From a1783d864a4d83bebe9cfd7254a95dc4f1feb348 Mon Sep 17 00:00:00 2001
From: PRATHAMESH LOHAKARE <49603432+theyashl@users.noreply.github.com>
Date: Wed, 9 Oct 2024 12:59:11 +0530
Subject: [PATCH] Add support for `[*]` in trusted hosts (#2480)

* fixed trusted host parsing for always trust case

* Update uvicorn/middleware/proxy_headers.py

* added test case for trust everything using list

---------

Co-authored-by: Marcelo Trylesinski <marcelotryle@gmail.com>
---
 tests/middleware/test_proxy_headers.py | 6 +++++-
 uvicorn/middleware/proxy_headers.py    | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/tests/middleware/test_proxy_headers.py b/tests/middleware/test_proxy_headers.py
index a2cbde775..0ade97450 100644
--- a/tests/middleware/test_proxy_headers.py
+++ b/tests/middleware/test_proxy_headers.py
@@ -56,6 +56,7 @@ def make_httpx_client(
 # of the _TrustedHosts.__init__ method.
 _TRUSTED_NOTHING: list[str] = []
 _TRUSTED_EVERYTHING = "*"
+_TRUSTED_EVERYTHING_LIST = ["*"]
 _TRUSTED_IPv4_ADDRESSES = "127.0.0.1, 10.0.0.1"
 _TRUSTED_IPv4_NETWORKS = ["127.0.0.0/8", "10.0.0.0/8"]
 _TRUSTED_IPv6_ADDRESSES = [
@@ -65,7 +66,7 @@ def make_httpx_client(
     "::11.22.33.44",  # This is a dual address
 ]
 _TRUSTED_IPv6_NETWORKS = "2001:db8:abcd:0012::0/64"
-_TRUSTED_LITERALS = "some-literal , unix:///foo/bar  ,  /foo/bar"
+_TRUSTED_LITERALS = "some-literal , unix:///foo/bar  ,  /foo/bar, garba*gewith*"
 
 
 @pytest.mark.parametrize(
@@ -122,6 +123,7 @@ def make_httpx_client(
         (_TRUSTED_EVERYTHING, "192.168.0.0", True),
         (_TRUSTED_EVERYTHING, "192.168.0.1", True),
         (_TRUSTED_EVERYTHING, "1.1.1.1", True),
+        (_TRUSTED_EVERYTHING_LIST, "1.1.1.1", True),
         # Test IPv6 Addresses
         (_TRUSTED_EVERYTHING, "2001:db8::", True),
         (_TRUSTED_EVERYTHING, "2001:db8:abcd:0012::0", True),
@@ -136,6 +138,7 @@ def make_httpx_client(
         (_TRUSTED_EVERYTHING, "::b16:212c", True),  # aka ::11.22.33.44
         (_TRUSTED_EVERYTHING, "a:b:c:d::", True),
         (_TRUSTED_EVERYTHING, "::a:b:c:d", True),
+        (_TRUSTED_EVERYTHING_LIST, "::a:b:c:d", True),
         # Test Literals
         (_TRUSTED_EVERYTHING, "some-literal", True),
         (_TRUSTED_EVERYTHING, "unix:///foo/bar", True),
@@ -145,6 +148,7 @@ def make_httpx_client(
         (_TRUSTED_EVERYTHING, "unix:///another/path", True),
         (_TRUSTED_EVERYTHING, "/another/path", True),
         (_TRUSTED_EVERYTHING, "", True),
+        (_TRUSTED_EVERYTHING_LIST, "", True),
         ## Trust IPv4 Addresses
         ## -----------------------------
         # Test IPv4 Addresses
diff --git a/uvicorn/middleware/proxy_headers.py b/uvicorn/middleware/proxy_headers.py
index ce4fd8c01..7c3609de6 100644
--- a/uvicorn/middleware/proxy_headers.py
+++ b/uvicorn/middleware/proxy_headers.py
@@ -68,7 +68,7 @@ class _TrustedHosts:
     """Container for trusted hosts and networks"""
 
     def __init__(self, trusted_hosts: list[str] | str) -> None:
-        self.always_trust: bool = trusted_hosts == "*"
+        self.always_trust: bool = trusted_hosts in ("*", ["*"])
 
         self.trusted_literals: set[str] = set()
         self.trusted_hosts: set[ipaddress.IPv4Address | ipaddress.IPv6Address] = set()