Files
promptfoo--promptfoo/test/server/middleware/csrfProtection.test.ts
T
wehub-resource-sync 0d3cb498a3
Deploy local.promptfoo.app / Deploy to Cloudflare Pages (push) Waiting to run
Test and Publish Multi-arch Docker Image / test (push) Waiting to run
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-amd64 platform:linux/amd64 runner:ubuntu-latest]) (push) Blocked by required conditions
Test and Publish Multi-arch Docker Image / build-docker-and-push-digests (map[digest-suffix:linux-arm64 platform:linux/arm64 runner:ubuntu-24.04-arm]) (push) Blocked by required conditions
Test and Publish Multi-arch Docker Image / merge-docker-digests (push) Blocked by required conditions
Test and Publish Multi-arch Docker Image / Attest Multi-arch Image (push) Blocked by required conditions
Validate Renovate Config / Validate Renovate Configuration (push) Waiting to run
CI / Shell Format Check (push) Has been cancelled
CI / Check Ruby (3.4) (push) Has been cancelled
CI / CI Config (push) Has been cancelled
CI / Test on Node ${{ matrix.node }} and ${{ matrix.os }}${{ matrix.shard && format(' (shard {0}/3)', matrix.shard) || '' }} (push) Has been cancelled
CI / Build on Node ${{ matrix.node }} (push) Has been cancelled
CI / Style Check (push) Has been cancelled
CI / Generate Assets (push) Has been cancelled
CI / Check Python (3.14) (push) Has been cancelled
CI / Check Python (3.9) (push) Has been cancelled
CI / Build Docs (push) Has been cancelled
CI / Code Scan Action (push) Has been cancelled
CI / Site tests (push) Has been cancelled
CI / webui tests (push) Has been cancelled
CI / Run Integration Tests (push) Has been cancelled
CI / Run Smoke Tests (push) Has been cancelled
CI / Go Tests (push) Has been cancelled
CI / Share Test (push) Has been cancelled
CI / Redteam (Production API) (push) Has been cancelled
CI / Redteam (Staging API) (push) Has been cancelled
CI / GitHub Actions Lint (push) Has been cancelled
CI / Check Ruby (3.0) (push) Has been cancelled
release-please / release-please (push) Has been cancelled
release-please / build (push) Has been cancelled
release-please / publish-npm (push) Has been cancelled
release-please / publish-npm-backfill (push) Has been cancelled
release-please / docker (push) Has been cancelled
release-please / publish-code-scan-action (push) Has been cancelled
release-please / attest-code-scan-action (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 13:24:08 +08:00

231 lines
6.8 KiB
TypeScript

import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
import { csrfProtection } from '../../../src/server/middleware/csrfProtection';
import type { NextFunction, Request, Response } from 'express';
vi.mock('../../../src/logger', () => ({
default: { warn: vi.fn(), debug: vi.fn(), error: vi.fn() },
}));
vi.mock('../../../src/envars', () => ({
getEnvString: vi.fn((_key: string, defaultValue?: string) => defaultValue ?? ''),
}));
import { getEnvString } from '../../../src/envars';
function mockReq(overrides: Partial<Request> = {}): Request {
return {
method: 'POST',
path: '/api/eval',
headers: {},
...overrides,
} as unknown as Request;
}
function mockRes(): Response {
const res = {
status: vi.fn().mockReturnThis(),
json: vi.fn().mockReturnThis(),
} as unknown as Response;
return res;
}
describe('csrfProtection', () => {
let next: NextFunction;
beforeEach(() => {
next = vi.fn();
vi.mocked(getEnvString).mockImplementation(
(_key: string, defaultValue?: string) => defaultValue ?? '',
);
});
afterEach(() => {
vi.resetAllMocks();
});
// Safe methods always pass
describe('safe methods', () => {
it.each(['GET', 'HEAD', 'OPTIONS'])('%s requests pass through', (method) => {
const req = mockReq({
method,
headers: { 'sec-fetch-site': 'cross-site', origin: 'http://evil.com' },
});
const res = mockRes();
csrfProtection(req, res, next);
expect(next).toHaveBeenCalled();
expect(res.status).not.toHaveBeenCalled();
});
});
// Path 1: Sec-Fetch-Site present
describe('with Sec-Fetch-Site header', () => {
it.each(['same-origin', 'same-site', 'none'])('allows POST with sec-fetch-site=%s', (value) => {
const req = mockReq({ headers: { 'sec-fetch-site': value, host: 'localhost:15500' } });
const res = mockRes();
csrfProtection(req, res, next);
expect(next).toHaveBeenCalled();
});
it('blocks cross-site POST from evil.com', () => {
const req = mockReq({
headers: {
'sec-fetch-site': 'cross-site',
origin: 'http://evil.com',
host: 'localhost:15500',
},
});
const res = mockRes();
csrfProtection(req, res, next);
expect(next).not.toHaveBeenCalled();
expect(res.status).toHaveBeenCalledWith(403);
});
it('allows cross-site from local.promptfoo.app to localhost (localhost equiv)', () => {
const req = mockReq({
headers: {
'sec-fetch-site': 'cross-site',
origin: 'http://local.promptfoo.app:5173',
host: 'localhost:15500',
},
});
const res = mockRes();
csrfProtection(req, res, next);
expect(next).toHaveBeenCalled();
});
it('allows cross-site from 127.0.0.1 to localhost (localhost equiv)', () => {
const req = mockReq({
headers: {
'sec-fetch-site': 'cross-site',
origin: 'http://127.0.0.1:3000',
host: 'localhost:15500',
},
});
const res = mockRes();
csrfProtection(req, res, next);
expect(next).toHaveBeenCalled();
});
it('allows cross-site from env var allowlisted origin', () => {
vi.mocked(getEnvString).mockImplementation((_key: string, defaultValue?: string) => {
if (_key === 'PROMPTFOO_CSRF_ALLOWED_ORIGINS') {
return 'http://allowed.com';
}
return defaultValue ?? '';
});
const req = mockReq({
headers: {
'sec-fetch-site': 'cross-site',
origin: 'http://allowed.com',
host: 'localhost:15500',
},
});
const res = mockRes();
csrfProtection(req, res, next);
expect(next).toHaveBeenCalled();
});
it('blocks cross-site with no origin header', () => {
const req = mockReq({
headers: {
'sec-fetch-site': 'cross-site',
host: 'localhost:15500',
},
});
const res = mockRes();
csrfProtection(req, res, next);
expect(next).not.toHaveBeenCalled();
expect(res.status).toHaveBeenCalledWith(403);
});
});
// Path 2: No Sec-Fetch-Site, Origin present
describe('with Origin header only (no Sec-Fetch-Site)', () => {
it('allows POST when origin hostname matches host', () => {
const req = mockReq({
headers: {
origin: 'http://localhost:5173',
host: 'localhost:15500',
},
});
const res = mockRes();
csrfProtection(req, res, next);
expect(next).toHaveBeenCalled();
});
it('blocks POST when origin hostname differs from host', () => {
const req = mockReq({
headers: {
origin: 'http://evil.com',
host: 'localhost:15500',
},
});
const res = mockRes();
csrfProtection(req, res, next);
expect(next).not.toHaveBeenCalled();
expect(res.status).toHaveBeenCalledWith(403);
});
it('allows localhost equivalence via Origin fallback', () => {
const req = mockReq({
headers: {
origin: 'http://local.promptfoo.app:5173',
host: 'localhost:15500',
},
});
const res = mockRes();
csrfProtection(req, res, next);
expect(next).toHaveBeenCalled();
});
});
// Path 3: No browser headers
describe('non-browser clients (no Sec-Fetch-Site, no Origin)', () => {
it('allows POST with no browser headers', () => {
const req = mockReq({
headers: { host: 'localhost:15500' },
});
const res = mockRes();
csrfProtection(req, res, next);
expect(next).toHaveBeenCalled();
});
});
// Other mutating methods
describe('other mutating methods', () => {
it.each(['DELETE', 'PUT', 'PATCH'])('blocks cross-site %s from evil.com', (method) => {
const req = mockReq({
method,
headers: {
'sec-fetch-site': 'cross-site',
origin: 'http://evil.com',
host: 'localhost:15500',
},
});
const res = mockRes();
csrfProtection(req, res, next);
expect(next).not.toHaveBeenCalled();
expect(res.status).toHaveBeenCalledWith(403);
});
});
// x-forwarded-host is NOT trusted (attacker-controllable)
describe('x-forwarded-host', () => {
it('ignores x-forwarded-host and uses Host header for origin comparison', () => {
const req = mockReq({
headers: {
origin: 'http://evil.com',
host: 'localhost:15500',
'x-forwarded-host': 'evil.com',
},
});
const res = mockRes();
csrfProtection(req, res, next);
// Should block: origin (evil.com) !== host (localhost), even though
// x-forwarded-host matches origin. The header is attacker-controllable.
expect(next).not.toHaveBeenCalled();
expect(res.status).toHaveBeenCalledWith(403);
});
});
});