akanealw/Charon
1
0
Fork 0
Code Issues Pull Requests Actions 14 Packages Projects Releases Wiki Activity
Files
f2afe73a4636ea35d0004e920600d77137e00f12
Charon/backend/internal/security/whitelist_test.go
GitHub Actions 9ec23cd48b fix: enhance security features 
- Updated `crowdsec_handler.go` to log inaccessible paths during config export and handle permission errors gracefully.
- Modified `emergency_handler.go` to clear admin whitelist during security reset and ensure proper updates to security configurations.
- Enhanced user password update functionality in `user_handler.go` to reset failed login attempts and lockout status.
- Introduced rate limiting middleware in `cerberus` to manage request rates and prevent abuse, with comprehensive tests for various scenarios.
- Added validation for proxy host entries in `proxyhost_service.go` to ensure valid hostnames and IP addresses, including tests for various cases.
- Improved IP matching logic in `whitelist.go` to support both IPv4 and IPv6 loopback addresses.
- Updated configuration loading in `config.go` to include rate limiting parameters from environment variables.
- Added tests for new functionalities and validations to ensure robustness and reliability.
2026-02-07 23:48:13 +00:00

70 lines
1.3 KiB
Go
Raw Blame History

package security
import "testing"
func TestIsIPInCIDRList(t *testing.T) {
tests := []struct {
name string
ip string
list string
expected bool
}{
{
name: "empty list",
ip: "127.0.0.1",
list: "",
expected: false,
},
{
name: "direct IP match",
ip: "127.0.0.1",
list: "127.0.0.1",
expected: true,
},
{
name: "cidr match",
ip: "172.16.5.10",
list: "172.16.0.0/12",
expected: true,
},
{
name: "mixed list with whitespace",
ip: "10.0.0.5",
list: "192.168.0.0/16, 10.0.0.0/8",
expected: true,
},
{
name: "no match",
ip: "203.0.113.10",
list: "192.168.0.0/16,10.0.0.0/8",
expected: false,
},
{
name: "invalid client ip",
ip: "not-an-ip",
list: "192.168.0.0/16",
expected: false,
},
{
name: "IPv6 loopback match",
ip: "::1",
list: "::1",
expected: true,
},
{
name: "IPv6 loopback CIDR match",
ip: "::1",
list: "::1/128",
expected: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if got := IsIPInCIDRList(tt.ip, tt.list); got != tt.expected {
t.Fatalf("expected %v, got %v", tt.expected, got)
}
})
}
}
Reference in New Issue View Git Blame Copy Permalink