213 lines
6.7 KiB
Go
213 lines
6.7 KiB
Go
package webdevice
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"net/url"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
)
|
|
|
|
func TestRewriteLocation(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
targetURL, _ := url.Parse("http://192.168.1.124:80")
|
|
got := RewriteLocation("192.168.1.124", targetURL, "http://192.168.1.124/ISAPI/Security")
|
|
if got != "/proxy/web/192.168.1.124/ISAPI/Security" {
|
|
t.Fatalf("RewriteLocation() = %q", got)
|
|
}
|
|
}
|
|
|
|
func TestRewriteSetCookie(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
got := RewriteSetCookie("SID=1; Path=/; Domain=192.168.1.124; HttpOnly", "/proxy/web/192.168.1.124")
|
|
if strings.Contains(strings.ToLower(got), "domain=") {
|
|
t.Fatalf("RewriteSetCookie() kept domain: %q", got)
|
|
}
|
|
if !strings.Contains(got, "Path=/proxy/web/192.168.1.124/") {
|
|
t.Fatalf("RewriteSetCookie() path = %q", got)
|
|
}
|
|
}
|
|
|
|
func TestRewriteText(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
targetURL, _ := url.Parse("http://192.168.1.124:80")
|
|
body := `<html><head></head><body><img src="/doc/logo.png"><a href="http://192.168.1.124/ISAPI/x">x</a></body></html>`
|
|
got := RewriteText(body, "/proxy/web/192.168.1.124", targetURL, "text/html")
|
|
|
|
if !strings.Contains(got, `/proxy/web/192.168.1.124/doc/logo.png`) {
|
|
t.Fatalf("rewritten body missing proxied relative URL: %s", got)
|
|
}
|
|
if !strings.Contains(got, `data-web-proxy-runtime`) {
|
|
t.Fatalf("rewritten body missing runtime injection: %s", got)
|
|
}
|
|
}
|
|
|
|
func TestRewriteTextRewritesScriptAbsoluteURLs(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
targetURL, _ := url.Parse("http://192.168.1.124:80")
|
|
body := `window.location.href="/doc/page/login.asp";fetch("/ISAPI/System/time")`
|
|
got := RewriteText(body, "/proxy/web/192.168.1.124", targetURL, "application/javascript")
|
|
|
|
if !strings.Contains(got, `"/proxy/web/192.168.1.124/doc/page/login.asp"`) {
|
|
t.Fatalf("script missing rewritten login URL: %s", got)
|
|
}
|
|
if !strings.Contains(got, `"/proxy/web/192.168.1.124/ISAPI/System/time"`) {
|
|
t.Fatalf("script missing rewritten API URL: %s", got)
|
|
}
|
|
if strings.Contains(got, "data-web-proxy-runtime") {
|
|
t.Fatalf("script should not receive HTML runtime: %s", got)
|
|
}
|
|
}
|
|
|
|
func TestProxyHTTPRejectsUnscannedIP(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
svc := NewService()
|
|
req := httptest.NewRequest(http.MethodGet, "http://portal/proxy/web/192.168.1.124/", nil)
|
|
rec := httptest.NewRecorder()
|
|
|
|
err := svc.ProxyHTTP(rec, req, "192.168.1.124", "/")
|
|
if err != ErrTargetNotAllowed {
|
|
t.Fatalf("ProxyHTTP() error = %v, want ErrTargetNotAllowed", err)
|
|
}
|
|
}
|
|
|
|
func TestProxyHTTPServesAllowedTarget(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.Header().Set("Location", "http://192.168.1.124/ISAPI/test")
|
|
w.Header().Add("Set-Cookie", "SID=1; Path=/")
|
|
w.Header().Set("Content-Type", "text/html")
|
|
_, _ = w.Write([]byte(`<html><head></head><body><img src="/doc/logo.png"></body></html>`))
|
|
}))
|
|
defer upstream.Close()
|
|
|
|
svc := NewService()
|
|
svc.allowIP("192.168.1.124")
|
|
svc.proxyTarget = func(ip string) string {
|
|
return upstream.URL
|
|
}
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "http://portal/proxy/web/192.168.1.124/", nil)
|
|
rec := httptest.NewRecorder()
|
|
|
|
if err := svc.ProxyHTTP(rec, req, "192.168.1.124", "/"); err != nil {
|
|
t.Fatalf("ProxyHTTP() error = %v", err)
|
|
}
|
|
if rec.Code != http.StatusOK {
|
|
t.Fatalf("status = %d body = %s", rec.Code, rec.Body.String())
|
|
}
|
|
if got := rec.Header().Get("Location"); got != "http://192.168.1.124/ISAPI/test" {
|
|
t.Fatalf("Location = %q", got)
|
|
}
|
|
if !strings.Contains(rec.Body.String(), "/proxy/web/192.168.1.124/doc/logo.png") {
|
|
t.Fatalf("body = %s", rec.Body.String())
|
|
}
|
|
}
|
|
|
|
func TestProxyHTTPClosesUpstreamConnection(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
closeSeen := make(chan bool, 1)
|
|
upstream := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
closeSeen <- r.Close
|
|
w.Header().Set("Content-Type", "text/plain")
|
|
_, _ = w.Write([]byte("ok"))
|
|
}))
|
|
defer upstream.Close()
|
|
|
|
svc := NewService()
|
|
svc.allowIP("192.168.1.124")
|
|
svc.proxyTarget = func(ip string) string {
|
|
return upstream.URL
|
|
}
|
|
|
|
req := httptest.NewRequest(http.MethodGet, "http://portal/proxy/web/192.168.1.124/", nil)
|
|
rec := httptest.NewRecorder()
|
|
|
|
if err := svc.ProxyHTTP(rec, req, "192.168.1.124", "/"); err != nil {
|
|
t.Fatalf("ProxyHTTP() error = %v", err)
|
|
}
|
|
if rec.Code != http.StatusOK {
|
|
t.Fatalf("status = %d body = %s", rec.Code, rec.Body.String())
|
|
}
|
|
|
|
select {
|
|
case got := <-closeSeen:
|
|
if !got {
|
|
t.Fatal("upstream request Close = false, want true")
|
|
}
|
|
case <-time.After(time.Second):
|
|
t.Fatal("timed out waiting for upstream request")
|
|
}
|
|
}
|
|
|
|
func TestSanitizeProxyRequestHeaderDropsLoginCookie(t *testing.T) {
|
|
source := http.Header{}
|
|
source.Set("User-Agent", "browser")
|
|
source.Set("Cookie", "SID=1")
|
|
source.Set("Referer", "http://10.8.0.18:13000/proxy/web/192.168.0.108/")
|
|
source.Set("Sessiontag", "abc123")
|
|
source.Set("If-Modified-Since", "0")
|
|
source.Set("Accept-Encoding", "gzip, deflate")
|
|
source.Set("X-Forwarded-For", "10.8.0.1")
|
|
|
|
loginHeader := sanitizeProxyRequestHeader(source, "/doc/page/login.asp")
|
|
if got := loginHeader.Get("Cookie"); got != "" {
|
|
t.Fatalf("login Cookie = %q, want empty", got)
|
|
}
|
|
if got := loginHeader.Get("Referer"); got != "" {
|
|
t.Fatalf("login Referer = %q, want empty", got)
|
|
}
|
|
if got := loginHeader.Get("X-Forwarded-For"); got != "" {
|
|
t.Fatalf("login X-Forwarded-For = %q, want empty", got)
|
|
}
|
|
if got := loginHeader.Get("Accept-Encoding"); got != "" {
|
|
t.Fatalf("login Accept-Encoding = %q, want empty", got)
|
|
}
|
|
if got := loginHeader.Get("Sessiontag"); got != "abc123" {
|
|
t.Fatalf("login Sessiontag = %q, want abc123", got)
|
|
}
|
|
|
|
apiHeader := sanitizeProxyRequestHeader(source, "/ISAPI/Security/userCheck")
|
|
if got := apiHeader.Get("Cookie"); got != "SID=1" {
|
|
t.Fatalf("api Cookie = %q, want SID=1", got)
|
|
}
|
|
if got := apiHeader.Get("Sessiontag"); got != "abc123" {
|
|
t.Fatalf("api Sessiontag = %q, want abc123", got)
|
|
}
|
|
if got := apiHeader.Get("If-Modified-Since"); got != "0" {
|
|
t.Fatalf("api If-Modified-Since = %q, want 0", got)
|
|
}
|
|
}
|
|
|
|
func TestSanitizeProxyRequestHeaderPreservesWebSocketUpgrade(t *testing.T) {
|
|
source := http.Header{}
|
|
source.Set("User-Agent", "browser")
|
|
source.Set("Connection", "keep-alive, Upgrade")
|
|
source.Set("Upgrade", "websocket")
|
|
source.Set("Sec-Websocket-Key", "abc")
|
|
source.Set("Sec-Websocket-Version", "13")
|
|
source.Set("Accept-Encoding", "gzip")
|
|
|
|
header := sanitizeProxyRequestHeader(source, "/webSocket")
|
|
if got := header.Get("Connection"); got != "Upgrade" {
|
|
t.Fatalf("Connection = %q, want Upgrade", got)
|
|
}
|
|
if got := header.Get("Upgrade"); got != "websocket" {
|
|
t.Fatalf("Upgrade = %q, want websocket", got)
|
|
}
|
|
if got := header.Get("Sec-Websocket-Key"); got != "abc" {
|
|
t.Fatalf("Sec-Websocket-Key = %q, want abc", got)
|
|
}
|
|
if got := header.Get("Accept-Encoding"); got != "" {
|
|
t.Fatalf("Accept-Encoding = %q, want empty", got)
|
|
}
|
|
}
|