alexei.dolgolyov/ledgrab
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 14 Wiki Activity

test(url-scheme): WLED route-level integration + IPv6 regression

Browse Source 
TestWLEDSchemeInference in test_devices_routes covers the POST/PUT
create-and-update flow with a stubbed WLED provider so the
infer_http_scheme integration hop has end-to-end coverage instead of
just the unit tests.

test_url_scheme grows public IPv6 (Cloudflare / Google / Quad9 DNS),
bracketed-form, and ULA cases. Adds an explicit pin for the Python
ipaddress documentation-prefix quirk (2001:db8::/32 is is_private,
so it routes to http:// even though some audits colloquially call it
"public").
This commit is contained in:
Admin
2026-05-23 01:13:44 +03:00
parent 0dd8d430b9
commit 907bdaf043
2 changed files with 141 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/tests/test_url_scheme.py
+54
View File
@@ -132,3 +132,57 @@ def test_userinfo_does_not_get_https():
"""``evil.com@192.168.1.1`` must not be coerced to ``https://`` (which
would send credentials ``evil.com`` to ``192.168.1.1``)."""
assert "://" not in infer_http_scheme("evil.com@192.168.1.1")
# ---------------------------------------------------------------------------
# IPv6 literal regression — pre-hardening, the bare-label fallback split on
# the first ``:`` (``2606:4700:4700::1111`` → host="2606" → single label →
# treated as local mDNS-style) and quietly coerced public IPv6 LED targets
# to ``http://``. The bracketless ipaddress probe in ``_extract_hostname``
# fixes that; pin both the public and ULA branches so a future helper
# refactor can't regress either side.
# ---------------------------------------------------------------------------
@pytest.mark.parametrize(
"raw",
[
"2606:4700:4700::1111", # Cloudflare public DNS
"2001:4860:4860::8888", # Google public DNS
"2620:fe::fe", # Quad9
],
)
def test_public_ipv6_literal_gets_https(raw):
assert infer_http_scheme(raw) == f"https://{raw}"
@pytest.mark.parametrize(
"raw",
[
"[2606:4700:4700::1111]",
"[2606:4700:4700::1111]:443",
"[2001:4860:4860::8888]:8080",
],
)
def test_bracketed_public_ipv6_gets_https(raw):
assert infer_http_scheme(raw) == f"https://{raw}"
@pytest.mark.parametrize(
"raw",
[
"fc00::1", # ULA — RFC 4193
"fd12:3456:789a::1",
"fdc7::42",
],
)
def test_ula_ipv6_literal_gets_http(raw):
assert infer_http_scheme(raw) == f"http://{raw}"
def test_documentation_prefix_ipv6_treated_as_private():
"""Python's :mod:`ipaddress` classifies ``2001:db8::/32`` as private
(RFC 3849 documentation range) so the scheme inferrer reaches for the
LAN-default ``http://``. Test pins the actual behaviour rather than
the colloquial "public" label the address is sometimes given."""
assert infer_http_scheme("2001:db8::1") == "http://2001:db8::1"