From b7274545e0e1836fa7635da5adcc16a5063ba406 Mon Sep 17 00:00:00 2001 From: tobi <31960611+tsmethurst@users.noreply.github.com> Date: Fri, 11 Aug 2023 17:49:17 +0200 Subject: [bugfix] Add s3 endpoint as image-src and media-src for CSP (#2103) * [bugfix] Add s3 endpoint as image-src and media-src for CSP * use https if secure * reorder comment --- internal/middleware/middleware_test.go | 102 +++++++++++++++++++++++++++++++++ 1 file changed, 102 insertions(+) create mode 100644 internal/middleware/middleware_test.go (limited to 'internal/middleware/middleware_test.go') diff --git a/internal/middleware/middleware_test.go b/internal/middleware/middleware_test.go new file mode 100644 index 000000000..fecae5dd1 --- /dev/null +++ b/internal/middleware/middleware_test.go @@ -0,0 +1,102 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see . + +package middleware_test + +import ( + "testing" + + "github.com/superseriousbusiness/gotosocial/internal/config" + "github.com/superseriousbusiness/gotosocial/internal/middleware" +) + +func TestBuildContentSecurityPolicy(t *testing.T) { + type cspTest struct { + s3Endpoint string + s3Proxy bool + s3Secure bool + expected string + actual string + } + + for _, test := range []cspTest{ + { + s3Endpoint: "", + s3Proxy: false, + s3Secure: false, + expected: "default-src 'self'", + }, + { + s3Endpoint: "some-bucket-provider.com", + s3Proxy: false, + s3Secure: true, + expected: "default-src 'self'; image-src https://some-bucket-provider.com; media-src https://some-bucket-provider.com", + }, + { + s3Endpoint: "some-bucket-provider.com:6969", + s3Proxy: false, + s3Secure: true, + expected: "default-src 'self'; image-src https://some-bucket-provider.com:6969; media-src https://some-bucket-provider.com:6969", + }, + { + s3Endpoint: "some-bucket-provider.com:6969", + s3Proxy: false, + s3Secure: false, + expected: "default-src 'self'; image-src http://some-bucket-provider.com:6969; media-src http://some-bucket-provider.com:6969", + }, + { + s3Endpoint: "s3.nl-ams.scw.cloud", + s3Proxy: false, + s3Secure: true, + expected: "default-src 'self'; image-src https://s3.nl-ams.scw.cloud; media-src https://s3.nl-ams.scw.cloud", + }, + { + s3Endpoint: "some-bucket-provider.com", + s3Proxy: true, + s3Secure: true, + expected: "default-src 'self'", + }, + { + s3Endpoint: "some-bucket-provider.com:6969", + s3Proxy: true, + s3Secure: true, + expected: "default-src 'self'", + }, + { + s3Endpoint: "some-bucket-provider.com:6969", + s3Proxy: true, + s3Secure: true, + expected: "default-src 'self'", + }, + { + s3Endpoint: "s3.nl-ams.scw.cloud", + s3Proxy: true, + s3Secure: true, + expected: "default-src 'self'", + }, + } { + config.SetStorageS3Endpoint(test.s3Endpoint) + config.SetStorageS3Proxy(test.s3Proxy) + config.SetStorageS3UseSSL(test.s3Secure) + + csp := middleware.BuildContentSecurityPolicy() + if csp != test.expected { + t.Logf("expected '%s', got '%s'", test.expected, csp) + t.Fail() + } + } +} -- cgit v1.2.3