0
0
mirror of https://github.com/PostHog/posthog.git synced 2024-11-25 11:17:50 +01:00
posthog/plugin-server/tests/utils/fetch.test.ts
Michael Matloka b7fe004d6b
chore(plugin-server): Validate fetch hostnames (#17183)
* chore(plugin-server): Validate fetch hostnames

* Only apply Python host check on Cloud

* Update tests to use valid hook URLs

* Only apply plugin server host check in prod

* Update URLs in a couple more tests

* Only check hostnames on Cloud and remove port check

* Fix fetch mocking

* Roll out hostname guard per project

* Fix fetch call assertions

* Make `fetchHostnameGuardTeams` optional
2023-09-18 14:38:02 +02:00

41 lines
2.1 KiB
TypeScript

import { FetchError } from 'node-fetch'
import { raiseIfUserProvidedUrlUnsafe } from '../../src/utils/fetch'
test('raiseIfUserProvidedUrlUnsafe', async () => {
// Sync test cases with posthog/api/test/test_utils.py
await raiseIfUserProvidedUrlUnsafe('https://google.com?q=20') // Safe
await raiseIfUserProvidedUrlUnsafe('https://posthog.com') // Safe
await raiseIfUserProvidedUrlUnsafe('https://posthog.com/foo/bar') // Safe, with path
await raiseIfUserProvidedUrlUnsafe('https://posthog.com:443') // Safe, good port
await raiseIfUserProvidedUrlUnsafe('https://1.1.1.1') // Safe, public IP
await expect(raiseIfUserProvidedUrlUnsafe('')).rejects.toThrow(new FetchError('Invalid URL', 'posthog-host-guard'))
await expect(raiseIfUserProvidedUrlUnsafe('@@@')).rejects.toThrow(
new FetchError('Invalid URL', 'posthog-host-guard')
)
await expect(raiseIfUserProvidedUrlUnsafe('posthog.com')).rejects.toThrow(
new FetchError('Invalid URL', 'posthog-host-guard')
)
await expect(raiseIfUserProvidedUrlUnsafe('ftp://posthog.com')).rejects.toThrow(
new FetchError('Scheme must be either HTTP or HTTPS', 'posthog-host-guard')
)
await expect(raiseIfUserProvidedUrlUnsafe('http://localhost')).rejects.toThrow(
new FetchError('Internal hostname', 'posthog-host-guard')
)
await expect(raiseIfUserProvidedUrlUnsafe('http://192.168.0.5')).rejects.toThrow(
new FetchError('Internal hostname', 'posthog-host-guard')
)
await expect(raiseIfUserProvidedUrlUnsafe('http://0.0.0.0')).rejects.toThrow(
new FetchError('Internal hostname', 'posthog-host-guard')
)
await expect(raiseIfUserProvidedUrlUnsafe('http://10.0.0.24')).rejects.toThrow(
new FetchError('Internal hostname', 'posthog-host-guard')
)
await expect(raiseIfUserProvidedUrlUnsafe('http://172.20.0.21')).rejects.toThrow(
new FetchError('Internal hostname', 'posthog-host-guard')
)
await expect(raiseIfUserProvidedUrlUnsafe('http://fgtggggzzggggfd.com')).rejects.toThrow(
new FetchError('Invalid hostname', 'posthog-host-guard')
)
})