Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
biheng
/
uppy
1
0
Fork 0
Súbory Issues 0 Pull requesty 0 Wiki
Strom: 1b1e5c7809
Branche Tagy
uppy
/
packages
/
@uppy
/
companion
/
test
/
__tests__
/
http-agent.js

http-agent.js 2.4 KB
História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 
  1. const nock = require('nock')
    2. 

  2. const { FORBIDDEN_IP_ADDRESS } = require('../../src/server/helpers/request')
    3. 

  3. const { getProtectedGot } = require('../../src/server/helpers/request')
    4. 

  4. 

  5. afterAll(() => {
    6. 

  6.   nock.cleanAll()
    7. 

  7.   nock.restore()
    8. 

  8. })
    9. 

  9. 

  10. describe('test protected request Agent', () => {
    11. 

  11.   test('allows URLs without IP addresses', async () => {
    12. 

  12.     nock('https://transloadit.com').get('/').reply(200)
    13. 

  13.     const url = 'https://transloadit.com'
    14. 

  14.     return (await getProtectedGot({ allowLocalIPs: false })).get(url)
    15. 

  15.   })
    16. 

  16. 

  17.   test('blocks url that resolves to forbidden IP', async () => {
    18. 

  18.     const url = 'https://localhost'
    19. 

  19.     const promise = getProtectedGot({ allowLocalIPs: false }).then(got => got.get(url))
    20. 

  20.     await expect(promise).rejects.toThrow(/^Forbidden resolved IP address/)
    21. 

  21.   })
    22. 

  22. 

  23.   test('blocks private http IP address', async () => {
    24. 

  24.     const url = 'http://172.20.10.4:8090'
    25. 

  25.     const promise = getProtectedGot({ allowLocalIPs: false }).then(got => got.get(url))
    26. 

  26.     await expect(promise).rejects.toThrow(new Error(FORBIDDEN_IP_ADDRESS))
    27. 

  27.   })
    28. 

  28. 

  29.   test('blocks private https IP address', async () => {
    30. 

  30.     const url = 'https://172.20.10.4:8090'
    31. 

  31.     const promise = getProtectedGot({ allowLocalIPs: false }).then(got => got.get(url))
    32. 

  32.     await expect(promise).rejects.toThrow(new Error(FORBIDDEN_IP_ADDRESS))
    33. 

  33.   })
    34. 

  34. 

  35.   test('blocks various private IP addresses', async () => {
    36. 

  36.     // eslint-disable-next-line max-len
    37. 

  37.     // taken from: https://github.com/transloadit/uppy/blob/4aeef4dac0490ebb1d1fccd5582ba42c6c0fb87d/packages/%40uppy/companion/src/server/helpers/request.js#L14
    38. 

  38.     const ipv4s = [
    39. 

  39.       '0.0.0.0',
    40. 

  40.       '0.0.0.1',
    41. 

  41.       '127.0.0.1',
    42. 

  42.       '127.16.0.1',
    43. 

  43.       '192.168.1.1',
    44. 

  44.       '169.254.1.1',
    45. 

  45.       '10.0.0.1',
    46. 

  46.     ]
    47. 

  47. 

  48.     const ipv6s = [
    49. 

  49.       'fd80::1234:5678:abcd:0123',
    50. 

  50.       'fe80::1234:5678:abcd:0123',
    51. 

  51.       'ff00::1234',
    52. 

  52.       '::ffff:192.168.1.10',
    53. 

  53.       '::1',
    54. 

  54.       '0:0:0:0:0:0:0:1',
    55. 

  55.       'fda1:3f9f:dbf7::1c8d',
    56. 

  56.     ]
    57. 

  57. 

  58.     for (const ip of ipv4s) {
    59. 

  59.       const url = `http://${ip}:8090`
    60. 

  60.       const promise = getProtectedGot({ allowLocalIPs: false }).then(got => got.get(url))
    61. 

  61.       await expect(promise).rejects.toThrow(new Error(FORBIDDEN_IP_ADDRESS))
    62. 

  62.     }
    63. 

  63.     for (const ip of ipv6s) {
    64. 

  64.       const url = `http://[${ip}]:8090`
    65. 

  65.       const promise = getProtectedGot({ allowLocalIPs: false }).then(got => got.get(url))
    66. 

  66.       await expect(promise).rejects.toThrow(new Error(FORBIDDEN_IP_ADDRESS))
    67. 

  67.     }
    68. 

  68.   })
    69. 

  69. })
    70.