MCPcopy
hub / github.com/syncthing/syncthing / TestHostCheck

Function TestHostCheck

lib/api/api_test.go:1294–1447  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

1292}
1293
1294func TestHostCheck(t *testing.T) {
1295 t.Parallel()
1296
1297 // An API service bound to localhost should reject non-localhost host Headers
1298
1299 cfg := newMockedConfig()
1300 cfg.GUIReturns(config.GUIConfiguration{RawAddress: "127.0.0.1:0"})
1301 baseURL := startHTTP(t, cfg)
1302
1303 // A normal HTTP get to the localhost-bound service should succeed
1304
1305 resp, err := http.Get(baseURL)
1306 if err != nil {
1307 t.Fatal(err)
1308 }
1309 resp.Body.Close()
1310 if resp.StatusCode != http.StatusOK {
1311 t.Error("Regular HTTP get: expected 200 OK, not", resp.Status)
1312 }
1313
1314 // A request with a suspicious Host header should fail
1315
1316 req, _ := http.NewRequest("GET", baseURL, nil)
1317 req.Host = "example.com"
1318 resp, err = http.DefaultClient.Do(req)
1319 if err != nil {
1320 t.Fatal(err)
1321 }
1322 resp.Body.Close()
1323 if resp.StatusCode != http.StatusForbidden {
1324 t.Error("Suspicious Host header: expected 403 Forbidden, not", resp.Status)
1325 }
1326
1327 // A request with an explicit "localhost:8384" Host header should pass
1328
1329 req, _ = http.NewRequest("GET", baseURL, nil)
1330 req.Host = "localhost:8384"
1331 resp, err = http.DefaultClient.Do(req)
1332 if err != nil {
1333 t.Fatal(err)
1334 }
1335 resp.Body.Close()
1336 if resp.StatusCode != http.StatusOK {
1337 t.Error("Explicit localhost:8384: expected 200 OK, not", resp.Status)
1338 }
1339
1340 // A request with an explicit "localhost" Host header (no port) should pass
1341
1342 req, _ = http.NewRequest("GET", baseURL, nil)
1343 req.Host = "localhost"
1344 resp, err = http.DefaultClient.Do(req)
1345 if err != nil {
1346 t.Fatal(err)
1347 }
1348 resp.Body.Close()
1349 if resp.StatusCode != http.StatusOK {
1350 t.Error("Explicit localhost: expected 200 OK, not", resp.Status)
1351 }

Callers

nothing calls this directly

Calls 10

newMockedConfigFunction · 0.85
startHTTPFunction · 0.85
runningInContainerFunction · 0.85
GUIReturnsMethod · 0.80
FatalMethod · 0.80
DoMethod · 0.80
ShortMethod · 0.80
GetMethod · 0.65
CloseMethod · 0.65
ErrorMethod · 0.65

Tested by

no test coverage detected