rio/internal/repo/repo_test.go
Alexander "PapaTutuWawa 80234fd5ba
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
fix: Prevent "leak" of raw gitea API response for CSP
2024-01-11 20:50:48 +01:00

406 lines
13 KiB
Go

package repo
import (
"errors"
"net/http"
"testing"
"time"
"code.gitea.io/sdk/gitea"
log "github.com/sirupsen/logrus"
)
func clearCache() {
pathCache.Flush()
userCache.Flush()
cspCache.Flush()
}
func TestPickingCorrectRepositoryDefault(t *testing.T) {
// Test that we default to the <username>.<pages domain> repository, if we have only
// one path component.
defer clearCache()
log.SetLevel(log.DebugLevel)
client := GiteaClient{
getRepository: func(username, repositoryName string) (Repository, error) {
if username != "example-user" {
t.Fatalf("Called with unknown user %s", username)
}
if repositoryName != "example-user.pages.example.org" {
t.Fatalf("Called with unknown repository %s", repositoryName)
}
return Repository{}, nil
},
hasBranch: func(username, repositoryName, branchName string) bool {
if username == "example-user" && repositoryName == "example-user.pages.example.org" && branchName == "pages" {
return true
}
return false
},
GetFile: func(username, repositoryName, branch, path string, since *time.Time) ([]byte, bool, error) {
t.Fatal("getFile called")
return []byte{}, true, nil
},
lookupCNAME: func(domain string) (string, error) {
t.Fatal("lookupCNAME called")
return "", nil
},
lookupRepoTXT: func(domain string) (string, error) {
t.Fatal("lookupRepoTXT called")
return "", nil
},
}
res, path, err := RepoFromPath("example-user", "example-user.pages.example.org", "", "index.html", &client)
if err != nil {
t.Fatalf("An error occured: %v", err)
}
if res == nil {
t.Fatal("Result is nil")
}
if path != "index.html" {
t.Fatalf("Returned path is invalid: %s", path)
}
}
func TestPickingCorrectRepositoryDefaultSubdirectory(t *testing.T) {
// Test that we return the default repository when the first path component does
// not correspong to an existing repository.
defer clearCache()
log.SetLevel(log.DebugLevel)
client := GiteaClient{
getRepository: func(username, repositoryName string) (Repository, error) {
if username != "example-user" {
t.Fatalf("Called with unknown user %s", username)
}
if repositoryName == "assets" {
return Repository{}, errors.New("Repository does not exist")
} else if repositoryName == "example-user.pages.example.org" {
return Repository{}, nil
} else {
t.Fatalf("Called with unknown repository %s", repositoryName)
return Repository{}, nil
}
},
hasBranch: func(username, repositoryName, branchName string) bool {
if username == "example-user" && repositoryName == "example-user.pages.example.org" && branchName == "pages" {
return true
}
return false
},
GetFile: func(username, repositoryName, branch, path string, since *time.Time) ([]byte, bool, error) {
t.Fatal("getFile called")
return []byte{}, true, nil
},
lookupCNAME: func(domain string) (string, error) {
t.Fatal("lookupCNAME called")
return "", nil
},
lookupRepoTXT: func(domain string) (string, error) {
t.Fatal("lookupRepoTXT called")
return "", nil
},
}
res, path, err := RepoFromPath("example-user", "example-user.pages.example.org", "", "assets/index.css", &client)
if err != nil {
t.Fatalf("An error occured: %v", err)
}
if res == nil {
t.Fatal("Result is nil")
}
if path != "assets/index.css" {
t.Fatalf("Returned path is invalid: %s", path)
}
}
func TestPickingCorrectRepositorySubdirectoryNoPagesBranch(t *testing.T) {
// Test that we're picking the correct repository when the first path component
// returns a repository without a pages branch.
defer clearCache()
log.SetLevel(log.DebugLevel)
client := GiteaClient{
getRepository: func(username, repositoryName string) (Repository, error) {
if username != "example-user" {
t.Fatalf("Called with unknown user %s", username)
}
if repositoryName == "blog" {
return Repository{
Name: "blog",
}, nil
} else if repositoryName == "example-user.pages.example.org" {
return Repository{
Name: "example-user.pages.example.org",
}, nil
} else {
t.Fatalf("Called with unknown repository %s", repositoryName)
return Repository{}, nil
}
},
hasBranch: func(username, repositoryName, branchName string) bool {
if username == "example-user" && repositoryName == "example-user.pages.example.org" && branchName == "pages" {
return true
}
return false
},
GetFile: func(username, repositoryName, branch, path string, since *time.Time) ([]byte, bool, error) {
t.Fatal("getFile called")
return []byte{}, true, nil
},
lookupCNAME: func(domain string) (string, error) {
t.Fatal("lookupCNAME called")
return "", nil
},
lookupRepoTXT: func(domain string) (string, error) {
t.Fatal("lookupRepoTXT called")
return "", nil
},
}
res, path, err := RepoFromPath("example-user", "example-user.pages.example.org", "", "blog/post1.html", &client)
if err != nil {
t.Fatalf("An error occured: %v", err)
}
if res == nil {
t.Fatal("Result is nil")
}
if res.Name != "example-user.pages.example.org" {
t.Fatalf("Invalid repository selected: %s", res.Name)
}
if path != "blog/post1.html" {
t.Fatalf("Returned path is invalid: %s", path)
}
}
func TestPickingNoRepositoryInvalidCNAME(t *testing.T) {
// Test that we're not picking a repository if the CNAME validation fails.
defer clearCache()
log.SetLevel(log.DebugLevel)
client := GiteaClient{
getRepository: func(username, repositoryName string) (Repository, error) {
if username == "example-user" && repositoryName == "example-user.pages.example.org" {
return Repository{
Name: "example-user.pages.example.org",
}, nil
} else {
t.Fatalf("Called with unknown repository %s", repositoryName)
return Repository{}, nil
}
},
hasBranch: func(username, repositoryName, branchName string) bool {
if username == "example-user" && repositoryName == "example-user.pages.example.org" && branchName == "pages" {
return true
}
return false
},
GetFile: func(username, repositoryName, branch, path string, since *time.Time) ([]byte, bool, error) {
if username == "example-user" && repositoryName == "example-user.pages.example.org" && branch == "pages" && path == "CNAME" {
return []byte("some-other-domain.local"), true, nil
}
t.Fatalf("Invalid file requested: %s/%s@%s:%s", username, repositoryName, branch, path)
return []byte{}, true, nil
},
lookupCNAME: func(domain string) (string, error) {
return "", errors.New("No CNAME")
},
lookupRepoTXT: func(domain string) (string, error) {
return "", nil
},
}
_, _, err := RepoFromPath("example-user", "example-user.pages.example.org", "example-user.local", "index.html", &client)
if err == nil {
t.Fatal("Repository returned even though CNAME validation should fail")
}
}
func TestPickingRepositoryValidCNAME(t *testing.T) {
// Test that we're picking a repository, given a CNAME, if the CNAME validation succeeds.
defer clearCache()
log.SetLevel(log.DebugLevel)
client := GiteaClient{
getRepository: func(username, repositoryName string) (Repository, error) {
if username == "example-user" && repositoryName == "example-user.local" {
return Repository{
Name: "example-user.local",
}, nil
} else {
t.Fatalf("Called with unknown repository %s", repositoryName)
return Repository{}, nil
}
},
hasBranch: func(username, repositoryName, branchName string) bool {
if username == "example-user" && repositoryName == "example-user.local" && branchName == "pages" {
return true
}
return false
},
GetFile: func(username, repositoryName, branch, path string, since *time.Time) ([]byte, bool, error) {
if username == "example-user" && repositoryName == "example-user.local" && branch == "pages" && path == "CNAME" {
return []byte("example-user.local"), true, nil
}
t.Fatalf("Invalid file requested: %s/%s@%s:%s", username, repositoryName, branch, path)
return []byte{}, true, nil
},
lookupCNAME: func(domain string) (string, error) {
return "", errors.New("No CNAME")
},
lookupRepoTXT: func(domain string) (string, error) {
return "", nil
},
}
repo, _, err := RepoFromPath("example-user", "example-user.local", "example-user.pages.example.org", "index.html", &client)
if err != nil {
t.Fatalf("Error returned: %v", err)
}
if repo.Name != "example-user.local" {
t.Fatalf("Invalid repository name returned: %s", repo.Name)
}
}
func TestPickingRepositoryValidCNAMEWithTXTLookup(t *testing.T) {
// Test that we're picking a repository, given a CNAME, if the CNAME validation succeeds
// and the TXT lookup returns something different.
defer clearCache()
log.SetLevel(log.DebugLevel)
client := GiteaClient{
getRepository: func(username, repositoryName string) (Repository, error) {
if username == "example-user" && repositoryName == "some-different-repository" {
return Repository{
Name: "some-different-repository",
}, nil
} else {
t.Fatalf("Called with unknown repository %s", repositoryName)
return Repository{}, nil
}
},
hasBranch: func(username, repositoryName, branchName string) bool {
if username == "example-user" && repositoryName == "some-different-repository" && branchName == "pages" {
return true
}
return false
},
GetFile: func(username, repositoryName, branch, path string, since *time.Time) ([]byte, bool, error) {
if username == "example-user" && repositoryName == "some-different-repository" && branch == "pages" && path == "CNAME" {
return []byte("example-user.local"), true, nil
}
t.Fatalf("Invalid file requested: %s/%s@%s:%s", username, repositoryName, branch, path)
return []byte{}, true, nil
},
lookupCNAME: func(domain string) (string, error) {
return "", errors.New("No CNAME")
},
lookupRepoTXT: func(domain string) (string, error) {
if domain == "example-user.local" {
return "some-different-repository", nil
}
return "", nil
},
}
repo, _, err := RepoFromPath("example-user", "example-user.local", "example-user.pages.example.org", "index.html", &client)
if err != nil {
t.Fatalf("Error returned: %v", err)
}
if repo.Name != "some-different-repository" {
t.Fatalf("Invalid repository name returned: %s", repo.Name)
}
}
func TestPickingRepositoryValidCNAMEWithTXTLookupAndSubdirectory(t *testing.T) {
// Test that we're picking a repository, given a CNAME, if the CNAME validation succeeds
// and the TXT lookup returns something different. Additionally, we now have a subdirectory
defer clearCache()
log.SetLevel(log.DebugLevel)
client := GiteaClient{
getRepository: func(username, repositoryName string) (Repository, error) {
if username == "example-user" && repositoryName == "some-different-repository" {
return Repository{
Name: "some-different-repository",
}, nil
}
return Repository{}, errors.New("Unknown repository")
},
hasBranch: func(username, repositoryName, branchName string) bool {
if username == "example-user" && repositoryName == "some-different-repository" && branchName == "pages" {
return true
}
return false
},
GetFile: func(username, repositoryName, branch, path string, since *time.Time) ([]byte, bool, error) {
if username == "example-user" && repositoryName == "some-different-repository" && branch == "pages" && path == "CNAME" {
return []byte("example-user.local"), true, nil
}
t.Fatalf("Invalid file requested: %s/%s@%s:%s", username, repositoryName, branch, path)
return []byte{}, true, nil
},
lookupCNAME: func(domain string) (string, error) {
return "", errors.New("No CNAME")
},
lookupRepoTXT: func(domain string) (string, error) {
if domain == "example-user.local" {
return "some-different-repository", nil
}
return "", nil
},
}
repo, _, err := RepoFromPath("example-user", "example-user.local", "example-user.pages.example.org", "blog/index.html", &client)
if err != nil {
t.Fatalf("Error returned: %v", err)
}
if repo.Name != "some-different-repository" {
t.Fatalf("Invalid repository name returned: %s", repo.Name)
}
}
func TestGetCSPForRepositoryNegativeIntegration(t *testing.T) {
defer clearCache()
httpClient := http.Client{Timeout: 10 * time.Second}
giteaClient, err := gitea.NewClient(
"https://git.polynom.me",
gitea.SetHTTPClient(&httpClient),
gitea.SetToken(""),
gitea.SetUserAgent("rio-testing"),
)
if err != nil {
t.Fatalf("Failed to create Gitea client: %v", err)
}
client := NewGiteaClient("https://git.polynom.me", giteaClient)
// The repository has no CSP file, so it should return the invalid value
defaultValue := "<INVALID>"
csp := GetCSPForRepository(
"papatutuwawa",
"rio",
defaultValue,
&client,
)
if csp != defaultValue {
t.Fatalf("Unexpected CSP returned: %s", csp)
}
}