From 9872a4dc113e5f52e013823d8a67dc045ee9d850 Mon Sep 17 00:00:00 2001 From: Lukasz Nowak <luke@nexedi.com> Date: Thu, 9 Aug 2018 14:08:31 +0200 Subject: [PATCH] caddy-frontend: Escape command line for monitor-ipv[46]-test --- .../templates/apache-custom-slave-list.cfg.in | 4 +- software/caddy-frontend/test/test.py | 96 ++++++++++++++++++- ...BadParameters.test_file_list_log-CADDY.txt | 4 + ...meters.test_monitor_promise_list-CADDY.txt | 6 ++ 4 files changed, 106 insertions(+), 4 deletions(-) diff --git a/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in b/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in index d1f6230e8..9282b21bf 100644 --- a/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in +++ b/software/caddy-frontend/templates/apache-custom-slave-list.cfg.in @@ -257,7 +257,7 @@ wrapper-path = {{ promise_directory }}/${:filename} {% do part_list.append(monitor_ipv6_section_title) %} [{{ monitor_ipv6_section_title }}] recipe = slapos.cookbook:wrapper -command-line = {{ bin_directory }}/is-icmp-packet-lost -a {{monitor_ipv6_test}} +command-line = {{ dumps(bin_directory ~ '/is-icmp-packet-lost -a ' ~ monitor_ipv6_test) }} filename = {{ monitor_ipv6_section_title }} wrapper-path = {{ promise_directory }}/${:filename} {% endif %} @@ -268,7 +268,7 @@ wrapper-path = {{ promise_directory }}/${:filename} {% do part_list.append(monitor_ipv4_section_title) %} [{{ monitor_ipv4_section_title }}] recipe = slapos.cookbook:wrapper -command-line = {{ bin_directory }}/is-icmp-packet-lost -4 -a {{monitor_ipv4_test}} +command-line = {{ dumps(bin_directory ~ '/is-icmp-packet-lost -4 -a ' ~ monitor_ipv4_test) }} filename = {{ monitor_ipv4_section_title }} wrapper-path = {{ promise_directory }}/${:filename} {% endif %} diff --git a/software/caddy-frontend/test/test.py b/software/caddy-frontend/test/test.py index 1c71278b2..a09c41f80 100644 --- a/software/caddy-frontend/test/test.py +++ b/software/caddy-frontend/test/test.py @@ -3057,6 +3057,12 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin): 'url': cls.backend_url, 'default-path': '${section:option}\nn"\newline\n}\n}proxy\n/slashed', }, + 'monitor-ipv4-test-unsafe': { + 'monitor-ipv4-test': '${section:option}\nafternewline ipv4', + }, + 'monitor-ipv6-test-unsafe': { + 'monitor-ipv6-test': '${section:option}\nafternewline ipv6', + }, } def test_master_partition_state(self): @@ -3066,9 +3072,9 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin): expected_parameter_dict = { 'monitor-base-url': None, 'domain': 'example.com', - 'accepted-slave-amount': '5', + 'accepted-slave-amount': '7', 'rejected-slave-amount': '2', - 'slave-amount': '7', + 'slave-amount': '9', 'rejected-slave-list': '["_server-alias-unsafe", "_custom_domain-unsafe"]'} @@ -3261,3 +3267,89 @@ class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin): 'https://defaultpathunsafe.example.com:%s/%%24%%7Bsection%%3Aoption%%7D' '%%0An%%22%%0Aewline%%0A%%7D%%0A%%7Dproxy%%0A/slashed' % (HTTPS_PORT,) ) + + def test_monitor_ipv4_test_unsafe(self): + parameter_dict = self.slave_connection_parameter_dict_dict[ + 'monitor-ipv4-test-unsafe'] + self.assertLogAccessUrlWithPop(parameter_dict, 'monitor-ipv4-test-unsafe') + self.assertEqual( + parameter_dict, + { + 'domain': 'monitoripv4testunsafe.example.com', + 'replication_number': '1', + 'url': 'http://monitoripv4testunsafe.example.com', + 'site_url': 'http://monitoripv4testunsafe.example.com', + 'secure_access': 'https://monitoripv4testunsafe.example.com', + 'public-ipv4': LOCAL_IPV4, + } + ) + + result = self.fakeHTTPSResult( + parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') + + self.assertEqual( + der2pem(result.peercert), + open('wildcard.example.com.crt').read()) + + self.assertEqual(result.status_code, no_backend_response_code) + + result_http = self.fakeHTTPResult( + parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') + self.assertEqual(result_http.status_code, no_backend_response_code) + + # rewrite SR/bin/is-icmp-packet-lost + open( + os.path.join(self.software_path, 'bin', 'is-icmp-packet-lost'), 'w' + ).write('echo "$@"') + # call the monitor for this partition + monitor_file = glob.glob( + os.path.join( + self.instance_path, '*', 'etc', 'monitor-promise', + 'check-_monitor-ipv4-test-unsafe-ipv4-packet-list-test'))[0] + self.assertEqual( + '-4 -a ${section:option} afternewline ipv4', + subprocess.check_output(monitor_file).strip() + ) + + def test_monitor_ipv6_test_unsafe(self): + parameter_dict = self.slave_connection_parameter_dict_dict[ + 'monitor-ipv6-test-unsafe'] + self.assertLogAccessUrlWithPop(parameter_dict, 'monitor-ipv6-test-unsafe') + self.assertEqual( + parameter_dict, + { + 'domain': 'monitoripv6testunsafe.example.com', + 'replication_number': '1', + 'url': 'http://monitoripv6testunsafe.example.com', + 'site_url': 'http://monitoripv6testunsafe.example.com', + 'secure_access': 'https://monitoripv6testunsafe.example.com', + 'public-ipv4': LOCAL_IPV4, + } + ) + + result = self.fakeHTTPSResult( + parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') + + self.assertEqual( + der2pem(result.peercert), + open('wildcard.example.com.crt').read()) + + self.assertEqual(result.status_code, no_backend_response_code) + + result_http = self.fakeHTTPResult( + parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path') + self.assertEqual(result_http.status_code, no_backend_response_code) + + # rewrite SR/bin/is-icmp-packet-lost + open( + os.path.join(self.software_path, 'bin', 'is-icmp-packet-lost'), 'w' + ).write('echo "$@"') + # call the monitor for this partition + monitor_file = glob.glob( + os.path.join( + self.instance_path, '*', 'etc', 'monitor-promise', + 'check-_monitor-ipv6-test-unsafe-ipv6-packet-list-test'))[0] + self.assertEqual( + '-a ${section:option} afternewline ipv6', + subprocess.check_output(monitor_file).strip() + ) diff --git a/software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_file_list_log-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_file_list_log-CADDY.txt index f04c799f6..695e9acaf 100644 --- a/software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_file_list_log-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_file_list_log-CADDY.txt @@ -3,6 +3,10 @@ TestSlaveBadParameters-1/var/log/frontend-access.log TestSlaveBadParameters-1/var/log/frontend-error.log TestSlaveBadParameters-1/var/log/httpd/_default-path-unsafe_access_log TestSlaveBadParameters-1/var/log/httpd/_default-path-unsafe_error_log +TestSlaveBadParameters-1/var/log/httpd/_monitor-ipv4-test-unsafe_access_log +TestSlaveBadParameters-1/var/log/httpd/_monitor-ipv4-test-unsafe_error_log +TestSlaveBadParameters-1/var/log/httpd/_monitor-ipv6-test-unsafe_access_log +TestSlaveBadParameters-1/var/log/httpd/_monitor-ipv6-test-unsafe_error_log TestSlaveBadParameters-1/var/log/httpd/_re6st-optimal-test-nocomma_access_log TestSlaveBadParameters-1/var/log/httpd/_re6st-optimal-test-nocomma_error_log TestSlaveBadParameters-1/var/log/httpd/_re6st-optimal-test-unsafe_access_log diff --git a/software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_monitor_promise_list-CADDY.txt b/software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_monitor_promise_list-CADDY.txt index 950e691a5..8d9471799 100644 --- a/software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_monitor_promise_list-CADDY.txt +++ b/software/caddy-frontend/test/test_data/test.TestSlaveBadParameters.test_monitor_promise_list-CADDY.txt @@ -1,5 +1,11 @@ TestSlaveBadParameters-1/etc/monitor-promise/check-_default-path-unsafe-error-log-last-day TestSlaveBadParameters-1/etc/monitor-promise/check-_default-path-unsafe-error-log-last-hour +TestSlaveBadParameters-1/etc/monitor-promise/check-_monitor-ipv4-test-unsafe-error-log-last-day +TestSlaveBadParameters-1/etc/monitor-promise/check-_monitor-ipv4-test-unsafe-error-log-last-hour +TestSlaveBadParameters-1/etc/monitor-promise/check-_monitor-ipv4-test-unsafe-ipv4-packet-list-test +TestSlaveBadParameters-1/etc/monitor-promise/check-_monitor-ipv6-test-unsafe-error-log-last-day +TestSlaveBadParameters-1/etc/monitor-promise/check-_monitor-ipv6-test-unsafe-error-log-last-hour +TestSlaveBadParameters-1/etc/monitor-promise/check-_monitor-ipv6-test-unsafe-ipv6-packet-list-test TestSlaveBadParameters-1/etc/monitor-promise/check-_re6st-optimal-test-nocomma-error-log-last-day TestSlaveBadParameters-1/etc/monitor-promise/check-_re6st-optimal-test-nocomma-error-log-last-hour TestSlaveBadParameters-1/etc/monitor-promise/check-_re6st-optimal-test-unsafe-error-log-last-day -- 2.30.9