You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
65 lines
1.4 KiB
65 lines
1.4 KiB
package main
|
|
|
|
import (
|
|
"net/url"
|
|
"testing"
|
|
)
|
|
|
|
func TestRewriteProxyRedirectLocation(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
targetURL, err := url.Parse("https://id.vk.ru/captcha")
|
|
if err != nil {
|
|
t.Fatalf("failed to parse target URL: %v", err)
|
|
}
|
|
|
|
testCases := []struct {
|
|
name string
|
|
location string
|
|
want string
|
|
ok bool
|
|
}{
|
|
{
|
|
name: "keeps safe relative path",
|
|
location: "/captcha?step=2",
|
|
want: "/captcha?step=2",
|
|
ok: true,
|
|
},
|
|
{
|
|
name: "rewrites same-origin absolute URL",
|
|
location: "https://id.vk.ru/captcha?step=2",
|
|
want: "http://localhost:8765/captcha?step=2",
|
|
ok: true,
|
|
},
|
|
{
|
|
name: "blocks scheme-relative redirect",
|
|
location: "//evil.example/captcha",
|
|
ok: false,
|
|
},
|
|
{
|
|
name: "blocks slash-backslash redirect",
|
|
location: `/\evil.example/captcha`,
|
|
ok: false,
|
|
},
|
|
{
|
|
name: "blocks lookalike absolute host",
|
|
location: "https://id.vk.ru.evil.example/captcha",
|
|
ok: false,
|
|
},
|
|
}
|
|
|
|
for _, tc := range testCases {
|
|
tc := tc
|
|
t.Run(tc.name, func(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
got, ok := rewriteProxyRedirectLocation(tc.location, targetURL)
|
|
if ok != tc.ok {
|
|
t.Fatalf("rewriteProxyRedirectLocation() ok = %v, want %v", ok, tc.ok)
|
|
}
|
|
if got != tc.want {
|
|
t.Fatalf("rewriteProxyRedirectLocation() = %q, want %q", got, tc.want)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|