opensource/dify
2
0
Fork 0
mirror of https://github.com/langgenius/dify.git synced 2026-04-25 17:47:30 +08:00
Code Issues Packages Projects Releases Wiki Activity
ed6ac97854
dify/api/tests/integration_tests/ssrf_proxy/test_cases_extended.yaml
-LAN- 42110a8217
test(ssrf_proxy): Add integration test for ssrf proxy 
Signed-off-by: -LAN- <laipz8200@outlook.com>
2025-09-01 13:45:08 +08:00

219 lines
6.6 KiB
YAML
Raw Blame History

# Extended SSRF Proxy Test Cases Configuration
# This file contains additional test cases for comprehensive testing
# Use with: python test_ssrf_proxy.py --test-file test_cases_extended.yaml
test_categories:
# Standard test cases
private_networks:
name: "Private Networks"
description: "Tests for blocking private IP ranges and loopback addresses"
test_cases:
- name: "Loopback (127.0.0.1)"
url: "http://127.0.0.1"
expected_blocked: true
description: "IPv4 loopback address"
- name: "Localhost"
url: "http://localhost"
expected_blocked: true
description: "Localhost hostname"
- name: "Private 10.x.x.x"
url: "http://10.0.0.1"
expected_blocked: true
description: "RFC 1918 private network"
- name: "Private 172.16.x.x"
url: "http://172.16.0.1"
expected_blocked: true
description: "RFC 1918 private network"
- name: "Private 192.168.x.x"
url: "http://192.168.1.1"
expected_blocked: true
description: "RFC 1918 private network"
- name: "Link-local"
url: "http://169.254.1.1"
expected_blocked: true
description: "Link-local address"
- name: "This network"
url: "http://0.0.0.0"
expected_blocked: true
description: "'This' network address"
cloud_metadata:
name: "Cloud Metadata"
description: "Tests for blocking cloud provider metadata endpoints"
test_cases:
- name: "AWS Metadata"
url: "http://169.254.169.254/latest/meta-data/"
expected_blocked: true
description: "AWS EC2 metadata endpoint"
- name: "Azure Metadata"
url: "http://169.254.169.254/metadata/instance"
expected_blocked: true
description: "Azure metadata endpoint"
- name: "DigitalOcean Metadata"
url: "http://169.254.169.254/metadata/v1"
expected_blocked: true
description: "DigitalOcean metadata endpoint"
- name: "Oracle Cloud Metadata"
url: "http://169.254.169.254/opc/v1"
expected_blocked: true
description: "Oracle Cloud metadata endpoint"
public_internet:
name: "Public Internet"
description: "Tests for allowing legitimate public internet access"
test_cases:
- name: "Example.com"
url: "http://example.com"
expected_blocked: false
description: "Public website"
- name: "Google HTTPS"
url: "https://www.google.com"
expected_blocked: false
description: "HTTPS public website"
- name: "HTTPBin API"
url: "http://httpbin.org/get"
expected_blocked: false
description: "Public API endpoint"
- name: "GitHub API"
url: "https://api.github.com"
expected_blocked: false
description: "Public API over HTTPS"
- name: "OpenAI API"
url: "https://api.openai.com"
expected_blocked: false
description: "OpenAI API endpoint"
- name: "Anthropic API"
url: "https://api.anthropic.com"
expected_blocked: false
description: "Anthropic API endpoint"
port_restrictions:
name: "Port Restrictions"
description: "Tests for port-based access control"
test_cases:
- name: "HTTP Port 80"
url: "http://example.com:80"
expected_blocked: false
description: "Standard HTTP port"
- name: "HTTPS Port 443"
url: "http://example.com:443"
expected_blocked: false
description: "Standard HTTPS port"
- name: "Port 8080"
url: "http://example.com:8080"
expected_blocked: true
description: "Alternative HTTP port"
- name: "Port 3000"
url: "http://example.com:3000"
expected_blocked: true
description: "Node.js development port"
- name: "SSH Port 22"
url: "http://example.com:22"
expected_blocked: true
description: "SSH port"
- name: "Telnet Port 23"
url: "http://example.com:23"
expected_blocked: true
description: "Telnet port"
- name: "SMTP Port 25"
url: "http://example.com:25"
expected_blocked: true
description: "SMTP mail port"
- name: "MySQL Port 3306"
url: "http://example.com:3306"
expected_blocked: true
description: "MySQL database port"
- name: "PostgreSQL Port 5432"
url: "http://example.com:5432"
expected_blocked: true
description: "PostgreSQL database port"
- name: "Redis Port 6379"
url: "http://example.com:6379"
expected_blocked: true
description: "Redis port"
- name: "MongoDB Port 27017"
url: "http://example.com:27017"
expected_blocked: true
description: "MongoDB port"
ipv6_tests:
name: "IPv6 Tests"
description: "Tests for IPv6 address handling"
test_cases:
- name: "IPv6 Loopback"
url: "http://[::1]"
expected_blocked: true
description: "IPv6 loopback address"
- name: "IPv6 All zeros"
url: "http://[::]"
expected_blocked: true
description: "IPv6 all zeros address"
- name: "IPv6 Link-local"
url: "http://[fe80::1]"
expected_blocked: true
description: "IPv6 link-local address"
- name: "IPv6 Unique local"
url: "http://[fc00::1]"
expected_blocked: true
description: "IPv6 unique local address"
special_cases:
name: "Special Cases"
description: "Edge cases and special scenarios"
test_cases:
- name: "Decimal IP notation"
url: "http://2130706433"
expected_blocked: true
description: "127.0.0.1 in decimal notation"
- name: "Octal IP notation"
url: "http://0177.0.0.1"
expected_blocked: true
description: "127.0.0.1 with octal notation"
- name: "Hex IP notation"
url: "http://0x7f.0.0.1"
expected_blocked: true
description: "127.0.0.1 with hex notation"
- name: "Mixed notation"
url: "http://0x7f.0.0.0x1"
expected_blocked: true
description: "127.0.0.1 with mixed hex notation"
- name: "Localhost with port"
url: "http://localhost:8080"
expected_blocked: true
description: "Localhost with non-standard port"
- name: "Domain with private IP"
url: "http://192-168-1-1.example.com"
expected_blocked: false
description: "Domain that looks like private IP (should resolve)"
Reference in New Issue View Git Blame Copy Permalink