mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-23 06:26:15 +02:00
106 lines
4.4 KiB
C++
106 lines
4.4 KiB
C++
|
#include <gmock/gmock.h>
|
||
|
#include <gtest/gtest.h>
|
||
|
|
||
|
#include "eval.hh"
|
||
|
#include "tests/libexpr.hh"
|
||
|
|
||
|
namespace nix {
|
||
|
|
||
|
TEST(nix_isAllowedURI, http_example_com) {
|
||
|
Strings allowed;
|
||
|
allowed.push_back("http://example.com");
|
||
|
|
||
|
ASSERT_TRUE(isAllowedURI("http://example.com", allowed));
|
||
|
ASSERT_TRUE(isAllowedURI("http://example.com/foo", allowed));
|
||
|
ASSERT_TRUE(isAllowedURI("http://example.com/foo/", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("/", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("http://example.co", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("http://example.como", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("http://example.org", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("http://example.org/foo", allowed));
|
||
|
}
|
||
|
|
||
|
TEST(nix_isAllowedURI, http_example_com_foo) {
|
||
|
Strings allowed;
|
||
|
allowed.push_back("http://example.com/foo");
|
||
|
|
||
|
ASSERT_TRUE(isAllowedURI("http://example.com/foo", allowed));
|
||
|
ASSERT_TRUE(isAllowedURI("http://example.com/foo/", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("/foo", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("http://example.com", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("http://example.como", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("http://example.org/foo", allowed));
|
||
|
// Broken?
|
||
|
// ASSERT_TRUE(isAllowedURI("http://example.com/foo?ok=1", allowed));
|
||
|
}
|
||
|
|
||
|
TEST(nix_isAllowedURI, http) {
|
||
|
Strings allowed;
|
||
|
allowed.push_back("http://");
|
||
|
|
||
|
ASSERT_TRUE(isAllowedURI("http://", allowed));
|
||
|
ASSERT_TRUE(isAllowedURI("http://example.com", allowed));
|
||
|
ASSERT_TRUE(isAllowedURI("http://example.com/foo", allowed));
|
||
|
ASSERT_TRUE(isAllowedURI("http://example.com/foo/", allowed));
|
||
|
ASSERT_TRUE(isAllowedURI("http://example.com", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("/", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("https://", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("http:foo", allowed));
|
||
|
}
|
||
|
|
||
|
TEST(nix_isAllowedURI, https) {
|
||
|
Strings allowed;
|
||
|
allowed.push_back("https://");
|
||
|
|
||
|
ASSERT_TRUE(isAllowedURI("https://example.com", allowed));
|
||
|
ASSERT_TRUE(isAllowedURI("https://example.com/foo", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("http://example.com", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("http://example.com/https:", allowed));
|
||
|
}
|
||
|
|
||
|
TEST(nix_isAllowedURI, absolute_path) {
|
||
|
Strings allowed;
|
||
|
allowed.push_back("/var/evil"); // bad idea
|
||
|
|
||
|
ASSERT_TRUE(isAllowedURI("/var/evil", allowed));
|
||
|
ASSERT_TRUE(isAllowedURI("/var/evil/", allowed));
|
||
|
ASSERT_TRUE(isAllowedURI("/var/evil/foo", allowed));
|
||
|
ASSERT_TRUE(isAllowedURI("/var/evil/foo/", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("/", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("/var/evi", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("/var/evilo", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("/var/evilo/", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("/var/evilo/foo", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("http://example.com/var/evil", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("http://example.com//var/evil", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("http://example.com//var/evil/foo", allowed));
|
||
|
}
|
||
|
|
||
|
TEST(nix_isAllowedURI, file_url) {
|
||
|
Strings allowed;
|
||
|
allowed.push_back("file:///var/evil"); // bad idea
|
||
|
|
||
|
ASSERT_TRUE(isAllowedURI("file:///var/evil", allowed));
|
||
|
ASSERT_TRUE(isAllowedURI("file:///var/evil/", allowed));
|
||
|
ASSERT_TRUE(isAllowedURI("file:///var/evil/foo", allowed));
|
||
|
ASSERT_TRUE(isAllowedURI("file:///var/evil/foo/", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("/", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("/var/evi", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("/var/evilo", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("/var/evilo/", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("/var/evilo/foo", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("http://example.com/var/evil", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("http://example.com//var/evil", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("http://example.com//var/evil/foo", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("http://var/evil", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("http:///var/evil", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("http://var/evil/", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("file:///var/evi", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("file:///var/evilo", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("file:///var/evilo/", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("file:///var/evilo/foo", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("file:///", allowed));
|
||
|
ASSERT_FALSE(isAllowedURI("file://", allowed));
|
||
|
}
|
||
|
|
||
|
} // namespace nix
|