code.gitea.io/gitea@v1.19.3/modules/hostmatcher/hostmatcher_test.go (about)

     1  // Copyright 2021 The Gitea Authors. All rights reserved.
     2  // SPDX-License-Identifier: MIT
     3  
     4  package hostmatcher
     5  
     6  import (
     7  	"net"
     8  	"testing"
     9  
    10  	"github.com/stretchr/testify/assert"
    11  )
    12  
    13  func TestHostOrIPMatchesList(t *testing.T) {
    14  	type tc struct {
    15  		host     string
    16  		ip       net.IP
    17  		expected bool
    18  	}
    19  
    20  	// for IPv6: "::1" is loopback, "fd00::/8" is private
    21  
    22  	hl := ParseHostMatchList("", "private, External, *.myDomain.com, 169.254.1.0/24")
    23  
    24  	test := func(cases []tc) {
    25  		for _, c := range cases {
    26  			assert.Equalf(t, c.expected, hl.MatchHostOrIP(c.host, c.ip), "case domain=%s, ip=%v, expected=%v", c.host, c.ip, c.expected)
    27  		}
    28  	}
    29  
    30  	cases := []tc{
    31  		{"", net.IPv4zero, false},
    32  		{"", net.IPv6zero, false},
    33  
    34  		{"", net.ParseIP("127.0.0.1"), false},
    35  		{"127.0.0.1", nil, false},
    36  		{"", net.ParseIP("::1"), false},
    37  
    38  		{"", net.ParseIP("10.0.1.1"), true},
    39  		{"10.0.1.1", nil, true},
    40  		{"10.0.1.1:8080", nil, true},
    41  		{"", net.ParseIP("192.168.1.1"), true},
    42  		{"192.168.1.1", nil, true},
    43  		{"", net.ParseIP("fd00::1"), true},
    44  		{"fd00::1", nil, true},
    45  
    46  		{"", net.ParseIP("8.8.8.8"), true},
    47  		{"", net.ParseIP("1001::1"), true},
    48  
    49  		{"mydomain.com", net.IPv4zero, false},
    50  		{"sub.mydomain.com", net.IPv4zero, true},
    51  		{"sub.mydomain.com:8080", net.IPv4zero, true},
    52  
    53  		{"", net.ParseIP("169.254.1.1"), true},
    54  		{"169.254.1.1", nil, true},
    55  		{"", net.ParseIP("169.254.2.2"), false},
    56  		{"169.254.2.2", nil, false},
    57  	}
    58  	test(cases)
    59  
    60  	hl = ParseHostMatchList("", "loopback")
    61  	cases = []tc{
    62  		{"", net.IPv4zero, false},
    63  		{"", net.ParseIP("127.0.0.1"), true},
    64  		{"", net.ParseIP("10.0.1.1"), false},
    65  		{"", net.ParseIP("192.168.1.1"), false},
    66  		{"", net.ParseIP("8.8.8.8"), false},
    67  
    68  		{"", net.ParseIP("::1"), true},
    69  		{"", net.ParseIP("fd00::1"), false},
    70  		{"", net.ParseIP("1000::1"), false},
    71  
    72  		{"mydomain.com", net.IPv4zero, false},
    73  	}
    74  	test(cases)
    75  
    76  	hl = ParseHostMatchList("", "private")
    77  	cases = []tc{
    78  		{"", net.IPv4zero, false},
    79  		{"", net.ParseIP("127.0.0.1"), false},
    80  		{"", net.ParseIP("10.0.1.1"), true},
    81  		{"", net.ParseIP("192.168.1.1"), true},
    82  		{"", net.ParseIP("8.8.8.8"), false},
    83  
    84  		{"", net.ParseIP("::1"), false},
    85  		{"", net.ParseIP("fd00::1"), true},
    86  		{"", net.ParseIP("1000::1"), false},
    87  
    88  		{"mydomain.com", net.IPv4zero, false},
    89  	}
    90  	test(cases)
    91  
    92  	hl = ParseHostMatchList("", "external")
    93  	cases = []tc{
    94  		{"", net.IPv4zero, false},
    95  		{"", net.ParseIP("127.0.0.1"), false},
    96  		{"", net.ParseIP("10.0.1.1"), false},
    97  		{"", net.ParseIP("192.168.1.1"), false},
    98  		{"", net.ParseIP("8.8.8.8"), true},
    99  
   100  		{"", net.ParseIP("::1"), false},
   101  		{"", net.ParseIP("fd00::1"), false},
   102  		{"", net.ParseIP("1000::1"), true},
   103  
   104  		{"mydomain.com", net.IPv4zero, false},
   105  	}
   106  	test(cases)
   107  
   108  	hl = ParseHostMatchList("", "*")
   109  	cases = []tc{
   110  		{"", net.IPv4zero, true},
   111  		{"", net.ParseIP("127.0.0.1"), true},
   112  		{"", net.ParseIP("10.0.1.1"), true},
   113  		{"", net.ParseIP("192.168.1.1"), true},
   114  		{"", net.ParseIP("8.8.8.8"), true},
   115  
   116  		{"", net.ParseIP("::1"), true},
   117  		{"", net.ParseIP("fd00::1"), true},
   118  		{"", net.ParseIP("1000::1"), true},
   119  
   120  		{"mydomain.com", net.IPv4zero, true},
   121  	}
   122  	test(cases)
   123  
   124  	// built-in network names can be escaped (warping the first char with `[]`) to be used as a real host name
   125  	// this mechanism is reversed for internal usage only (maybe for some rare cases), it's not supposed to be used by end users
   126  	// a real user should never use loopback/private/external as their host names
   127  	hl = ParseHostMatchList("", "loopback, [p]rivate")
   128  	cases = []tc{
   129  		{"loopback", nil, false},
   130  		{"", net.ParseIP("127.0.0.1"), true},
   131  		{"private", nil, true},
   132  		{"", net.ParseIP("192.168.1.1"), false},
   133  	}
   134  	test(cases)
   135  
   136  	hl = ParseSimpleMatchList("", "loopback, *.domain.com")
   137  	cases = []tc{
   138  		{"loopback", nil, true},
   139  		{"", net.ParseIP("127.0.0.1"), false},
   140  		{"sub.domain.com", nil, true},
   141  		{"other.com", nil, false},
   142  		{"", net.ParseIP("1.1.1.1"), false},
   143  	}
   144  	test(cases)
   145  
   146  	hl = ParseSimpleMatchList("", "external")
   147  	cases = []tc{
   148  		{"", net.ParseIP("192.168.1.1"), false},
   149  		{"", net.ParseIP("1.1.1.1"), false},
   150  		{"external", nil, true},
   151  	}
   152  	test(cases)
   153  
   154  	hl = ParseSimpleMatchList("", "")
   155  	cases = []tc{
   156  		{"", net.ParseIP("192.168.1.1"), false},
   157  		{"", net.ParseIP("1.1.1.1"), false},
   158  		{"external", nil, false},
   159  	}
   160  	test(cases)
   161  }