diff options
author | Chocobozzz <me@florianbigard.com> | 2022-01-06 11:16:35 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2022-01-06 11:16:35 +0100 |
commit | 7b54a81cccf6b4c12269e9d6897d608b1a99537a (patch) | |
tree | 9dfb72879f36dcb6b4b3fc5a0b14dc8be09731e1 /server/tests/api | |
parent | 37a5d6318b8ce9a3784234751a74b7f15095d5c6 (diff) | |
download | PeerTube-7b54a81cccf6b4c12269e9d6897d608b1a99537a.tar.gz PeerTube-7b54a81cccf6b4c12269e9d6897d608b1a99537a.tar.zst PeerTube-7b54a81cccf6b4c12269e9d6897d608b1a99537a.zip |
Prevent video import on non unicast ips
Diffstat (limited to 'server/tests/api')
-rw-r--r-- | server/tests/api/check-params/video-imports.ts | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/server/tests/api/check-params/video-imports.ts b/server/tests/api/check-params/video-imports.ts index d6d745488..6c31daa9b 100644 --- a/server/tests/api/check-params/video-imports.ts +++ b/server/tests/api/check-params/video-imports.ts | |||
@@ -108,6 +108,34 @@ describe('Test video imports API validator', function () { | |||
108 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | 108 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) |
109 | }) | 109 | }) |
110 | 110 | ||
111 | it('Should fail with localhost', async function () { | ||
112 | const fields = { ...baseCorrectParams, targetUrl: 'http://localhost:8000' } | ||
113 | |||
114 | await makePostBodyRequest({ url: server.url, path, token: server.accessToken, fields }) | ||
115 | }) | ||
116 | |||
117 | it('Should fail with a private IP target urls', async function () { | ||
118 | const targetUrls = [ | ||
119 | 'http://127.0.0.1:8000', | ||
120 | 'http://127.0.0.1', | ||
121 | 'http://127.0.0.1/hello', | ||
122 | 'https://192.168.1.42', | ||
123 | 'http://192.168.1.42' | ||
124 | ] | ||
125 | |||
126 | for (const targetUrl of targetUrls) { | ||
127 | const fields = { ...baseCorrectParams, targetUrl } | ||
128 | |||
129 | await makePostBodyRequest({ | ||
130 | url: server.url, | ||
131 | path, | ||
132 | token: server.accessToken, | ||
133 | fields, | ||
134 | expectedStatus: HttpStatusCode.FORBIDDEN_403 | ||
135 | }) | ||
136 | } | ||
137 | }) | ||
138 | |||
111 | it('Should fail with a long name', async function () { | 139 | it('Should fail with a long name', async function () { |
112 | const fields = { ...baseCorrectParams, name: 'super'.repeat(65) } | 140 | const fields = { ...baseCorrectParams, name: 'super'.repeat(65) } |
113 | 141 | ||