diff --git a/pkg/ffnet/ffnet_test.go b/pkg/ffnet/ffnet_test.go index 9d19533..f1b69da 100644 --- a/pkg/ffnet/ffnet_test.go +++ b/pkg/ffnet/ffnet_test.go @@ -175,6 +175,19 @@ func TestNewDialerAllowsAndConnects(t *testing.T) { _ = conn.Close() } +func TestConfigKeysDocumented(t *testing.T) { + // Initialize the net config as a subsection (as ffresty does), then generate the config + // markdown for every known key. This panics if any key is missing a translation, guarding + // against the "Translation for config key '...net.cidrDenylist' was not found" regression. + config.RootConfigReset() + InitConfig(config.RootSection("backend").SubSection("net")) + + assert.NotPanics(t, func() { + _, err := config.GenerateConfigMarkdown(context.Background(), "", config.GetKnownKeys()) + assert.NoError(t, err) + }) +} + func TestGenerateConfigDenylistFromConfig(t *testing.T) { resetConf() ipv4PrivateCIDRs := []string{ diff --git a/pkg/i18n/en_base_config_descriptions.go b/pkg/i18n/en_base_config_descriptions.go index b2146ef..4210f3b 100644 --- a/pkg/i18n/en_base_config_descriptions.go +++ b/pkg/i18n/en_base_config_descriptions.go @@ -92,6 +92,7 @@ var ( ConfigGlobalMaxIdleConnsPerHost = ffc("config.global.maxIdleConnsPerHost", "The max number of idle connections, per unique hostname. Zero means net/http uses the default of only 2.", IntType) ConfigGlobalDNSServers = ffc("config.global.dns.servers", "An optional list of DNS server addresses (host or host:port, port defaults to 53) to use instead of the system resolver. Setting this forces use of Go's built-in DNS resolver.", ArrayStringType) ConfigGlobalDNSTimeout = ffc("config.global.dns.timeout", "The dial timeout when contacting a configured DNS server", TimeDurationType) + ConfigGlobalNetCIDRDenylist = ffc("config.global.net.cidrDenylist", "A list of CIDR ranges to which outbound connections are blocked, as a core SSRF mitigation. Empty by default.", ArrayStringType) ConfigGlobalMethod = ffc("config.global.method", "The HTTP method to use when making requests to the Address Resolver", StringType) ConfigGlobalAuthType = ffc("config.global.auth.type", "The auth plugin to use for server side authentication of requests", StringType) ConfigGlobalPassthroughHeadersEnabled = ffc("config.global.passthroughHeadersEnabled", "Enable passing through the set of allowed HTTP request headers", BooleanType)