From a449bcef9acf88a8a59e83ceba14ee3f2b038d93 Mon Sep 17 00:00:00 2001 From: Jiaxiao Zhou Date: Sun, 1 May 2022 17:33:18 -0700 Subject: [PATCH 1/4] fixed integration tests Signed-off-by: Jiaxiao Zhou --- crates/wasi-experimental-http/src/raw.rs | 86 ++++++++++++------------ tests/as/index.ts | 4 +- tests/integration.rs | 6 +- tests/rust/src/lib.rs | 6 +- 4 files changed, 51 insertions(+), 51 deletions(-) diff --git a/crates/wasi-experimental-http/src/raw.rs b/crates/wasi-experimental-http/src/raw.rs index aea10c7..5c14661 100644 --- a/crates/wasi-experimental-http/src/raw.rs +++ b/crates/wasi-experimental-http/src/raw.rs @@ -1,4 +1,3 @@ - // // This file was automatically generated by witx-codegen - Do not edit manually. // @@ -177,18 +176,20 @@ pub fn req( } let mut result_0_ptr = std::mem::MaybeUninit::uninit(); let mut result_1_ptr = std::mem::MaybeUninit::uninit(); - let res = unsafe { req( - url_ptr, - url_len, - method_ptr, - method_len, - headers_ptr, - headers_len, - body_ptr, - body_len, - result_0_ptr.as_mut_ptr(), - result_1_ptr.as_mut_ptr(), - )}; + let res = unsafe { + req( + url_ptr, + url_len, + method_ptr, + method_len, + headers_ptr, + headers_len, + body_ptr, + body_len, + result_0_ptr.as_mut_ptr(), + result_1_ptr.as_mut_ptr(), + ) + }; if res != 0 { return Err(Error::WasiError(res as _)); } @@ -196,18 +197,12 @@ pub fn req( } /// Close a request handle -pub fn close( - response_handle: ResponseHandle, -) -> Result<(), Error> { +pub fn close(response_handle: ResponseHandle) -> Result<(), Error> { #[link(wasm_import_module = "wasi_experimental_http")] extern "C" { - fn close( - response_handle: ResponseHandle, - ) -> HttpError; + fn close(response_handle: ResponseHandle) -> HttpError; } - let res = unsafe { close( - response_handle, - )}; + let res = unsafe { close(response_handle) }; if res != 0 { return Err(Error::WasiError(res as _)); } @@ -234,14 +229,16 @@ pub fn header_get( ) -> HttpError; } let mut result_ptr = std::mem::MaybeUninit::uninit(); - let res = unsafe { header_get( - response_handle, - header_name_ptr, - header_name_len, - header_value_buf_ptr, - header_value_buf_len, - result_ptr.as_mut_ptr(), - )}; + let res = unsafe { + header_get( + response_handle, + header_name_ptr, + header_name_len, + header_value_buf_ptr, + header_value_buf_len, + result_ptr.as_mut_ptr(), + ) + }; if res != 0 { return Err(Error::WasiError(res as _)); } @@ -264,12 +261,14 @@ pub fn headers_get_all( ) -> HttpError; } let mut result_ptr = std::mem::MaybeUninit::uninit(); - let res = unsafe { headers_get_all( - response_handle, - header_value_buf_ptr, - header_value_buf_len, - result_ptr.as_mut_ptr(), - )}; + let res = unsafe { + headers_get_all( + response_handle, + header_value_buf_ptr, + header_value_buf_len, + result_ptr.as_mut_ptr(), + ) + }; if res != 0 { return Err(Error::WasiError(res as _)); } @@ -292,15 +291,16 @@ pub fn body_read( ) -> HttpError; } let mut result_ptr = std::mem::MaybeUninit::uninit(); - let res = unsafe { body_read( - response_handle, - body_buf_ptr, - body_buf_len, - result_ptr.as_mut_ptr(), - )}; + let res = unsafe { + body_read( + response_handle, + body_buf_ptr, + body_buf_len, + result_ptr.as_mut_ptr(), + ) + }; if res != 0 { return Err(Error::WasiError(res as _)); } Ok(unsafe { result_ptr.assume_init() }) } - diff --git a/tests/as/index.ts b/tests/as/index.ts index 079fdd3..d2951f6 100644 --- a/tests/as/index.ts +++ b/tests/as/index.ts @@ -16,7 +16,7 @@ export function post(): void { } export function get(): void { - let res = new RequestBuilder("https://api.brigade.sh/healthz") + let res = new RequestBuilder("https://some-random-api.ml/facts/dog") .method(Method.GET) .send(); @@ -37,7 +37,7 @@ export function concurrent(): void { } function makeReq(): Response { - return new RequestBuilder("https://api.brigade.sh/healthz") + return new RequestBuilder("https://some-random-api.ml/facts/dog") .method(Method.GET) .send(); } diff --git a/tests/integration.rs b/tests/integration.rs index 69c11e0..abc6e58 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -38,7 +38,7 @@ mod tests { fn test_with_allowed_domains() { setup_tests( Some(vec![ - "https://api.brigade.sh".to_string(), + "https://some-random-api.ml".to_string(), "https://postman-echo.com".to_string(), ]), None, @@ -49,7 +49,7 @@ mod tests { async fn test_async_with_allowed_domains() { setup_tests( Some(vec![ - "https://api.brigade.sh".to_string(), + "https://some-random-api.ml".to_string(), "https://postman-echo.com".to_string(), ]), None, @@ -80,7 +80,7 @@ mod tests { let func = "concurrent"; let (instance, mut store) = create_instance( module, - Some(vec!["https://api.brigade.sh".to_string()]), + Some(vec!["https://some-random-api.ml".to_string()]), Some(2), ) .unwrap(); diff --git a/tests/rust/src/lib.rs b/tests/rust/src/lib.rs index 3a24418..f9d8dea 100644 --- a/tests/rust/src/lib.rs +++ b/tests/rust/src/lib.rs @@ -2,13 +2,13 @@ use bytes::Bytes; #[no_mangle] pub extern "C" fn get() { - let url = "https://api.brigade.sh/healthz".to_string(); + let url = "https://some-random-api.ml/facts/dog".to_string(); let req = http::request::Builder::new().uri(&url).body(None).unwrap(); let mut res = wasi_experimental_http::request(req).expect("cannot make get request"); let str = std::str::from_utf8(&res.body_read_all().unwrap()) .unwrap() .to_string(); - assert_eq!(str, r#""#); + assert_eq!(str.is_empty(), false); assert_eq!(res.status_code, 200); assert!(!res .header_get("content-type".to_string()) @@ -47,7 +47,7 @@ pub extern "C" fn post() { #[allow(unused_variables)] #[no_mangle] pub extern "C" fn concurrent() { - let url = "https://api.brigade.sh/healthz".to_string(); + let url = "https://some-random-api.ml/facts/dog".to_string(); // the responses are unused to avoid dropping them. let req1 = make_req(url.clone()); let req2 = make_req(url.clone()); From b1c09ada44e0f3fff0841dc3ae80cda52d724e6b Mon Sep 17 00:00:00 2001 From: Jiaxiao Zhou Date: Sun, 1 May 2022 17:36:57 -0700 Subject: [PATCH 2/4] added wildcard Signed-off-by: Jiaxiao Zhou --- .../src/lib.rs | 21 +++-- crates/wasi-experimental-http/src/raw.rs | 86 +++++++++---------- tests/integration.rs | 16 ++++ 3 files changed, 72 insertions(+), 51 deletions(-) diff --git a/crates/wasi-experimental-http-wasmtime/src/lib.rs b/crates/wasi-experimental-http-wasmtime/src/lib.rs index 8c7a415..b8c4855 100644 --- a/crates/wasi-experimental-http-wasmtime/src/lib.rs +++ b/crates/wasi-experimental-http-wasmtime/src/lib.rs @@ -481,7 +481,7 @@ impl HttpState { }; let ctx = caller.as_context_mut(); - let http_ctx = get_cx(&mut ctx.data()); + let http_ctx = get_cx(ctx.data()); match HostCalls::req( st.clone(), @@ -619,13 +619,18 @@ fn is_allowed(url: &str, allowed_hosts: Option<&[String]>) -> Result { - let allowed: Result, _> = domains.iter().map(|d| Url::parse(d)).collect(); - let allowed = allowed.map_err(|_| HttpError::InvalidUrl)?; - - Ok(allowed - .iter() - .map(|u| u.host_str().unwrap()) - .any(|x| x == url_host.as_str())) + // check domains has any "*" wildcard + if domains.iter().any(|domain| domain == "*") { + Ok(true) + } else { + let allowed: Result, _> = domains.iter().map(|d| Url::parse(d)).collect(); + let allowed = allowed.map_err(|_| HttpError::InvalidUrl)?; + + Ok(allowed + .iter() + .map(|u| u.host_str().unwrap()) + .any(|x| x == url_host.as_str())) + } } None => Ok(false), } diff --git a/crates/wasi-experimental-http/src/raw.rs b/crates/wasi-experimental-http/src/raw.rs index 5c14661..aea10c7 100644 --- a/crates/wasi-experimental-http/src/raw.rs +++ b/crates/wasi-experimental-http/src/raw.rs @@ -1,3 +1,4 @@ + // // This file was automatically generated by witx-codegen - Do not edit manually. // @@ -176,20 +177,18 @@ pub fn req( } let mut result_0_ptr = std::mem::MaybeUninit::uninit(); let mut result_1_ptr = std::mem::MaybeUninit::uninit(); - let res = unsafe { - req( - url_ptr, - url_len, - method_ptr, - method_len, - headers_ptr, - headers_len, - body_ptr, - body_len, - result_0_ptr.as_mut_ptr(), - result_1_ptr.as_mut_ptr(), - ) - }; + let res = unsafe { req( + url_ptr, + url_len, + method_ptr, + method_len, + headers_ptr, + headers_len, + body_ptr, + body_len, + result_0_ptr.as_mut_ptr(), + result_1_ptr.as_mut_ptr(), + )}; if res != 0 { return Err(Error::WasiError(res as _)); } @@ -197,12 +196,18 @@ pub fn req( } /// Close a request handle -pub fn close(response_handle: ResponseHandle) -> Result<(), Error> { +pub fn close( + response_handle: ResponseHandle, +) -> Result<(), Error> { #[link(wasm_import_module = "wasi_experimental_http")] extern "C" { - fn close(response_handle: ResponseHandle) -> HttpError; + fn close( + response_handle: ResponseHandle, + ) -> HttpError; } - let res = unsafe { close(response_handle) }; + let res = unsafe { close( + response_handle, + )}; if res != 0 { return Err(Error::WasiError(res as _)); } @@ -229,16 +234,14 @@ pub fn header_get( ) -> HttpError; } let mut result_ptr = std::mem::MaybeUninit::uninit(); - let res = unsafe { - header_get( - response_handle, - header_name_ptr, - header_name_len, - header_value_buf_ptr, - header_value_buf_len, - result_ptr.as_mut_ptr(), - ) - }; + let res = unsafe { header_get( + response_handle, + header_name_ptr, + header_name_len, + header_value_buf_ptr, + header_value_buf_len, + result_ptr.as_mut_ptr(), + )}; if res != 0 { return Err(Error::WasiError(res as _)); } @@ -261,14 +264,12 @@ pub fn headers_get_all( ) -> HttpError; } let mut result_ptr = std::mem::MaybeUninit::uninit(); - let res = unsafe { - headers_get_all( - response_handle, - header_value_buf_ptr, - header_value_buf_len, - result_ptr.as_mut_ptr(), - ) - }; + let res = unsafe { headers_get_all( + response_handle, + header_value_buf_ptr, + header_value_buf_len, + result_ptr.as_mut_ptr(), + )}; if res != 0 { return Err(Error::WasiError(res as _)); } @@ -291,16 +292,15 @@ pub fn body_read( ) -> HttpError; } let mut result_ptr = std::mem::MaybeUninit::uninit(); - let res = unsafe { - body_read( - response_handle, - body_buf_ptr, - body_buf_len, - result_ptr.as_mut_ptr(), - ) - }; + let res = unsafe { body_read( + response_handle, + body_buf_ptr, + body_buf_len, + result_ptr.as_mut_ptr(), + )}; if res != 0 { return Err(Error::WasiError(res as _)); } Ok(unsafe { result_ptr.assume_init() }) } + diff --git a/tests/integration.rs b/tests/integration.rs index abc6e58..17524cd 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -56,6 +56,22 @@ mod tests { ); } + #[test] + fn test_with_wildcard_domain() { + setup_tests( + Some(vec!["*".to_string()]), + None, + ); + } + + #[tokio::test(flavor = "multi_thread")] + async fn test_async_with_wildcard_domain() { + setup_tests( + Some(vec!["*".to_string()]), + None, + ); + } + #[test] #[should_panic] fn test_concurrent_requests_rust() { From c09372349dadf3a6d5b5fdad5ae0d89e2daad19b Mon Sep 17 00:00:00 2001 From: Jiaxiao Zhou Date: Sun, 1 May 2022 17:42:07 -0700 Subject: [PATCH 3/4] added unit tests Signed-off-by: Jiaxiao Zhou --- .../src/lib.rs | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/crates/wasi-experimental-http-wasmtime/src/lib.rs b/crates/wasi-experimental-http-wasmtime/src/lib.rs index b8c4855..b6f990c 100644 --- a/crates/wasi-experimental-http-wasmtime/src/lib.rs +++ b/crates/wasi-experimental-http-wasmtime/src/lib.rs @@ -716,3 +716,51 @@ fn test_allowed_domains() { is_allowed("https://test.brigade.sh", Some(allowed_domains.as_ref())).unwrap() ); } + + +#[test] +#[allow(clippy::bool_assert_comparison)] +fn test_allowed_domains_with_wildcard() { + let allowed_domains = vec![ + "https://example.com".to_string(), + "*".to_string(), + "http://192.168.0.1".to_string(), + ]; + + assert_eq!( + true, + is_allowed( + "https://api.brigade.sh/healthz", + Some(allowed_domains.as_ref()) + ) + .unwrap() + ); + assert_eq!( + true, + is_allowed( + "https://example.com/some/path/with/more/paths", + Some(allowed_domains.as_ref()) + ) + .unwrap() + ); + assert_eq!( + true, + is_allowed("http://192.168.0.1/login", Some(allowed_domains.as_ref())).unwrap() + ); + assert_eq!( + true, + is_allowed("https://test.brigade.sh", Some(allowed_domains.as_ref())).unwrap() + ); +} + +#[test] +#[should_panic] +#[allow(clippy::bool_assert_comparison)] +fn test_url_parsing() { + let allowed_domains = vec![ + "*".to_string(), + ]; + + is_allowed("not even a url", Some(allowed_domains.as_ref())).unwrap(); +} + From a4e1ee14a1f2d520289185537c64c315c87c1836 Mon Sep 17 00:00:00 2001 From: Jiaxiao Zhou Date: Fri, 6 May 2022 01:42:17 -0700 Subject: [PATCH 4/4] changed '*' to insecure:allow-all Signed-off-by: Jiaxiao Zhou --- crates/wasi-experimental-http-wasmtime/src/lib.rs | 13 +++++-------- tests/integration.rs | 12 ++++-------- 2 files changed, 9 insertions(+), 16 deletions(-) diff --git a/crates/wasi-experimental-http-wasmtime/src/lib.rs b/crates/wasi-experimental-http-wasmtime/src/lib.rs index b6f990c..7cbd0b1 100644 --- a/crates/wasi-experimental-http-wasmtime/src/lib.rs +++ b/crates/wasi-experimental-http-wasmtime/src/lib.rs @@ -13,6 +13,7 @@ use url::Url; use wasmtime::*; const MEMORY: &str = "memory"; +const ALLOW_ALL_HOSTS: &str = "insecure:allow-all"; pub type WasiHttpHandle = u32; @@ -619,8 +620,8 @@ fn is_allowed(url: &str, allowed_hosts: Option<&[String]>) -> Result { - // check domains has any "*" wildcard - if domains.iter().any(|domain| domain == "*") { + // check domains has any "insecure:allow-all" wildcard + if domains.iter().any(|domain| domain == ALLOW_ALL_HOSTS) { Ok(true) } else { let allowed: Result, _> = domains.iter().map(|d| Url::parse(d)).collect(); @@ -717,13 +718,12 @@ fn test_allowed_domains() { ); } - #[test] #[allow(clippy::bool_assert_comparison)] fn test_allowed_domains_with_wildcard() { let allowed_domains = vec![ "https://example.com".to_string(), - "*".to_string(), + ALLOW_ALL_HOSTS.to_string(), "http://192.168.0.1".to_string(), ]; @@ -757,10 +757,7 @@ fn test_allowed_domains_with_wildcard() { #[should_panic] #[allow(clippy::bool_assert_comparison)] fn test_url_parsing() { - let allowed_domains = vec![ - "*".to_string(), - ]; + let allowed_domains = vec![ALLOW_ALL_HOSTS.to_string()]; is_allowed("not even a url", Some(allowed_domains.as_ref())).unwrap(); } - diff --git a/tests/integration.rs b/tests/integration.rs index 17524cd..dfdc27c 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -7,6 +7,8 @@ mod tests { use wasmtime_wasi::sync::WasiCtxBuilder; use wasmtime_wasi::*; + const ALLOW_ALL_HOSTS: &str = "insecure:allow-all"; + // We run the same test in a Tokio and non-Tokio environment // in order to make sure both scenarios are working. @@ -58,18 +60,12 @@ mod tests { #[test] fn test_with_wildcard_domain() { - setup_tests( - Some(vec!["*".to_string()]), - None, - ); + setup_tests(Some(vec![ALLOW_ALL_HOSTS.to_string()]), None); } #[tokio::test(flavor = "multi_thread")] async fn test_async_with_wildcard_domain() { - setup_tests( - Some(vec!["*".to_string()]), - None, - ); + setup_tests(Some(vec![ALLOW_ALL_HOSTS.to_string()]), None); } #[test]