1 //
2 //
3 // Copyright 2022 gRPC authors.
4 //
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 //
9 // http://www.apache.org/licenses/LICENSE-2.0
10 //
11 // Unless required by applicable law or agreed to in writing, software
12 // distributed under the License is distributed on an "AS IS" BASIS,
13 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 // See the License for the specific language governing permissions and
15 // limitations under the License.
16 //
17 //
18
19 #include "src/core/client_channel/http_proxy_mapper.h"
20
21 #include "absl/status/status.h"
22 #include "absl/status/statusor.h"
23 #include "absl/strings/str_format.h"
24 #include "absl/types/optional.h"
25 #include "gmock/gmock.h"
26 #include "gtest/gtest.h"
27
28 #include <grpc/impl/channel_arg_names.h>
29
30 #include "src/core/lib/address_utils/parse_address.h"
31 #include "src/core/lib/address_utils/sockaddr_utils.h"
32 #include "src/core/lib/channel/channel_args.h"
33 #include "src/core/lib/transport/http_connect_handshaker.h"
34 #include "test/core/util/scoped_env_var.h"
35 #include "test/core/util/test_config.h"
36
37 namespace grpc_core {
38 namespace testing {
39 namespace {
40
41 const char* kNoProxyVarName = "no_proxy";
42
43 MATCHER_P(AddressEq, address, absl::StrFormat("is address %s", address)) {
44 if (!arg.has_value()) {
45 *result_listener << "is empty";
46 return false;
47 }
48 auto address_string = grpc_sockaddr_to_string(&arg.value(), true);
49 if (!address_string.ok()) {
50 *result_listener << "unable to convert address to string: "
51 << address_string.status();
52 return false;
53 }
54 if (*address_string != address) {
55 *result_listener << "value: " << *address_string;
56 return false;
57 }
58 return true;
59 }
60
61 // Test that an empty no_proxy works as expected, i.e., proxy is used.
TEST(NoProxyTest,EmptyList)62 TEST(NoProxyTest, EmptyList) {
63 ScopedEnvVar no_proxy(kNoProxyVarName, "");
64 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "http://proxy.google.com");
65 EXPECT_EQ(HttpProxyMapper().MapName("dns:///test.google.com:443", &args),
66 "proxy.google.com");
67 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER),
68 "test.google.com:443");
69 }
70
71 // Test basic usage of 'no_proxy' to avoid using proxy for certain domain names.
TEST(NoProxyTest,Basic)72 TEST(NoProxyTest, Basic) {
73 ScopedEnvVar no_proxy(kNoProxyVarName, "google.com");
74 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "http://proxy.google.com");
75 EXPECT_EQ(HttpProxyMapper().MapName("dns:///test.google.com:443", &args),
76 absl::nullopt);
77 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
78 }
79
80 // Test empty entries in 'no_proxy' list.
TEST(NoProxyTest,EmptyEntries)81 TEST(NoProxyTest, EmptyEntries) {
82 ScopedEnvVar no_proxy(kNoProxyVarName, "foo.com,,google.com,,");
83 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "http://proxy.google.com");
84 EXPECT_EQ(HttpProxyMapper().MapName("dns:///test.google.com:443", &args),
85 absl::nullopt);
86 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
87 }
88
89 // Test entries with CIDR blocks (Class A) in 'no_proxy' list.
TEST(NoProxyTest,CIDRClassAEntries)90 TEST(NoProxyTest, CIDRClassAEntries) {
91 ScopedEnvVar no_proxy(kNoProxyVarName, "foo.com,192.168.0.255/8");
92 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "http://proxy.google.com");
93 // address matching no_proxy cidr block
94 EXPECT_EQ(HttpProxyMapper().MapName("dns:///192.0.1.1:443", &args),
95 absl::nullopt);
96 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
97 // address not matching no_proxy cidr block
98 EXPECT_EQ(HttpProxyMapper().MapName("dns:///193.0.1.1:443", &args),
99 "proxy.google.com");
100 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), "193.0.1.1:443");
101 }
102
103 // Test entries with CIDR blocks (Class B) in 'no_proxy' list.
TEST(NoProxyTest,CIDRClassBEntries)104 TEST(NoProxyTest, CIDRClassBEntries) {
105 ScopedEnvVar no_proxy(kNoProxyVarName, "foo.com,192.168.0.255/16");
106 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "http://proxy.google.com");
107 // address matching no_proxy cidr block
108 EXPECT_EQ(HttpProxyMapper().MapName("dns:///192.168.1.5:443", &args),
109 absl::nullopt);
110 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
111 // address not matching no_proxy cidr block
112 EXPECT_EQ(HttpProxyMapper().MapName("dns:///192.169.1.1:443", &args),
113 "proxy.google.com");
114 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), "192.169.1.1:443");
115 }
116
117 // Test entries with CIDR blocks (Class C) in 'no_proxy' list.
TEST(NoProxyTest,CIDRClassCEntries)118 TEST(NoProxyTest, CIDRClassCEntries) {
119 ScopedEnvVar no_proxy(kNoProxyVarName, "foo.com,192.168.0.255/24");
120 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "http://proxy.google.com");
121 // address matching no_proxy cidr block
122 EXPECT_EQ(HttpProxyMapper().MapName("dns:///192.168.0.5:443", &args),
123 absl::nullopt);
124 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
125 // address not matching no_proxy cidr block
126 EXPECT_EQ(HttpProxyMapper().MapName("dns:///192.168.1.1:443", &args),
127 "proxy.google.com");
128 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), "192.168.1.1:443");
129 }
130
131 // Test entries with CIDR blocks (exact match) in 'no_proxy' list.
TEST(NoProxyTest,CIDREntriesExactMatch)132 TEST(NoProxyTest, CIDREntriesExactMatch) {
133 ScopedEnvVar no_proxy(kNoProxyVarName, "foo.com,192.168.0.4/32");
134 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "http://proxy.google.com");
135 // address matching no_proxy cidr block
136 EXPECT_EQ(HttpProxyMapper().MapName("dns:///192.168.0.4:443", &args),
137 absl::nullopt);
138 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
139 // address not matching no_proxy cidr block
140 EXPECT_EQ(HttpProxyMapper().MapName("dns:///192.168.0.5:443", &args),
141 "proxy.google.com");
142 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), "192.168.0.5:443");
143 }
144
145 // Test entries with IPv6 CIDR blocks in 'no_proxy' list.
TEST(NoProxyTest,CIDREntriesIPv6ExactMatch)146 TEST(NoProxyTest, CIDREntriesIPv6ExactMatch) {
147 ScopedEnvVar no_proxy(kNoProxyVarName, "foo.com,2002:db8:a::45/64");
148 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "http://proxy.google.com");
149 // address matching no_proxy cidr block
150 EXPECT_EQ(HttpProxyMapper().MapName(
151 "dns:///[2002:0db8:000a:0000:0000:0000:0000:0001]:443", &args),
152 absl::nullopt);
153 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
154 // address not matching no_proxy cidr block
155 EXPECT_EQ(HttpProxyMapper().MapName(
156 "dns:///[2003:0db8:000a:0000:0000:0000:0000:0000]:443", &args),
157 "proxy.google.com");
158 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER),
159 "[2003:0db8:000a:0000:0000:0000:0000:0000]:443");
160 }
161
162 // Test entries with whitespaced CIDR blocks in 'no_proxy' list.
TEST(NoProxyTest,WhitespacedEntries)163 TEST(NoProxyTest, WhitespacedEntries) {
164 ScopedEnvVar no_proxy(kNoProxyVarName, "foo.com, 192.168.0.255/24");
165 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "http://proxy.google.com");
166 // address matching no_proxy cidr block
167 EXPECT_EQ(HttpProxyMapper().MapName("dns:///192.168.0.5:443", &args),
168 absl::nullopt);
169 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
170 // address not matching no_proxy cidr block
171 EXPECT_EQ(HttpProxyMapper().MapName("dns:///192.168.1.0:443", &args),
172 "proxy.google.com");
173 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), "192.168.1.0:443");
174 }
175
176 // Test entries with invalid CIDR blocks in 'no_proxy' list.
TEST(NoProxyTest,InvalidCIDREntries)177 TEST(NoProxyTest, InvalidCIDREntries) {
178 ScopedEnvVar no_proxy(kNoProxyVarName, "foo.com, 192.168.0.255/33");
179 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "http://proxy.google.com");
180 EXPECT_EQ(HttpProxyMapper().MapName("dns:///192.168.1.0:443", &args),
181 "proxy.google.com");
182 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), "192.168.1.0:443");
183 }
184
TEST(ProxyForAddressTest,ChannelArgPreferred)185 TEST(ProxyForAddressTest, ChannelArgPreferred) {
186 ScopedEnvVar address_proxy(HttpProxyMapper::kAddressProxyEnvVar,
187 "192.168.0.100:2020");
188 auto args = ChannelArgs()
189 .Set(GRPC_ARG_ADDRESS_HTTP_PROXY, "192.168.0.101:2020")
190 .Set(GRPC_ARG_ADDRESS_HTTP_PROXY_ENABLED_ADDRESSES,
191 "255.255.255.255/0");
192 auto address = StringToSockaddr("192.168.0.1:3333");
193 ASSERT_TRUE(address.ok()) << address.status();
194 EXPECT_THAT(HttpProxyMapper().MapAddress(*address, &args),
195 AddressEq("192.168.0.101:2020"));
196 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), "192.168.0.1:3333");
197 }
198
TEST(ProxyForAddressTest,AddressesNotIncluded)199 TEST(ProxyForAddressTest, AddressesNotIncluded) {
200 ScopedEnvVar address_proxy(HttpProxyMapper::kAddressProxyEnvVar,
201 "192.168.0.100:2020");
202 ScopedEnvVar address_proxy_enabled(
203 HttpProxyMapper::kAddressProxyEnabledAddressesEnvVar,
204 " 192.168.0.0/24 , 192.168.1.1 , 2001:db8:1::0/48 , 2001:db8:2::5");
205 // v4 address
206 auto address = StringToSockaddr("192.168.2.1:3333");
207 ASSERT_TRUE(address.ok()) << address.status();
208 ChannelArgs args;
209 EXPECT_EQ(HttpProxyMapper().MapAddress(*address, &args), absl::nullopt);
210 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
211 // v6 address
212 address = StringToSockaddr("[2001:db8:2::1]:3000");
213 ASSERT_TRUE(address.ok()) << address.status();
214 args = ChannelArgs();
215 EXPECT_EQ(HttpProxyMapper().MapAddress(*address, &args), absl::nullopt);
216 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
217 }
218
TEST(ProxyForAddressTest,BadProxy)219 TEST(ProxyForAddressTest, BadProxy) {
220 auto args = ChannelArgs().Set(GRPC_ARG_HTTP_PROXY, "192.168.0.0.100:2020");
221 auto address = StringToSockaddr("192.168.0.1:3333");
222 ASSERT_TRUE(address.ok()) << address.status();
223 EXPECT_EQ(HttpProxyMapper().MapAddress(*address, &args), absl::nullopt);
224 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), absl::nullopt);
225 }
226
227 class IncludedAddressesTest
228 : public ::testing::TestWithParam<absl::string_view> {};
229
230 INSTANTIATE_TEST_CASE_P(IncludedAddresses, IncludedAddressesTest,
231 ::testing::Values(
232 // IP v6 address in a proxied subnet
233 "[2001:db8:1::1]:2020",
234 // IP v6 address that is proxied
235 "[2001:db8:2::5]:2020",
236 // Proxied IP v4 address
237 "192.168.1.1:3333",
238 // IP v4 address in proxied subnet
239 "192.168.0.1:3333"));
240
TEST_P(IncludedAddressesTest,AddressIncluded)241 TEST_P(IncludedAddressesTest, AddressIncluded) {
242 ScopedEnvVar address_proxy(HttpProxyMapper::kAddressProxyEnvVar,
243 "[2001:db8::1111]:2020");
244 ScopedEnvVar address_proxy_enabled(
245 HttpProxyMapper::kAddressProxyEnabledAddressesEnvVar,
246 // Whitespaces added to test that they are ignored as expected
247 " 192.168.0.0/24 , 192.168.1.1 , 2001:db8:1::0/48 , 2001:db8:2::5");
248 auto address = StringToSockaddr(GetParam());
249 ASSERT_TRUE(address.ok()) << GetParam() << ": " << address.status();
250 ChannelArgs args;
251 EXPECT_THAT(HttpProxyMapper().MapAddress(*address, &args),
252 AddressEq("[2001:db8::1111]:2020"));
253 EXPECT_EQ(args.GetString(GRPC_ARG_HTTP_CONNECT_SERVER), GetParam());
254 }
255
256 } // namespace
257 } // namespace testing
258 } // namespace grpc_core
259
main(int argc,char ** argv)260 int main(int argc, char** argv) {
261 ::testing::InitGoogleTest(&argc, argv);
262 grpc::testing::TestEnvironment env(&argc, argv);
263 auto result = RUN_ALL_TESTS();
264 return result;
265 }
266