alkdev/reverse-proxy
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/fix/fix/upstream-host-validation'

Browse Source
This commit is contained in:
glm-5.1
2026-06-12 14:33:56 +00:00
parent 9730d155d2 4ee9486561
commit ccb574c259
1 changed files with 54 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
src/config/validation.rs
View File

@@ -317,7 +317,15 @@ fn is_valid_upstream(upstream: &str) -> bool {
Ok(p) => p, Ok(p) => p,
Err(_) => return false, Err(_) => return false,
}; };
port != 0 if port == 0 {
return false;
}
if host_part.starts_with('[') && host_part.ends_with(']') {
let inner = &host_part[1..host_part.len() - 1];
inner.parse::<std::net::Ipv6Addr>().is_ok()
} else {
host_part.parse::<std::net::IpAddr>().is_ok() || is_valid_hostname(host_part)
}
} else { } else {
false false
} }
@@ -1136,4 +1144,49 @@ mod tests {
.iter() .iter()
.any(|e| matches!(e, ValidationError::KeyPathNotReadable { .. }))); .any(|e| matches!(e, ValidationError::KeyPathNotReadable { .. })));
} }
#[test]
fn rule17_upstream_valid_hostname() {
assert!(is_valid_upstream("gitea:3000"));
}
#[test]
fn rule17_upstream_valid_ipv4() {
assert!(is_valid_upstream("127.0.0.1:3000"));
}
#[test]
fn rule17_upstream_valid_ipv6_bracket() {
assert!(is_valid_upstream("[::1]:3000"));
}
#[test]
fn rule17_upstream_valid_ipv6_bracket_full() {
assert!(is_valid_upstream("[2001:db8::1]:8080"));
}
#[test]
fn rule17_upstream_invalid_hostname_chars() {
assert!(!is_valid_upstream("!!!bad!!!:3000"));
}
#[test]
fn rule17_upstream_invalid_special_chars() {
assert!(!is_valid_upstream("@#$%:8080"));
}
#[test]
fn rule17_upstream_empty_host() {
assert!(!is_valid_upstream(":3000"));
}
#[test]
fn rule17_upstream_invalid_ipv6_bracket() {
assert!(!is_valid_upstream("[notipv6]:3000"));
}
#[test]
fn rule17_upstream_hostname_with_dots() {
assert!(is_valid_upstream("app.example.com:8080"));
}
} }