saucelabs · mmatczuk · Sep 9, 2024 · Sep 5, 2024 · Sep 5, 2024 · Sep 5, 2024
@@ -43,6 +43,7 @@ require (
 	github.com/google/pprof v0.0.0-20230926050212-f7f687d19a98 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/kevinburke/hostsfile v0.0.0-20220522040509-e5e984885321 // indirect
 	github.com/klauspost/compress v1.17.9 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect

@@ -44,6 +44,8 @@ github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T
 github.com/ianlancetaylor/demangle v0.0.0-20220319035150-800ac71e25c2/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/kevinburke/hostsfile v0.0.0-20220522040509-e5e984885321 h1:zfI6ImDFFLxvWztL5C7pigHTGyjfI3EtS/UDaDKk7dg=
+github.com/kevinburke/hostsfile v0.0.0-20220522040509-e5e984885321/go.mod h1:jxc0FMWcuW3a+dQiKqEesZGT5abRU8gFVbdJaykah/g=
 github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA=
 github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=

@@ -0,0 +1,46 @@
+// Copyright 2022-2024 Sauce Labs Inc., all rights reserved.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package hostsfile
+
+import (
+	"io"
+	"os"
+	"sort"
+
+	hostsfile "github.com/kevinburke/hostsfile/lib"
+	"golang.org/x/exp/maps"
+)
+
+func LocalhostAliases() ([]string, error) {
+	f, err := os.Open(hostsfile.Location)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+
+	return readLocalhostAliases(f)
+}
+
+func readLocalhostAliases(r io.Reader) ([]string, error) {
+	hf, err := hostsfile.Decode(r)
+	if err != nil {
+		return nil, err
+	}
+
+	aliases := make(map[string]struct{})
+	for _, r := range hf.Records() {
+		if r.IpAddress.IP.IsLoopback() {
+			for a := range r.Hostnames {
+				aliases[a] = struct{}{}
+			}
+		}
+	}
+
+	v := maps.Keys(aliases)
+	sort.Strings(v)
+	return v, nil
+}
@@ -0,0 +1,42 @@
+// Copyright 2022-2024 Sauce Labs Inc., all rights reserved.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at https://mozilla.org/MPL/2.0/.
+
+package hostsfile
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/google/go-cmp/cmp"
+)
+
+func TestReadLocalhostAliases(t *testing.T) {
+	data := `
+127.0.0.1	localhost
+255.255.255.255	broadcasthost
+::1             localhost
+127.0.0.1 kubernetes.docker.internal
+# End of section
+
+127.0.0.1	SL-666
+
+192.168.0.60	fedora
+`
+	l, err := readLocalhostAliases(strings.NewReader(data))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	golden := []string{
+		"SL-666",
+		"kubernetes.docker.internal",
+		"localhost",
+	}
+
+	if diff := cmp.Diff(l, golden); diff != "" {
+		t.Errorf("unexpected result (-want +got):\n%s", diff)
+	}
+}
@@ -16,9 +16,11 @@ import (
 	"net"
 	"net/http"
 	"net/url"
+	"slices"
 	"sync"
 	"time"
 
+	"github.com/saucelabs/forwarder/hostsfile"
 	"github.com/saucelabs/forwarder/httplog"
 	"github.com/saucelabs/forwarder/internal/martian"
 	"github.com/saucelabs/forwarder/internal/martian/fifo"
@@ -145,6 +147,7 @@ type HTTPProxy struct {
 	proxy      *martian.Proxy
 	mitmCACert *x509.Certificate
 	proxyFunc  ProxyFunc
+	localhost  []string
 
 	tlsConfig *tls.Config
 	listener  net.Listener
@@ -164,6 +167,12 @@ func NewHTTPProxy(cfg *HTTPProxyConfig, pr PACResolver, cm *CredentialsMatcher,
 		}
 	}
 
+	lh, err := hostsfile.LocalhostAliases()
+	if err != nil {
+		return nil, fmt.Errorf("read localhost aliases: %w", err)
+	}
+	hp.localhost = append(hp.localhost, lh...)
+
 	l, err := hp.listen()
 	if err != nil {
 		return nil, err
@@ -209,6 +218,7 @@ func newHTTPProxy(cfg *HTTPProxyConfig, pr PACResolver, cm *CredentialsMatcher,
 		transport: rt,
 		log:       log,
 		metrics:   newHTTPProxyMetrics(cfg.PromRegistry, cfg.PromNamespace),
+		localhost: []string{"localhost", "0.0.0.0", "::"},
 	}
 
 	if err := hp.configureProxy(); err != nil {
@@ -405,7 +415,7 @@ func (hp *HTTPProxy) basicAuth(u *url.Userinfo) martian.RequestModifier {
 
 func (hp *HTTPProxy) denyLocalhost() martian.RequestModifier {
 	return martian.RequestModifierFunc(func(req *http.Request) error {
-		if hp.isLocalhost(req) {
+		if hp.isLocalhost(req.URL.Hostname()) {
 			return ErrProxyLocalhost
 		}
 		return nil
@@ -440,15 +450,22 @@ func (hp *HTTPProxy) directLocalhost(fn ProxyFunc) ProxyFunc {
 	}
 
 	return func(req *http.Request) (*url.URL, error) {
-		if hp.isLocalhost(req) {
+		if hp.isLocalhost(req.URL.Hostname()) {
 			return nil, nil
 		}
 		return fn(req)
 	}
 }
 
-func (hp *HTTPProxy) isLocalhost(req *http.Request) bool {
-	return isLocalhost(req.URL.Hostname())
+func (hp *HTTPProxy) isLocalhost(host string) bool {
+	if slices.Contains(hp.localhost, host) {
+		return true
+	}
+	if ip := net.ParseIP(host); ip != nil && ip.IsLoopback() {
+		return true
+	}
+
+	return false
 }
 
 func (hp *HTTPProxy) setBasicAuth(req *http.Request) error {

@@ -109,3 +109,37 @@ func TestNopDialer(t *testing.T) {
 		t.Fatalf("expected %v, got %v", nopDialerErr, err)
 	}
 }
+
+func TestIsLocalhost(t *testing.T) {
+	cfg := DefaultHTTPProxyConfig()
+	p, err := NewHTTPProxy(cfg, nil, nil, nil, stdlog.Default())
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tests := []struct {
+		host      string
+		localhost bool
+	}{
+		{"127.0.0.1", true},
+		{"127.10.20.30", true},
+		{"localhost", true},
+		{"0.0.0.0", true},
+
+		{"notlocalhost", false},
+		{"broadcasthost", false},
+
+		{"::1", true},
+		{"::", true},
+
+		{"::10", false},
+		{"2001:0db8:85a3:0000:0000:8a2e:0370:7334", false},
+	}
+
+	for i := range tests {
+		tc := tests[i]
+		if lh := p.isLocalhost(tc.host); lh != tc.localhost {
+			t.Errorf("isLocalhost(%q) = %v; want %v", tc.host, lh, tc.localhost)
+		}
+	}
+}
@@ -63,7 +63,7 @@ func addr2Host(addr string) string {
 		return "unknown"
 	}
 
-	if isLocalhost(host) {
+	if ip := net.ParseIP(host); ip != nil && ip.IsLoopback() {
 		return "localhost"
 	}