package utils import ( "net/url" "testing" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) func TestURLPathFullClean(t *testing.T) { testCases := []struct { name string have string expected string }{ {"ShouldReturnFullPathSingleSlash", "https://example.com/", "/"}, {"ShouldReturnFullPathSingleSlashWithQuery", "https://example.com/?query=1&alt=2", "/?query=1&alt=2"}, {"ShouldReturnFullPathNormal", "https://example.com/test", "/test"}, {"ShouldReturnFullPathNormalWithSlashSuffix", "https://example.com/test/", "/test/"}, {"ShouldReturnFullPathNormalWithSlashSuffixAndQuery", "https://example.com/test/?query=1&alt=2", "/test/?query=1&alt=2"}, {"ShouldReturnFullPathWithQuery", "https://example.com/test?query=1&alt=2", "/test?query=1&alt=2"}, {"ShouldReturnCleanedPath", "https://example.com/five/../test?query=1&alt=2", "/test?query=1&alt=2"}, {"ShouldReturnCleanedPathEscaped", "https://example.com/five/..%2ftest?query=1&alt=2", "/test?query=1&alt=2"}, {"ShouldReturnCleanedPathEscapedExtra", "https://example.com/five/..%2ftest?query=1&alt=2", "/test?query=1&alt=2"}, {"ShouldReturnCleanedPathEscapedExtraSurrounding", "https://example.com/five/%2f..%2f/test?query=1&alt=2", "/test?query=1&alt=2"}, {"ShouldReturnCleanedPathEscapedPeriods", "https://example.com/five/%2f%2e%2e%2f/test?query=1&alt=2", "/test?query=1&alt=2"}, } for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { u, err := url.ParseRequestURI(tc.have) require.NoError(t, err) actual := URLPathFullClean(u) assert.Equal(t, tc.expected, actual) }) } } func isURLSafe(requestURI string, domain string) bool { //nolint:unparam u, _ := url.ParseRequestURI(requestURI) return IsURISafeRedirection(u, domain) } func TestIsRedirectionSafe_ShouldReturnTrueOnExactDomain(t *testing.T) { assert.True(t, isURLSafe("https://example.com", "example.com")) } func TestIsRedirectionSafe_ShouldReturnFalseOnBadScheme(t *testing.T) { assert.False(t, isURLSafe("http://secure.example.com", "example.com")) assert.False(t, isURLSafe("ftp://secure.example.com", "example.com")) assert.True(t, isURLSafe("https://secure.example.com", "example.com")) } func TestIsRedirectionSafe_ShouldReturnFalseOnBadDomain(t *testing.T) { assert.False(t, isURLSafe("https://secure.example.com.c", "example.com")) assert.False(t, isURLSafe("https://secure.example.comc", "example.com")) assert.False(t, isURLSafe("https://secure.example.co", "example.com")) }