hugo

Fork of github.com/gohugoio/hugo with reverse pagination support

git clone git://git.shimmy1996.com/hugo.git

securityonfig_test.go (4137B)

    1 // Copyright 2018 The Hugo Authors. All rights reserved.
    2 //
    3 // Licensed under the Apache License, Version 2.0 (the "License");
    4 // you may not use this file except in compliance with the License.
    5 // You may obtain a copy of the License at
    6 // http://www.apache.org/licenses/LICENSE-2.0
    7 //
    8 // Unless required by applicable law or agreed to in writing, software
    9 // distributed under the License is distributed on an "AS IS" BASIS,
   10 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   11 // See the License for the specific language governing permissions and
   12 // limitations under the License.
   13 
   14 package security
   15 
   16 import (
   17 	"testing"
   18 
   19 	qt "github.com/frankban/quicktest"
   20 	"github.com/gohugoio/hugo/config"
   21 )
   22 
   23 func TestDecodeConfigFromTOML(t *testing.T) {
   24 	c := qt.New(t)
   25 
   26 	c.Run("Slice whitelist", func(c *qt.C) {
   27 		c.Parallel()
   28 		tomlConfig := `
   29 
   30 
   31 someOtherValue = "bar"
   32 
   33 [security]
   34 enableInlineShortcodes=true
   35 [security.exec]
   36 allow=["a", "b"]
   37 osEnv=["a", "b", "c"]
   38 [security.funcs]
   39 getEnv=["a", "b"]
   40 
   41 `
   42 
   43 		cfg, err := config.FromConfigString(tomlConfig, "toml")
   44 		c.Assert(err, qt.IsNil)
   45 
   46 		pc, err := DecodeConfig(cfg)
   47 		c.Assert(err, qt.IsNil)
   48 		c.Assert(pc, qt.Not(qt.IsNil))
   49 		c.Assert(pc.EnableInlineShortcodes, qt.IsTrue)
   50 		c.Assert(pc.Exec.Allow.Accept("a"), qt.IsTrue)
   51 		c.Assert(pc.Exec.Allow.Accept("d"), qt.IsFalse)
   52 		c.Assert(pc.Exec.OsEnv.Accept("a"), qt.IsTrue)
   53 		c.Assert(pc.Exec.OsEnv.Accept("e"), qt.IsFalse)
   54 		c.Assert(pc.Funcs.Getenv.Accept("a"), qt.IsTrue)
   55 		c.Assert(pc.Funcs.Getenv.Accept("c"), qt.IsFalse)
   56 
   57 	})
   58 
   59 	c.Run("String whitelist", func(c *qt.C) {
   60 		c.Parallel()
   61 		tomlConfig := `
   62 
   63 
   64 someOtherValue = "bar"
   65 
   66 [security]
   67 [security.exec]
   68 allow="a"
   69 osEnv="b"
   70 
   71 `
   72 
   73 		cfg, err := config.FromConfigString(tomlConfig, "toml")
   74 		c.Assert(err, qt.IsNil)
   75 
   76 		pc, err := DecodeConfig(cfg)
   77 		c.Assert(err, qt.IsNil)
   78 		c.Assert(pc, qt.Not(qt.IsNil))
   79 		c.Assert(pc.Exec.Allow.Accept("a"), qt.IsTrue)
   80 		c.Assert(pc.Exec.Allow.Accept("d"), qt.IsFalse)
   81 		c.Assert(pc.Exec.OsEnv.Accept("b"), qt.IsTrue)
   82 		c.Assert(pc.Exec.OsEnv.Accept("e"), qt.IsFalse)
   83 
   84 	})
   85 
   86 	c.Run("Default exec.osEnv", func(c *qt.C) {
   87 		c.Parallel()
   88 		tomlConfig := `
   89 
   90 
   91 someOtherValue = "bar"
   92 
   93 [security]
   94 [security.exec]
   95 allow="a"
   96 
   97 `
   98 
   99 		cfg, err := config.FromConfigString(tomlConfig, "toml")
  100 		c.Assert(err, qt.IsNil)
  101 
  102 		pc, err := DecodeConfig(cfg)
  103 		c.Assert(err, qt.IsNil)
  104 		c.Assert(pc, qt.Not(qt.IsNil))
  105 		c.Assert(pc.Exec.Allow.Accept("a"), qt.IsTrue)
  106 		c.Assert(pc.Exec.OsEnv.Accept("PATH"), qt.IsTrue)
  107 		c.Assert(pc.Exec.OsEnv.Accept("e"), qt.IsFalse)
  108 
  109 	})
  110 
  111 	c.Run("Enable inline shortcodes, legacy", func(c *qt.C) {
  112 		c.Parallel()
  113 		tomlConfig := `
  114 
  115 
  116 someOtherValue = "bar"
  117 enableInlineShortcodes=true
  118 
  119 [security]
  120 [security.exec]
  121 allow="a"
  122 osEnv="b"
  123 
  124 `
  125 
  126 		cfg, err := config.FromConfigString(tomlConfig, "toml")
  127 		c.Assert(err, qt.IsNil)
  128 
  129 		pc, err := DecodeConfig(cfg)
  130 		c.Assert(err, qt.IsNil)
  131 		c.Assert(pc.EnableInlineShortcodes, qt.IsTrue)
  132 
  133 	})
  134 
  135 }
  136 
  137 func TestToTOML(t *testing.T) {
  138 	c := qt.New(t)
  139 
  140 	got := DefaultConfig.ToTOML()
  141 
  142 	c.Assert(got, qt.Equals,
  143 		"[security]\n  enableInlineShortcodes = false\n  [security.exec]\n    allow = ['^dart-sass-embedded$', '^go$', '^npx$', '^postcss$']\n    osEnv = ['(?i)^(PATH|PATHEXT|APPDATA|TMP|TEMP|TERM)$']\n\n  [security.funcs]\n    getenv = ['^HUGO_']\n\n  [security.http]\n    methods = ['(?i)GET|POST']\n    urls = ['.*']",
  144 	)
  145 }
  146 
  147 func TestDecodeConfigDefault(t *testing.T) {
  148 	t.Parallel()
  149 	c := qt.New(t)
  150 
  151 	pc, err := DecodeConfig(config.New())
  152 	c.Assert(err, qt.IsNil)
  153 	c.Assert(pc, qt.Not(qt.IsNil))
  154 	c.Assert(pc.Exec.Allow.Accept("a"), qt.IsFalse)
  155 	c.Assert(pc.Exec.Allow.Accept("npx"), qt.IsTrue)
  156 	c.Assert(pc.Exec.Allow.Accept("Npx"), qt.IsFalse)
  157 	c.Assert(pc.Exec.OsEnv.Accept("a"), qt.IsFalse)
  158 	c.Assert(pc.Exec.OsEnv.Accept("PATH"), qt.IsTrue)
  159 	c.Assert(pc.Exec.OsEnv.Accept("e"), qt.IsFalse)
  160 
  161 	c.Assert(pc.HTTP.URLs.Accept("https://example.org"), qt.IsTrue)
  162 	c.Assert(pc.HTTP.Methods.Accept("POST"), qt.IsTrue)
  163 	c.Assert(pc.HTTP.Methods.Accept("GET"), qt.IsTrue)
  164 	c.Assert(pc.HTTP.Methods.Accept("get"), qt.IsTrue)
  165 	c.Assert(pc.HTTP.Methods.Accept("DELETE"), qt.IsFalse)
  166 }