| package v2 |
| |
| import ( |
| "encoding/json" |
| "fmt" |
| "math/rand" |
| "net/http" |
| "net/http/httptest" |
| "reflect" |
| "strings" |
| "testing" |
| "time" |
| |
| "github.com/gorilla/mux" |
| ) |
| |
| type routeTestCase struct { |
| RequestURI string |
| ExpectedURI string |
| Vars map[string]string |
| RouteName string |
| StatusCode int |
| } |
| |
| // TestRouter registers a test handler with all the routes and ensures that |
| // each route returns the expected path variables. Not method verification is |
| // present. This not meant to be exhaustive but as check to ensure that the |
| // expected variables are extracted. |
| // |
| // This may go away as the application structure comes together. |
| func TestRouter(t *testing.T) { |
| testCases := []routeTestCase{ |
| { |
| RouteName: RouteNameBase, |
| RequestURI: "/v2/", |
| Vars: map[string]string{}, |
| }, |
| { |
| RouteName: RouteNameManifest, |
| RequestURI: "/v2/foo/manifests/bar", |
| Vars: map[string]string{ |
| "name": "foo", |
| "reference": "bar", |
| }, |
| }, |
| { |
| RouteName: RouteNameManifest, |
| RequestURI: "/v2/foo/bar/manifests/tag", |
| Vars: map[string]string{ |
| "name": "foo/bar", |
| "reference": "tag", |
| }, |
| }, |
| { |
| RouteName: RouteNameManifest, |
| RequestURI: "/v2/foo/bar/manifests/sha256:abcdef01234567890", |
| Vars: map[string]string{ |
| "name": "foo/bar", |
| "reference": "sha256:abcdef01234567890", |
| }, |
| }, |
| { |
| RouteName: RouteNameTags, |
| RequestURI: "/v2/foo/bar/tags/list", |
| Vars: map[string]string{ |
| "name": "foo/bar", |
| }, |
| }, |
| { |
| RouteName: RouteNameTags, |
| RequestURI: "/v2/docker.com/foo/tags/list", |
| Vars: map[string]string{ |
| "name": "docker.com/foo", |
| }, |
| }, |
| { |
| RouteName: RouteNameTags, |
| RequestURI: "/v2/docker.com/foo/bar/tags/list", |
| Vars: map[string]string{ |
| "name": "docker.com/foo/bar", |
| }, |
| }, |
| { |
| RouteName: RouteNameTags, |
| RequestURI: "/v2/docker.com/foo/bar/baz/tags/list", |
| Vars: map[string]string{ |
| "name": "docker.com/foo/bar/baz", |
| }, |
| }, |
| { |
| RouteName: RouteNameBlob, |
| RequestURI: "/v2/foo/bar/blobs/sha256:abcdef0919234", |
| Vars: map[string]string{ |
| "name": "foo/bar", |
| "digest": "sha256:abcdef0919234", |
| }, |
| }, |
| { |
| RouteName: RouteNameBlobUpload, |
| RequestURI: "/v2/foo/bar/blobs/uploads/", |
| Vars: map[string]string{ |
| "name": "foo/bar", |
| }, |
| }, |
| { |
| RouteName: RouteNameBlobUploadChunk, |
| RequestURI: "/v2/foo/bar/blobs/uploads/uuid", |
| Vars: map[string]string{ |
| "name": "foo/bar", |
| "uuid": "uuid", |
| }, |
| }, |
| { |
| // support uuid proper |
| RouteName: RouteNameBlobUploadChunk, |
| RequestURI: "/v2/foo/bar/blobs/uploads/D95306FA-FAD3-4E36-8D41-CF1C93EF8286", |
| Vars: map[string]string{ |
| "name": "foo/bar", |
| "uuid": "D95306FA-FAD3-4E36-8D41-CF1C93EF8286", |
| }, |
| }, |
| { |
| RouteName: RouteNameBlobUploadChunk, |
| RequestURI: "/v2/foo/bar/blobs/uploads/RDk1MzA2RkEtRkFEMy00RTM2LThENDEtQ0YxQzkzRUY4Mjg2IA==", |
| Vars: map[string]string{ |
| "name": "foo/bar", |
| "uuid": "RDk1MzA2RkEtRkFEMy00RTM2LThENDEtQ0YxQzkzRUY4Mjg2IA==", |
| }, |
| }, |
| { |
| // supports urlsafe base64 |
| RouteName: RouteNameBlobUploadChunk, |
| RequestURI: "/v2/foo/bar/blobs/uploads/RDk1MzA2RkEtRkFEMy00RTM2LThENDEtQ0YxQzkzRUY4Mjg2IA_-==", |
| Vars: map[string]string{ |
| "name": "foo/bar", |
| "uuid": "RDk1MzA2RkEtRkFEMy00RTM2LThENDEtQ0YxQzkzRUY4Mjg2IA_-==", |
| }, |
| }, |
| { |
| // does not match |
| RouteName: RouteNameBlobUploadChunk, |
| RequestURI: "/v2/foo/bar/blobs/uploads/totalandcompletejunk++$$-==", |
| StatusCode: http.StatusNotFound, |
| }, |
| { |
| // Check ambiguity: ensure we can distinguish between tags for |
| // "foo/bar/image/image" and image for "foo/bar/image" with tag |
| // "tags" |
| RouteName: RouteNameManifest, |
| RequestURI: "/v2/foo/bar/manifests/manifests/tags", |
| Vars: map[string]string{ |
| "name": "foo/bar/manifests", |
| "reference": "tags", |
| }, |
| }, |
| { |
| // This case presents an ambiguity between foo/bar with tag="tags" |
| // and list tags for "foo/bar/manifest" |
| RouteName: RouteNameTags, |
| RequestURI: "/v2/foo/bar/manifests/tags/list", |
| Vars: map[string]string{ |
| "name": "foo/bar/manifests", |
| }, |
| }, |
| { |
| RouteName: RouteNameManifest, |
| RequestURI: "/v2/locahost:8080/foo/bar/baz/manifests/tag", |
| Vars: map[string]string{ |
| "name": "locahost:8080/foo/bar/baz", |
| "reference": "tag", |
| }, |
| }, |
| } |
| |
| checkTestRouter(t, testCases, "", true) |
| checkTestRouter(t, testCases, "/prefix/", true) |
| } |
| |
| func TestRouterWithPathTraversals(t *testing.T) { |
| testCases := []routeTestCase{ |
| { |
| RouteName: RouteNameBlobUploadChunk, |
| RequestURI: "/v2/foo/../../blobs/uploads/D95306FA-FAD3-4E36-8D41-CF1C93EF8286", |
| ExpectedURI: "/blobs/uploads/D95306FA-FAD3-4E36-8D41-CF1C93EF8286", |
| StatusCode: http.StatusNotFound, |
| }, |
| { |
| // Testing for path traversal attack handling |
| RouteName: RouteNameTags, |
| RequestURI: "/v2/foo/../bar/baz/tags/list", |
| ExpectedURI: "/v2/bar/baz/tags/list", |
| Vars: map[string]string{ |
| "name": "bar/baz", |
| }, |
| }, |
| } |
| checkTestRouter(t, testCases, "", false) |
| } |
| |
| func TestRouterWithBadCharacters(t *testing.T) { |
| if testing.Short() { |
| testCases := []routeTestCase{ |
| { |
| RouteName: RouteNameBlobUploadChunk, |
| RequestURI: "/v2/foo/blobs/uploads/不95306FA-FAD3-4E36-8D41-CF1C93EF8286", |
| StatusCode: http.StatusNotFound, |
| }, |
| { |
| // Testing for path traversal attack handling |
| RouteName: RouteNameTags, |
| RequestURI: "/v2/foo/不bar/tags/list", |
| StatusCode: http.StatusNotFound, |
| }, |
| } |
| checkTestRouter(t, testCases, "", true) |
| } else { |
| // in the long version we're going to fuzz the router |
| // with random UTF8 characters not in the 128 bit ASCII range. |
| // These are not valid characters for the router and we expect |
| // 404s on every test. |
| rand.Seed(time.Now().UTC().UnixNano()) |
| testCases := make([]routeTestCase, 1000) |
| for idx := range testCases { |
| testCases[idx] = routeTestCase{ |
| RouteName: RouteNameTags, |
| RequestURI: fmt.Sprintf("/v2/%v/%v/tags/list", randomString(10), randomString(10)), |
| StatusCode: http.StatusNotFound, |
| } |
| } |
| checkTestRouter(t, testCases, "", true) |
| } |
| } |
| |
| func checkTestRouter(t *testing.T, testCases []routeTestCase, prefix string, deeplyEqual bool) { |
| router := RouterWithPrefix(prefix) |
| |
| testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { |
| testCase := routeTestCase{ |
| RequestURI: r.RequestURI, |
| Vars: mux.Vars(r), |
| RouteName: mux.CurrentRoute(r).GetName(), |
| } |
| |
| enc := json.NewEncoder(w) |
| |
| if err := enc.Encode(testCase); err != nil { |
| http.Error(w, err.Error(), http.StatusInternalServerError) |
| return |
| } |
| }) |
| |
| // Startup test server |
| server := httptest.NewServer(router) |
| |
| for _, testcase := range testCases { |
| testcase.RequestURI = strings.TrimSuffix(prefix, "/") + testcase.RequestURI |
| // Register the endpoint |
| route := router.GetRoute(testcase.RouteName) |
| if route == nil { |
| t.Fatalf("route for name %q not found", testcase.RouteName) |
| } |
| |
| route.Handler(testHandler) |
| |
| u := server.URL + testcase.RequestURI |
| |
| resp, err := http.Get(u) |
| |
| if err != nil { |
| t.Fatalf("error issuing get request: %v", err) |
| } |
| |
| if testcase.StatusCode == 0 { |
| // Override default, zero-value |
| testcase.StatusCode = http.StatusOK |
| } |
| if testcase.ExpectedURI == "" { |
| // Override default, zero-value |
| testcase.ExpectedURI = testcase.RequestURI |
| } |
| |
| if resp.StatusCode != testcase.StatusCode { |
| t.Fatalf("unexpected status for %s: %v %v", u, resp.Status, resp.StatusCode) |
| } |
| |
| if testcase.StatusCode != http.StatusOK { |
| resp.Body.Close() |
| // We don't care about json response. |
| continue |
| } |
| |
| dec := json.NewDecoder(resp.Body) |
| |
| var actualRouteInfo routeTestCase |
| if err := dec.Decode(&actualRouteInfo); err != nil { |
| t.Fatalf("error reading json response: %v", err) |
| } |
| // Needs to be set out of band |
| actualRouteInfo.StatusCode = resp.StatusCode |
| |
| if actualRouteInfo.RequestURI != testcase.ExpectedURI { |
| t.Fatalf("URI %v incorrectly parsed, expected %v", actualRouteInfo.RequestURI, testcase.ExpectedURI) |
| } |
| |
| if actualRouteInfo.RouteName != testcase.RouteName { |
| t.Fatalf("incorrect route %q matched, expected %q", actualRouteInfo.RouteName, testcase.RouteName) |
| } |
| |
| // when testing deep equality, the actualRouteInfo has an empty ExpectedURI, we don't want |
| // that to make the comparison fail. We're otherwise done with the testcase so empty the |
| // testcase.ExpectedURI |
| testcase.ExpectedURI = "" |
| if deeplyEqual && !reflect.DeepEqual(actualRouteInfo, testcase) { |
| t.Fatalf("actual does not equal expected: %#v != %#v", actualRouteInfo, testcase) |
| } |
| |
| resp.Body.Close() |
| } |
| |
| } |
| |
| // -------------- START LICENSED CODE -------------- |
| // The following code is derivative of https://github.com/google/gofuzz |
| // gofuzz is licensed under the Apache License, Version 2.0, January 2004, |
| // a copy of which can be found in the LICENSE file at the root of this |
| // repository. |
| |
| // These functions allow us to generate strings containing only multibyte |
| // characters that are invalid in our URLs. They are used above for fuzzing |
| // to ensure we always get 404s on these invalid strings |
| type charRange struct { |
| first, last rune |
| } |
| |
| // choose returns a random unicode character from the given range, using the |
| // given randomness source. |
| func (r *charRange) choose() rune { |
| count := int64(r.last - r.first) |
| return r.first + rune(rand.Int63n(count)) |
| } |
| |
| var unicodeRanges = []charRange{ |
| {'\u00a0', '\u02af'}, // Multi-byte encoded characters |
| {'\u4e00', '\u9fff'}, // Common CJK (even longer encodings) |
| } |
| |
| func randomString(length int) string { |
| runes := make([]rune, length) |
| for i := range runes { |
| runes[i] = unicodeRanges[rand.Intn(len(unicodeRanges))].choose() |
| } |
| return string(runes) |
| } |
| |
| // -------------- END LICENSED CODE -------------- |