plugin/pkg/doh/doh_test.go

package doh

import (
	"net/http"
	"testing"

	"github.com/miekg/dns"
)

func TestDoH(t *testing.T) {
	tests := map[string]struct {
		method string
		url    string
	}{
		"POST request over HTTPS":       {method: http.MethodPost, url: "https://example.org:443"},
		"POST request over HTTP":        {method: http.MethodPost, url: "http://example.org:443"},
		"POST request without protocol": {method: http.MethodPost, url: "example.org:443"},
		"GET request over HTTPS":        {method: http.MethodGet, url: "https://example.org:443"},
		"GET request over HTTP":         {method: http.MethodGet, url: "http://example.org"},
		"GET request without protocol":  {method: http.MethodGet, url: "example.org:443"},
	}

	for name, test := range tests {
		t.Run(name, func(t *testing.T) {
			m := new(dns.Msg)
			m.SetQuestion("example.org.", dns.TypeDNSKEY)

			req, err := NewRequest(test.method, test.url, m)
			if err != nil {
				t.Errorf("Failure to make request: %s", err)
			}

			m, err = RequestToMsg(req)
			if err != nil {
				t.Fatalf("Failure to get message from request: %s", err)
			}

			if x := m.Question[0].Name; x != "example.org." {
				t.Errorf("Qname expected %s, got %s", "example.org.", x)
			}
			if x := m.Question[0].Qtype; x != dns.TypeDNSKEY {
				t.Errorf("Qname expected %d, got %d", x, dns.TypeDNSKEY)
			}
		})
	}
}

func TestDoHGETRejectsOversizedDNSQuery(t *testing.T) {
	// Exceeding max size 65536
	raw := make([]byte, 65536+1)
	b64 := b64Enc.EncodeToString(raw)

	req, err := http.NewRequest(
		http.MethodGet,
		"https://example.org"+Path+"?dns="+b64,
		nil,
	)
	if err != nil {
		t.Fatalf("failed to build request: %v", err)
	}

	_, err = RequestToMsg(req)
	if err == nil {
		t.Fatalf("expected oversized GET dns query to be rejected")
	}
	if err.Error() != "dns query too large" {
		t.Fatalf("expected %q, got %v", "dns query too large", err)
	}
}
Doh: put in pkg/doh (#1946) * DoH: put in pkg/doh Factor out the DoH stuff into its own package, add function to request a DoH response. This can be used by forward (and maybe proxy) to implement DoH client support. Signed-off-by: Miek Gieben <miek@miek.nl> * lint Signed-off-by: Miek Gieben <miek@miek.nl> * ... and make it compile Signed-off-by: Miek Gieben <miek@miek.nl> 2018-07-07 08:22:07 +01:00			`package doh`

			`import (`
			`"net/http"`
			`"testing"`

			`"github.com/miekg/dns"`
			`)`

DoH: Allow http as the protocol (#5762) This change avoids the hard coding of HTTPS, allowing flexibility in whether HTTP or HTTPS is used. Signed-off-by: Sebastian Dahlgren <sebdah@fb.com> 2023-03-03 15:44:38 +01:00			`func TestDoH(t *testing.T) {`
			`tests := map[string]struct {`
			`method string`
			`url string`
			`}{`
			`"POST request over HTTPS": {method: http.MethodPost, url: "https://example.org:443"},`
			`"POST request over HTTP": {method: http.MethodPost, url: "http://example.org:443"},`
			`"POST request without protocol": {method: http.MethodPost, url: "example.org:443"},`
			`"GET request over HTTPS": {method: http.MethodGet, url: "https://example.org:443"},`
			`"GET request over HTTP": {method: http.MethodGet, url: "http://example.org"},`
			`"GET request without protocol": {method: http.MethodGet, url: "example.org:443"},`
			`}`

			`for name, test := range tests {`
			`t.Run(name, func(t *testing.T) {`
			`m := new(dns.Msg)`
			`m.SetQuestion("example.org.", dns.TypeDNSKEY)`

			`req, err := NewRequest(test.method, test.url, m)`
			`if err != nil {`
			`t.Errorf("Failure to make request: %s", err)`
			`}`

			`m, err = RequestToMsg(req)`
			`if err != nil {`
			`t.Fatalf("Failure to get message from request: %s", err)`
			`}`

			`if x := m.Question[0].Name; x != "example.org." {`
			`t.Errorf("Qname expected %s, got %s", "example.org.", x)`
			`}`
			`if x := m.Question[0].Qtype; x != dns.TypeDNSKEY {`
			`t.Errorf("Qname expected %d, got %d", x, dns.TypeDNSKEY)`
			`}`
			`})`
Doh: put in pkg/doh (#1946) * DoH: put in pkg/doh Factor out the DoH stuff into its own package, add function to request a DoH response. This can be used by forward (and maybe proxy) to implement DoH client support. Signed-off-by: Miek Gieben <miek@miek.nl> * lint Signed-off-by: Miek Gieben <miek@miek.nl> * ... and make it compile Signed-off-by: Miek Gieben <miek@miek.nl> 2018-07-07 08:22:07 +01:00			`}`
			`}`
core: Reject oversized GET dns query parameter of DoH (#7926) * core: Reject oversized GET dns query parameter of DoH The DoH POST path limits request size using http.MaxBytesReader(..., 65536), but the GET path passes the dns query value directly to base64ToMsg() with no equivalent bound. This PR adds length check. Signed-off-by: Yong Tang <yong.tang.github@outlook.com> * Fix Signed-off-by: Yong Tang <yong.tang.github@outlook.com> --------- Signed-off-by: Yong Tang <yong.tang.github@outlook.com> 2026-03-18 00:38:44 -07:00
			`func TestDoHGETRejectsOversizedDNSQuery(t *testing.T) {`
			`// Exceeding max size 65536`
			`raw := make([]byte, 65536+1)`
			`b64 := b64Enc.EncodeToString(raw)`

			`req, err := http.NewRequest(`
			`http.MethodGet,`
			`"https://example.org"+Path+"?dns="+b64,`
			`nil,`
			`)`
			`if err != nil {`
			`t.Fatalf("failed to build request: %v", err)`
			`}`

			`_, err = RequestToMsg(req)`
			`if err == nil {`
			`t.Fatalf("expected oversized GET dns query to be rejected")`
			`}`
			`if err.Error() != "dns query too large" {`
			`t.Fatalf("expected %q, got %v", "dns query too large", err)`
			`}`
			`}`