1# vi: set ft=conf
 2
 3# Test SSRF protection in webhook creation
 4
 5# start soft serve
 6exec soft serve &
 7# wait for SSH server to start
 8ensureserverrunning SSH_PORT
 9
10# create a repo
11soft repo create test-repo
12stderr 'Created repository test-repo.*'
13
14# Try to create webhook with localhost - should fail
15! soft repo webhook create test-repo http://localhost:8080/webhook -e push
16stderr 'invalid webhook URL.*private'
17
18# Try to create webhook with 127.0.0.1 - should fail
19! soft repo webhook create test-repo http://127.0.0.1:8080/webhook -e push
20stderr 'invalid webhook URL.*private'
21
22# Try to create webhook with AWS metadata service - should fail
23! soft repo webhook create test-repo http://169.254.169.254/latest/meta-data/ -e push
24stderr 'invalid webhook URL.*private'
25
26# Try to create webhook with private network - should fail
27! soft repo webhook create test-repo http://192.168.1.1/webhook -e push
28stderr 'invalid webhook URL.*private'
29
30# Try to create webhook with private 10.x network - should fail
31! soft repo webhook create test-repo http://10.0.0.1/webhook -e push
32stderr 'invalid webhook URL.*private'
33
34# Create webhook with valid public IP - should succeed
35new-webhook WH_PUBLIC
36soft repo webhook create test-repo $WH_PUBLIC -e push
37! stderr 'invalid webhook URL'
38
39# List webhooks - should show only the valid one
40soft repo webhook list test-repo
41stdout 'webhook.site'
42
43# Try to update webhook to localhost - should fail
44! soft repo webhook update test-repo 1 --url http://localhost:9090/hook
45stderr 'invalid webhook URL.*private'
46
47# stop the server
48[windows] stopserver
49[windows] ! stderr .