1 //
2 //
3 // Copyright 2022 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18
19 #include "src/core/handshaker/http_connect/http_proxy_mapper.h"
20
21 #include <grpc/impl/channel_arg_names.h>
22
23 #include "absl/status/status.h"
24 #include "absl/status/statusor.h"
25 #include "absl/strings/str_format.h"
26 #include "absl/types/optional.h"
27 #include "gmock/gmock.h"
28 #include "gtest/gtest.h"
29 #include "src/core/handshaker/http_connect/http_connect_handshaker.h"
30 #include "src/core/lib/address_utils/parse_address.h"
31 #include "src/core/lib/address_utils/sockaddr_utils.h"
32 #include "src/core/lib/channel/channel_args.h"
33 #include "test/core/test_util/scoped_env_var.h"
34 #include "test/core/test_util/test_config.h"
35
36 namespace grpc_core {
37 namespace testing {
38 namespace {
39
40 const char* kNoProxyVarName = "no_proxy";
41
42 MATCHER_P(AddressEq, address, absl::StrFormat("is address %s", address)) {
43 if (!arg.has_value()) {
44 *result_listener << "is empty";
45 return false;
46 }
47 auto address_string = grpc_sockaddr_to_string(&arg.value(), true);
48 if (!address_string.ok()) {
49 *result_listener << "unable to convert address to string: "
50 << address_string.status();
51 return false;
52 }
53 if (*address_string != address) {
54 *result_listener << "value: " << *address_string;
55 return false;
56 }
57 return true;
58 }
59
60 // Test that an empty no_proxy works as expected, i.e., proxy is used.
TEST(NoProxyTest,EmptyList)61 TEST(NoProxyTest, EmptyList) {
62 ScopedEnvVar no_proxy(kNoProxyVarName, "");
63 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "http://proxy.google.com");
64 EXPECT_EQ(HttpProxyMapper().MapName("dns:///test.google.com:443", &args),
65 "proxy.google.com");
66 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER),
67 "test.google.com:443");
68 }
69
70 // Test basic usage of 'no_proxy' to avoid using proxy for certain domain names.
TEST(NoProxyTest,Basic)71 TEST(NoProxyTest, Basic) {
72 ScopedEnvVar no_proxy(kNoProxyVarName, "google.com");
73 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "http://proxy.google.com");
74 EXPECT_EQ(HttpProxyMapper().MapName("dns:///test.google.com:443", &args),
75 absl::nullopt);
76 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
77 }
78
79 // Test empty entries in 'no_proxy' list.
TEST(NoProxyTest,EmptyEntries)80 TEST(NoProxyTest, EmptyEntries) {
81 ScopedEnvVar no_proxy(kNoProxyVarName, "foo.com,,google.com,,");
82 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "http://proxy.google.com");
83 EXPECT_EQ(HttpProxyMapper().MapName("dns:///test.google.com:443", &args),
84 absl::nullopt);
85 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
86 }
87
88 // Test entries with CIDR blocks (Class A) in 'no_proxy' list.
TEST(NoProxyTest,CIDRClassAEntries)89 TEST(NoProxyTest, CIDRClassAEntries) {
90 ScopedEnvVar no_proxy(kNoProxyVarName, "foo.com,192.168.0.255/8");
91 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "http://proxy.google.com");
92 // address matching no_proxy cidr block
93 EXPECT_EQ(HttpProxyMapper().MapName("dns:///192.0.1.1:443", &args),
94 absl::nullopt);
95 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
96 // address not matching no_proxy cidr block
97 EXPECT_EQ(HttpProxyMapper().MapName("dns:///193.0.1.1:443", &args),
98 "proxy.google.com");
99 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), "193.0.1.1:443");
100 }
101
102 // Test entries with CIDR blocks (Class B) in 'no_proxy' list.
TEST(NoProxyTest,CIDRClassBEntries)103 TEST(NoProxyTest, CIDRClassBEntries) {
104 ScopedEnvVar no_proxy(kNoProxyVarName, "foo.com,192.168.0.255/16");
105 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "http://proxy.google.com");
106 // address matching no_proxy cidr block
107 EXPECT_EQ(HttpProxyMapper().MapName("dns:///192.168.1.5:443", &args),
108 absl::nullopt);
109 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
110 // address not matching no_proxy cidr block
111 EXPECT_EQ(HttpProxyMapper().MapName("dns:///192.169.1.1:443", &args),
112 "proxy.google.com");
113 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), "192.169.1.1:443");
114 }
115
116 // Test entries with CIDR blocks (Class C) in 'no_proxy' list.
TEST(NoProxyTest,CIDRClassCEntries)117 TEST(NoProxyTest, CIDRClassCEntries) {
118 ScopedEnvVar no_proxy(kNoProxyVarName, "foo.com,192.168.0.255/24");
119 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "http://proxy.google.com");
120 // address matching no_proxy cidr block
121 EXPECT_EQ(HttpProxyMapper().MapName("dns:///192.168.0.5:443", &args),
122 absl::nullopt);
123 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
124 // address not matching no_proxy cidr block
125 EXPECT_EQ(HttpProxyMapper().MapName("dns:///192.168.1.1:443", &args),
126 "proxy.google.com");
127 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), "192.168.1.1:443");
128 }
129
130 // Test entries with CIDR blocks (exact match) in 'no_proxy' list.
TEST(NoProxyTest,CIDREntriesExactMatch)131 TEST(NoProxyTest, CIDREntriesExactMatch) {
132 ScopedEnvVar no_proxy(kNoProxyVarName, "foo.com,192.168.0.4/32");
133 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "http://proxy.google.com");
134 // address matching no_proxy cidr block
135 EXPECT_EQ(HttpProxyMapper().MapName("dns:///192.168.0.4:443", &args),
136 absl::nullopt);
137 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
138 // address not matching no_proxy cidr block
139 EXPECT_EQ(HttpProxyMapper().MapName("dns:///192.168.0.5:443", &args),
140 "proxy.google.com");
141 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), "192.168.0.5:443");
142 }
143
144 // Test entries with IPv6 CIDR blocks in 'no_proxy' list.
TEST(NoProxyTest,CIDREntriesIPv6ExactMatch)145 TEST(NoProxyTest, CIDREntriesIPv6ExactMatch) {
146 ScopedEnvVar no_proxy(kNoProxyVarName, "foo.com,2002:db8:a::45/64");
147 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "http://proxy.google.com");
148 // address matching no_proxy cidr block
149 EXPECT_EQ(HttpProxyMapper().MapName(
150 "dns:///[2002:0db8:000a:0000:0000:0000:0000:0001]:443", &args),
151 absl::nullopt);
152 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
153 // address not matching no_proxy cidr block
154 EXPECT_EQ(HttpProxyMapper().MapName(
155 "dns:///[2003:0db8:000a:0000:0000:0000:0000:0000]:443", &args),
156 "proxy.google.com");
157 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER),
158 "[2003:0db8:000a:0000:0000:0000:0000:0000]:443");
159 }
160
161 // Test entries with whitespaced CIDR blocks in 'no_proxy' list.
TEST(NoProxyTest,WhitespacedEntries)162 TEST(NoProxyTest, WhitespacedEntries) {
163 ScopedEnvVar no_proxy(kNoProxyVarName, "foo.com, 192.168.0.255/24");
164 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "http://proxy.google.com");
165 // address matching no_proxy cidr block
166 EXPECT_EQ(HttpProxyMapper().MapName("dns:///192.168.0.5:443", &args),
167 absl::nullopt);
168 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
169 // address not matching no_proxy cidr block
170 EXPECT_EQ(HttpProxyMapper().MapName("dns:///192.168.1.0:443", &args),
171 "proxy.google.com");
172 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), "192.168.1.0:443");
173 }
174
175 // Test entries with invalid CIDR blocks in 'no_proxy' list.
TEST(NoProxyTest,InvalidCIDREntries)176 TEST(NoProxyTest, InvalidCIDREntries) {
177 ScopedEnvVar no_proxy(kNoProxyVarName, "foo.com, 192.168.0.255/33");
178 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "http://proxy.google.com");
179 EXPECT_EQ(HttpProxyMapper().MapName("dns:///192.168.1.0:443", &args),
180 "proxy.google.com");
181 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), "192.168.1.0:443");
182 }
183
TEST(ProxyForAddressTest,ChannelArgPreferred)184 TEST(ProxyForAddressTest, ChannelArgPreferred) {
185 ScopedEnvVar address_proxy(HttpProxyMapper::kAddressProxyEnvVar,
186 "192.168.0.100:2020");
187 auto args = ChannelArgs()
188 .Set(GRPC_ARG_ADDRESS_HTTP_PROXY, "192.168.0.101:2020")
189 .Set(GRPC_ARG_ADDRESS_HTTP_PROXY_ENABLED_ADDRESSES,
190 "255.255.255.255/0");
191 auto address = StringToSockaddr("192.168.0.1:3333");
192 ASSERT_TRUE(address.ok()) << address.status();
193 EXPECT_THAT(HttpProxyMapper().MapAddress(*address, &args),
194 AddressEq("192.168.0.101:2020"));
195 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), "192.168.0.1:3333");
196 }
197
TEST(ProxyForAddressTest,AddressesNotIncluded)198 TEST(ProxyForAddressTest, AddressesNotIncluded) {
199 ScopedEnvVar address_proxy(HttpProxyMapper::kAddressProxyEnvVar,
200 "192.168.0.100:2020");
201 ScopedEnvVar address_proxy_enabled(
202 HttpProxyMapper::kAddressProxyEnabledAddressesEnvVar,
203 " 192.168.0.0/24 , 192.168.1.1 , 2001:db8:1::0/48 , 2001:db8:2::5");
204 // v4 address
205 auto address = StringToSockaddr("192.168.2.1:3333");
206 ASSERT_TRUE(address.ok()) << address.status();
207 ChannelArgs args;
208 EXPECT_EQ(HttpProxyMapper().MapAddress(*address, &args), absl::nullopt);
209 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
210 // v6 address
211 address = StringToSockaddr("[2001:db8:2::1]:3000");
212 ASSERT_TRUE(address.ok()) << address.status();
213 args = ChannelArgs();
214 EXPECT_EQ(HttpProxyMapper().MapAddress(*address, &args), absl::nullopt);
215 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
216 }
217
TEST(ProxyForAddressTest,BadProxy)218 TEST(ProxyForAddressTest, BadProxy) {
219 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "192.168.0.0.100:2020");
220 auto address = StringToSockaddr("192.168.0.1:3333");
221 ASSERT_TRUE(address.ok()) << address.status();
222 EXPECT_EQ(HttpProxyMapper().MapAddress(*address, &args), absl::nullopt);
223 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
224 }
225
226 class IncludedAddressesTest
227 : public ::testing::TestWithParam<absl::string_view> {};
228
229 INSTANTIATE_TEST_CASE_P(IncludedAddresses, IncludedAddressesTest,
230 ::testing::Values(
231 // IP v6 address in a proxied subnet
232 "[2001:db8:1::1]:2020",
233 // IP v6 address that is proxied
234 "[2001:db8:2::5]:2020",
235 // Proxied IP v4 address
236 "192.168.1.1:3333",
237 // IP v4 address in proxied subnet
238 "192.168.0.1:3333"));
239
TEST_P(IncludedAddressesTest,AddressIncluded)240 TEST_P(IncludedAddressesTest, AddressIncluded) {
241 ScopedEnvVar address_proxy(HttpProxyMapper::kAddressProxyEnvVar,
242 "[2001:db8::1111]:2020");
243 ScopedEnvVar address_proxy_enabled(
244 HttpProxyMapper::kAddressProxyEnabledAddressesEnvVar,
245 // Whitespaces added to test that they are ignored as expected
246 " 192.168.0.0/24 , 192.168.1.1 , 2001:db8:1::0/48 , 2001:db8:2::5");
247 auto address = StringToSockaddr(GetParam());
248 ASSERT_TRUE(address.ok()) << GetParam() << ": " << address.status();
249 ChannelArgs args;
250 EXPECT_THAT(HttpProxyMapper().MapAddress(*address, &args),
251 AddressEq("[2001:db8::1111]:2020"));
252 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), GetParam());
253 }
254
255 } // namespace
256 } // namespace testing
257 } // namespace grpc_core
258
main(int argc,char ** argv)259 int main(int argc, char** argv) {
260 ::testing::InitGoogleTest(&argc, argv);
261 grpc::testing::TestEnvironment env(&argc, argv);
262 auto result = RUN_ALL_TESTS();
263 return result;
264 }
265