Project Files
tests / security.test.cjs
const assert = require("node:assert/strict");
const { describe, it } = require("node:test");
const { hostSuffixAllowed, ipIsForbidden } = require("../dist/security.js");
describe("ipIsForbidden", () => {
it("blocks loopback and RFC1918", () => {
assert.equal(ipIsForbidden("127.0.0.1"), true);
assert.equal(ipIsForbidden("10.0.0.1"), true);
assert.equal(ipIsForbidden("192.168.1.1"), true);
assert.equal(ipIsForbidden("8.8.8.8"), false);
});
});
describe("hostSuffixAllowed", () => {
it("applies blocklist before allowlist", () => {
const blocked = new Set(["evil.example.com"]);
const allowed = new Set(["example.com"]);
assert.equal(hostSuffixAllowed("foo.evil.example.com", allowed, blocked), false);
});
it("honors allowlist when set", () => {
const allowed = new Set(["example.com"]);
assert.equal(hostSuffixAllowed("cdn.example.com", allowed, null), true);
assert.equal(hostSuffixAllowed("google.com", allowed, null), false);
});
});