add upstream arguments validation + tests

jochen-testingbot · jochen-testingbot · commit c0eb91caf9e7 · 2025-10-03T16:53:39.000+02:00
diff --git a/src/main/java/com/testingbot/tunnel/App.java b/src/main/java/com/testingbot/tunnel/App.java
@@ -569,8 +569,36 @@ public void setClientSecret(String secret) {
         clientSecret = secret;
     }
 
+    /**
+     * Sets the upstream proxy server address.
+     *
+     * @param p proxy address in format "host:port" or "host" (defaults to port 80)
+     * @throws IllegalArgumentException if proxy format is invalid
+     */
     public void setProxy(String p) {
-        proxy = p;
+        if (p != null && !p.trim().isEmpty()) {
+            // Validate proxy format: hostname:port or hostname or IP:port
+            String trimmed = p.trim();
+            if (trimmed.contains(":")) {
+                String[] parts = trimmed.split(":", 2);
+                if (parts.length != 2 || parts[0].isEmpty()) {
+                    throw new IllegalArgumentException("Invalid proxy format. Expected 'host:port' but got: " + p);
+                }
+                try {
+                    int port = Integer.parseInt(parts[1]);
+                    if (port < 1 || port > 65535) {
+                        throw new IllegalArgumentException("Invalid proxy port. Must be between 1-65535 but got: " + port);
+                    }
+                } catch (NumberFormatException e) {
+                    throw new IllegalArgumentException("Invalid proxy port. Must be a number but got: " + parts[1]);
+                }
+            } else if (trimmed.isEmpty()) {
+                throw new IllegalArgumentException("Proxy hostname cannot be empty");
+            }
+            proxy = trimmed;
+        } else {
+            proxy = p;
+        }
     }
 
     public String getProxy() {
@@ -629,10 +657,27 @@ public String getProxyAuth() {
         return proxyAuth;
     }
 
+    /**
+     * Sets the proxy authentication credentials.
+     *
+     * @param proxyAuth credentials in format "username:password"
+     * @throws IllegalArgumentException if format is invalid
+     */
     public void setProxyAuth(String proxyAuth) {
-        this.proxyAuth = proxyAuth;
-        String[] splitted = proxyAuth.split(":");
-        Authenticator.setDefault(new ProxyAuth(splitted[0], splitted[1]));
+        if (proxyAuth != null && !proxyAuth.trim().isEmpty()) {
+            String trimmed = proxyAuth.trim();
+            if (!trimmed.contains(":")) {
+                throw new IllegalArgumentException("Invalid proxy auth format. Expected 'username:password' but got: " + proxyAuth);
+            }
+            String[] splitted = trimmed.split(":", 2);
+            if (splitted.length != 2 || splitted[0].isEmpty()) {
+                throw new IllegalArgumentException("Invalid proxy auth format. Username cannot be empty");
+            }
+            this.proxyAuth = trimmed;
+            Authenticator.setDefault(new ProxyAuth(splitted[0], splitted[1]));
+        } else {
+            this.proxyAuth = proxyAuth;
+        }
     }
 
     /**
diff --git a/src/main/java/com/testingbot/tunnel/proxy/CustomConnectHandler.java b/src/main/java/com/testingbot/tunnel/proxy/CustomConnectHandler.java
@@ -142,13 +142,22 @@ private void connectToProxy(HttpServletRequest request, String host, int port, P
                                 response.append((char) buffer.get());
                         }
 
-                        if (!response.toString().contains("200"))
-                            throw new IOException("Channel error response:\n" + response);
+                        String responseStr = response.toString();
+                        if (!responseStr.contains("200")) {
+                            String errorMsg = String.format("Upstream proxy (%s:%d) rejected CONNECT request to %s:%d. Response: %s",
+                                    proxyHost, proxyPort, host, port, responseStr.split("\r\n")[0]);
+                            throw new IOException(errorMsg);
+                        }
+
+                        if (debugMode) {
+                            LOG.info("Successfully established CONNECT tunnel through upstream proxy {}:{} to {}:{}",
+                                    proxyHost, proxyPort, host, port);
+                        }
 
                         try {
                             selector.close();
                         } catch (final IOException e) {
-                            LOG.error(e.getMessage(), e);
+                            LOG.error("Error closing selector: {}", e.getMessage(), e);
                         }
 
                         promise.succeeded(channel);
@@ -157,11 +166,13 @@ private void connectToProxy(HttpServletRequest request, String host, int port, P
                 }
             }
         } catch (IOException x) {
+            LOG.error("Failed to establish CONNECT tunnel through upstream proxy {}:{} to {}:{}: {}",
+                    proxyHost, proxyPort, host, port, x.getMessage());
             if (channel != null) {
                 try {
                     channel.close();
                 } catch (IOException t) {
-                    LOG.error(t.getMessage(), t);
+                    LOG.error("Error closing channel after failure: {}", t.getMessage(), t);
                 }
             }
             promise.failed(x);
diff --git a/src/test/java/com/testingbot/tunnel/ProxyValidationTest.java b/src/test/java/com/testingbot/tunnel/ProxyValidationTest.java
@@ -0,0 +1,166 @@
+package com.testingbot.tunnel;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.assertj.core.api.Assertions.assertThatThrownBy;
+
+/**
+ * Tests for proxy configuration validation
+ */
+class ProxyValidationTest {
+
+    private App app;
+
+    @BeforeEach
+    void setUp() {
+        app = new App();
+        app.setClientKey("test");
+        app.setClientSecret("test");
+    }
+
+    @Test
+    void setProxy_withValidHostAndPort_shouldSucceed() {
+        // Given: Valid proxy configuration
+        // When: Setting proxy
+        app.setProxy("proxy.example.com:8080");
+
+        // Then: Should be set
+        assertThat(app.getProxy()).isEqualTo("proxy.example.com:8080");
+    }
+
+    @Test
+    void setProxy_withValidHostOnly_shouldSucceed() {
+        // Given: Valid proxy hostname without port
+        // When: Setting proxy
+        app.setProxy("proxy.example.com");
+
+        // Then: Should be set
+        assertThat(app.getProxy()).isEqualTo("proxy.example.com");
+    }
+
+    @Test
+    void setProxy_withIPAddress_shouldSucceed() {
+        // Given: Valid IP address
+        // When: Setting proxy
+        app.setProxy("192.168.1.1:3128");
+
+        // Then: Should be set
+        assertThat(app.getProxy()).isEqualTo("192.168.1.1:3128");
+    }
+
+    @Test
+    void setProxy_withInvalidPort_shouldThrowException() {
+        // Given: Invalid port number
+        // When/Then: Setting proxy should throw exception
+        assertThatThrownBy(() -> app.setProxy("proxy.example.com:99999"))
+                .isInstanceOf(IllegalArgumentException.class)
+                .hasMessageContaining("Invalid proxy port");
+    }
+
+    @Test
+    void setProxy_withNegativePort_shouldThrowException() {
+        // Given: Negative port number
+        // When/Then: Setting proxy should throw exception
+        assertThatThrownBy(() -> app.setProxy("proxy.example.com:-1"))
+                .isInstanceOf(IllegalArgumentException.class)
+                .hasMessageContaining("Invalid proxy port");
+    }
+
+    @Test
+    void setProxy_withNonNumericPort_shouldThrowException() {
+        // Given: Non-numeric port
+        // When/Then: Setting proxy should throw exception
+        assertThatThrownBy(() -> app.setProxy("proxy.example.com:abc"))
+                .isInstanceOf(IllegalArgumentException.class)
+                .hasMessageContaining("Invalid proxy port");
+    }
+
+    @Test
+    void setProxy_withEmptyHost_shouldThrowException() {
+        // Given: Empty hostname
+        // When/Then: Setting proxy should throw exception
+        assertThatThrownBy(() -> app.setProxy(":8080"))
+                .isInstanceOf(IllegalArgumentException.class)
+                .hasMessageContaining("Invalid proxy format");
+    }
+
+    @Test
+    void setProxy_withWhitespace_shouldTrim() {
+        // Given: Proxy with whitespace
+        // When: Setting proxy
+        app.setProxy("  proxy.example.com:8080  ");
+
+        // Then: Should be trimmed
+        assertThat(app.getProxy()).isEqualTo("proxy.example.com:8080");
+    }
+
+    @Test
+    void setProxyAuth_withValidCredentials_shouldSucceed() {
+        // Given: Valid credentials
+        // When: Setting proxy auth
+        app.setProxyAuth("username:password");
+
+        // Then: Should be set
+        assertThat(app.getProxyAuth()).isEqualTo("username:password");
+    }
+
+    @Test
+    void setProxyAuth_withPasswordContainingColon_shouldSucceed() {
+        // Given: Password containing colon
+        // When: Setting proxy auth
+        app.setProxyAuth("user:pass:word");
+
+        // Then: Should be set (split on first colon only)
+        assertThat(app.getProxyAuth()).isEqualTo("user:pass:word");
+    }
+
+    @Test
+    void setProxyAuth_withoutColon_shouldThrowException() {
+        // Given: Credentials without colon
+        // When/Then: Setting proxy auth should throw exception
+        assertThatThrownBy(() -> app.setProxyAuth("usernamepassword"))
+                .isInstanceOf(IllegalArgumentException.class)
+                .hasMessageContaining("Invalid proxy auth format");
+    }
+
+    @Test
+    void setProxyAuth_withEmptyUsername_shouldThrowException() {
+        // Given: Empty username
+        // When/Then: Setting proxy auth should throw exception
+        assertThatThrownBy(() -> app.setProxyAuth(":password"))
+                .isInstanceOf(IllegalArgumentException.class)
+                .hasMessageContaining("Username cannot be empty");
+    }
+
+    @Test
+    void setProxyAuth_withWhitespace_shouldTrim() {
+        // Given: Credentials with whitespace
+        // When: Setting proxy auth
+        app.setProxyAuth("  user:pass  ");
+
+        // Then: Should be trimmed
+        assertThat(app.getProxyAuth()).isEqualTo("user:pass");
+    }
+
+    @Test
+    void setProxyAuth_withNull_shouldAcceptNull() {
+        // Given: Null credentials
+        // When: Setting null
+        app.setProxyAuth(null);
+
+        // Then: Should be null
+        assertThat(app.getProxyAuth()).isNull();
+    }
+
+    @Test
+    void setProxy_withNull_shouldAcceptNull() {
+        // Given: Null proxy
+        // When: Setting null
+        app.setProxy(null);
+
+        // Then: Should be null
+        assertThat(app.getProxy()).isNull();
+    }
+}
