback")
+ cases = []tc{
+ {"", net.IPv4zero, false},
+ {"", net.ParseIP("127.0.0.1"), true},
+ {"", net.ParseIP("10.0.1.1"), false},
+ {"", net.ParseIP("192.168.1.1"), false},
+ {"", net.ParseIP("8.8.8.8"), false},
+
+ {"", net.ParseIP("::1"), true},
+ {"", net.ParseIP("fd00::1"), false},
+ {"", net.ParseIP("1000::1"), false},
+
+ {"mydomain.com", net.IPv4zero, false},
+ }
+ for _, c := range cases {
+ assert.Equalf(t, c.expected, hl.MatchesHostOrIP(c.host, c.ip), "case %s(%v)", c.host, c.ip)
+ }
+
+ hl = ParseHostMatchList("private")
+ cases = []tc{
+ {"", net.IPv4zero, false},
+ {"", net.ParseIP("127.0.0.1"), false},
+ {"", net.ParseIP("10.0.1.1"), true},
+ {"", net.ParseIP("192.168.1.1"), true},
+ {"", net.ParseIP("8.8.8.8"), false},
+
+ {"", net.ParseIP("::1"), false},
+ {"", net.ParseIP("fd00::1"), true},
+ {"", net.ParseIP("1000::1"), false},
+
+ {"mydomain.com", net.IPv4zero, false},
+ }
+ for _, c := range cases {
+ assert.Equalf(t, c.expected, hl.MatchesHostOrIP(c.host, c.ip), "case %s(%v)", c.host, c.ip)
+ }
+
+ hl = ParseHostMatchList("external")
+ cases = []tc{
+ {"", net.IPv4zero, false},
+ {"", net.ParseIP("127.0.0.1"), false},
+ {"", net.ParseIP("10.0.1.1"), false},
+ {"", net.ParseIP("192.168.1.1"), false},
+ {"", net.ParseIP("8.8.8.8"), true},
+
+ {"", net.ParseIP("::1"), false},
+ {"", net.ParseIP("fd00::1"), false},
+ {"", net.ParseIP("1000::1"), true},
+
+ {"mydomain.com", net.IPv4zero, false},
+ }
+ for _, c := range cases {
+ assert.Equalf(t, c.expected, hl.MatchesHostOrIP(c.host, c.ip), "case %s(%v)", c.host, c.ip)
+ }
+
+ hl = ParseHostMatchList("*")
+ cases = []tc{
+ {"", net.IPv4zero, true},
+ {"", net.ParseIP("127.0.0.1"), true},
+ {"", net.ParseIP("10.0.1.1"), true},
+ {"", net.ParseIP("192.168.1.1"), true},
+ {"", net.ParseIP("8.8.8.8"), true},
+
+ {"", net.ParseIP("::1"), true},
+ {"", net.ParseIP("fd00::1"), true},
+ {"", net.ParseIP("1000::1"), true},
+
+ {"mydomain.com", net.IPv4zero, true},
+ }
+ for _, c := range cases {
+ assert.Equalf(t, c.expected, hl.MatchesHostOrIP(c.host, c.ip), "case %s(%v)", c.host, c.ip)
+ }
+}