forked from gophish/gophish
-
Notifications
You must be signed in to change notification settings - Fork 0
/
import_test.go
84 lines (78 loc) · 2.56 KB
/
import_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
package api
import (
"bytes"
"encoding/json"
"fmt"
"net/http"
"net/http/httptest"
"strings"
"testing"
"github.com/gophish/gophish/dialer"
"github.com/gophish/gophish/models"
)
func makeImportRequest(ctx *testContext, allowedHosts []string, url string) *httptest.ResponseRecorder {
orig := dialer.DefaultDialer.AllowedHosts()
dialer.SetAllowedHosts(allowedHosts)
req := httptest.NewRequest(http.MethodPost, "/api/import/site",
bytes.NewBuffer([]byte(fmt.Sprintf(`
{
"url" : "%s"
}
`, url))))
req.Header.Set("Content-Type", "application/json")
response := httptest.NewRecorder()
ctx.apiServer.ImportSite(response, req)
dialer.SetAllowedHosts(orig)
return response
}
func TestDefaultDeniedImport(t *testing.T) {
ctx := setupTest(t)
metadataURL := "http://169.254.169.254/latest/meta-data/"
response := makeImportRequest(ctx, []string{}, metadataURL)
expectedCode := http.StatusBadRequest
if response.Code != expectedCode {
t.Fatalf("incorrect status code received. expected %d got %d", expectedCode, response.Code)
}
got := &models.Response{}
err := json.NewDecoder(response.Body).Decode(got)
if err != nil {
t.Fatalf("error decoding body: %v", err)
}
if !strings.Contains(got.Message, "upstream connection denied") {
t.Fatalf("incorrect response error provided: %s", got.Message)
}
}
func TestDefaultAllowedImport(t *testing.T) {
ctx := setupTest(t)
h := "<html><head></head><body><img src=\"/test.png\"/></body></html>"
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintln(w, h)
}))
defer ts.Close()
response := makeImportRequest(ctx, []string{}, ts.URL)
expectedCode := http.StatusOK
if response.Code != expectedCode {
t.Fatalf("incorrect status code received. expected %d got %d", expectedCode, response.Code)
}
}
func TestCustomDeniedImport(t *testing.T) {
ctx := setupTest(t)
h := "<html><head></head><body><img src=\"/test.png\"/></body></html>"
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintln(w, h)
}))
defer ts.Close()
response := makeImportRequest(ctx, []string{"192.168.1.1"}, ts.URL)
expectedCode := http.StatusBadRequest
if response.Code != expectedCode {
t.Fatalf("incorrect status code received. expected %d got %d", expectedCode, response.Code)
}
got := &models.Response{}
err := json.NewDecoder(response.Body).Decode(got)
if err != nil {
t.Fatalf("error decoding body: %v", err)
}
if !strings.Contains(got.Message, "upstream connection denied") {
t.Fatalf("incorrect response error provided: %s", got.Message)
}
}