mirror of
https://github.com/grafana/grafana.git
synced 2025-02-11 16:15:42 -06:00
6f8fcae01b
* Plugins: Remove support for V1 manifests
* Plugins: Make proxy endpoints not leak sensitive HTTP headers
* Security: Fix do not forward login cookie in outgoing requests
(cherry picked from commit 4539c33fce)
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
80 lines
2.8 KiB
Go
80 lines
2.8 KiB
Go
package proxyutil
|
|
|
|
import (
|
|
"net/http"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestPrepareProxyRequest(t *testing.T) {
|
|
t.Run("Prepare proxy request should clear X-Forwarded headers", func(t *testing.T) {
|
|
req, err := http.NewRequest(http.MethodGet, "/", nil)
|
|
require.NoError(t, err)
|
|
req.Header.Set("X-Forwarded-Host", "host")
|
|
req.Header.Set("X-Forwarded-Port", "123")
|
|
req.Header.Set("X-Forwarded-Proto", "http1")
|
|
|
|
PrepareProxyRequest(req)
|
|
require.NotContains(t, req.Header, "X-Forwarded-Host")
|
|
require.NotContains(t, req.Header, "X-Forwarded-Port")
|
|
require.NotContains(t, req.Header, "X-Forwarded-Proto")
|
|
})
|
|
|
|
t.Run("Prepare proxy request should set X-Forwarded-For", func(t *testing.T) {
|
|
req, err := http.NewRequest(http.MethodGet, "/", nil)
|
|
req.RemoteAddr = "127.0.0.1:1234"
|
|
require.NoError(t, err)
|
|
|
|
PrepareProxyRequest(req)
|
|
require.Contains(t, req.Header, "X-Forwarded-For")
|
|
require.Equal(t, "127.0.0.1", req.Header.Get("X-Forwarded-For"))
|
|
})
|
|
|
|
t.Run("Prepare proxy request should append client ip at the end of X-Forwarded-For", func(t *testing.T) {
|
|
req, err := http.NewRequest(http.MethodGet, "/", nil)
|
|
req.RemoteAddr = "127.0.0.1:1234"
|
|
req.Header.Set("X-Forwarded-For", "192.168.0.1")
|
|
require.NoError(t, err)
|
|
|
|
PrepareProxyRequest(req)
|
|
require.Contains(t, req.Header, "X-Forwarded-For")
|
|
require.Equal(t, "192.168.0.1, 127.0.0.1", req.Header.Get("X-Forwarded-For"))
|
|
})
|
|
}
|
|
|
|
func TestClearCookieHeader(t *testing.T) {
|
|
t.Run("Clear cookie header should clear Cookie header", func(t *testing.T) {
|
|
req, err := http.NewRequest(http.MethodGet, "/", nil)
|
|
require.NoError(t, err)
|
|
req.AddCookie(&http.Cookie{Name: "cookie"})
|
|
|
|
ClearCookieHeader(req, nil, nil)
|
|
require.NotContains(t, req.Header, "Cookie")
|
|
})
|
|
|
|
t.Run("Clear cookie header with cookies to keep should clear Cookie header and keep cookies", func(t *testing.T) {
|
|
req, err := http.NewRequest(http.MethodGet, "/", nil)
|
|
require.NoError(t, err)
|
|
req.AddCookie(&http.Cookie{Name: "cookie1"})
|
|
req.AddCookie(&http.Cookie{Name: "cookie2"})
|
|
req.AddCookie(&http.Cookie{Name: "cookie3"})
|
|
|
|
ClearCookieHeader(req, []string{"cookie1", "cookie3"}, nil)
|
|
require.Contains(t, req.Header, "Cookie")
|
|
require.Equal(t, "cookie1=; cookie3=", req.Header.Get("Cookie"))
|
|
})
|
|
|
|
t.Run("Clear cookie header with cookies to keep and skip should clear Cookie header and keep cookies", func(t *testing.T) {
|
|
req, err := http.NewRequest(http.MethodGet, "/", nil)
|
|
require.NoError(t, err)
|
|
req.AddCookie(&http.Cookie{Name: "cookie1"})
|
|
req.AddCookie(&http.Cookie{Name: "cookie2"})
|
|
req.AddCookie(&http.Cookie{Name: "cookie3"})
|
|
|
|
ClearCookieHeader(req, []string{"cookie1", "cookie3"}, []string{"cookie3"})
|
|
require.Contains(t, req.Header, "Cookie")
|
|
require.Equal(t, "cookie1=", req.Header.Get("Cookie"))
|
|
})
|
|
}
|