1702610555

Committed 06 Mar 2025 09:22AM UTC coverage: 65.502% (+0.02%) from 65.481%

Build # 1702610555

Build Type

Pull #416

gitlab-ci

Committed by

mzedel

Commit Message

test: added e2e tests for webhook functionality

Ticket: MEN-7926
Signed-off-by: Manuel Zedel <manuel.zedel@northern.tech>

Pull Request Pull Request #416: MEN-7926 + MEN-8077 - webhook e2e tests + configurable webhook address validation

Run Details

8 of 12 new or added lines in 2 files covered. (66.67%)

3 existing lines in 2 files now uncovered.

31661 of 48336 relevant lines covered (65.5%)

1.38 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

96.61

/backend/services/iot-manager/model/credentials_http.go

// Copyright 2022 Northern.tech AS
//
//    Licensed under the Apache License, Version 2.0 (the "License");
//    you may not use this file except in compliance with the License.
//    You may obtain a copy of the License at
//
//        http://www.apache.org/licenses/LICENSE-2.0
//
//    Unless required by applicable law or agreed to in writing, software
//    distributed under the License is distributed on an "AS IS" BASIS,
//    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//    See the License for the specific language governing permissions and
//    limitations under the License.

package model

import (
        "encoding/hex"
        "encoding/json"
        "fmt"
        "net"
        "net/url"
        "sync"

        "github.com/mendersoftware/mender-server/pkg/config"
        dconfig "github.com/mendersoftware/mender-server/services/iot-manager/config"
        "github.com/mendersoftware/mender-server/services/iot-manager/crypto"
        inet "github.com/mendersoftware/mender-server/services/iot-manager/internal/net"

        validation "github.com/go-ozzo/ozzo-validation/v4"
)

type HexSecret crypto.String

var (
        skipVerify         bool
        skipVerifyLoadOnce sync.Once
)

func (sec *HexSecret) UnmarshalText(b []byte) error {
        dst := make([]byte, hex.DecodedLen(len(b)))
        n, err := hex.Decode(dst, b)
        if err != nil {
                return fmt.Errorf("value error: '%s' is not a hexadecimal string", string(b))
        }
        *sec = HexSecret(dst[:n])
        return nil
}

func (sec HexSecret) MarshalText() ([]byte, error) {
        return []byte("<omitted>"), nil
}

func (sec HexSecret) MarshalBSON() ([]byte, error) {
        cStr := crypto.String(sec)
        return (&cStr).MarshalBSON()
}

func (sec *HexSecret) UnmarshalBSON(b []byte) error {
        cStr := (*crypto.String)(sec)
        return cStr.UnmarshalBSON(b)
}

type HTTPCredentials struct {
        URL    string     `json:"url,omitempty"    bson:"url,omitempty"`
        Secret *HexSecret `json:"secret,omitempty" bson:"secret,omitempty"`

        // private field toggling validation verbosity
        // - only set if unmarshaled from JSON
        validateAddr bool
}

func (cred *HTTPCredentials) UnmarshalJSON(b []byte) error {
        type creds HTTPCredentials
        if err := json.Unmarshal(b, (*creds)(cred)); err != nil {
                return err
        }
        cred.validateAddr = true
        return nil
}

func (cred HTTPCredentials) validateURL(interface{}) error {
        uu, err := url.Parse(cred.URL)
        if err != nil {
                return err
        }
        skipVerifyLoadOnce.Do(func() {
                skipVerify = config.Config.GetBool(dconfig.SettingDomainSkipVerify)
        })
        if skipVerify {
                return nil
        }
        if !cred.validateAddr {
                return nil
        }
        ips, err := net.LookupIP(uu.Hostname())
        if err != nil {
                return err
        }
        for _, ip := range ips {
                if !inet.IsGlobalUnicast(ip) {
                        return net.InvalidAddrError(
                                "hostname resolves to reserved address",
                        )
                }
        }
        return nil
}

func (cred HTTPCredentials) Validate() error {
        return validation.ValidateStruct(&cred,
                validation.Field(&cred.URL,
                        validation.Required,
                        validation.By(cred.validateURL),
                ),
        )
}

1	// Copyright 2022 Northern.tech AS
2	//
3	// Licensed under the Apache License, Version 2.0 (the "License");
4	// you may not use this file except in compliance with the License.
5	// You may obtain a copy of the License at
6	//
7	// http://www.apache.org/licenses/LICENSE-2.0
8	//
9	// Unless required by applicable law or agreed to in writing, software
10	// distributed under the License is distributed on an "AS IS" BASIS,
11	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12	// See the License for the specific language governing permissions and
13	// limitations under the License.
14
15	package model
16
17	import (
18	"encoding/hex"
19	"encoding/json"
20	"fmt"
21	"net"
22	"net/url"
23	"sync"
24
25	"github.com/mendersoftware/mender-server/pkg/config"
26	dconfig "github.com/mendersoftware/mender-server/services/iot-manager/config"
27	"github.com/mendersoftware/mender-server/services/iot-manager/crypto"
28	inet "github.com/mendersoftware/mender-server/services/iot-manager/internal/net"
29
30	validation "github.com/go-ozzo/ozzo-validation/v4"
31	)
32
33	type HexSecret crypto.String
34
35	var (
36	skipVerify bool
37	skipVerifyLoadOnce sync.Once
38	)
39
40	func (sec *HexSecret) UnmarshalText(b []byte) error {	2✔
41	dst := make([]byte, hex.DecodedLen(len(b)))	2✔
42	n, err := hex.Decode(dst, b)	2✔
43	if err != nil {	3✔
44	return fmt.Errorf("value error: '%s' is not a hexadecimal string", string(b))	1✔
45	}	1✔
46	*sec = HexSecret(dst[:n])	2✔
47	return nil	2✔
48	}
49
50	func (sec HexSecret) MarshalText() ([]byte, error) {	1✔
51	return []byte("<omitted>"), nil	1✔
52	}	1✔
53
54	func (sec HexSecret) MarshalBSON() ([]byte, error) {	2✔
55	cStr := crypto.String(sec)	2✔
56	return (&cStr).MarshalBSON()	2✔
57	}	2✔
58
59	func (sec *HexSecret) UnmarshalBSON(b []byte) error {	2✔
60	cStr := (*crypto.String)(sec)	2✔
61	return cStr.UnmarshalBSON(b)	2✔
62	}	2✔
63
64	type HTTPCredentials struct {
65	URL string `json:"url,omitempty" bson:"url,omitempty"`
66	Secret *HexSecret `json:"secret,omitempty" bson:"secret,omitempty"`
67
68	// private field toggling validation verbosity
69	// - only set if unmarshaled from JSON
70	validateAddr bool
71	}
72
73	func (cred *HTTPCredentials) UnmarshalJSON(b []byte) error {	3✔
74	type creds HTTPCredentials	3✔
75	if err := json.Unmarshal(b, (*creds)(cred)); err != nil {	4✔
76	return err	1✔
77	}	1✔
78	cred.validateAddr = true	3✔
79	return nil	3✔
80	}
81
82	func (cred HTTPCredentials) validateURL(interface{}) error {	3✔
83	uu, err := url.Parse(cred.URL)	3✔
84	if err != nil {	4✔
85	return err	1✔
86	}	1✔
87	skipVerifyLoadOnce.Do(func() {	6✔
88	skipVerify = config.Config.GetBool(dconfig.SettingDomainSkipVerify)	3✔
89	})	3✔
90	if skipVerify {	3✔
NEW 91	return nil	×
NEW 92	}	×
93	if !cred.validateAddr {	6✔
94	return nil	3✔
95	}	3✔
96	ips, err := net.LookupIP(uu.Hostname())	3✔
97	if err != nil {	4✔
98	return err	1✔
99	}	1✔
100	for _, ip := range ips {	6✔
101	if !inet.IsGlobalUnicast(ip) {	4✔
102	return net.InvalidAddrError(	1✔
103	"hostname resolves to reserved address",	1✔
104	)	1✔
105	}	1✔
106	}
107	return nil	3✔
108	}
109
110	func (cred HTTPCredentials) Validate() error {	3✔
111	return validation.ValidateStruct(&cred,	3✔
112	validation.Field(&cred.URL,	3✔
113	validation.Required,	3✔
114	validation.By(cred.validateURL),	3✔
115	),	3✔
116	)	3✔
117	}	3✔

mendersoftware / mender-server / 1702610555

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous