github.com/greenpau/go-authcrunch@v1.1.4/pkg/waf/malformed_input_check_test.go (about) 1 // Copyright 2022 Paul Greenberg greenpau@outlook.com 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package waf 16 17 import ( 18 "testing" 19 ) 20 21 func TestMalformedInput(t *testing.T) { 22 testcases := []struct { 23 name string 24 kind string 25 entries []string 26 want bool 27 }{ 28 // X-Forwarded-Proto checks. 29 { 30 name: "test valid X-Forwarded-Proto header value", 31 kind: "X-Forwarded-Proto", 32 entries: []string{ 33 ``, 34 `http`, 35 `https`, 36 }, 37 want: false, 38 }, 39 { 40 name: "test malformed X-Forwarded-Proto header value", 41 kind: "X-Forwarded-Proto", 42 entries: []string{ 43 `123`, 44 `F`, 45 `ldap`, 46 }, 47 want: true, 48 }, 49 // X-Forwarded-Host checks. 50 { 51 name: "test valid X-Forwarded-Host header value", 52 kind: "X-Forwarded-Host", 53 entries: []string{ 54 ``, 55 `authcrunch.com`, 56 `host1.authcrunch.com`, 57 `مشوه`, 58 `中国.icom.museum`, 59 `κυπρος.icom.museum`, 60 }, 61 want: false, 62 }, 63 { 64 name: "test malformed X-Forwarded-Host header value", 65 kind: "X-Forwarded-Host", 66 entries: []string{ 67 `f`, 68 `malformed!.com`, 69 `المغرب.icom.🤣museum`, 70 }, 71 want: true, 72 }, 73 // X-Forwarded-Port checks. 74 { 75 name: "test valid X-Forwarded-Port header value", 76 kind: "X-Forwarded-Port", 77 entries: []string{``, `80`, `443`}, 78 want: false, 79 }, 80 { 81 name: "test malformed X-Forwarded-Port header value", 82 kind: "X-Forwarded-Port", 83 entries: []string{`foo`, `1000000`, `99999`, `00000`}, 84 want: true, 85 }, 86 // X-Forwarded-For checks. 87 { 88 name: "test valid X-Forwarded-For header value", 89 kind: "X-Forwarded-For", 90 entries: []string{ 91 "", 92 "2001:db8:85a3:8d3:1319:8a2e:370:7348", 93 "203.0.113.195", 94 "203.0.113.195, 2001:db8:85a3:8d3:1319:8a2e:370:7348", 95 "203.0.113.195,2001:db8:85a3:8d3:1319:8a2e:370:7348,150.172.238.178", 96 }, 97 want: false, 98 }, 99 { 100 name: "test malformed X-Forwarded-For header value", 101 kind: "X-Forwarded-For", 102 entries: []string{ 103 "malformed.com", 104 "1.1.1", 105 }, 106 want: true, 107 }, 108 // X-Real-Ip checks. 109 { 110 name: "test valid X-Real-Ip header value", 111 kind: "X-Real-Ip", 112 entries: []string{ 113 "", 114 "2001:db8:85a3:8d3:1319:8a2e:370:7348", 115 "203.0.113.195", 116 "[2001:DB8::21f:5bff:febf:ce22:8a2e]:80", 117 }, 118 want: false, 119 }, 120 { 121 name: "test malformed X-Real-Ip header value", 122 kind: "X-Real-Ip", 123 entries: []string{ 124 "malformed.com", 125 "1.1.1", 126 "203.0.113.195, 2001:db8:85a3:8d3:1319:8a2e:370:7348", 127 "203.0.113.195,2001:db8:85a3:8d3:1319:8a2e:370:7348,150.172.238.178", 128 }, 129 want: true, 130 }, 131 } 132 for _, tc := range testcases { 133 t.Run(tc.name, func(t *testing.T) { 134 var got bool 135 var failed bool 136 137 for _, entry := range tc.entries { 138 switch tc.kind { 139 case "X-Forwarded-Proto": 140 got = IsMalformedForwardedProto(entry, 2, 10) 141 case "X-Forwarded-Host": 142 got = IsMalformedForwardedHost(entry, 2, 255) 143 case "X-Forwarded-Port": 144 got = IsMalformedForwardedPort(entry, 2, 5) 145 case "X-Forwarded-For": 146 got = IsMalformedForwardedFor(entry, 7, 255) 147 case "X-Real-Ip": 148 got = IsMalformedRealIP(entry, 7, 255) 149 default: 150 t.Fatalf("unsuppored check type: %s", tc.kind) 151 } 152 if tc.want != got { 153 t.Logf("got %t when expected %t: %q", got, tc.want, entry) 154 failed = true 155 } 156 } 157 158 if failed { 159 t.Fatalf("test failed") 160 } 161 162 }) 163 } 164 }