public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d5ff95cc42e845b76d16dbfd7bb1fc97a1064ea6
grafana/pkg/util/proxyutil/proxyutil_test.go
Sofia Papagiannaki 58b7ae14ce [v8.5.x] Chore: Release 8.5.14 (#56698) 
* remove support for v1

(cherry picked from commit 8630a7a991af74edc4030f57d37a4bc263202fde)

* Security: Make proxy endpoints not leak sensitive HTTP headers

Fixes CVE-2022-31130

(cherry picked from commit 2974574a53ab6d26be7b706e76271173a91fea3a)

* Security: Fix do not forward login cookie in outgoing requests

(cherry picked from commit 54a32fc83b233f5910495b5fcca0b4f881221538)

* Add test for username/login field conflict

(cherry picked from commit 7aabcf2694)

* Swap order of login fields

(cherry picked from commit 5ec176cada)

* "Release: Updated versions in package to 8.5.14" (#547)

Co-authored-by: Will Browne <will.browne@grafana.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
Co-authored-by: Grot (@grafanabot) <43478413+grafanabot@users.noreply.github.com>
2022-10-11 15:25:10 +03:00

80 lines
2.8 KiB
Go
Raw Blame History

package proxyutil
import (
"net/http"
"testing"
"github.com/stretchr/testify/require"
)
func TestPrepareProxyRequest(t *testing.T) {
t.Run("Prepare proxy request should clear X-Forwarded headers", func(t *testing.T) {
req, err := http.NewRequest(http.MethodGet, "/", nil)
require.NoError(t, err)
req.Header.Set("X-Forwarded-Host", "host")
req.Header.Set("X-Forwarded-Port", "123")
req.Header.Set("X-Forwarded-Proto", "http1")
PrepareProxyRequest(req)
require.NotContains(t, req.Header, "X-Forwarded-Host")
require.NotContains(t, req.Header, "X-Forwarded-Port")
require.NotContains(t, req.Header, "X-Forwarded-Proto")
})
t.Run("Prepare proxy request should set X-Forwarded-For", func(t *testing.T) {
req, err := http.NewRequest(http.MethodGet, "/", nil)
req.RemoteAddr = "127.0.0.1:1234"
require.NoError(t, err)
PrepareProxyRequest(req)
require.Contains(t, req.Header, "X-Forwarded-For")
require.Equal(t, "127.0.0.1", req.Header.Get("X-Forwarded-For"))
})
t.Run("Prepare proxy request should append client ip at the end of X-Forwarded-For", func(t *testing.T) {
req, err := http.NewRequest(http.MethodGet, "/", nil)
req.RemoteAddr = "127.0.0.1:1234"
req.Header.Set("X-Forwarded-For", "192.168.0.1")
require.NoError(t, err)
PrepareProxyRequest(req)
require.Contains(t, req.Header, "X-Forwarded-For")
require.Equal(t, "192.168.0.1, 127.0.0.1", req.Header.Get("X-Forwarded-For"))
})
}
func TestClearCookieHeader(t *testing.T) {
t.Run("Clear cookie header should clear Cookie header", func(t *testing.T) {
req, err := http.NewRequest(http.MethodGet, "/", nil)
require.NoError(t, err)
req.AddCookie(&http.Cookie{Name: "cookie"})
ClearCookieHeader(req, nil, nil)
require.NotContains(t, req.Header, "Cookie")
})
t.Run("Clear cookie header with cookies to keep should clear Cookie header and keep cookies", func(t *testing.T) {
req, err := http.NewRequest(http.MethodGet, "/", nil)
require.NoError(t, err)
req.AddCookie(&http.Cookie{Name: "cookie1"})
req.AddCookie(&http.Cookie{Name: "cookie2"})
req.AddCookie(&http.Cookie{Name: "cookie3"})
ClearCookieHeader(req, []string{"cookie1", "cookie3"}, nil)
require.Contains(t, req.Header, "Cookie")
require.Equal(t, "cookie1=; cookie3=", req.Header.Get("Cookie"))
})
t.Run("Clear cookie header with cookies to keep and skip should clear Cookie header and keep cookies", func(t *testing.T) {
req, err := http.NewRequest(http.MethodGet, "/", nil)
require.NoError(t, err)
req.AddCookie(&http.Cookie{Name: "cookie1"})
req.AddCookie(&http.Cookie{Name: "cookie2"})
req.AddCookie(&http.Cookie{Name: "cookie3"})
ClearCookieHeader(req, []string{"cookie1", "cookie3"}, []string{"cookie3"})
require.Contains(t, req.Header, "Cookie")
require.Equal(t, "cookie1=", req.Header.Get("Cookie"))
})
}
Reference in New Issue View Git Blame Copy Permalink