Yajbir-Malik/DocumentServer-v-9.2.0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8f5cb6a648a79c0ac5a5cfe6e6b7c3d059936737
DocumentServer-v-9.2.0/server/tests/unit/requestSSRF.tests.js
Yajbir Singh f1b860b25c
Some checks failed
check / markdownlint (push) Has been cancelled
Details
check / spellchecker (push) Has been cancelled
Details
updated
2025-12-11 19:03:17 +05:30

107 lines
2.8 KiB
JavaScript
Raw Blame History

const GOOD_HOST = '127.0.0.1';
const BAD_HOST = '127.0.0.2';
const GOOD_PORT = 4668;
const GOOD_PORT_REDIRECT = 4667;
const BAD_PORT = 4669;
process.env['NODE_CONFIG'] = JSON.stringify({
services: {
CoAuthoring: {
'request-filtering-agent': {
allowPrivateIPAddress: false,
allowMetaIPAddress: false,
allowIPAddressList: [GOOD_HOST]
}
}
}
});
// Required modules
const {describe, expect, beforeAll, afterAll, it} = require('@jest/globals');
const http = require('http');
const operationContext = require('../../Common/sources/operationContext');
const utils = require('../../Common/sources/utils');
// Common test parameters
const commonTestParams = {
uri: `http://${GOOD_HOST}:${GOOD_PORT}`,
timeout: 5000,
limit: 1024 * 1024, // 1MB
authorization: 'Bearer token123',
filterPrivate: true,
headers: {Accept: 'application/json'}
};
const ctx = operationContext.global;
describe('Server-Side Request Forgery (SSRF)', () => {
let goodServer, goodServerRedirect, badServer;
beforeAll(() => {
goodServer = http
.createServer((req, res) => {
res.write('good');
res.end();
})
.listen(GOOD_PORT);
goodServerRedirect = http
.createServer((req, res) => {
console.log(`Received request for: ${req.url}`);
// Set redirect status code (301 for permanent redirect, 302 for temporary)
res.statusCode = 302;
// Set the Location header to the redirect destination
res.setHeader('Location', `http://${BAD_HOST}:${BAD_PORT}`);
// You can add other headers if needed
res.setHeader('Content-Type', 'text/plain');
// Send a brief message in the body (optional)
res.end(`Redirecting to http://${BAD_HOST}:${BAD_PORT}`);
})
.listen(GOOD_PORT_REDIRECT);
badServer = http
.createServer((req, res) => {
res.write('bad');
res.end();
})
.listen(BAD_PORT);
});
afterAll(() => {
goodServer.close();
goodServerRedirect.close();
badServer.close();
});
it('should fetch', async () => {
const result = await utils.downloadUrlPromise(
ctx,
`http://${GOOD_HOST}:${GOOD_PORT}`,
commonTestParams.timeout,
commonTestParams.limit,
null,
false,
null
);
expect(result.body.toString()).toBe('good');
});
it('should not fetch: denied ip', async () => {
await expect(
utils.downloadUrlPromise(ctx, `http://${BAD_HOST}:${BAD_PORT}`, commonTestParams.timeout, commonTestParams.limit, null, false, null)
).rejects.toThrow();
});
it('should not fetch: redirect to denied ip', async () => {
await expect(
utils.downloadUrlPromise(ctx, `http://${GOOD_HOST}:${GOOD_PORT_REDIRECT}`, commonTestParams.timeout, commonTestParams.limit, null, false, null)
).rejects.toThrow();
});
});
Reference in New Issue View Git Blame Copy Permalink