mirror of
https://github.com/syncthing/syncthing.git
synced 2026-03-29 11:42:11 -04:00
c667ada63a
### Purpose Fix https://github.com/syncthing/syncthing/issues/9336 The `emitLoginAttempt` function now checks for the presence of an `X-Forwarded-For` header. The IP from this header is only used if the connecting host is either on loopback or on the same LAN. In the case of a host pretending to be a proxy, we'd still have both IPs in the logs, which should make this much less critical from a security standpoint. ### Testing 1. directly via localhost 2. via proxy an localhost #### Logs ``` [3JPXJ] 2025/04/11 15:00:40 INFO: Wrong credentials supplied during API authorization from 127.0.0.1 [3JPXJ] 2025/04/11 15:03:04 INFO: Wrong credentials supplied during API authorization from 192.168.178.5 proxied by 127.0.0.1 ``` #### Event API ``` { "id": 23, "globalID": 23, "time": "2025-04-11T15:00:40.578577402+02:00", "type": "LoginAttempt", "data": { "remoteAddress": "127.0.0.1", "success": false, "username": "sdfsd" } }, { "id": 24, "globalID": 24, "time": "2025-04-11T15:03:04.423403976+02:00", "type": "LoginAttempt", "data": { "proxy": "127.0.0.1", "remoteAddress": "192.168.178.5", "success": false, "username": "sdfsd" } } ``` ### Documentation https://github.com/syncthing/docs/pull/907 --------- Co-authored-by: Jakob Borg <jakob@kastelo.net>
170 lines
3.9 KiB
Go
170 lines
3.9 KiB
Go
// Copyright (C) 2014 The Syncthing Authors.
|
|
//
|
|
// This Source Code Form is subject to the terms of the Mozilla Public
|
|
// License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
// You can obtain one at https://mozilla.org/MPL/2.0/.
|
|
|
|
package osutil_test
|
|
|
|
import (
|
|
"io"
|
|
"path/filepath"
|
|
"strings"
|
|
"testing"
|
|
|
|
"github.com/syncthing/syncthing/lib/fs"
|
|
"github.com/syncthing/syncthing/lib/osutil"
|
|
"github.com/syncthing/syncthing/lib/rand"
|
|
)
|
|
|
|
func TestIsDeleted(t *testing.T) {
|
|
type tc struct {
|
|
path string
|
|
isDel bool
|
|
}
|
|
cases := []tc{
|
|
{"del", true},
|
|
{"del.file", false},
|
|
{filepath.Join("del", "del"), true},
|
|
{"file", false},
|
|
{"linkToFile", false},
|
|
{"linkToDel", false},
|
|
{"linkToDir", false},
|
|
{filepath.Join("linkToDir", "file"), true},
|
|
{filepath.Join("file", "behindFile"), true},
|
|
{"dir", false},
|
|
{"dir.file", false},
|
|
{filepath.Join("dir", "file"), false},
|
|
{filepath.Join("dir", "del"), true},
|
|
{filepath.Join("dir", "del", "del"), true},
|
|
{filepath.Join("del", "del", "del"), true},
|
|
}
|
|
|
|
testFs := fs.NewFilesystem(fs.FilesystemTypeFake, "testdata")
|
|
|
|
testFs.MkdirAll("dir", 0o777)
|
|
for _, f := range []string{"file", "del.file", "dir.file", filepath.Join("dir", "file")} {
|
|
fd, err := testFs.Create(f)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
fd.Close()
|
|
}
|
|
|
|
for _, n := range []string{"Dir", "File", "Del"} {
|
|
if err := testFs.CreateSymlink(strings.ToLower(n), "linkTo"+n); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|
|
|
|
for _, c := range cases {
|
|
if osutil.IsDeleted(testFs, c.path) != c.isDel {
|
|
t.Errorf("IsDeleted(%v) != %v", c.path, c.isDel)
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestRenameOrCopy(t *testing.T) {
|
|
sameFs := fs.NewFilesystem(fs.FilesystemTypeFake, rand.String(32)+"?content=true")
|
|
tests := []struct {
|
|
src fs.Filesystem
|
|
dst fs.Filesystem
|
|
file string
|
|
}{
|
|
{
|
|
src: sameFs,
|
|
dst: sameFs,
|
|
file: "file",
|
|
},
|
|
{
|
|
src: fs.NewFilesystem(fs.FilesystemTypeFake, rand.String(32)+"?content=true"),
|
|
dst: fs.NewFilesystem(fs.FilesystemTypeFake, rand.String(32)+"?content=true"),
|
|
file: "file",
|
|
},
|
|
{
|
|
src: fs.NewFilesystem(fs.FilesystemTypeFake, `fake://fake/?files=1&seed=42`),
|
|
dst: fs.NewFilesystem(fs.FilesystemTypeFake, rand.String(32)+"?content=true"),
|
|
file: osutil.NativeFilename(`05/7a/4d52f284145b9fe8`),
|
|
},
|
|
}
|
|
|
|
for _, test := range tests {
|
|
content := test.src.URI()
|
|
if _, err := test.src.Lstat(test.file); err != nil {
|
|
if !fs.IsNotExist(err) {
|
|
t.Fatal(err)
|
|
}
|
|
if fd, err := test.src.Create(test.file); err != nil {
|
|
t.Fatal(err)
|
|
} else {
|
|
if _, err := fd.Write([]byte(test.src.URI())); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
_ = fd.Close()
|
|
}
|
|
} else {
|
|
fd, err := test.src.Open(test.file)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
buf, err := io.ReadAll(fd)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
_ = fd.Close()
|
|
content = string(buf)
|
|
}
|
|
|
|
err := osutil.RenameOrCopy(fs.CopyRangeMethodStandard, test.src, test.dst, test.file, "new")
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
if fd, err := test.dst.Open("new"); err != nil {
|
|
t.Fatal(err)
|
|
} else {
|
|
t.Cleanup(func() {
|
|
_ = fd.Close()
|
|
})
|
|
|
|
if buf, err := io.ReadAll(fd); err != nil {
|
|
t.Fatal(err)
|
|
} else if string(buf) != content {
|
|
t.Fatalf("expected %s got %s", content, string(buf))
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
func TestIPFromString(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
cases := []struct {
|
|
in string
|
|
out string
|
|
}{
|
|
{"192.168.178.1", "192.168.178.1"},
|
|
{"192.168.178.1:8384", "192.168.178.1"},
|
|
{"fe80::20c:29ff:fe9a:46d2", "fe80::20c:29ff:fe9a:46d2"},
|
|
{"[fe80::20c:29ff:fe9a:46d2]:8384", "fe80::20c:29ff:fe9a:46d2"},
|
|
{"[fe80::20c:29ff:fe9a:46d2%eno1]:8384", "fe80::20c:29ff:fe9a:46d2"},
|
|
{"google.com", ""},
|
|
{"1.1.1.1.1", ""},
|
|
{"", ""},
|
|
}
|
|
|
|
for _, c := range cases {
|
|
ip := osutil.IPFromString(c.in)
|
|
var address string
|
|
if ip != nil {
|
|
address = ip.String()
|
|
} else {
|
|
address = ""
|
|
}
|
|
|
|
if c.out != address {
|
|
t.Fatalf("result should be %s != %s", c.out, address)
|
|
}
|
|
}
|
|
}
|