From 00749ae5298a02c09762c5e06172063970c49f1b Mon Sep 17 00:00:00 2001 From: Daniel Carrillo Date: Fri, 26 Sep 2025 16:07:05 +0200 Subject: [PATCH] Add tests for new disable-scan flag --- README.md | 28 ++++++------ integration-tests/integration_test.go | 64 +++++++++++++++++++++++++++ internal/setting/app_test.go | 11 +++++ 3 files changed, 90 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index b5f1496..6964e43 100644 --- a/README.md +++ b/README.md @@ -126,31 +126,33 @@ Golang >= 1.22 is required. ```text Usage of whatismyip: -bind string - Listening address (see https://pkg.go.dev/net?#Listen) (default ":8080") + Listening address (see https://pkg.go.dev/net?#Listen) (default ":8080") + -disable-scan + Disable TCP port scanning functionality -enable-http3 - Enable HTTP/3 protocol. HTTP/3 requires --tls-bind set, as HTTP/3 starts as a TLS connection that then gets upgraded to UDP. The UDP port is the same as the one used for the TLS server. + Enable HTTP/3 protocol. HTTP/3 requires --tls-bind set, as HTTP/3 starts as a TLS connection that then gets upgraded to UDP. The UDP port is the same as the one used for the TLS server. -enable-secure-headers - Add sane security-related headers to every response + Add sane security-related headers to every response -geoip2-asn string - Path to GeoIP2 ASN database. Enables ASN information. (--geoip2-city becomes mandatory) + Path to GeoIP2 ASN database. Enables ASN information. (--geoip2-city becomes mandatory) -geoip2-city string - Path to GeoIP2 city database. Enables geo information (--geoip2-asn becomes mandatory) + Path to GeoIP2 city database. Enables geo information (--geoip2-asn becomes mandatory) -resolver string - Path to the resolver configuration. It actually enables the resolver for DNS client discovery. + Path to the resolver configuration. It actually enables the resolver for DNS client discovery. -template string - Path to the template file + Path to the template file -tls-bind string - Listening address for TLS (see https://pkg.go.dev/net?#Listen) + Listening address for TLS (see https://pkg.go.dev/net?#Listen) -tls-crt string - When using TLS, path to certificate file + When using TLS, path to certificate file -tls-key string - When using TLS, path to private key file + When using TLS, path to private key file -trusted-header string - Trusted request header for remote IP (e.g. X-Real-IP). When using this feature if -trusted-port-header is not set the client port is shown as 'unknown' + Trusted request header for remote IP (e.g. X-Real-IP). When using this feature if -trusted-port-header is not set the client port is shown as 'unknown' -trusted-port-header string - Trusted request header for remote client port (e.g. X-Real-Port). When this parameter is set -trusted-header becomes mandatory + Trusted request header for remote client port (e.g. X-Real-Port). When this parameter is set -trusted-header becomes mandatory -version - Output version information and exit + Output version information and exit ``` ## Examples diff --git a/integration-tests/integration_test.go b/integration-tests/integration_test.go index dcf7844..914cf12 100644 --- a/integration-tests/integration_test.go +++ b/integration-tests/integration_test.go @@ -235,6 +235,70 @@ func TestContainerIntegration(t *testing.T) { testWhatIsMyDNS(t) } +// TODO If other flags like this one are implemented we should think of a better approach +func TestContainerIntegrationDisableScan(t *testing.T) { + if testing.Short() { + t.Skip("Skiping integration tests") + } + + ctx := context.Background() + c, err := tc.GenericContainer(ctx, tc.GenericContainerRequest{ + ContainerRequest: tc.ContainerRequest{ + FromDockerfile: tc.FromDockerfile{ + Context: "../", + Dockerfile: "./test/Dockerfile", + PrintBuildLog: true, + KeepImage: false, + BuildOptionsModifier: func(buildOptions *types.ImageBuildOptions) { + buildOptions.Target = "test" + }, + }, + ExposedPorts: []string{ + "8000:8000", + }, + Cmd: []string{ + "-geoip2-city", "/GeoIP2-City-Test.mmdb", + "-geoip2-asn", "/GeoLite2-ASN-Test.mmdb", + "-bind", ":8000", + "-trusted-header", "X-Real-IP", + "-enable-secure-headers", + "-disable-scan", + }, + Files: []tc.ContainerFile{ + { + HostFilePath: "./../test/GeoIP2-City-Test.mmdb", + ContainerFilePath: "/GeoIP2-City-Test.mmdb", + }, + { + HostFilePath: "./../test/GeoLite2-ASN-Test.mmdb", + ContainerFilePath: "/GeoLite2-ASN-Test.mmdb", + }, + }, + WaitingFor: wait.ForLog("Starting TCP server"), + AutoRemove: true, + }, + Started: true, + }) + require.NoError(t, err) + t.Cleanup(func() { c.Terminate(ctx) }) + + t.Run("RequestScanEndpointWithDisabledScan", func(t *testing.T) { + req, err := http.NewRequest("GET", "http://localhost:8000/scan/tcp/8000", nil) + assert.NoError(t, err) + req.Header.Set("Accept", "application/json") + req.Header.Set("X-Real-IP", "127.0.0.1") + + client := &http.Client{} + resp, err := client.Do(req) + assert.NoError(t, err) + assert.Equal(t, http.StatusNotFound, resp.StatusCode) + + body, err := io.ReadAll(resp.Body) + assert.NoError(t, err) + assert.NotEmpty(t, body) + }) +} + func doQuicRequest(req *http.Request) (*http.Response, []byte, error) { roundTripper := &http3.Transport{ TLSClientConfig: &tls.Config{ diff --git a/internal/setting/app_test.go b/internal/setting/app_test.go index f4c1e9f..96e956d 100644 --- a/internal/setting/app_test.go +++ b/internal/setting/app_test.go @@ -77,6 +77,17 @@ func TestParseFlags(t *testing.T) { }, }, }, + { + []string{"-disable-scan"}, + settings{ + BindAddress: ":8080", + Server: serverSettings{ + ReadTimeout: 10 * time.Second, + WriteTimeout: 10 * time.Second, + }, + DisableTCPScan: true, + }, + }, { []string{"-bind", ":8001", "-geoip2-city", "/city-path", "-geoip2-asn", "/asn-path"}, settings{