MCPcopy Index your code
hub / github.com/docker/docker-agent / TestURLSource_Read_RejectsLocalAddresses

Function TestURLSource_Read_RejectsLocalAddresses

pkg/config/sources_test.go:564–594  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

562}
563
564func TestURLSource_Read_RejectsLocalAddresses(t *testing.T) {
565 t.Parallel()
566
567 // Hosts whose only resolution is a non-public IP must be refused at
568 // dial time. We test the SSRF dialer via the HTTPS code path even
569 // though the TLS handshake will never complete, because the dial is
570 // aborted before any bytes are sent.
571 tests := []string{
572 "https://127.0.0.1/agent.yaml", // loopback
573 "https://[::1]/agent.yaml", // IPv6 loopback
574 "https://10.0.0.1/agent.yaml", // RFC1918
575 "https://192.168.1.1/agent.yaml", // RFC1918
576 "https://169.254.169.254/agent.yaml", // AWS/GCP/Azure metadata
577 "https://0.0.0.0/agent.yaml", // unspecified
578 }
579 for _, rawURL := range tests {
580 t.Run(rawURL, func(t *testing.T) {
581 t.Parallel()
582
583 // Clear any cached content so the dial is actually attempted.
584 urlCacheDir := getURLCacheDir()
585 urlHash := hashURL(rawURL)
586 _ = os.Remove(filepath.Join(urlCacheDir, urlHash))
587 _ = os.Remove(filepath.Join(urlCacheDir, urlHash+".etag"))
588
589 _, err := NewURLSource(rawURL, nil).Read(t.Context())
590 require.Error(t, err)
591 assert.Contains(t, err.Error(), "non-public address")
592 })
593 }
594}
595
596func TestURLSource_Read_RejectsHTTPRedirect(t *testing.T) {
597 t.Parallel()

Callers

nothing calls this directly

Calls 8

getURLCacheDirFunction · 0.85
hashURLFunction · 0.85
NewURLSourceFunction · 0.85
ContextMethod · 0.80
RunMethod · 0.65
ReadMethod · 0.65
RemoveMethod · 0.45
ErrorMethod · 0.45

Tested by

no test coverage detected