MCPcopy
hub / github.com/TecharoHQ/anubis / TestRedirectSecurity

Function TestRedirectSecurity

lib/redirect_security_test.go:14–295  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

12)
13
14func TestRedirectSecurity(t *testing.T) {
15 tests := []struct {
16 reqHost string
17 testType string // "constructRedirectURL", "serveHTTPNext", "renderIndex"
18
19 // For constructRedirectURL tests
20 xForwardedProto string
21 xForwardedHost string
22 xForwardedUri string
23
24 // For serveHTTPNext tests
25 redirParam string
26 name string
27
28 errorContains string
29 expectedStatus int
30
31 // For renderIndex tests
32 returnHTTPStatusOnly bool
33 shouldError bool
34 shouldNotRedirect bool
35 shouldBlock bool
36 }{
37 // constructRedirectURL tests - X-Forwarded-Proto validation
38 {
39 name: "constructRedirectURL: javascript protocol should be rejected",
40 testType: "constructRedirectURL",
41 xForwardedProto: "javascript",
42 xForwardedHost: "example.com",
43 xForwardedUri: "alert(1)",
44 shouldError: true,
45 errorContains: "invalid",
46 },
47 {
48 name: "constructRedirectURL: data protocol should be rejected",
49 testType: "constructRedirectURL",
50 xForwardedProto: "data",
51 xForwardedHost: "text/html",
52 xForwardedUri: ",<script>alert(1)</script>",
53 shouldError: true,
54 errorContains: "invalid",
55 },
56 {
57 name: "constructRedirectURL: file protocol should be rejected",
58 testType: "constructRedirectURL",
59 xForwardedProto: "file",
60 xForwardedHost: "",
61 xForwardedUri: "/etc/passwd",
62 shouldError: true,
63 errorContains: "invalid",
64 },
65 {
66 name: "constructRedirectURL: ftp protocol should be rejected",
67 testType: "constructRedirectURL",
68 xForwardedProto: "ftp",
69 xForwardedHost: "example.com",
70 xForwardedUri: "/file.txt",
71 shouldError: true,

Callers

nothing calls this directly

Calls 9

constructRedirectURLMethod · 0.95
ServeHTTPNextMethod · 0.95
RenderIndexMethod · 0.95
ErrorMethod · 0.80
SetMethod · 0.65
GetMethod · 0.65
DefaultMethod · 0.45
ContainsMethod · 0.45
StringMethod · 0.45

Tested by

no test coverage detected