1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-01-22 05:19:26 +02:00
oauth2-proxy/pkg/validation/allowlist_test.go

126 lines
3.4 KiB
Go
Raw Normal View History

2020-09-22 18:54:32 -07:00
package validation
import (
. "github.com/onsi/ginkgo"
. "github.com/onsi/ginkgo/extensions/table"
. "github.com/onsi/gomega"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
2020-09-22 18:54:32 -07:00
)
var _ = Describe("Allowlist", func() {
type validateRoutesTableInput struct {
routes []string
errStrings []string
}
type validateRegexesTableInput struct {
regexes []string
errStrings []string
}
type validateTrustedIPsTableInput struct {
trustedIPs []string
errStrings []string
2020-09-22 18:54:32 -07:00
}
DescribeTable("validateRoutes",
func(r *validateRoutesTableInput) {
opts := &options.Options{
SkipAuthRoutes: r.routes,
}
Expect(validateAuthRoutes(opts)).To(ConsistOf(r.errStrings))
},
Entry("Valid regex routes", &validateRoutesTableInput{
routes: []string{
2020-09-22 18:54:32 -07:00
"/foo",
"POST=/foo/bar",
"PUT=^/foo/bar$",
"DELETE=/crazy/(?:regex)?/[^/]+/stuff$",
},
errStrings: []string{},
}),
Entry("Bad regexes do not compile", &validateRoutesTableInput{
routes: []string{
2020-09-22 18:54:32 -07:00
"POST=/(foo",
"OPTIONS=/foo/bar)",
"GET=^]/foo/bar[$",
"GET=^]/foo/bar[$",
},
errStrings: []string{
2020-09-22 18:54:32 -07:00
"error compiling regex //(foo/: error parsing regexp: missing closing ): `/(foo`",
"error compiling regex //foo/bar)/: error parsing regexp: unexpected ): `/foo/bar)`",
"error compiling regex /^]/foo/bar[$/: error parsing regexp: missing closing ]: `[$`",
"error compiling regex /^]/foo/bar[$/: error parsing regexp: missing closing ]: `[$`",
},
}),
)
2020-09-22 18:54:32 -07:00
DescribeTable("validateRegexes",
func(r *validateRegexesTableInput) {
2020-09-22 18:54:32 -07:00
opts := &options.Options{
SkipAuthRegex: r.regexes,
2020-09-22 18:54:32 -07:00
}
Expect(validateAuthRegexes(opts)).To(ConsistOf(r.errStrings))
},
Entry("Valid regex routes", &validateRegexesTableInput{
regexes: []string{
2020-09-22 18:54:32 -07:00
"/foo",
"/foo/bar",
"^/foo/bar$",
"/crazy/(?:regex)?/[^/]+/stuff$",
},
errStrings: []string{},
}),
Entry("Bad regexes do not compile", &validateRegexesTableInput{
regexes: []string{
2020-09-22 18:54:32 -07:00
"/(foo",
"/foo/bar)",
"^]/foo/bar[$",
"^]/foo/bar[$",
},
errStrings: []string{
2020-09-22 18:54:32 -07:00
"error compiling regex //(foo/: error parsing regexp: missing closing ): `/(foo`",
"error compiling regex //foo/bar)/: error parsing regexp: unexpected ): `/foo/bar)`",
"error compiling regex /^]/foo/bar[$/: error parsing regexp: missing closing ]: `[$`",
"error compiling regex /^]/foo/bar[$/: error parsing regexp: missing closing ]: `[$`",
},
}),
)
2020-09-22 18:54:32 -07:00
DescribeTable("validateTrustedIPs",
func(t *validateTrustedIPsTableInput) {
2020-09-22 18:54:32 -07:00
opts := &options.Options{
TrustedIPs: t.trustedIPs,
2020-09-22 18:54:32 -07:00
}
Expect(validateTrustedIPs(opts)).To(ConsistOf(t.errStrings))
},
Entry("Non-overlapping valid IPs", &validateTrustedIPsTableInput{
trustedIPs: []string{
2020-09-22 18:54:32 -07:00
"127.0.0.1",
"10.32.0.1/32",
"43.36.201.0/24",
"::1",
"2a12:105:ee7:9234:0:0:0:0/64",
},
errStrings: []string{},
}),
Entry("Overlapping valid IPs", &validateTrustedIPsTableInput{
trustedIPs: []string{
2020-09-22 18:54:32 -07:00
"135.180.78.199",
"135.180.78.199/32",
"d910:a5a1:16f8:ddf5:e5b9:5cef:a65e:41f4",
"d910:a5a1:16f8:ddf5:e5b9:5cef:a65e:41f4/128",
},
errStrings: []string{},
}),
Entry("Invalid IPs", &validateTrustedIPsTableInput{
trustedIPs: []string{"[::1]", "alkwlkbn/32"},
errStrings: []string{
2020-09-22 18:54:32 -07:00
"trusted_ips[0] ([::1]) could not be recognized",
"trusted_ips[1] (alkwlkbn/32) could not be recognized",
},
}),
)
})