Context Navigation

source: code/trunk/morty_test.go@ 89

Last change on this file since 89 was 62, checked in by asciimoo, 9 years ago

Merge pull request #38 from dalf/uri

[enh] ignore all special characters in the URI protocol

File size: 4.7 KB

Rev	Line
[16]	1	package main
	2
	3	import (
	4	"bytes"
	5	"net/url"
	6	"testing"
	7	)
	8
	9	type AttrTestCase struct {
	10	AttrName []byte
	11	AttrValue []byte
	12	ExpectedOutput []byte
	13	}
	14
[60]	15	type SanitizeURITestCase struct {
	16	Input []byte
	17	ExpectedOutput []byte
	18	ExpectedScheme string
	19	}
	20
[53]	21	type StringTestCase struct {
	22	Input string
	23	ExpectedOutput string
	24	}
	25
[16]	26	var attrTestData []AttrTestCase = []AttrTestCase{
	27	&AttrTestCase{
	28	[]byte("href"),
	29	[]byte("./x"),
	30	[]byte(` href="./?mortyurl=http%3A%2F%2F127.0.0.1%2Fx"`),
	31	},
	32	&AttrTestCase{
	33	[]byte("src"),
	34	[]byte("http://x.com/y"),
	35	[]byte(` src="./?mortyurl=http%3A%2F%2Fx.com%2Fy"`),
	36	},
	37	&AttrTestCase{
	38	[]byte("action"),
	39	[]byte("/z"),
	40	[]byte(` action="./?mortyurl=http%3A%2F%2F127.0.0.1%2Fz"`),
	41	},
	42	&AttrTestCase{
	43	[]byte("onclick"),
	44	[]byte("console.log(document.cookies)"),
	45	nil,
	46	},
	47	}
	48
[60]	49	var sanitizeUriTestData []SanitizeURITestCase = []SanitizeURITestCase{
	50	&SanitizeURITestCase{
	51	[]byte("http://example.com/"),
	52	[]byte("http://example.com/"),
	53	"http:",
	54	},
	55	&SanitizeURITestCase{
	56	[]byte("HtTPs://example.com/ \t"),
	57	[]byte("https://example.com/"),
	58	"https:",
	59	},
	60	&SanitizeURITestCase{
	61	[]byte(" Ht TPs://example.com/ \t"),
	62	[]byte("https://example.com/"),
	63	"https:",
	64	},
	65	&SanitizeURITestCase{
	66	[]byte("javascript:void(0)"),
	67	[]byte("javascript:void(0)"),
	68	"javascript:",
	69	},
	70	&SanitizeURITestCase{
	71	[]byte(" /path/to/a/file/without/protocol "),
	72	[]byte("/path/to/a/file/without/protocol"),
	73	"",
	74	},
	75	&SanitizeURITestCase{
	76	[]byte(" #fragment "),
	77	[]byte("#fragment"),
	78	"",
	79	},
	80	&SanitizeURITestCase{
	81	[]byte(" qwertyuiop "),
	82	[]byte("qwertyuiop"),
	83	"",
	84	},
	85	&SanitizeURITestCase{
	86	[]byte(""),
	87	[]byte(""),
	88	"",
	89	},
	90	&SanitizeURITestCase{
	91	[]byte(":"),
	92	[]byte(":"),
	93	":",
	94	},
	95	&SanitizeURITestCase{
	96	[]byte(" :"),
	97	[]byte(":"),
	98	":",
	99	},
	100	&SanitizeURITestCase{
	101	[]byte("schéma:"),
	102	[]byte("schéma:"),
	103	"schéma:",
	104	},
	105	}
	106
[53]	107	var urlTestData []StringTestCase = []StringTestCase{
	108	&StringTestCase{
	109	"http://x.com/",
	110	"./?mortyurl=http%3A%2F%2Fx.com%2F",
	111	},
	112	&StringTestCase{
	113	"http://a@x.com/",
	114	"./?mortyurl=http%3A%2F%2Fa%40x.com%2F",
	115	},
[55]	116	&StringTestCase{
	117	"#a",
	118	"#a",
	119	},
[53]	120	}
	121
[16]	122	func TestAttrSanitizer(t *testing.T) {
	123	u, _ := url.Parse("http://127.0.0.1/")
[22]	124	rc := &RequestConfig{BaseURL: u}
[16]	125	for _, testCase := range attrTestData {
	126	out := bytes.NewBuffer(nil)
[22]	127	sanitizeAttr(rc, out, testCase.AttrName, testCase.AttrValue, testCase.AttrValue)
[16]	128	res, _ := out.ReadBytes(byte(0))
	129	if !bytes.Equal(res, testCase.ExpectedOutput) {
	130	t.Errorf(
[53]	131	`Attribute parse error. Name: "%s", Value: "%s", Expected: %s, Got: "%s"`,
[16]	132	testCase.AttrName,
	133	testCase.AttrValue,
	134	testCase.ExpectedOutput,
	135	res,
	136	)
	137	}
	138	}
	139	}
[22]	140
[60]	141	func TestSanitizeURI(t *testing.T) {
	142	for _, testCase := range sanitizeUriTestData {
	143	newUrl, scheme := sanitizeURI(testCase.Input)
	144	if !bytes.Equal(newUrl, testCase.ExpectedOutput) {
	145	t.Errorf(
	146	`URL proxifier error. Expected: "%s", Got: "%s"`,
	147	testCase.ExpectedOutput,
	148	newUrl,
	149	)
	150	}
	151	if scheme != testCase.ExpectedScheme {
	152	t.Errorf(
	153	`URL proxifier error. Expected: "%s", Got: "%s"`,
	154	testCase.ExpectedScheme,
	155	scheme,
	156	)
	157	}
	158	}
	159	}
	160
[53]	161	func TestURLProxifier(t *testing.T) {
	162	u, _ := url.Parse("http://127.0.0.1/")
	163	rc := &RequestConfig{BaseURL: u}
	164	for _, testCase := range urlTestData {
[60]	165	newUrl, err := rc.ProxifyURI([]byte(testCase.Input))
[53]	166	if err != nil {
	167	t.Errorf("Failed to parse URL: %s", testCase.Input)
	168	}
	169	if newUrl != testCase.ExpectedOutput {
	170	t.Errorf(
	171	`URL proxifier error. Expected: "%s", Got: "%s"`,
	172	testCase.ExpectedOutput,
	173	newUrl,
	174	)
	175	}
	176	}
	177	}
	178
[22]	179	var BENCH_SIMPLE_HTML []byte = []byte(`<!doctype html>
	180	<html>
	181	<head>
	182	<title>test</title>
	183	</head>
	184	<body>
	185	<h1>Test heading</h1>
	186	</body>
	187	</html>`)
	188
	189	func BenchmarkSanitizeSimpleHTML(b *testing.B) {
	190	u, _ := url.Parse("http://127.0.0.1/")
	191	rc := &RequestConfig{BaseURL: u}
	192	b.ResetTimer()
	193	for i := 0; i < b.N; i++ {
	194	out := bytes.NewBuffer(nil)
	195	sanitizeHTML(rc, out, BENCH_SIMPLE_HTML)
	196	}
	197	}
	198
	199	var BENCH_COMPLEX_HTML []byte = []byte(`<!doctype html>
	200	<html>
	201	<head>
	202	<noscript><meta http-equiv="refresh" content="0; URL=./xy"></noscript>
	203	<title>test 2</title>
	204	<script> alert('xy'); </script>
	205	<link rel="stylesheet" href="./core.bundle.css">
	206	<style>
	207	html { background: url(./a.jpg); }
	208	</style
	209	</head>
	210	<body>
	211	<h1>Test heading</h1>
	212	<img src="b.png" alt="imgtitle" />
	213	<form action="/z">
	214	<input type="submit" style="background: url(http://aa.bb/cc)" >
	215	</form>
	216	</body>
	217	</html>`)
	218
	219	func BenchmarkSanitizeComplexHTML(b *testing.B) {
	220	u, _ := url.Parse("http://127.0.0.1/")
	221	rc := &RequestConfig{BaseURL: u}
	222	b.ResetTimer()
	223	for i := 0; i < b.N; i++ {
	224	out := bytes.NewBuffer(nil)
	225	sanitizeHTML(rc, out, BENCH_COMPLEX_HTML)
	226	}
	227	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: