joshpatra/allstarr
1
0
Fork 0
mirror of https://github.com/SoPat712/allstarr.git synced 2026-04-25 03:12:54 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
c9344a683233bc56636f37daa4dcb808eeadce9d
allstarr/allstarr.Tests/OutboundRequestGuardTests.cs
T

65 lines
2.0 KiB
C#
Raw Blame History

using allstarr.Services.Common;
namespace allstarr.Tests;
public class OutboundRequestGuardTests
{
[Fact]
public void TryCreateSafeHttpUri_WithPublicHttpsUrl_AllowsRequest()
{
var allowed = OutboundRequestGuard.TryCreateSafeHttpUri(
"https://example.com/cover.jpg",
out var uri,
out var reason);
Assert.True(allowed);
Assert.NotNull(uri);
Assert.Equal("https://example.com/cover.jpg", uri!.ToString());
Assert.Equal(string.Empty, reason);
}
[Theory]
[InlineData("http://localhost/test")]
[InlineData("http://127.0.0.1/test")]
[InlineData("http://10.0.0.5/album.png")]
[InlineData("http://192.168.1.10/album.png")]
[InlineData("http://100.64.0.25/path")]
[InlineData("http://[::1]/image")]
[InlineData("http://[fd00::1]/image")]
public void TryCreateSafeHttpUri_WithLocalOrPrivateHost_BlocksRequest(string rawUrl)
{
var allowed = OutboundRequestGuard.TryCreateSafeHttpUri(rawUrl, out var uri, out var reason);
Assert.False(allowed);
Assert.Null(uri);
Assert.NotEmpty(reason);
}
[Theory]
[InlineData("ftp://example.com/file")]
[InlineData("file:///etc/passwd")]
[InlineData("javascript:alert(1)")]
[InlineData("/relative/path")]
public void TryCreateSafeHttpUri_WithInvalidSchemeOrRelativeUrl_BlocksRequest(string rawUrl)
{
var allowed = OutboundRequestGuard.TryCreateSafeHttpUri(rawUrl, out var uri, out var reason);
Assert.False(allowed);
Assert.Null(uri);
Assert.NotEmpty(reason);
}
[Fact]
public void TryCreateSafeHttpUri_WithUserInfo_BlocksRequest()
{
var allowed = OutboundRequestGuard.TryCreateSafeHttpUri(
"https://user:pass@example.com/image.jpg",
out var uri,
out var reason);
Assert.False(allowed);
Assert.Null(uri);
Assert.Contains("Userinfo", reason, StringComparison.OrdinalIgnoreCase);
}
}
Reference in New Issue View Git Blame Copy Permalink