chat_grid/server/tests/test_network_security.py

from __future__ import annotations

import socket

import pytest

from app.network_security import normalize_origin, validate_media_reference, validate_public_media_url


def test_normalize_origin_rejects_paths() -> None:
    with pytest.raises(ValueError):
        normalize_origin("https://example.com/chgrid")


def test_normalize_origin_normalizes_case_and_trailing_slash() -> None:
    assert normalize_origin("HTTPS://Example.COM:443/") == "https://example.com:443"


def test_validate_public_media_url_rejects_private_ip() -> None:
    with pytest.raises(ValueError):
        validate_public_media_url("http://127.0.0.1/audio")


def test_validate_public_media_url_resolves_hostname(monkeypatch: pytest.MonkeyPatch) -> None:
    def fake_getaddrinfo(host: str, port, type: int = 0):
        assert host == "radio.example.com"
        return [(socket.AF_INET, type, 6, "", ("93.184.216.34", 0))]

    monkeypatch.setattr(socket, "getaddrinfo", fake_getaddrinfo)

    assert validate_public_media_url("https://Radio.Example.com/live") == "https://radio.example.com/live"


def test_validate_public_media_url_rejects_private_resolution(monkeypatch: pytest.MonkeyPatch) -> None:
    def fake_getaddrinfo(host: str, port, type: int = 0):
        assert host == "radio.example.com"
        return [(socket.AF_INET, type, 6, "", ("10.0.0.5", 0))]

    monkeypatch.setattr(socket, "getaddrinfo", fake_getaddrinfo)

    with pytest.raises(ValueError):
        validate_public_media_url("https://radio.example.com/live")


def test_validate_media_reference_allows_site_relative_path() -> None:
    assert validate_media_reference("/chgrid/media_proxy.php?url=test") == "/chgrid/media_proxy.php?url=test"
Harden origin and media URL security 2026-03-08 20:51:50 -04:00			`from __future__ import annotations`

			`import socket`

			`import pytest`

			`from app.network_security import normalize_origin, validate_media_reference, validate_public_media_url`


			`def test_normalize_origin_rejects_paths() -> None:`
			`with pytest.raises(ValueError):`
			`normalize_origin("https://example.com/chgrid")`


			`def test_normalize_origin_normalizes_case_and_trailing_slash() -> None:`
			`assert normalize_origin("HTTPS://Example.COM:443/") == "https://example.com:443"`


			`def test_validate_public_media_url_rejects_private_ip() -> None:`
			`with pytest.raises(ValueError):`
			`validate_public_media_url("http://127.0.0.1/audio")`


			`def test_validate_public_media_url_resolves_hostname(monkeypatch: pytest.MonkeyPatch) -> None:`
			`def fake_getaddrinfo(host: str, port, type: int = 0):`
			`assert host == "radio.example.com"`
			`return [(socket.AF_INET, type, 6, "", ("93.184.216.34", 0))]`

			`monkeypatch.setattr(socket, "getaddrinfo", fake_getaddrinfo)`

			`assert validate_public_media_url("https://Radio.Example.com/live") == "https://radio.example.com/live"`


			`def test_validate_public_media_url_rejects_private_resolution(monkeypatch: pytest.MonkeyPatch) -> None:`
			`def fake_getaddrinfo(host: str, port, type: int = 0):`
			`assert host == "radio.example.com"`
			`return [(socket.AF_INET, type, 6, "", ("10.0.0.5", 0))]`

			`monkeypatch.setattr(socket, "getaddrinfo", fake_getaddrinfo)`

			`with pytest.raises(ValueError):`
			`validate_public_media_url("https://radio.example.com/live")`


			`def test_validate_media_reference_allows_site_relative_path() -> None:`
			`assert validate_media_reference("/chgrid/media_proxy.php?url=test") == "/chgrid/media_proxy.php?url=test"`