PRD 0001: Per-agent egress proxy via pipelock (#1)
This commit was merged in pull request #1.
This commit is contained in:
Executable
+34
@@ -0,0 +1,34 @@
|
||||
#!/usr/bin/env bash
|
||||
# Unit: _pipelock_is_ipv4_literal — the classifier that decides
|
||||
# whether bottle.ssh[].Hostname goes into ssrf.ip_allowlist (IPv4
|
||||
# literal) or trusted_domains (hostname).
|
||||
TEST_NAME="pipelock_classify"
|
||||
|
||||
. "$(dirname "$0")/../lib/common.sh"
|
||||
# shellcheck source=../../lib/log.sh
|
||||
. "${REPO_ROOT}/lib/log.sh"
|
||||
# shellcheck source=../../lib/pipelock.sh
|
||||
. "${REPO_ROOT}/lib/pipelock.sh"
|
||||
|
||||
# Positive cases — these should be classified as IPv4 literals.
|
||||
for ip in "127.0.0.1" "10.0.0.5" "100.78.141.42" "0.0.0.0" "255.255.255.255"; do
|
||||
assert_exit_zero "ipv4: ${ip}" _pipelock_is_ipv4_literal "$ip"
|
||||
done
|
||||
|
||||
# Negative cases — hostnames, partial IPs, IPv6, and edge garbage
|
||||
# should NOT match.
|
||||
for hn in \
|
||||
"github.com" \
|
||||
"gitea.dideric.is" \
|
||||
"100.78.141" \
|
||||
"100.78.141.42.5" \
|
||||
"::1" \
|
||||
"fe80::1" \
|
||||
"localhost" \
|
||||
"" \
|
||||
"1.2.3.4.example.com"
|
||||
do
|
||||
assert_exit_nonzero "non-ipv4: '${hn}'" _pipelock_is_ipv4_literal "$hn"
|
||||
done
|
||||
|
||||
test_summary
|
||||
Reference in New Issue
Block a user