adds tests

Author: timbastin

controllers/dependencyfirewall/golang_test.go

@@ -0,0 +1,61 @@
+// Copyright (C) 2026 l3montree GmbH
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+package dependencyfirewall
+
+import "testing"
+
+func TestGoEcosystem(t *testing.T) {
+	t.Run("trimPrefix with and without secret", func(t *testing.T) {
+		cases := []struct {
+			name     string
+			path     string
+			expected string
+		}{
+			{
+				name:     "without secret",
+				path:     "/api/v1/dependency-proxy/go/github.com/foo/bar",
+				expected: "github.com/foo/bar",
+			},
+			{
+				name:     "with secret",
+				path:     "/api/v1/dependency-proxy/550e8400-e29b-41d4-a716-446655440000/go/github.com/foo/bar",
+				expected: "github.com/foo/bar",
+			},
+		}
+
+		for _, tc := range cases {
+			t.Run(tc.name, func(t *testing.T) {
+				if got := golang.trimPrefix(tc.path); got != tc.expected {
+					t.Fatalf("expected %q, got %q", tc.expected, got)
+				}
+			})
+		}
+	})
+
+	t.Run("parse explicit version info path", func(t *testing.T) {
+		pkg, version := golang.parsePackage("/github.com/foo/bar@v/v1.2.3.info")
+		if pkg != "github.com/foo/bar" || version != "v1.2.3" {
+			t.Fatalf("expected github.com/foo/bar@v1.2.3, got %q@%q", pkg, version)
+		}
+	})
+
+	t.Run("parse list path returns empty version", func(t *testing.T) {
+		pkg, version := golang.parsePackage("/github.com/foo/bar@v/list")
+		if pkg != "github.com/foo/bar" || version != "" {
+			t.Fatalf("expected github.com/foo/bar with empty version, got %q@%q", pkg, version)
+		}
+	})
+}

controllers/dependencyfirewall/npm_test.go

@@ -0,0 +1,68 @@
+// Copyright (C) 2026 l3montree GmbH
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+package dependencyfirewall
+
+import "testing"
+
+func TestNPMEcosystem(t *testing.T) {
+	t.Run("trimPrefix with and without secret", func(t *testing.T) {
+		cases := []struct {
+			name     string
+			path     string
+			expected string
+		}{
+			{
+				name:     "without secret",
+				path:     "/api/v1/dependency-proxy/npm/lodash",
+				expected: "lodash",
+			},
+			{
+				name:     "with secret",
+				path:     "/api/v1/dependency-proxy/550e8400-e29b-41d4-a716-446655440000/npm/@babel/core",
+				expected: "@babel/core",
+			},
+		}
+
+		for _, tc := range cases {
+			t.Run(tc.name, func(t *testing.T) {
+				if got := npm.trimPrefix(tc.path); got != tc.expected {
+					t.Fatalf("expected %q, got %q", tc.expected, got)
+				}
+			})
+		}
+	})
+
+	t.Run("parse metadata path", func(t *testing.T) {
+		pkg, version := npm.parsePackage("/lodash")
+		if pkg != "lodash" || version != "" {
+			t.Fatalf("expected lodash with empty version, got %q and %q", pkg, version)
+		}
+	})
+
+	t.Run("parse tarball path", func(t *testing.T) {
+		pkg, version := npm.parsePackage("/lodash/-/lodash-4.17.21.tgz")
+		if pkg != "lodash" || version != "4.17.21" {
+			t.Fatalf("expected lodash@4.17.21, got %q@%q", pkg, version)
+		}
+	})
+
+	t.Run("parse scoped tarball path", func(t *testing.T) {
+		pkg, version := npm.parsePackage("/@babel/core/-/core-7.23.0.tgz")
+		if pkg != "@babel/core" || version != "7.23.0" {
+			t.Fatalf("expected @babel/core@7.23.0, got %q@%q", pkg, version)
+		}
+	})
+}

controllers/dependencyfirewall/python_test.go

@@ -0,0 +1,61 @@
+// Copyright (C) 2026 l3montree GmbH
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+package dependencyfirewall
+
+import "testing"
+
+func TestPyPIParsePackage(t *testing.T) {
+	t.Run("parses simple index path", func(t *testing.T) {
+		pkg, version := pypi.parsePackage("/simple/requests/")
+		if pkg != "requests" || version != "" {
+			t.Fatalf("expected requests with empty version, got %q and %q", pkg, version)
+		}
+	})
+
+	t.Run("parses package artifact path with leading slash", func(t *testing.T) {
+		pkg, version := pypi.parsePackage("/packages/ab/cd/requests-2.31.0-py3-none-any.whl")
+		if pkg != "requests" || version != "2.31.0" {
+			t.Fatalf("expected requests@2.31.0, got %q@%q", pkg, version)
+		}
+	})
+}
+
+func TestPyPIEcosystemTrimPrefix(t *testing.T) {
+	cases := []struct {
+		name     string
+		path     string
+		expected string
+	}{
+		{
+			name:     "without secret",
+			path:     "/api/v1/dependency-proxy/pypi/simple/requests/",
+			expected: "simple/requests/",
+		},
+		{
+			name:     "with secret",
+			path:     "/api/v1/dependency-proxy/550e8400-e29b-41d4-a716-446655440000/pypi/simple/requests/",
+			expected: "simple/requests/",
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.name, func(t *testing.T) {
+			if got := pypi.trimPrefix(tc.path); got != tc.expected {
+				t.Fatalf("expected %q, got %q", tc.expected, got)
+			}
+		})
+	}
+}

controllers/dependencyfirewall/shared_helpers_test.go

@@ -0,0 +1,99 @@
+// Copyright (C) 2026 l3montree GmbH
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as
+// published by the Free Software Foundation, either version 3 of the
+// License, or (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+package dependencyfirewall
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/labstack/echo/v4"
+)
+
+func TestEnsureReadMethod(t *testing.T) {
+	t.Run("allows GET", func(t *testing.T) {
+		e := echo.New()
+		req := httptest.NewRequest(http.MethodGet, "/", nil)
+		rec := httptest.NewRecorder()
+		c := e.NewContext(req, rec)
+
+		if err := ensureReadMethod(c); err != nil {
+			t.Fatalf("expected GET to be allowed, got error: %v", err)
+		}
+	})
+
+	t.Run("allows HEAD", func(t *testing.T) {
+		e := echo.New()
+		req := httptest.NewRequest(http.MethodHead, "/", nil)
+		rec := httptest.NewRecorder()
+		c := e.NewContext(req, rec)
+
+		if err := ensureReadMethod(c); err != nil {
+			t.Fatalf("expected HEAD to be allowed, got error: %v", err)
+		}
+	})
+
+	t.Run("rejects POST", func(t *testing.T) {
+		e := echo.New()
+		req := httptest.NewRequest(http.MethodPost, "/", nil)
+		rec := httptest.NewRecorder()
+		c := e.NewContext(req, rec)
+
+		err := ensureReadMethod(c)
+		if err == nil {
+			t.Fatal("expected POST to be rejected")
+		}
+
+		httpErr, ok := err.(*echo.HTTPError)
+		if !ok {
+			t.Fatalf("expected *echo.HTTPError, got %T", err)
+		}
+		if httpErr.Code != http.StatusMethodNotAllowed {
+			t.Fatalf("expected status %d, got %d", http.StatusMethodNotAllowed, httpErr.Code)
+		}
+	})
+}
+
+func TestPassthroughUpstreamResponse(t *testing.T) {
+	e := echo.New()
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
+	rec := httptest.NewRecorder()
+	c := e.NewContext(req, rec)
+
+	d := &DependencyProxyController{}
+	headers := http.Header{}
+	headers.Add("X-Test", "a")
+	headers.Add("X-Test", "b")
+	headers.Set("Content-Type", "application/json")
+	body := []byte(`{"ok":true}`)
+
+	if err := d.passthroughUpstreamResponse(c, headers, http.StatusAccepted, body); err != nil {
+		t.Fatalf("expected no error, got %v", err)
+	}
+
+	if rec.Code != http.StatusAccepted {
+		t.Fatalf("expected status %d, got %d", http.StatusAccepted, rec.Code)
+	}
+	if got := rec.Body.String(); got != string(body) {
+		t.Fatalf("expected body %q, got %q", string(body), got)
+	}
+	if got := rec.Header().Values("X-Test"); len(got) != 2 || got[0] != "a" || got[1] != "b" {
+		t.Fatalf("expected X-Test headers [a b], got %v", got)
+	}
+	if got := rec.Header().Get("Content-Type"); got != "application/json" {
+		t.Fatalf("expected Content-Type application/json, got %q", got)
+	}
+}