mirror of
https://github.com/SoPat712/allstarr.git
synced 2026-04-25 03:12:54 -04:00
65 lines
2.0 KiB
C#
65 lines
2.0 KiB
C#
using allstarr.Services.Common;
|
|
|
|
namespace allstarr.Tests;
|
|
|
|
public class OutboundRequestGuardTests
|
|
{
|
|
[Fact]
|
|
public void TryCreateSafeHttpUri_WithPublicHttpsUrl_AllowsRequest()
|
|
{
|
|
var allowed = OutboundRequestGuard.TryCreateSafeHttpUri(
|
|
"https://example.com/cover.jpg",
|
|
out var uri,
|
|
out var reason);
|
|
|
|
Assert.True(allowed);
|
|
Assert.NotNull(uri);
|
|
Assert.Equal("https://example.com/cover.jpg", uri!.ToString());
|
|
Assert.Equal(string.Empty, reason);
|
|
}
|
|
|
|
[Theory]
|
|
[InlineData("http://localhost/test")]
|
|
[InlineData("http://127.0.0.1/test")]
|
|
[InlineData("http://10.0.0.5/album.png")]
|
|
[InlineData("http://192.168.1.10/album.png")]
|
|
[InlineData("http://100.64.0.25/path")]
|
|
[InlineData("http://[::1]/image")]
|
|
[InlineData("http://[fd00::1]/image")]
|
|
public void TryCreateSafeHttpUri_WithLocalOrPrivateHost_BlocksRequest(string rawUrl)
|
|
{
|
|
var allowed = OutboundRequestGuard.TryCreateSafeHttpUri(rawUrl, out var uri, out var reason);
|
|
|
|
Assert.False(allowed);
|
|
Assert.Null(uri);
|
|
Assert.NotEmpty(reason);
|
|
}
|
|
|
|
[Theory]
|
|
[InlineData("ftp://example.com/file")]
|
|
[InlineData("file:///etc/passwd")]
|
|
[InlineData("javascript:alert(1)")]
|
|
[InlineData("/relative/path")]
|
|
public void TryCreateSafeHttpUri_WithInvalidSchemeOrRelativeUrl_BlocksRequest(string rawUrl)
|
|
{
|
|
var allowed = OutboundRequestGuard.TryCreateSafeHttpUri(rawUrl, out var uri, out var reason);
|
|
|
|
Assert.False(allowed);
|
|
Assert.Null(uri);
|
|
Assert.NotEmpty(reason);
|
|
}
|
|
|
|
[Fact]
|
|
public void TryCreateSafeHttpUri_WithUserInfo_BlocksRequest()
|
|
{
|
|
var allowed = OutboundRequestGuard.TryCreateSafeHttpUri(
|
|
"https://user:pass@example.com/image.jpg",
|
|
out var uri,
|
|
out var reason);
|
|
|
|
Assert.False(allowed);
|
|
Assert.Null(uri);
|
|
Assert.Contains("Userinfo", reason, StringComparison.OrdinalIgnoreCase);
|
|
}
|
|
}
|