33 lines
810 B
Go
33 lines
810 B
Go
|
|
package publish
|
||
|
|
|
||
|
|
import (
|
||
|
|
"context"
|
||
|
|
"net/url"
|
||
|
|
"testing"
|
||
|
|
|
||
|
|
"github.com/stretchr/testify/require"
|
||
|
|
)
|
||
|
|
|
||
|
|
func TestValidatePublicHTTPURLRejectsPrivateTargets(t *testing.T) {
|
||
|
|
t.Parallel()
|
||
|
|
for _, raw := range []string{
|
||
|
|
"http://127.0.0.1/image.jpg",
|
||
|
|
"http://10.0.0.1/image.jpg",
|
||
|
|
"http://169.254.169.254/latest/meta-data",
|
||
|
|
"http://[::1]/image.jpg",
|
||
|
|
} {
|
||
|
|
u, err := url.Parse(raw)
|
||
|
|
require.NoError(t, err)
|
||
|
|
require.Error(t, validatePublicHTTPURL(context.Background(), u), raw)
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
func TestValidatePublicHTTPURLRejectsCredentialsAndUnsupportedSchemes(t *testing.T) {
|
||
|
|
t.Parallel()
|
||
|
|
for _, raw := range []string{"file:///etc/passwd", "https://user:pass@example.com/a.jpg"} {
|
||
|
|
u, err := url.Parse(raw)
|
||
|
|
require.NoError(t, err)
|
||
|
|
require.Error(t, validatePublicHTTPURL(context.Background(), u), raw)
|
||
|
|
}
|
||
|
|
}
|