whitelist_ratelimiter: @dalf patch

- it calls ip_address and ip_network only once for the settings. - init_whitelist to make tests easier - get_remote_addr get the IP address for the function is_accepted_request - for reference: https://esd.io/blog/flask-apps-heroku-real-ip-spoofing.html
2024-01-01 19:24:07 +01:00 · 2023-05-18 20:46:52 +02:00 · 2023-05-18 20:46:52 +02:00 · 6122afdd98
commit 6122afdd98
parent 04121beb10
4 changed files with 52 additions and 28 deletions
--- a/tests/unit/test_plugins.py
+++ b/tests/unit/test_plugins.py
@ -171,8 +171,7 @@ class LimiterPluginTest(SearxTestCase):
        self.assertTrue(len(store.plugins) == 1)

        def test_whitelist_case(case):
-            plugins.limiter.WHITELISTED_SUBNET = case[1]['whitelist_subnet']
-            plugins.limiter.WHITELISTED_IPS = case[1]['whitelist_ip']
+            plugins.limiter.init_whitelist(case[1]['whitelist_ip'], case[1]['whitelist_subnet'])
            ret = store.call(store.plugins, 'is_whitelist_ip', case[0])
            self.assertEqual(ret, case[2])

@ -186,12 +185,6 @@ class LimiterPluginTest(SearxTestCase):
            )
        )

-        # not an ip
-        test_cases.append(('192.0.43.22', {'whitelist_ip': 'not an ip', 'whitelist_subnet': []}, False))
-
-        # not a subnet
-        test_cases.append(('192.0.43.22', {'whitelist_ip': [], 'whitelist_subnet': 'not a subnet'}, False))
-
        # test single ip
        test_cases.append(('192.0.43.22', {'whitelist_ip': '192.0.43.22', 'whitelist_subnet': []}, True))

@ -211,3 +204,11 @@ class LimiterPluginTest(SearxTestCase):

        for case in test_cases:
            test_whitelist_case(case)
+
+        # not an ip
+        with self.assertRaises(ValueError):
+            test_whitelist_case(('192.0.43.22', {'whitelist_ip': ['not an ip'], 'whitelist_subnet': []}, False))
+
+        # not a subnet
+        with self.assertRaises(ValueError):
+            test_whitelist_case(('192.0.43.22', {'whitelist_ip': [], 'whitelist_subnet': ['not a subnet']}, False))