(t *testing.T)
| 309 | } |
| 310 | |
| 311 | func TestValidateSSHConfigOptions(t *testing.T) { |
| 312 | t.Parallel() |
| 313 | |
| 314 | testCases := []struct { |
| 315 | name string |
| 316 | options map[string]string |
| 317 | wantErr bool |
| 318 | }{ |
| 319 | {name: "HostName", options: map[string]string{"HostName": "example.com"}}, |
| 320 | {name: "User", options: map[string]string{"User": "coder"}}, |
| 321 | {name: "Port", options: map[string]string{"Port": "22"}}, |
| 322 | {name: "SetEnv", options: map[string]string{"SetEnv": "FOO=bar BAZ=qux"}}, |
| 323 | {name: "UserKnownHostsFile", options: map[string]string{"UserKnownHostsFile": "/tmp/coder_known_hosts"}}, |
| 324 | {name: "EmptyKey", options: map[string]string{"": "value"}, wantErr: true}, |
| 325 | {name: "NewlineInKey", options: map[string]string{"User\nProxyCommand": "evil"}, wantErr: true}, |
| 326 | {name: "CarriageReturnInKey", options: map[string]string{"User\rProxyCommand": "evil"}, wantErr: true}, |
| 327 | {name: "NULInKey", options: map[string]string{"User\x00ProxyCommand": "evil"}, wantErr: true}, |
| 328 | {name: "SpaceInKey", options: map[string]string{"User ProxyCommand": "evil"}, wantErr: true}, |
| 329 | {name: "EqualsInKey", options: map[string]string{"User=ProxyCommand": "evil"}, wantErr: true}, |
| 330 | {name: "Host", options: map[string]string{"Host": "*"}, wantErr: true}, |
| 331 | {name: "HostCaseInsensitive", options: map[string]string{"hOsT": "*"}, wantErr: true}, |
| 332 | {name: "Match", options: map[string]string{"Match": "all"}, wantErr: true}, |
| 333 | {name: "Include", options: map[string]string{"Include": "~/.ssh/config.d/*"}, wantErr: true}, |
| 334 | {name: "ProxyCommand", options: map[string]string{"ProxyCommand": "ssh -W %h:%p bastion"}, wantErr: true}, |
| 335 | {name: "ProxyCommandCaseInsensitive", options: map[string]string{"proxycommand": "ssh -W %h:%p bastion"}, wantErr: true}, |
| 336 | {name: "LocalCommand", options: map[string]string{"LocalCommand": "echo pwned"}, wantErr: true}, |
| 337 | {name: "PermitLocalCommand", options: map[string]string{"PermitLocalCommand": "yes"}, wantErr: true}, |
| 338 | {name: "RemoteCommand", options: map[string]string{"RemoteCommand": "some-command"}, wantErr: true}, |
| 339 | {name: "KnownHostsCommand", options: map[string]string{"KnownHostsCommand": "echo key"}, wantErr: true}, |
| 340 | {name: "PKCS11Provider", options: map[string]string{"PKCS11Provider": "/tmp/evil.so"}, wantErr: true}, |
| 341 | {name: "PKCS11ProviderCaseInsensitive", options: map[string]string{"pkcs11provider": "/tmp/evil.so"}, wantErr: true}, |
| 342 | {name: "SecurityKeyProvider", options: map[string]string{"SecurityKeyProvider": "/tmp/evil.so"}, wantErr: true}, |
| 343 | {name: "NewlineInValue", options: map[string]string{"UserKnownHostsFile": "/tmp/known_hosts\nHost *\nProxyCommand evil"}, wantErr: true}, |
| 344 | {name: "CarriageReturnInValue", options: map[string]string{"UserKnownHostsFile": "/tmp/known_hosts\r\nHost *"}, wantErr: true}, |
| 345 | {name: "NULInValue", options: map[string]string{"UserKnownHostsFile": "/tmp/known_hosts\x00suffix"}, wantErr: true}, |
| 346 | {name: "SmartcardDevice", options: map[string]string{"SmartcardDevice": "/path/to/lib"}, wantErr: true}, |
| 347 | {name: "XAuthLocation", options: map[string]string{"XAuthLocation": "/usr/bin/xauth"}, wantErr: true}, |
| 348 | {name: "ProxyJump", options: map[string]string{"ProxyJump": "bastion.example.com"}, wantErr: true}, |
| 349 | } |
| 350 | |
| 351 | for _, tt := range testCases { |
| 352 | t.Run(tt.name, func(t *testing.T) { |
| 353 | t.Parallel() |
| 354 | |
| 355 | err := codersdk.ValidateSSHConfigOptions(tt.options) |
| 356 | if tt.wantErr { |
| 357 | require.Error(t, err) |
| 358 | return |
| 359 | } |
| 360 | require.NoError(t, err) |
| 361 | }) |
| 362 | } |
| 363 | } |
| 364 | |
| 365 | func TestSSHConfigResponse_Validate(t *testing.T) { |
| 366 | t.Parallel() |
nothing calls this directly
no test coverage detected