1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
require 'rubygems'
require 'json'
require 'base64'
require 'openssl'
require 'rest_client'
require 'addressable/uri'
require 'test/unit'
module CamoProxyTests
def config
{ 'key' => ENV['CAMO_KEY'] || "0x24FEEDFACEDEADBEEFCAFE",
'host' => ENV['CAMO_HOST'] || "http://localhost:8081" }
end
def spawn_server(path)
port = 9292
config = "test/servers/#{path}.ru"
host = "localhost:#{port}"
pid = fork do
STDOUT.reopen "/dev/null"
STDERR.reopen "/dev/null"
exec "rackup", "--port", port.to_s, config
end
sleep 2
begin
yield host
ensure
Process.kill(:TERM, pid)
Process.wait(pid)
end
end
def test_proxy_localhost_test_server
spawn_server(:ok) do |host|
response = RestClient.get("http://#{host}/octocat.jpg")
assert_equal(200, response.code)
response = request("http://#{host}/octocat.jpg")
assert_equal(200, response.code)
end
end
def test_proxy_survives_redirect_without_location
spawn_server(:redirect_without_location) do |host|
assert_raise RestClient::ResourceNotFound do
request("http://#{host}")
end
end
end
def test_doesnt_crash_with_non_url_encoded_url
assert_raise RestClient::ResourceNotFound do
RestClient.get("#{config['host']}/crashme?url=crash&url=me")
end
end
def test_always_sets_security_headers
['/', '/status'].each do |path|
response = RestClient.get("#{config['host']}#{path}")
assert_equal "deny", response.headers[:x_frame_options]
assert_equal "default-src 'none'; img-src data:; style-src 'unsafe-inline'", response.headers[:content_security_policy]
assert_equal "nosniff", response.headers[:x_content_type_options]
assert_equal "max-age=31536000; includeSubDomains", response.headers[:strict_transport_security]
end
end
def test_forwards_404_with_image
spawn_server(:not_found) do |host|
uri = request_uri("http://#{host}/octocat.jpg")
response = RestClient.get(uri){ |response, request, result| response }
assert_equal(404, response.code)
assert_equal("image/jpeg", response.headers[:content_type])
end
end
def test_404s_on_request_error
spawn_server(:crash_request) do |host|
assert_raise RestClient::ResourceNotFound do
request("http://#{host}/cats.png")
end
end
end
end
class CamoProxyQueryStringTest < Test::Unit::TestCase
include CamoProxyTests
def request_uri(image_url)
hexdigest = OpenSSL::HMAC.hexdigest(
OpenSSL::Digest.new('sha1'), config['key'], image_url)
uri = Addressable::URI.parse("#{config['host']}/#{hexdigest}")
uri.query_values = { 'url' => image_url, 'repo' => '', 'path' => '' }
uri.to_s
end
def request(image_url)
RestClient.get(request_uri(image_url))
end
end
class CamoProxyPathTest < Test::Unit::TestCase
include CamoProxyTests
def hexenc(image_url)
image_url.to_enum(:each_byte).map { |byte| "%02x" % byte }.join
end
def request_uri(image_url)
hexdigest = OpenSSL::HMAC.hexdigest(
OpenSSL::Digest.new('sha1'), config['key'], image_url)
encoded_image_url = hexenc(image_url)
"#{config['host']}/#{hexdigest}/#{encoded_image_url}"
end
def request(image_url)
RestClient.get(request_uri(image_url))
end
end
|
