#730 bug(websockets): not properly checked request originv2.3.1-beta.3

#730 bug(websockets): not properly checked request origin
author: Valery Piashchynski <[email protected]> 2021-06-16 15:53:40 +0300
committer: GitHub <[email protected]> 2021-06-16 15:53:40 +0300
commit: 25e0841c6aa5e2686da5b9f74e3d77d3814ff592 (patch)
tree: 5b7c5259375d53b0685bf838555118d5ad93f149 /plugins/websockets/origin_test.go
parent: 9dc98d43b0c0de3e1e1bd8fdc97c122c7c7c594f (diff)
parent: b1aa5d0ea3617710aec6476bdae956e16b946281 (diff)
1 files changed, 67 insertions, 0 deletions
diff --git a/plugins/websockets/origin_test.go b/plugins/websockets/origin_test.go
new file mode 100644
index 00000000..e877fad3
--- /dev/null
+++ b/plugins/websockets/origin_test.go
@@ -0,0 +1,67 @@
+package websockets
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestConfig_Origin(t *testing.T) {
+	cfg := &Config{
+		AllowedOrigin: "*",
+	}
+
+	cfg.InitDefault()
+
+	assert.True(t, isOriginAllowed("http://some.some.some.sssome", cfg))
+	assert.True(t, isOriginAllowed("http://", cfg))
+	assert.True(t, isOriginAllowed("http://google.com", cfg))
+	assert.True(t, isOriginAllowed("ws://*", cfg))
+	assert.True(t, isOriginAllowed("*", cfg))
+	assert.True(t, isOriginAllowed("you are bad programmer", cfg)) // True :(
+	assert.True(t, isOriginAllowed("****", cfg))
+	assert.True(t, isOriginAllowed("asde!@#!!@#!%", cfg))
+	assert.True(t, isOriginAllowed("http://*.domain.com", cfg))
+}
+
+func TestConfig_OriginWildCard(t *testing.T) {
+	cfg := &Config{
+		AllowedOrigin: "https://*my.site.com",
+	}
+
+	cfg.InitDefault()
+
+	assert.True(t, isOriginAllowed("https://my.site.com", cfg))
+	assert.False(t, isOriginAllowed("http://", cfg))
+	assert.False(t, isOriginAllowed("http://google.com", cfg))
+	assert.False(t, isOriginAllowed("ws://*", cfg))
+	assert.False(t, isOriginAllowed("*", cfg))
+	assert.False(t, isOriginAllowed("you are bad programmer", cfg)) // True :(
+	assert.False(t, isOriginAllowed("****", cfg))
+	assert.False(t, isOriginAllowed("asde!@#!!@#!%", cfg))
+	assert.False(t, isOriginAllowed("http://*.domain.com", cfg))
+
+	assert.False(t, isOriginAllowed("https://*site.com", cfg))
+	assert.True(t, isOriginAllowed("https://some.my.site.com", cfg))
+}
+
+func TestConfig_OriginWildCard2(t *testing.T) {
+	cfg := &Config{
+		AllowedOrigin: "https://my.*.com",
+	}
+
+	cfg.InitDefault()
+
+	assert.True(t, isOriginAllowed("https://my.site.com", cfg))
+	assert.False(t, isOriginAllowed("http://", cfg))
+	assert.False(t, isOriginAllowed("http://google.com", cfg))
+	assert.False(t, isOriginAllowed("ws://*", cfg))
+	assert.False(t, isOriginAllowed("*", cfg))
+	assert.False(t, isOriginAllowed("you are bad programmer", cfg)) // True :(
+	assert.False(t, isOriginAllowed("****", cfg))
+	assert.False(t, isOriginAllowed("asde!@#!!@#!%", cfg))
+	assert.False(t, isOriginAllowed("http://*.domain.com", cfg))
+
+	assert.False(t, isOriginAllowed("https://*site.com", cfg))
+	assert.True(t, isOriginAllowed("https://my.bad.com", cfg))
+}
author	Valery Piashchynski <[email protected]>	2021-06-16 15:53:40 +0300
committer	GitHub <[email protected]>	2021-06-16 15:53:40 +0300
commit	25e0841c6aa5e2686da5b9f74e3d77d3814ff592 (patch)
tree	5b7c5259375d53b0685bf838555118d5ad93f149 /plugins/websockets/origin_test.go
parent	9dc98d43b0c0de3e1e1bd8fdc97c122c7c7c594f (diff)
parent	b1aa5d0ea3617710aec6476bdae956e16b946281 (diff)