Propagate insecure in white list.
This commit is contained in:
parent
862957c30c
commit
59f7b2ea98
2 changed files with 55 additions and 6 deletions
|
@ -17,10 +17,10 @@ type IP struct {
|
||||||
// NewIP builds a new IP given a list of CIDR-Strings to whitelist
|
// NewIP builds a new IP given a list of CIDR-Strings to whitelist
|
||||||
func NewIP(whitelistStrings []string, insecure bool) (*IP, error) {
|
func NewIP(whitelistStrings []string, insecure bool) (*IP, error) {
|
||||||
if len(whitelistStrings) == 0 && !insecure {
|
if len(whitelistStrings) == 0 && !insecure {
|
||||||
return nil, errors.New("no whiteListsNet provided")
|
return nil, errors.New("no white list provided")
|
||||||
}
|
}
|
||||||
|
|
||||||
ip := IP{}
|
ip := IP{insecure: insecure}
|
||||||
|
|
||||||
if !insecure {
|
if !insecure {
|
||||||
for _, whitelistString := range whitelistStrings {
|
for _, whitelistString := range whitelistStrings {
|
||||||
|
|
|
@ -19,12 +19,12 @@ func TestNew(t *testing.T) {
|
||||||
desc: "nil whitelist",
|
desc: "nil whitelist",
|
||||||
whitelistStrings: nil,
|
whitelistStrings: nil,
|
||||||
expectedWhitelists: nil,
|
expectedWhitelists: nil,
|
||||||
errMessage: "no whiteListsNet provided",
|
errMessage: "no white list provided",
|
||||||
}, {
|
}, {
|
||||||
desc: "empty whitelist",
|
desc: "empty whitelist",
|
||||||
whitelistStrings: []string{},
|
whitelistStrings: []string{},
|
||||||
expectedWhitelists: nil,
|
expectedWhitelists: nil,
|
||||||
errMessage: "no whiteListsNet provided",
|
errMessage: "no white list provided",
|
||||||
}, {
|
}, {
|
||||||
desc: "whitelist containing empty string",
|
desc: "whitelist containing empty string",
|
||||||
whitelistStrings: []string{
|
whitelistStrings: []string{
|
||||||
|
@ -90,7 +90,7 @@ func TestNew(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestIsAllowed(t *testing.T) {
|
func TestContainsIsAllowed(t *testing.T) {
|
||||||
cases := []struct {
|
cases := []struct {
|
||||||
desc string
|
desc string
|
||||||
whitelistStrings []string
|
whitelistStrings []string
|
||||||
|
@ -275,6 +275,7 @@ func TestIsAllowed(t *testing.T) {
|
||||||
test := test
|
test := test
|
||||||
t.Run(test.desc, func(t *testing.T) {
|
t.Run(test.desc, func(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
whiteLister, err := NewIP(test.whitelistStrings, false)
|
whiteLister, err := NewIP(test.whitelistStrings, false)
|
||||||
|
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
@ -297,7 +298,55 @@ func TestIsAllowed(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestBrokenIPs(t *testing.T) {
|
func TestContainsInsecure(t *testing.T) {
|
||||||
|
mustNewIP := func(whitelistStrings []string, insecure bool) *IP {
|
||||||
|
ip, err := NewIP(whitelistStrings, insecure)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatal(err)
|
||||||
|
}
|
||||||
|
return ip
|
||||||
|
}
|
||||||
|
|
||||||
|
testCases := []struct {
|
||||||
|
desc string
|
||||||
|
whiteLister *IP
|
||||||
|
ip string
|
||||||
|
expected bool
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
desc: "valid ip and insecure",
|
||||||
|
whiteLister: mustNewIP([]string{"1.2.3.4/24"}, true),
|
||||||
|
ip: "1.2.3.1",
|
||||||
|
expected: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
desc: "invalid ip and insecure",
|
||||||
|
whiteLister: mustNewIP([]string{"1.2.3.4/24"}, true),
|
||||||
|
ip: "10.2.3.1",
|
||||||
|
expected: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
desc: "invalid ip and secure",
|
||||||
|
whiteLister: mustNewIP([]string{"1.2.3.4/24"}, false),
|
||||||
|
ip: "10.2.3.1",
|
||||||
|
expected: false,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, test := range testCases {
|
||||||
|
test := test
|
||||||
|
t.Run(test.desc, func(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
ok, _, err := test.whiteLister.Contains(test.ip)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
assert.Equal(t, test.expected, ok)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestContainsBrokenIPs(t *testing.T) {
|
||||||
brokenIPs := []string{
|
brokenIPs := []string{
|
||||||
"foo",
|
"foo",
|
||||||
"10.0.0.350",
|
"10.0.0.350",
|
||||||
|
|
Loading…
Reference in a new issue