From b1b68a4aa441d9ce39d05f85338e371a704dd601 Mon Sep 17 00:00:00 2001 From: James O'Doherty Date: Fri, 29 May 2026 19:30:26 -0400 Subject: feat(cli,parser): support custom profile names and overhaul WireGuard .conf parser for robustness - CLI: - Add optional `[name]` argument to `wg-wrap profile import [name]` to allow overriding the imported profile name. If not provided, it falls back to the derived filename. - Update `README.md` command documentation to reflect custom profile names and list the `wg-wrap profile stop ` subcommand. - Expand `internal/cli/profile_test.go` to cover derived vs custom-named profile imports. - WG Configuration Parser: - Overhaul `pkg/wgconf/wgconf.go` to support case-insensitivity on section headers (e.g. `[peer]`, `[interface]`) and key names (e.g. `privatekey`, `allowedips`). - Implement robust trailing comment stripping (both `#` and `;`) while preserving inline comment-like characters in cryptographic keys (e.g. `key-with-hash-inside#123`) using whitespace-padded match logic. - Clean up and normalize leading/trailing spaces/tabs on parsed keys, values, and list elements (e.g. `AllowedIPs` and `DNS` fields). - Gracefully ignore unrecognized keys (e.g. `MTU`, `ListenPort`, `PresharedKey`) without returning errors. - Add comprehensive tests in `pkg/wgconf/wgconf_test.go` covering inline/block comments, formatting variations, unrecognized keys, and case-insensitivity. --- pkg/wgconf/wgconf_test.go | 145 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 145 insertions(+) (limited to 'pkg/wgconf/wgconf_test.go') diff --git a/pkg/wgconf/wgconf_test.go b/pkg/wgconf/wgconf_test.go index 805aeaa..92583a5 100644 --- a/pkg/wgconf/wgconf_test.go +++ b/pkg/wgconf/wgconf_test.go @@ -3,6 +3,7 @@ package wgconf import ( "os" "path/filepath" + "reflect" "testing" ) @@ -69,3 +70,147 @@ InvalidLineWithoutEquals` t.Error("expected error for invalid line format, got nil") } } + +func TestParseConfigInTheWildEdgeCases(t *testing.T) { + tests := []struct { + name string + content string + want *Config + wantErr bool + }{ + { + name: "Case insensitivity for sections and keys", + content: ` +[interface] +privatekey = my-private-key +address = 10.0.1.2/24 +dns = 8.8.8.8 + +[peer] +publickey = peer-public-key +endpoint = 5.5.5.5:51820 +allowedips = 10.0.1.0/24, fd00::1/64 +`, + want: &Config{ + PrivateKey: "my-private-key", + Address: "10.0.1.2/24", + DNS: "8.8.8.8", + Peers: []Peer{ + { + PublicKey: "peer-public-key", + Endpoint: "5.5.5.5:51820", + AllowedIPs: []string{"10.0.1.0/24", "fd00::1/64"}, + }, + }, + }, + }, + { + name: "Inline and block comments", + content: ` +# This is a whole-line comment +; This is another whole-line comment starting with semicolon + +[Interface] +PrivateKey = key-with-hash-inside#123 # Comment at end of line +Address = 10.0.0.1/24 ; inline semicolon comment +DNS = 1.1.1.1 # DNS fallback + +[Peer] +PublicKey = peerkey ; comment here +# This is a comment between fields +Endpoint = 1.1.1.1:1111 +AllowedIPs = 10.0.0.0/24, 10.0.1.0/24 # comment at the end of allowed ips +`, + want: &Config{ + PrivateKey: "key-with-hash-inside#123", + Address: "10.0.0.1/24", + DNS: "1.1.1.1", + Peers: []Peer{ + { + PublicKey: "peerkey", + Endpoint: "1.1.1.1:1111", + AllowedIPs: []string{"10.0.0.0/24", "10.0.1.0/24"}, + }, + }, + }, + }, + { + name: "Crazy whitespaces and tabs", + content: ` + [Interface] + PrivateKey = key123 + Address = 10.0.0.2/24 + DNS = 9.9.9.9 + + [Peer] +PublicKey = key456 +Endpoint = 2.2.2.2:2222 +AllowedIPs = 192.168.1.1/32 , 192.168.1.2/32 +`, + want: &Config{ + PrivateKey: "key123", + Address: "10.0.0.2/24", + DNS: "9.9.9.9", + Peers: []Peer{ + { + PublicKey: "key456", + Endpoint: "2.2.2.2:2222", + AllowedIPs: []string{"192.168.1.1/32", "192.168.1.2/32"}, + }, + }, + }, + }, + { + name: "Ignore unrecognized keys under Interface and Peer", + content: ` +[Interface] +PrivateKey = pk +Address = 10.0.0.1/24 +ListenPort = 51820 +FwMark = 1234 +MTU = 1420 +PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE +PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE + +[Peer] +PublicKey = pubk +PresharedKey = preshared_key_abc +Endpoint = 3.3.3.3:3333 +AllowedIPs = 0.0.0.0/0 +PersistentKeepalive = 25 +`, + want: &Config{ + PrivateKey: "pk", + Address: "10.0.0.1/24", + DNS: "", + Peers: []Peer{ + { + PublicKey: "pubk", + Endpoint: "3.3.3.3:3333", + AllowedIPs: []string{"0.0.0.0/0"}, + }, + }, + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + tmpFile := filepath.Join(t.TempDir(), "test_wild.conf") + if err := os.WriteFile(tmpFile, []byte(tt.content), 0644); err != nil { + t.Fatal(err) + } + + cfg, err := Parse(tmpFile) + if (err != nil) != tt.wantErr { + t.Fatalf("Parse() error = %v, wantErr %v", err, tt.wantErr) + } + + if err == nil { + if !reflect.DeepEqual(cfg, tt.want) { + t.Errorf("Parse() got = %+v, want = %+v", cfg, tt.want) + } + } + }) + } +} -- cgit v1.2.3