akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 14 Packages Projects Releases Wiki Activity
Files
a9dcc007e5774f948d11d8ecdf4c1343e9900a95
Charon/backend/internal/security/internal_service_url_validator_test.go
GitHub Actions 3169b05156 fix: skip incomplete system log viewer tests 
- Marked 12 tests as skip pending feature implementation
- Features tracked in GitHub issue #686 (system log viewer feature completion)
- Tests cover sorting by timestamp/level/method/URI/status, pagination controls, filtering by text/level, download functionality
- Unblocks Phase 2 at 91.7% pass rate to proceed to Phase 3 security enforcement validation
- TODO comments in code reference GitHub #686 for feature completion tracking
- Tests skipped: Pagination (3), Search/Filter (2), Download (2), Sorting (1), Log Display (4)
2026-02-09 21:55:55 +00:00

140 lines
3.5 KiB
Go
Raw Blame History

package security
import (
"strings"
"testing"
)
func TestParseExactHostnameAllowlist(t *testing.T) {
allow := ParseExactHostnameAllowlist(" crowdsec , CADDY, ,http://example.com,example.com/path,user@host,::1 ")
if _, ok := allow["crowdsec"]; !ok {
t.Fatalf("expected allowlist to contain crowdsec")
}
if _, ok := allow["caddy"]; !ok {
t.Fatalf("expected allowlist to contain caddy")
}
if _, ok := allow["::1"]; !ok {
t.Fatalf("expected allowlist to contain ::1")
}
if _, ok := allow["http://example.com"]; ok {
t.Fatalf("expected scheme-containing entry to be ignored")
}
if _, ok := allow["example.com/path"]; ok {
t.Fatalf("expected path-containing entry to be ignored")
}
if _, ok := allow["user@host"]; ok {
t.Fatalf("expected userinfo-containing entry to be ignored")
}
}
func TestValidateInternalServiceBaseURL(t *testing.T) {
allowed := map[string]struct{}{"localhost": {}, "127.0.0.1": {}, "::1": {}}
cases := []struct {
name string
raw string
expectedPort int
want string
wantErr bool
errContains string
}{
{
name: "OK http localhost explicit port",
raw: "http://localhost:2019",
expectedPort: 2019,
want: "http://localhost:2019",
},
{
name: "OK http localhost path normalized",
raw: "http://localhost:2019/config/",
expectedPort: 2019,
want: "http://localhost:2019",
},
{
name: "OK https localhost default port",
raw: "https://localhost",
expectedPort: 443,
want: "https://localhost:443",
},
{
name: "OK ipv6 loopback explicit port",
raw: "http://[::1]:2019",
expectedPort: 2019,
want: "http://[::1]:2019",
},
{
name: "Reject userinfo",
raw: "http://user:pass@localhost:2019",
expectedPort: 2019,
wantErr: true,
errContains: "embedded credentials",
},
{
name: "Reject unsupported scheme",
raw: "file://localhost:2019",
expectedPort: 2019,
wantErr: true,
errContains: "unsupported scheme",
},
{
name: "Reject missing hostname",
raw: "http://:2019",
expectedPort: 2019,
wantErr: true,
errContains: "missing hostname",
},
{
name: "Reject hostname not allowed",
raw: "http://evil.example:2019",
expectedPort: 2019,
wantErr: true,
errContains: "hostname not allowed",
},
{
name: "Reject unexpected port when omitted",
raw: "http://localhost",
expectedPort: 2019,
wantErr: true,
errContains: "unexpected port",
},
{
name: "Reject invalid port",
raw: "http://localhost:0",
expectedPort: 2019,
wantErr: true,
errContains: "invalid port",
},
{
name: "Reject out-of-range port",
raw: "http://localhost:99999",
expectedPort: 2019,
wantErr: true,
errContains: "invalid port",
},
}
for _, tc := range cases {
t.Run(tc.name, func(t *testing.T) {
u, err := ValidateInternalServiceBaseURL(tc.raw, tc.expectedPort, allowed)
if tc.wantErr {
if err == nil {
t.Fatalf("expected error, got nil")
}
if tc.errContains != "" && !strings.Contains(err.Error(), tc.errContains) {
t.Fatalf("expected error to contain %q, got %q", tc.errContains, err.Error())
}
return
}
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
if u.String() != tc.want {
t.Fatalf("expected %q, got %q", tc.want, u.String())
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink