Skip to content

Commit e36f90c

Browse files
bitterpanda63bitterpanda63
committed
Add test cases to ensure actual IMDS requests are safe
1 parent 7f8cd5e commit e36f90c

2 files changed

Lines changed: 15 additions & 0 deletions

File tree

agent_api/src/test/java/vulnerabilities/ssrf/ResolverTest.java

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,14 @@ void testResolvesToImdsIp_WithImdsIp() {
2727
assertEquals("169.254.169.254", Resolver.resolvesToImdsIp(resolvedIps, "example.com"));
2828
}
2929

30+
@Test
31+
void testDoesntResolveToImdsIp_WithHostnameImdsIp() {
32+
Set<String> resolvedIps = new HashSet<>();
33+
resolvedIps.add("169.254.169.254"); // IMDS IP
34+
35+
assertNull(Resolver.resolvesToImdsIp(resolvedIps, " 169.254.169.254 "));
36+
}
37+
3038
@Test
3139
void testResolvesToImdsIp_WithMultipleResolvedIps_OneImdsIp() {
3240
Set<String> resolvedIps = new HashSet<>();

agent_api/src/test/java/vulnerabilities/ssrf/StoredSSRFDetectorTest.java

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,13 @@ void run_WhenIpIsIpv6ImdsIp_ReturnsAttack() {
7070
assertNull(result.user);
7171
}
7272

73+
@Test
74+
void run_WhenIpIsIpv6ImdsIp_ReturnsAttackNotWhenIpIsHostname() {
75+
Attack result = detector.run("fd00:ec2::254", List.of("fd00:ec2::254"), "testOperation");
76+
assertNull(result);
77+
}
78+
79+
7380
@Test
7481
void run_WhenIpIsNotImdsIp_ReturnsNull() {
7582
Attack result = detector.run("test.example.com", List.of("192.168.1.1"), "testOperation");

0 commit comments

Comments
 (0)