mirror of
https://github.com/tailscale/tailscale.git
synced 2024-11-26 11:35:35 +00:00
4a82b317b7
The GitHub CodeQL scanner flagged the localapi's cert domain usage as a problem because user input in the URL made it to disk stat checks. The domain is validated against the ipnstate.Status later, and only authenticated root/configured users can hit this, but add some paranoia anyway. Change-Id: I373ef23832f1d8b3a27208bc811b6588ae5a1ddd Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>
31 lines
707 B
Go
31 lines
707 B
Go
// Copyright (c) 2021 Tailscale Inc & AUTHORS All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
//go:build !ios && !android && !js
|
|
// +build !ios,!android,!js
|
|
|
|
package localapi
|
|
|
|
import "testing"
|
|
|
|
func TestValidLookingCertDomain(t *testing.T) {
|
|
tests := []struct {
|
|
in string
|
|
want bool
|
|
}{
|
|
{"foo.com", true},
|
|
{"foo..com", false},
|
|
{"foo/com.com", false},
|
|
{"NUL", false},
|
|
{"", false},
|
|
{"foo\\bar.com", false},
|
|
{"foo\x00bar.com", false},
|
|
}
|
|
for _, tt := range tests {
|
|
if got := validLookingCertDomain(tt.in); got != tt.want {
|
|
t.Errorf("validLookingCertDomain(%q) = %v, want %v", tt.in, got, tt.want)
|
|
}
|
|
}
|
|
}
|