forked from Shiloh/githaven
39 lines
727 B
Go
39 lines
727 B
Go
|
// Copyright 2023 The Gitea Authors. All rights reserved.
|
||
|
// SPDX-License-Identifier: MIT
|
||
|
|
||
|
package httplib
|
||
|
|
||
|
import (
|
||
|
"testing"
|
||
|
|
||
|
"code.gitea.io/gitea/modules/setting"
|
||
|
|
||
|
"github.com/stretchr/testify/assert"
|
||
|
)
|
||
|
|
||
|
func TestIsRiskyRedirectURL(t *testing.T) {
|
||
|
setting.AppURL = "http://localhost:3000/"
|
||
|
tests := []struct {
|
||
|
input string
|
||
|
want bool
|
||
|
}{
|
||
|
{"", false},
|
||
|
{"foo", false},
|
||
|
{"/", false},
|
||
|
{"/foo?k=%20#abc", false},
|
||
|
|
||
|
{"//", true},
|
||
|
{"\\\\", true},
|
||
|
{"/\\", true},
|
||
|
{"\\/", true},
|
||
|
{"mail:a@b.com", true},
|
||
|
{"https://test.com", true},
|
||
|
{setting.AppURL + "/foo", false},
|
||
|
}
|
||
|
for _, tt := range tests {
|
||
|
t.Run(tt.input, func(t *testing.T) {
|
||
|
assert.Equal(t, tt.want, IsRiskyRedirectURL(tt.input))
|
||
|
})
|
||
|
}
|
||
|
}
|