MCPcopy
hub / github.com/cloudflare/cloudflared / TestHandleConnectIPAccess

Function TestHandleConnectIPAccess

socks/request_handler_test.go:42–83  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

40}
41
42func TestHandleConnectIPAccess(t *testing.T) {
43 prefix := "127.0.0.0/24"
44 rule1, _ := ipaccess.NewRuleByCIDR(&prefix, []int{1337}, true)
45 rule2, _ := ipaccess.NewRuleByCIDR(&prefix, []int{1338}, false)
46 rules := []ipaccess.Rule{rule1, rule2}
47 var b bytes.Buffer
48
49 accessPolicy, _ := ipaccess.NewPolicy(false, nil)
50 requestHandler := NewRequestHandler(NewNetDialer(), accessPolicy)
51 req := createRequest(t, socks5Version, connectCommand, "127.0.0.1", 1337, false)
52 err := requestHandler.Handle(req, &b)
53 assert.Error(t, err)
54 assert.True(t, b.Bytes()[1] == ruleFailure, "expected to be denied as no rules and defaultAllow=false")
55
56 b.Reset()
57 accessPolicy, _ = ipaccess.NewPolicy(true, nil)
58 requestHandler = NewRequestHandler(NewNetDialer(), accessPolicy)
59 req = createRequest(t, socks5Version, connectCommand, "127.0.0.1", 1337, false)
60 err = requestHandler.Handle(req, &b)
61 assert.Error(t, err)
62 assert.True(t, b.Bytes()[1] == connectionRefused, "expected to be allowed as no rules and defaultAllow=true")
63
64 b.Reset()
65 accessPolicy, _ = ipaccess.NewPolicy(false, rules)
66 requestHandler = NewRequestHandler(NewNetDialer(), accessPolicy)
67 req = createRequest(t, socks5Version, connectCommand, "127.0.0.1", 1337, false)
68 err = requestHandler.Handle(req, &b)
69 assert.Error(t, err)
70 assert.True(t, b.Bytes()[1] == connectionRefused, "expected to be allowed as matching rule")
71
72 b.Reset()
73 req = createRequest(t, socks5Version, connectCommand, "127.0.0.1", 1338, false)
74 err = requestHandler.Handle(req, &b)
75 assert.Error(t, err)
76 assert.True(t, b.Bytes()[1] == ruleFailure, "expected to be denied as matching rule")
77
78 b.Reset()
79 req = createRequest(t, socks5Version, connectCommand, "127.0.0.1", 1339, false)
80 err = requestHandler.Handle(req, &b)
81 assert.Error(t, err)
82 assert.True(t, b.Bytes()[1] == ruleFailure, "expect to be denied as no matching rule and defaultAllow=false")
83}

Callers

nothing calls this directly

Calls 8

HandleMethod · 0.95
NewRuleByCIDRFunction · 0.92
NewPolicyFunction · 0.92
NewRequestHandlerFunction · 0.85
NewNetDialerFunction · 0.85
createRequestFunction · 0.85
BytesMethod · 0.80
ErrorMethod · 0.45

Tested by

no test coverage detected