amorfo77/paperless-ngx
1
0
Fork 0
mirror of https://github.com/paperless-ngx/paperless-ngx.git synced 2026-06-30 09:14:17 +00:00
Code Issues Projects Releases Wiki Activity
Files
b2e4cbd980ccca18b3791635685c706902bea9cc
paperless-ngx/src/paperless/tests/test_network.py
T
shamoon 01d8fad622 Security: fixes for v3 beta (#12838)
2026-05-26 16:46:23 +00:00

51 lines
1.5 KiB
Python
Raw Blame History

from unittest import mock
import httpx
import pytest
from paperless.network import PinnedHostHTTPTransport
def test_pinned_host_transport_blocks_internal_rebinding():
transport = PinnedHostHTTPTransport(allow_internal=False)
request = httpx.Request("GET", "http://example.com/test")
with (
mock.patch(
"paperless.network.resolve_hostname_ips",
return_value=["127.0.0.1"],
),
pytest.raises(httpx.ConnectError, match="non-public address"),
):
transport.handle_request(request)
def test_pinned_host_transport_rewrites_to_vetted_ip():
transport = PinnedHostHTTPTransport(allow_internal=False)
request = httpx.Request("GET", "https://example.com:8443/test")
def assert_rewritten_request(
self,
rewritten_request,
):
assert str(rewritten_request.url) == "https://93.184.216.34:8443/test"
assert rewritten_request.headers["Host"] == "example.com:8443"
assert rewritten_request.extensions["sni_hostname"] == "example.com"
return httpx.Response(200, request=rewritten_request)
with (
mock.patch(
"paperless.network.resolve_hostname_ips",
return_value=["93.184.216.34"],
),
mock.patch.object(
httpx.HTTPTransport,
"handle_request",
autospec=True,
side_effect=assert_rewritten_request,
),
):
response = transport.handle_request(request)
assert response.status_code == 200
Reference in New Issue View Git Blame Copy Permalink