-
Notifications
You must be signed in to change notification settings - Fork 51
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(webconnectivitylte): handle malformed redirect URLs (#1480)
This diff ensures that webconnectivitylte is able to handle malformed redirect URLs such as (literally) `http://` and `https://`. The way in which we do this is slightly different from v0.4 and possibly more accurate in that it attributes the error to the operation where we detect the error rather than later on in the next redirect. Because of that, I made the QA suite conform to v0.5's behavior. Closes ooni/probe#2628 Related ooni/spec PR: ooni/spec#285
- Loading branch information
1 parent
69a6c89
commit 1579af3
Showing
18 changed files
with
308 additions
and
126 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
package webconnectivitylte | ||
|
||
import ( | ||
"errors" | ||
"net/http" | ||
|
||
"github.com/ooni/probe-cli/v3/internal/netxlite" | ||
) | ||
|
||
// httpRedirectIsRedirect returns whether this response is a redirect | ||
func httpRedirectIsRedirect(resp *http.Response) bool { | ||
switch resp.StatusCode { | ||
case 301, 302, 307, 308: | ||
return true | ||
default: | ||
return false | ||
} | ||
|
||
} | ||
|
||
var errHTTPValidateRedirectMissingRequest = errors.New("httpValidateRedirect: missing request") | ||
|
||
// httpValidateRedirect validates a redirect. In case of failure, the | ||
// returned error is a [*netxlite.ErrWrapper] instance. | ||
// | ||
// See https://github.com/ooni/probe/issues/2628 for context. | ||
func httpValidateRedirect(resp *http.Response) error { | ||
// Implementation note: require the original request to be present otherwise we | ||
// cannot distinguish between `/en-US/index.html` (which is legit) and `https://` | ||
// (which instead is what we want to prevent from being used). | ||
if resp.Request == nil { | ||
return errHTTPValidateRedirectMissingRequest | ||
} | ||
location, err := resp.Location() | ||
if err != nil { | ||
return err | ||
} | ||
if location.Host == "" { | ||
return &netxlite.ErrWrapper{ | ||
Failure: netxlite.FailureHTTPInvalidRedirectLocationHost, | ||
Operation: netxlite.HTTPRoundTripOperation, | ||
WrappedErr: nil, | ||
} | ||
} | ||
return nil | ||
} |
136 changes: 136 additions & 0 deletions
136
internal/experiment/webconnectivitylte/httpredirect_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,136 @@ | ||
package webconnectivitylte | ||
|
||
import ( | ||
"errors" | ||
"fmt" | ||
"net/http" | ||
"net/url" | ||
"testing" | ||
|
||
"github.com/google/go-cmp/cmp" | ||
"github.com/ooni/probe-cli/v3/internal/netxlite" | ||
) | ||
|
||
func TestHTTPRedirectIsRedirect(t *testing.T) { | ||
type testcase struct { | ||
status int | ||
expect bool | ||
} | ||
|
||
cases := []testcase{{ | ||
status: 100, | ||
expect: false, | ||
}, { | ||
status: 200, | ||
expect: false, | ||
}, { | ||
status: 300, | ||
expect: false, | ||
}, { | ||
status: 301, | ||
expect: true, | ||
}, { | ||
status: 302, | ||
expect: true, | ||
}, { | ||
status: 304, | ||
expect: false, | ||
}, { | ||
status: 305, | ||
expect: false, | ||
}, { | ||
status: 306, | ||
expect: false, | ||
}, { | ||
status: 307, | ||
expect: true, | ||
}, { | ||
status: 308, | ||
expect: true, | ||
}, { | ||
status: 309, | ||
expect: false, | ||
}, { | ||
status: 400, | ||
expect: false, | ||
}, { | ||
status: 500, | ||
expect: false, | ||
}} | ||
|
||
for _, tc := range cases { | ||
t.Run(fmt.Sprintf("%d", tc.status), func(t *testing.T) { | ||
resp := &http.Response{StatusCode: tc.status} | ||
got := httpRedirectIsRedirect(resp) | ||
if diff := cmp.Diff(tc.expect, got); diff != "" { | ||
t.Fatal(diff) | ||
} | ||
}) | ||
} | ||
} | ||
|
||
func TestHTTPValidateRedirect(t *testing.T) { | ||
type testcase struct { | ||
addReq bool | ||
location string | ||
expect error | ||
} | ||
|
||
cases := []testcase{{ | ||
addReq: false, | ||
location: "/en-US/index.html", | ||
expect: errHTTPValidateRedirectMissingRequest, | ||
}, { | ||
addReq: true, | ||
location: "", // explicitly empty | ||
expect: http.ErrNoLocation, | ||
}, { | ||
addReq: true, | ||
location: "http://", | ||
expect: errors.New(netxlite.FailureHTTPInvalidRedirectLocationHost), | ||
}, { | ||
addReq: true, | ||
location: "https://", | ||
expect: errors.New(netxlite.FailureHTTPInvalidRedirectLocationHost), | ||
}, { | ||
addReq: true, | ||
location: "/en-US/index.html", | ||
expect: nil, | ||
}, { | ||
addReq: true, | ||
location: "https://web01.example.com/", | ||
expect: nil, | ||
}} | ||
|
||
for _, tc := range cases { | ||
t.Run(tc.location, func(t *testing.T) { | ||
resp := &http.Response{Header: http.Header{}} | ||
resp.Header.Set("Location", tc.location) | ||
if tc.addReq { | ||
resp.Request = &http.Request{URL: &url.URL{ | ||
Scheme: "https", | ||
Host: "www.example.com", | ||
Path: "/", | ||
}} | ||
} | ||
|
||
got := httpValidateRedirect(resp) | ||
|
||
switch { | ||
case tc.expect == nil && got == nil: | ||
// all good | ||
|
||
case tc.expect == nil && got != nil: | ||
t.Fatal("expected", tc.expect, "got", got) | ||
|
||
case tc.expect != nil && got == nil: | ||
t.Fatal("expected", tc.expect, "got", got) | ||
|
||
case tc.expect != nil && got != nil: | ||
if diff := cmp.Diff(tc.expect.Error(), got.Error()); diff != "" { | ||
t.Fatal(diff) | ||
} | ||
} | ||
}) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Oops, something went wrong.