mirror of
https://github.com/cunnie/sslip.io.git
synced 2025-10-05 07:36:54 +08:00
1f7a54db73
Rather than bloating the code with yet another flag, one that only I would use, and in only one specific case (ns-aws.sslip.io), it would be better to simply take ns-aws.sslip.io out of the NS list.
238 lines
12 KiB
Go
238 lines
12 KiB
Go
package main_test
|
|
|
|
import (
|
|
"os/exec"
|
|
"strconv"
|
|
"strings"
|
|
|
|
. "github.com/onsi/ginkgo/v2"
|
|
. "github.com/onsi/gomega"
|
|
. "github.com/onsi/gomega/gbytes"
|
|
. "github.com/onsi/gomega/gexec"
|
|
)
|
|
|
|
var _ = Describe("flags", func() {
|
|
var serverCmd *exec.Cmd
|
|
var serverSession *Session
|
|
var port = getFreePort()
|
|
var flags []string
|
|
|
|
JustBeforeEach(func() {
|
|
flags = append(flags, "-port", strconv.Itoa(port), "-blocklistURL", "file://etc/blocklist-test.txt")
|
|
serverCmd = exec.Command(serverPath, flags...)
|
|
serverSession, err = Start(serverCmd, GinkgoWriter, GinkgoWriter)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
// takes 0.455s to start up on macOS Big Sur 3.7 GHz Quad Core 22-nm Xeon E5-1620v2 processor (2013 Mac Pro)
|
|
// takes 1.312s to start up on macOS Big Sur 2.0GHz quad-core 10th-generation Intel Core i5 processor (2020 13" MacBook Pro)
|
|
// 10 seconds should be long enough for slow container-on-a-VM-with-shared-core
|
|
Eventually(serverSession.Err, 10).Should(Say("Ready to answer queries"))
|
|
})
|
|
AfterEach(func() {
|
|
serverSession.Terminate()
|
|
Eventually(serverSession).Should(Exit())
|
|
})
|
|
When("-nameservers is set", func() {
|
|
BeforeEach(func() {
|
|
flags = []string{"-nameservers=mickey.minnie.,daffy.duck"}
|
|
})
|
|
It("returns all the NS records, appending dots as needed", func() {
|
|
digArgs := "@localhost example.com ns -p " + strconv.Itoa(port)
|
|
digCmd := exec.Command("dig", strings.Split(digArgs, " ")...)
|
|
digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Eventually(digSession).Should(Say(`flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0`))
|
|
Eventually(digSession).Should(Say(`;; ANSWER SECTION:`))
|
|
Eventually(digSession, 1).Should(Exit(0))
|
|
Eventually(string(digSession.Out.Contents())).Should(MatchRegexp(`mickey.minnie.\n`))
|
|
Eventually(string(digSession.Out.Contents())).Should(MatchRegexp(`daffy.duck.\n`))
|
|
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`Adding nameserver "mickey\.minnie\."\n`))
|
|
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`Adding nameserver "daffy\.duck\."\n`))
|
|
// we don't know the order in which the nameservers will be returned, so we try both
|
|
Eventually(string(serverSession.Err.Contents())).Should(Or(MatchRegexp(`TypeNS example.com. \? mickey\.minnie\., daffy\.duck\.\n`), MatchRegexp(`TypeNS example.com. \? daffy\.duck\., mickey\.minnie\.\n`)))
|
|
})
|
|
When("a nameserver is an empty string", func() {
|
|
BeforeEach(func() {
|
|
flags = []string{"-nameservers="}
|
|
})
|
|
It("should message that it's skipping that nameserver and continue", func() {
|
|
Expect(string(serverSession.Err.Contents())).Should(MatchRegexp(`-nameservers: ignoring zero-length nameserver ""`))
|
|
})
|
|
})
|
|
When("a nameserver is too long (>255 chars)", func() {
|
|
var tooLongDomainName = "abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789" +
|
|
"abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789" +
|
|
"abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789" +
|
|
"abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789"
|
|
|
|
BeforeEach(func() {
|
|
flags = []string{"-nameservers=" + tooLongDomainName}
|
|
})
|
|
It("should message that it's skipping that nameserver and continue", func() {
|
|
Expect(string(serverSession.Err.Contents())).Should(MatchRegexp(`-nameservers: ignoring invalid nameserver "` + tooLongDomainName))
|
|
})
|
|
})
|
|
})
|
|
When("-addresses is set", func() {
|
|
BeforeEach(func() {
|
|
flags = []string{"-addresses=a.b.c=1.2.3.4,a.b.c=5.6.7.8,a.b.c=2600::"}
|
|
})
|
|
It("returns the addresses when the A records of the hostnames are queried", func() {
|
|
digArgs := "@localhost a.b.c A -p " + strconv.Itoa(port)
|
|
digCmd := exec.Command("dig", strings.Split(digArgs, " ")...)
|
|
digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Eventually(digSession).Should(Say(`flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0`))
|
|
Eventually(digSession).Should(Say(`;; ANSWER SECTION:`))
|
|
Eventually(digSession).Should(Say(`1.2.3.4\n`))
|
|
Eventually(digSession).Should(Say(`5.6.7.8\n`))
|
|
Eventually(digSession, 1).Should(Exit(0))
|
|
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`Adding record "a.b.c.=1.2.3.4"\n`))
|
|
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`Adding record "a.b.c.=5.6.7.8"\n`))
|
|
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`Adding record "a.b.c.=2600::"\n`))
|
|
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypeA a\.b\.c\. \? 1\.2\.3\.4, 5\.6\.7\.8\n`))
|
|
})
|
|
It("returns the addresses when the AAAA records of the hostnames are queried", func() {
|
|
digArgs := "@localhost a.b.c AAAA -p " + strconv.Itoa(port)
|
|
digCmd := exec.Command("dig", strings.Split(digArgs, " ")...)
|
|
digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Eventually(digSession).Should(Say(`flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0`))
|
|
Eventually(digSession).Should(Say(`;; ANSWER SECTION:`))
|
|
Eventually(digSession).Should(Say(`2600::\n`))
|
|
Eventually(digSession, 1).Should(Exit(0))
|
|
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`TypeAAAA a\.b\.c\. \? 2600::\n`))
|
|
})
|
|
When(`addresses don't include an "="`, func() {
|
|
BeforeEach(func() {
|
|
flags = []string{"-addresses=a.b.c"}
|
|
})
|
|
It("should message that it's skipping that address and continue", func() {
|
|
Expect(string(serverSession.Err.Contents())).Should(MatchRegexp(`-addresses: arguments should be in the format "host=ip", not "a.b.c"`))
|
|
})
|
|
})
|
|
})
|
|
When("-quiet is set", func() {
|
|
BeforeEach(func() {
|
|
flags = []string{"-quiet"}
|
|
})
|
|
It("doesn't print out log messages so that GCP doesn't charge $17/mo for storing them", func() {
|
|
digArgs := "@localhost 169.254.169.254 -p " + strconv.Itoa(port)
|
|
digCmd := exec.Command("dig", strings.Split(digArgs, " ")...)
|
|
digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Eventually(digSession, 1).Should(Exit(0))
|
|
Eventually(string(serverSession.Err.Contents())).Should(Not(MatchRegexp(`169\.254\.169\.254`)))
|
|
})
|
|
})
|
|
When("-public is set to false", func() {
|
|
BeforeEach(func() {
|
|
flags = []string{"-public=false"}
|
|
})
|
|
It("doesn't resolve public IPv4 addresses", func() {
|
|
digArgs := "@localhost 8-8-8-8.sslip.io -p " + strconv.Itoa(port)
|
|
digCmd := exec.Command("dig", strings.Split(digArgs, " ")...)
|
|
digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Eventually(digSession, 1).Should(Exit(0))
|
|
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`\? nil, SOA 8-8-8-8\.sslip\.io\. briancunnie\.gmail\.com\.`))
|
|
})
|
|
It("doesn't resolve public IPv6 addresses", func() {
|
|
digArgs := "@localhost aaaa 2600--.sslip.io -p " + strconv.Itoa(port)
|
|
digCmd := exec.Command("dig", strings.Split(digArgs, " ")...)
|
|
digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Eventually(digSession, 1).Should(Exit(0))
|
|
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`\? nil, SOA 2600--\.sslip\.io\. briancunnie\.gmail\.com\.`))
|
|
})
|
|
It("resolves private IPv4 addresses", func() {
|
|
digArgs := "@localhost 192-168-0-1.sslip.io -p " + strconv.Itoa(port)
|
|
digCmd := exec.Command("dig", strings.Split(digArgs, " ")...)
|
|
digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Eventually(digSession, 1).Should(Exit(0))
|
|
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`192-168-0-1\.sslip\.io\. \? 192\.168\.0\.1`))
|
|
})
|
|
It("resolves private IPv6 addresses", func() {
|
|
digArgs := "@localhost aaaa fc00--.sslip.io -p " + strconv.Itoa(port)
|
|
digCmd := exec.Command("dig", strings.Split(digArgs, " ")...)
|
|
digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Eventually(digSession, 1).Should(Exit(0))
|
|
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`fc00--\.sslip\.io\. \? fc00::`))
|
|
})
|
|
})
|
|
When("-delegates is set", func() {
|
|
BeforeEach(func() {
|
|
flags = []string{"-delegates=" +
|
|
"_acme-challenge.127-0-0-1.IP.io=ns.nono.io," +
|
|
"2600--.IP.IO=ns-1.nono.com," +
|
|
"_acme-challenge.73-189-219-4.ip.IO=ns-2.nono.com," +
|
|
"a.b.C=d.E.f"}
|
|
})
|
|
When("the arguments are missing", func() {
|
|
BeforeEach(func() {
|
|
flags = []string{"-delegates="}
|
|
})
|
|
It("should give an informative message", func() {
|
|
Expect(string(serverSession.Err.Contents())).Should(Not(MatchRegexp(`-delegates`)))
|
|
})
|
|
})
|
|
When("the arguments are mangled", func() {
|
|
BeforeEach(func() {
|
|
flags = []string{"-delegates=blahblah"}
|
|
})
|
|
It("should give an informative message", func() {
|
|
Expect(string(serverSession.Err.Contents())).Should(MatchRegexp(`-delegates: arguments should be in the format "delegatedDomain=nameserver", not "blahblah"`))
|
|
})
|
|
})
|
|
When("only some of the arguments are mangled", func() {
|
|
BeforeEach(func() {
|
|
flags = []string{"-delegates=a.b=c.d,blahblah"}
|
|
})
|
|
It("adds the correct ones, gives an informative message for the mangled ones", func() {
|
|
Expect(string(serverSession.Err.Contents())).Should(MatchRegexp(`Adding delegated NS record "a.b.=c.d."`))
|
|
Expect(string(serverSession.Err.Contents())).Should(MatchRegexp(`-delegates: arguments should be in the format "delegatedDomain=nameserver", not "blahblah"`))
|
|
})
|
|
})
|
|
When("looking up a delegated domain", func() {
|
|
It("should return a non-authoritative NS record pointing to the nameserver", func() {
|
|
digArgs := "@localhost _acme-challenge.127-0-0-1.IP.io -p " + strconv.Itoa(port)
|
|
digCmd := exec.Command("dig", strings.Split(digArgs, " ")...)
|
|
digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Eventually(digSession).Should(Say(`flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0`))
|
|
Eventually(digSession).Should(Say(`;; AUTHORITY SECTION:`))
|
|
Eventually(digSession).Should(Say(`_acme-challenge.127-0-0-1.IP.io. 604800 IN NS ns.nono.io.\n`))
|
|
Eventually(digSession, 1).Should(Exit(0))
|
|
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`_acme-challenge\.127-0-0-1\.IP\.io\. \? nil, NS ns\.nono\.io\.`))
|
|
})
|
|
})
|
|
When("looking up the subdomain of a delegated domain", func() {
|
|
It("should return a non-authoritative NS record pointing to the nameserver", func() {
|
|
digArgs := "@localhost subdomain.2600--.IP.IO -p " + strconv.Itoa(port)
|
|
digCmd := exec.Command("dig", strings.Split(digArgs, " ")...)
|
|
digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Eventually(digSession).Should(Say(`flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0`))
|
|
Eventually(digSession).Should(Say(`;; AUTHORITY SECTION:`))
|
|
Eventually(digSession).Should(Say(`subdomain.2600--.IP.IO. 604800 IN NS ns-1.nono.com.\n`))
|
|
Eventually(digSession, 1).Should(Exit(0))
|
|
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`subdomain\.2600--\.IP\.IO\. \? nil, NS ns-1\.nono\.com\.`))
|
|
})
|
|
})
|
|
When("looking up a delegated domain that wouldn't have resolved to an IP address", func() {
|
|
It("it delegates", func() {
|
|
digArgs := "@localhost a.b.c -p " + strconv.Itoa(port)
|
|
digCmd := exec.Command("dig", strings.Split(digArgs, " ")...)
|
|
digSession, err := Start(digCmd, GinkgoWriter, GinkgoWriter)
|
|
Expect(err).ToNot(HaveOccurred())
|
|
Eventually(digSession).Should(Say(`flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0`))
|
|
Eventually(digSession).Should(Say(`;; AUTHORITY SECTION:`))
|
|
Eventually(digSession).Should(Say(`a.b.c. 604800 IN NS d.e.f.`))
|
|
Eventually(digSession, 1).Should(Exit(0))
|
|
Eventually(string(serverSession.Err.Contents())).Should(MatchRegexp(`a\.b\.c\. \? nil, NS d\.e\.f\.`))
|
|
})
|
|
})
|
|
})
|
|
})
|