From 4a1a806c01ba9b2e2201e03cd5327b05a755e59f Mon Sep 17 00:00:00 2001
From: Aaron Gibson <aagbsn@extc.org>
Date: Tue, 28 Oct 2025 06:43:36 +0000
Subject: [PATCH] Add test for spoofed X-Forwarded-For

---
 api/tests/integ/test_probe_services.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/api/tests/integ/test_probe_services.py b/api/tests/integ/test_probe_services.py
index 1449b5bcd..90601b20e 100644
--- a/api/tests/integ/test_probe_services.py
+++ b/api/tests/integ/test_probe_services.py
@@ -78,6 +78,9 @@ def test_extract_probe_ipaddr_octect(app):
     with app.test_request_context("/", headers={"X-Real-IP": "1.2.3.4"}):
         assert ooniapi.probe_services.extract_probe_ipaddr() == "1.2.3.4"
 
+def test_extract_probe_ipaddr_spoofed_x_forwarded_for(app):
+    with app.test_request_context("/", headers={"X-Forwarded-For": "1.3.3.7, 1.2.3.4, 4.2.4.2"}):
+        assert ooniapi.probe_services.extract_probe_ipaddr() == "1.2.3.4"
 
 ## Test /api/v1/check-in