-
Notifications
You must be signed in to change notification settings - Fork 577
Expand file tree
/
Copy pathip.spec.ts
More file actions
111 lines (90 loc) · 3.68 KB
/
ip.spec.ts
File metadata and controls
111 lines (90 loc) · 3.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
import _dns from 'dns';
import { beforeEach, describe, expect, test, vi } from 'vitest';
import { checkURLForPrivateIP } from '../feature/ip';
const dns = _dns.promises;
vi.mock('dns', async () => {
const originalDns = await vi.importActual('dns');
const lookupFn = vi.fn();
return {
...originalDns,
default: {
promises: {
lookup: lookupFn,
}
},
promises: {
lookup: lookupFn,
}
};
});
/**
* mock valid response
*/
type LookupAddress = { address: string };
function mockLookupOnce(addresses: LookupAddress | LookupAddress[] | undefined) {
// @ts-expect-error lookup does not have mockImplementation
dns.lookup.mockResolvedValueOnce(addresses);
}
describe('ip::checkURLForPrivateIP', () => {
beforeEach(() => {
vi.clearAllMocks();
});
// do not throw exceptions forinvalid input to not break the execution flow
test('should handle invalid URL gracefully', async () => {
await expect(checkURLForPrivateIP('not-a-valid-url')).resolves.toBe(true);
});
test('should block unsupported protocols', async () => {
await expect(checkURLForPrivateIP('ftp://example.com')).resolves.toBe(true);
});
test('should allow valid public URL', async () => {
mockLookupOnce([{ address: '8.8.8.8' }]);
expect(await checkURLForPrivateIP('http://google.com')).toBe(false);
});
test('should allow valid public IPv6', async () => {
mockLookupOnce([{ address: '2606:4700:4700::1111' }]);
await expect(checkURLForPrivateIP('https://[2606:4700:4700::1111]')).resolves.toBe(false);
});
test('should block private IPv4', async () => {
mockLookupOnce([{ address: '192.168.1.1' }]);
await expect(checkURLForPrivateIP('http://192.168.1.1')).resolves.toBe(true);
});
test('should block decimal-encoded private IP', async () => {
mockLookupOnce([{ address: '192.168.1.1' }]);
await expect(checkURLForPrivateIP('http://3232235777')).resolves.toBe(true);
});
test('should block hex-encoded private IP', async () => {
mockLookupOnce([{ address: '192.168.1.1' }]);
await expect(checkURLForPrivateIP('http://0xC0A80101')).resolves.toBe(true);
});
test('should block cloud metadata IP', async () => {
mockLookupOnce([{ address: '169.254.169.254' }]);
await expect(checkURLForPrivateIP('http://169.254.169.254')).resolves.toBe(true);
});
test('should handle absent address negatively', async () => {
mockLookupOnce(undefined);
await expect(checkURLForPrivateIP('http://hello.world')).resolves.toBe(true);
});
test('should handle DNS resolution failure gracefully', async () => {
// @ts-expect-error lookup does not have mockImplementation
dns.lookup.mockRejectedValueOnce(new Error('DNS resolution failed'));
await expect(checkURLForPrivateIP('http://unknown.domain')).resolves.toBe(true);
});
});
describe('ip::checkURLForPrivateIP with single resolved address', () => {
beforeEach(() => {
vi.clearAllMocks();
});
test('should handle single address positively', async () => {
mockLookupOnce({ address: '76.76.21.21' });
await expect(checkURLForPrivateIP('http://solana.com')).resolves.toBe(false);
});
});
// move case for localhost to a separate test case as it's a special case and doesn't require DNS resolution
describe('ip::checkURLForPrivateIP with localhost', () => {
beforeEach(() => {
vi.clearAllMocks();
});
test('should block localhost', async () => {
await expect(checkURLForPrivateIP('http://localhost')).resolves.toBe(true);
});
});