Add tests for new disable-scan flag

2025-10-13 22:39:08 +00:00 · 2025-09-26 16:07:05 +02:00
parent 9b87d28433
commit 00749ae529
3 changed files with 90 additions and 13 deletions
--- a/README.md
+++ b/README.md
@@ -126,31 +126,33 @@ Golang >= 1.22 is required.
 ```text
 Usage of whatismyip:
  -bind string
-      Listening address (see https://pkg.go.dev/net?#Listen) (default ":8080")
+   	Listening address (see https://pkg.go.dev/net?#Listen) (default ":8080")
+  -disable-scan
+   	Disable TCP port scanning functionality
  -enable-http3
-      Enable HTTP/3 protocol. HTTP/3 requires --tls-bind set, as HTTP/3 starts as a TLS connection that then gets upgraded to UDP. The UDP port is the same as the one used for the TLS server.
+   	Enable HTTP/3 protocol. HTTP/3 requires --tls-bind set, as HTTP/3 starts as a TLS connection that then gets upgraded to UDP. The UDP port is the same as the one used for the TLS server.
  -enable-secure-headers
-      Add sane security-related headers to every response
+   	Add sane security-related headers to every response
  -geoip2-asn string
-      Path to GeoIP2 ASN database. Enables ASN information. (--geoip2-city becomes mandatory)
+   	Path to GeoIP2 ASN database. Enables ASN information. (--geoip2-city becomes mandatory)
  -geoip2-city string
-      Path to GeoIP2 city database. Enables geo information (--geoip2-asn becomes mandatory)
+   	Path to GeoIP2 city database. Enables geo information (--geoip2-asn becomes mandatory)
  -resolver string
-      Path to the resolver configuration. It actually enables the resolver for DNS client discovery.
+   	Path to the resolver configuration. It actually enables the resolver for DNS client discovery.
  -template string
-      Path to the template file
+   	Path to the template file
  -tls-bind string
-      Listening address for TLS (see https://pkg.go.dev/net?#Listen)
+   	Listening address for TLS (see https://pkg.go.dev/net?#Listen)
  -tls-crt string
-      When using TLS, path to certificate file
+   	When using TLS, path to certificate file
  -tls-key string
-      When using TLS, path to private key file
+   	When using TLS, path to private key file
  -trusted-header string
-      Trusted request header for remote IP (e.g. X-Real-IP). When using this feature if -trusted-port-header is not set the client port is shown as 'unknown'
+   	Trusted request header for remote IP (e.g. X-Real-IP). When using this feature if -trusted-port-header is not set the client port is shown as 'unknown'
  -trusted-port-header string
-      Trusted request header for remote client port (e.g. X-Real-Port). When this parameter is set -trusted-header becomes mandatory
+   	Trusted request header for remote client port (e.g. X-Real-Port). When this parameter is set -trusted-header becomes mandatory
  -version
-      Output version information and exit
+   	Output version information and exit
 ```

 ## Examples
--- a/integration-tests/integration_test.go
+++ b/integration-tests/integration_test.go
@@ -235,6 +235,70 @@ func TestContainerIntegration(t *testing.T) {
 	testWhatIsMyDNS(t)
 }

+// TODO If other flags like this one are implemented we should think of a better approach
+func TestContainerIntegrationDisableScan(t *testing.T) {
+	if testing.Short() {
+		t.Skip("Skiping integration tests")
+	}
+
+	ctx := context.Background()
+	c, err := tc.GenericContainer(ctx, tc.GenericContainerRequest{
+		ContainerRequest: tc.ContainerRequest{
+			FromDockerfile: tc.FromDockerfile{
+				Context:       "../",
+				Dockerfile:    "./test/Dockerfile",
+				PrintBuildLog: true,
+				KeepImage:     false,
+				BuildOptionsModifier: func(buildOptions *types.ImageBuildOptions) {
+					buildOptions.Target = "test"
+				},
+			},
+			ExposedPorts: []string{
+				"8000:8000",
+			},
+			Cmd: []string{
+				"-geoip2-city", "/GeoIP2-City-Test.mmdb",
+				"-geoip2-asn", "/GeoLite2-ASN-Test.mmdb",
+				"-bind", ":8000",
+				"-trusted-header", "X-Real-IP",
+				"-enable-secure-headers",
+				"-disable-scan",
+			},
+			Files: []tc.ContainerFile{
+				{
+					HostFilePath:      "./../test/GeoIP2-City-Test.mmdb",
+					ContainerFilePath: "/GeoIP2-City-Test.mmdb",
+				},
+				{
+					HostFilePath:      "./../test/GeoLite2-ASN-Test.mmdb",
+					ContainerFilePath: "/GeoLite2-ASN-Test.mmdb",
+				},
+			},
+			WaitingFor: wait.ForLog("Starting TCP server"),
+			AutoRemove: true,
+		},
+		Started: true,
+	})
+	require.NoError(t, err)
+	t.Cleanup(func() { c.Terminate(ctx) })
+
+	t.Run("RequestScanEndpointWithDisabledScan", func(t *testing.T) {
+		req, err := http.NewRequest("GET", "http://localhost:8000/scan/tcp/8000", nil)
+		assert.NoError(t, err)
+		req.Header.Set("Accept", "application/json")
+		req.Header.Set("X-Real-IP", "127.0.0.1")
+
+		client := &http.Client{}
+		resp, err := client.Do(req)
+		assert.NoError(t, err)
+		assert.Equal(t, http.StatusNotFound, resp.StatusCode)
+
+		body, err := io.ReadAll(resp.Body)
+		assert.NoError(t, err)
+		assert.NotEmpty(t, body)
+	})
+}
+
 func doQuicRequest(req *http.Request) (*http.Response, []byte, error) {
 	roundTripper := &http3.Transport{
 		TLSClientConfig: &tls.Config{
--- a/internal/setting/app_test.go
+++ b/internal/setting/app_test.go
@@ -77,6 +77,17 @@ func TestParseFlags(t *testing.T) {
 				},
 			},
 		},
+		{
+			[]string{"-disable-scan"},
+			settings{
+				BindAddress: ":8080",
+				Server: serverSettings{
+					ReadTimeout:  10 * time.Second,
+					WriteTimeout: 10 * time.Second,
+				},
+				DisableTCPScan: true,
+			},
+		},
 		{
 			[]string{"-bind", ":8001", "-geoip2-city", "/city-path", "-geoip2-asn", "/asn-path"},
 			settings{