summaryrefslogtreecommitdiffstats
path: root/test/modules/core
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-25 04:41:28 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-25 04:41:28 +0000
commitb1a1c1d95059e2fefd7b5671eb110ab690409a84 (patch)
tree97ecfcc9425e2d09d2cd669594d626a616f324a3 /test/modules/core
parentReleasing progress-linux version 2.4.38-3+deb10u10progress5u1. (diff)
downloadapache2-b1a1c1d95059e2fefd7b5671eb110ab690409a84.tar.xz
apache2-b1a1c1d95059e2fefd7b5671eb110ab690409a84.zip
Merging upstream version 2.4.59.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'test/modules/core')
-rw-r--r--test/modules/core/__init__.py1
-rw-r--r--test/modules/core/conftest.py44
-rw-r--r--test/modules/core/test_001_encoding.py93
3 files changed, 138 insertions, 0 deletions
diff --git a/test/modules/core/__init__.py b/test/modules/core/__init__.py
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/test/modules/core/__init__.py
@@ -0,0 +1 @@
+
diff --git a/test/modules/core/conftest.py b/test/modules/core/conftest.py
new file mode 100644
index 0000000..439cd22
--- /dev/null
+++ b/test/modules/core/conftest.py
@@ -0,0 +1,44 @@
+import logging
+import os
+
+import pytest
+import sys
+
+from pyhttpd.env import HttpdTestEnv
+
+sys.path.append(os.path.join(os.path.dirname(__file__), '../..'))
+
+
+def pytest_report_header(config, startdir):
+ env = HttpdTestEnv()
+ return f"core [apache: {env.get_httpd_version()}, mpm: {env.mpm_module}, {env.prefix}]"
+
+
+@pytest.fixture(scope="package")
+def env(pytestconfig) -> HttpdTestEnv:
+ level = logging.INFO
+ console = logging.StreamHandler()
+ console.setLevel(level)
+ console.setFormatter(logging.Formatter('%(levelname)s: %(message)s'))
+ logging.getLogger('').addHandler(console)
+ logging.getLogger('').setLevel(level=level)
+ env = HttpdTestEnv(pytestconfig=pytestconfig)
+ env.setup_httpd()
+ env.apache_access_log_clear()
+ env.httpd_error_log.clear_log()
+ return env
+
+
+@pytest.fixture(autouse=True, scope="package")
+def _session_scope(env):
+ env.httpd_error_log.set_ignored_lognos([
+ 'AH10244', # core: invalid URI path
+ 'AH01264', # mod_cgid script not found
+ ])
+ yield
+ assert env.apache_stop() == 0
+ errors, warnings = env.httpd_error_log.get_missed()
+ assert (len(errors), len(warnings)) == (0, 0),\
+ f"apache logged {len(errors)} errors and {len(warnings)} warnings: \n"\
+ "{0}\n{1}\n".format("\n".join(errors), "\n".join(warnings))
+
diff --git a/test/modules/core/test_001_encoding.py b/test/modules/core/test_001_encoding.py
new file mode 100644
index 0000000..b7ffbaa
--- /dev/null
+++ b/test/modules/core/test_001_encoding.py
@@ -0,0 +1,93 @@
+import pytest
+
+from pyhttpd.conf import HttpdConf
+
+
+class TestEncoding:
+
+ EXP_AH10244_ERRS = 0
+
+ @pytest.fixture(autouse=True, scope='class')
+ def _class_scope(self, env):
+ conf = HttpdConf(env, extras={
+ 'base': f"""
+ <Directory "{env.gen_dir}">
+ AllowOverride None
+ Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+ Require all granted
+ </Directory>
+ """,
+ f"test2.{env.http_tld}": "AllowEncodedSlashes on",
+ f"test1.{env.http_tld}": f"ScriptAlias /cgi-bin/ {env.gen_dir}",
+ })
+ conf.add_vhost_test1()
+ conf.add_vhost_test2()
+ conf.add_vhost_cgi()
+ conf.install()
+ assert env.apache_restart() == 0
+
+ # check handling of url encodings that are accepted
+ @pytest.mark.parametrize("path", [
+ "/006/006.css",
+ "/%30%30%36/%30%30%36.css",
+ "/nothing/../006/006.css",
+ "/nothing/./../006/006.css",
+ "/nothing/%2e%2e/006/006.css",
+ "/nothing/%2e/%2e%2e/006/006.css",
+ "/nothing/%2e/%2e%2e/006/006%2ecss",
+ ])
+ def test_core_001_01(self, env, path):
+ url = env.mkurl("https", "test1", path)
+ r = env.curl_get(url)
+ assert r.response["status"] == 200
+
+ # check handling of / normalization
+ @pytest.mark.parametrize("path", [
+ "/006//006.css",
+ "/006//////////006.css",
+ "/006////.//////006.css",
+ "/006////%2e//////006.css",
+ "/006////%2e//////006%2ecss",
+ "/006/../006/006.css",
+ "/006/%2e%2e/006/006.css",
+ ])
+ def test_core_001_03(self, env, path):
+ url = env.mkurl("https", "test1", path)
+ r = env.curl_get(url)
+ assert r.response["status"] == 200
+
+ # check path traversals
+ @pytest.mark.parametrize(["path", "status"], [
+ ["/../echo.py", 400],
+ ["/nothing/../../echo.py", 400],
+ ["/cgi-bin/../../echo.py", 400],
+ ["/nothing/%2e%2e/%2e%2e/echo.py", 400],
+ ["/cgi-bin/%2e%2e/%2e%2e/echo.py", 400],
+ ["/nothing/%%32%65%%32%65/echo.py", 400],
+ ["/cgi-bin/%%32%65%%32%65/echo.py", 400],
+ ["/nothing/%%32%65%%32%65/%%32%65%%32%65/h2_env.py", 400],
+ ["/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/h2_env.py", 400],
+ ["/nothing/%25%32%65%25%32%65/echo.py", 404],
+ ["/cgi-bin/%25%32%65%25%32%65/echo.py", 404],
+ ["/nothing/%25%32%65%25%32%65/%25%32%65%25%32%65/h2_env.py", 404],
+ ["/cgi-bin/%25%32%65%25%32%65/%25%32%65%25%32%65/h2_env.py", 404],
+ ])
+ def test_core_001_04(self, env, path, status):
+ url = env.mkurl("https", "test1", path)
+ r = env.curl_get(url)
+ assert r.response["status"] == status
+ if status == 400:
+ TestEncoding.EXP_AH10244_ERRS += 1
+ # the log will have a core:err about invalid URI path
+
+ # check handling of %2f url encodings that are not decoded by default
+ @pytest.mark.parametrize(["host", "path", "status"], [
+ ["test1", "/006%2f006.css", 404],
+ ["test2", "/006%2f006.css", 200],
+ ["test2", "/x%252f.test", 200],
+ ["test2", "/10%25abnormal.txt", 200],
+ ])
+ def test_core_001_20(self, env, host, path, status):
+ url = env.mkurl("https", host, path)
+ r = env.curl_get(url)
+ assert r.response["status"] == status