Rodin
eb3770e18c
CI / test (push) Successful in 17s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (push) Has been skipped
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (push) Has been skipped
CI / review (gpt-5, security, ., rodin/security-patterns, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (push) Has been skipped
38 lines
1.1 KiB
Go
38 lines
1.1 KiB
Go
package gitea
|
|
|
|
import (
|
|
"net"
|
|
"testing"
|
|
|
|
"gitea.weiker.me/rodin/review-bot/internal/netutil"
|
|
)
|
|
|
|
// TestIsBlockedIPForwarding verifies that gitea.IsBlockedIP correctly forwards
|
|
// to internal/netutil.IsBlockedIP. Full coverage of the blocking logic lives in
|
|
// internal/netutil/ipcheck_test.go.
|
|
func TestIsBlockedIPForwarding(t *testing.T) {
|
|
cases := []struct {
|
|
ip string
|
|
blocked bool
|
|
}{
|
|
{"127.0.0.1", true}, // loopback — must be blocked
|
|
{"192.168.1.1", true}, // RFC1918 — must be blocked
|
|
{"8.8.8.8", false}, // public — must not be blocked
|
|
{"2001:4860:4860::8888", false}, // public IPv6 — must not be blocked
|
|
}
|
|
for _, tc := range cases {
|
|
ip := net.ParseIP(tc.ip)
|
|
if ip == nil {
|
|
t.Fatalf("failed to parse IP %q", tc.ip)
|
|
}
|
|
got := IsBlockedIP(ip)
|
|
want := netutil.IsBlockedIP(ip)
|
|
if got != want {
|
|
t.Errorf("gitea.IsBlockedIP(%q) = %v, netutil.IsBlockedIP = %v: forwarding mismatch", tc.ip, got, want)
|
|
}
|
|
if got != tc.blocked {
|
|
t.Errorf("gitea.IsBlockedIP(%q) = %v, want %v", tc.ip, got, tc.blocked)
|
|
}
|
|
}
|
|
}
|