resolve domain names when checking for private URLs
This commit is contained in:
Hazelnoot
parent
63bac24ece
commit
05bc6f5d86
2 changed files with 69 additions and 29 deletions
|
|
@ -7,8 +7,9 @@ import { describe, jest } from '@jest/globals';
|
|||
import type { Mock } from 'jest-mock';
|
||||
import type { PrivateNetwork } from '@/config.js';
|
||||
import type { Socket } from 'net';
|
||||
import { HttpRequestService, isPrivateIp, isPrivateUrl, validateSocketConnect } from '@/core/HttpRequestService.js';
|
||||
import { HttpRequestService, isAllowedPrivateIp, isPrivateUrl, resolveIp, validateSocketConnect } from '@/core/HttpRequestService.js';
|
||||
import { parsePrivateNetworks } from '@/config.js';
|
||||
import { IPv4 } from 'ipaddr.js';
|
||||
|
||||
describe(HttpRequestService, () => {
|
||||
let allowedPrivateNetworks: PrivateNetwork[] | undefined;
|
||||
|
|
@ -21,56 +22,81 @@ describe(HttpRequestService, () => {
|
|||
]);
|
||||
});
|
||||
|
||||
describe('isPrivateIp', () => {
|
||||
describe(isAllowedPrivateIp, () => {
|
||||
it('should return false when ip public', () => {
|
||||
const result = isPrivateIp(allowedPrivateNetworks, '74.125.127.100', 80);
|
||||
const result = isAllowedPrivateIp(allowedPrivateNetworks, '74.125.127.100', 80);
|
||||
expect(result).toBeFalsy();
|
||||
});
|
||||
|
||||
it('should return false when ip private and port matches', () => {
|
||||
const result = isPrivateIp(allowedPrivateNetworks, '127.0.0.1', 1);
|
||||
const result = isAllowedPrivateIp(allowedPrivateNetworks, '127.0.0.1', 1);
|
||||
expect(result).toBeFalsy();
|
||||
});
|
||||
|
||||
it('should return false when ip private and all ports undefined', () => {
|
||||
const result = isPrivateIp(allowedPrivateNetworks, '10.0.0.1', undefined);
|
||||
const result = isAllowedPrivateIp(allowedPrivateNetworks, '10.0.0.1', undefined);
|
||||
expect(result).toBeFalsy();
|
||||
});
|
||||
|
||||
it('should return true when ip private and no ports specified', () => {
|
||||
const result = isPrivateIp(allowedPrivateNetworks, '10.0.0.2', 80);
|
||||
const result = isAllowedPrivateIp(allowedPrivateNetworks, '10.0.0.2', 80);
|
||||
expect(result).toBeTruthy();
|
||||
});
|
||||
|
||||
it('should return true when ip private and port does not match', () => {
|
||||
const result = isPrivateIp(allowedPrivateNetworks, '127.0.0.1', 80);
|
||||
const result = isAllowedPrivateIp(allowedPrivateNetworks, '127.0.0.1', 80);
|
||||
expect(result).toBeTruthy();
|
||||
});
|
||||
|
||||
it('should return true when ip private and port is null but ports are specified', () => {
|
||||
const result = isPrivateIp(allowedPrivateNetworks, '127.0.0.1', undefined);
|
||||
const result = isAllowedPrivateIp(allowedPrivateNetworks, '127.0.0.1', undefined);
|
||||
expect(result).toBeTruthy();
|
||||
});
|
||||
});
|
||||
|
||||
describe('isPrivateUrl', () => {
|
||||
it('should return false when URL is not an IP', () => {
|
||||
const result = isPrivateUrl(new URL('https://example.com'));
|
||||
const fakeLookup = (host: string, _: unknown, callback: (err: Error | null, ip: string) => void) => {
|
||||
if (host === 'localhost') {
|
||||
callback(null, '127.0.0.1');
|
||||
} else {
|
||||
callback(null, '23.192.228.80');
|
||||
}
|
||||
};
|
||||
|
||||
describe(resolveIp, () => {
|
||||
it('should parse inline IPs', async () => {
|
||||
const result = await resolveIp(new URL('https://10.0.0.1'), fakeLookup);
|
||||
expect(result.toString()).toEqual('10.0.0.1');
|
||||
});
|
||||
|
||||
it('should resolve domain names', async () => {
|
||||
const result = await resolveIp(new URL('https://localhost'), fakeLookup);
|
||||
expect(result.toString()).toEqual('127.0.0.1');
|
||||
});
|
||||
});
|
||||
|
||||
describe(isPrivateUrl, () => {
|
||||
it('should return false when URL is public host', async () => {
|
||||
const result = await isPrivateUrl(new URL('https://example.com'), fakeLookup);
|
||||
expect(result).toBe(false);
|
||||
});
|
||||
|
||||
it('should return false when IP is public', () => {
|
||||
const result = isPrivateUrl(new URL('https://23.192.228.80'));
|
||||
expect(result).toBe(false);
|
||||
});
|
||||
|
||||
it('should return true when IP is private', () => {
|
||||
const result = isPrivateUrl(new URL('https://127.0.0.1'));
|
||||
it('should return true when URL is private host', async () => {
|
||||
const result = await isPrivateUrl(new URL('https://localhost'), fakeLookup);
|
||||
expect(result).toBe(true);
|
||||
});
|
||||
|
||||
it('should return true when IP is private with port and path', () => {
|
||||
const result = isPrivateUrl(new URL('https://127.0.0.1:443/some/path'));
|
||||
it('should return false when IP is public', async () => {
|
||||
const result = await isPrivateUrl(new URL('https://23.192.228.80'), fakeLookup);
|
||||
expect(result).toBe(false);
|
||||
});
|
||||
|
||||
it('should return true when IP is private', async () => {
|
||||
const result = await isPrivateUrl(new URL('https://127.0.0.1'), fakeLookup);
|
||||
expect(result).toBe(true);
|
||||
});
|
||||
|
||||
it('should return true when IP is private with port and path', async () => {
|
||||
const result = await isPrivateUrl(new URL('https://127.0.0.1:443/some/path'), fakeLookup);
|
||||
expect(result).toBe(true);
|
||||
});
|
||||
});
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue