diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:35:11 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:35:11 +0000 |
commit | da76459dc21b5af2449af2d36eb95226cb186ce2 (patch) | |
tree | 542ebb3c1e796fac2742495b8437331727bbbfa0 /reg-tests/converter | |
parent | Initial commit. (diff) | |
download | haproxy-upstream/2.6.12.tar.xz haproxy-upstream/2.6.12.zip |
Adding upstream version 2.6.12.upstream/2.6.12upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'reg-tests/converter')
-rw-r--r-- | reg-tests/converter/add_item.vtc | 50 | ||||
-rw-r--r-- | reg-tests/converter/be2dec.vtc | 56 | ||||
-rw-r--r-- | reg-tests/converter/be2hex.vtc | 60 | ||||
-rw-r--r-- | reg-tests/converter/digest.vtc | 57 | ||||
-rw-r--r-- | reg-tests/converter/field.vtc | 39 | ||||
-rw-r--r-- | reg-tests/converter/fix.vtc | 235 | ||||
-rw-r--r-- | reg-tests/converter/hmac.vtc | 55 | ||||
-rw-r--r-- | reg-tests/converter/iif.vtc | 46 | ||||
-rw-r--r-- | reg-tests/converter/json.vtc | 40 | ||||
-rw-r--r-- | reg-tests/converter/json_query.vtc | 101 | ||||
-rw-r--r-- | reg-tests/converter/mqtt.vtc | 238 | ||||
-rw-r--r-- | reg-tests/converter/secure_memcmp.vtc | 143 | ||||
-rw-r--r-- | reg-tests/converter/sha2.vtc | 57 | ||||
-rw-r--r-- | reg-tests/converter/url_dec.vtc | 37 | ||||
-rw-r--r-- | reg-tests/converter/url_enc.vtc | 43 |
15 files changed, 1257 insertions, 0 deletions
diff --git a/reg-tests/converter/add_item.vtc b/reg-tests/converter/add_item.vtc new file mode 100644 index 0000000..474ad7b --- /dev/null +++ b/reg-tests/converter/add_item.vtc @@ -0,0 +1,50 @@ +varnishtest "be2dec converter Test" + +feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.6-dev0)'" +feature ignore_unknown_macro + +server s1 { + rxreq + txresp -hdr "Connection: close" +} -repeat 3 -start + +haproxy h1 -conf { + defaults + mode http + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + + frontend fe + bind "fd@${fe}" + + #### requests + http-request set-var(txn.input) req.hdr(input) + http-request set-var(txn.var) str("var_content") + + http-response set-header add_item-1 "%[var(txn.input),add_item(',',txn.var,_suff_)]" + http-response set-header add_item-2 "%[var(txn.input),add_item(',',txn.var)]" + http-response set-header add_item-3 "%[var(txn.input),add_item(',',,_suff_)]" + + default_backend be + + backend be + server s1 ${s1_addr}:${s1_port} +} -start + +client c1 -connect ${h1_fe_sock} { + txreq -url "/" \ + -hdr "input:" + rxresp + expect resp.status == 200 + expect resp.http.add_item-1 == "var_content_suff_" + expect resp.http.add_item-2 == "var_content" + expect resp.http.add_item-3 == "_suff_" + txreq -url "/" \ + -hdr "input: input_string" + rxresp + expect resp.status == 200 + expect resp.http.add_item-1 == "input_string,var_content_suff_" + expect resp.http.add_item-2 == "input_string,var_content" + expect resp.http.add_item-3 == "input_string,_suff_" +} -run diff --git a/reg-tests/converter/be2dec.vtc b/reg-tests/converter/be2dec.vtc new file mode 100644 index 0000000..a0b7104 --- /dev/null +++ b/reg-tests/converter/be2dec.vtc @@ -0,0 +1,56 @@ +varnishtest "be2dec converter Test" + +feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.5-dev0)'" +feature ignore_unknown_macro + +server s1 { + rxreq + txresp -hdr "Connection: close" +} -repeat 3 -start + +haproxy h1 -conf { + defaults + mode http + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + + frontend fe + bind "fd@${fe}" + + #### requests + http-request set-var(txn.input) req.hdr(input) + + http-response set-header be2dec-1 "%[var(txn.input),be2dec(:,1)]" + http-response set-header be2dec-2 "%[var(txn.input),be2dec(-,3)]" + http-response set-header be2dec-3 "%[var(txn.input),be2dec(::,3,1)]" + + default_backend be + + backend be + server s1 ${s1_addr}:${s1_port} +} -start + +client c1 -connect ${h1_fe_sock} { + txreq -url "/" \ + -hdr "input:" + rxresp + expect resp.status == 200 + expect resp.http.be2dec-1 == "" + expect resp.http.be2dec-2 == "" + expect resp.http.be2dec-3 == "" + txreq -url "/" \ + -hdr "input: 0123456789" + rxresp + expect resp.status == 200 + expect resp.http.be2dec-1 == "48:49:50:51:52:53:54:55:56:57" + expect resp.http.be2dec-2 == "3158322-3355701-3553080-57" + expect resp.http.be2dec-3 == "3158322::3355701::3553080" + txreq -url "/" \ + -hdr "input: abcdefghijklmnopqrstuvwxyz" + rxresp + expect resp.status == 200 + expect resp.http.be2dec-1 == "97:98:99:100:101:102:103:104:105:106:107:108:109:110:111:112:113:114:115:116:117:118:119:120:121:122" + expect resp.http.be2dec-2 == "6382179-6579558-6776937-6974316-7171695-7369074-7566453-7763832-31098" + expect resp.http.be2dec-3 == "6382179::6579558::6776937::6974316::7171695::7369074::7566453::7763832" +} -run diff --git a/reg-tests/converter/be2hex.vtc b/reg-tests/converter/be2hex.vtc new file mode 100644 index 0000000..4cf3dc1 --- /dev/null +++ b/reg-tests/converter/be2hex.vtc @@ -0,0 +1,60 @@ +varnishtest "be2hex converter Test" + +feature cmd "$HAPROXY_PROGRAM -cc 'version_atleast(2.5-dev0)'" +feature ignore_unknown_macro + +server s1 { + rxreq + txresp -hdr "Connection: close" +} -repeat 3 -start + +haproxy h1 -conf { + defaults + mode http + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + + frontend fe + bind "fd@${fe}" + + #### requests + http-request set-var(txn.input) req.hdr(input) + + http-response set-header be2hex "%[var(txn.input),be2hex,lower]" + http-response set-header be2hex-1 "%[var(txn.input),be2hex(:,1),lower]" + http-response set-header be2hex-2 "%[var(txn.input),be2hex(--,3),lower]" + http-response set-header be2hex-3 "%[var(txn.input),be2hex(.,3,1),lower]" + + default_backend be + + backend be + server s1 ${s1_addr}:${s1_port} +} -start + +client c1 -connect ${h1_fe_sock} { + txreq -url "/" \ + -hdr "input:" + rxresp + expect resp.status == 200 + expect resp.http.be2hex == "" + expect resp.http.be2hex-1 == "" + expect resp.http.be2hex-2 == "" + expect resp.http.be2hex-3 == "" + txreq -url "/" \ + -hdr "input: 0123456789" + rxresp + expect resp.status == 200 + expect resp.http.be2hex == "30313233343536373839" + expect resp.http.be2hex-1 == "30:31:32:33:34:35:36:37:38:39" + expect resp.http.be2hex-2 == "303132--333435--363738--39" + expect resp.http.be2hex-3 == "303132.333435.363738" + txreq -url "/" \ + -hdr "input: abcdefghijklmnopqrstuvwxyz" + rxresp + expect resp.status == 200 + expect resp.http.be2hex == "6162636465666768696a6b6c6d6e6f707172737475767778797a" + expect resp.http.be2hex-1 == "61:62:63:64:65:66:67:68:69:6a:6b:6c:6d:6e:6f:70:71:72:73:74:75:76:77:78:79:7a" + expect resp.http.be2hex-2 == "616263--646566--676869--6a6b6c--6d6e6f--707172--737475--767778--797a" + expect resp.http.be2hex-3 == "616263.646566.676869.6a6b6c.6d6e6f.707172.737475.767778" +} -run diff --git a/reg-tests/converter/digest.vtc b/reg-tests/converter/digest.vtc new file mode 100644 index 0000000..e911ff4 --- /dev/null +++ b/reg-tests/converter/digest.vtc @@ -0,0 +1,57 @@ +varnishtest "digest converter Test" + +#REQUIRE_VERSION=2.2 +#REQUIRE_OPTION=OPENSSL + +feature ignore_unknown_macro + +server s1 { + rxreq + txresp -hdr "Connection: close" +} -repeat 2 -start + +haproxy h1 -conf { + defaults + mode http + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + + frontend fe + bind "fd@${fe}" + + #### requests + http-request set-var(txn.hash) req.hdr(hash) + + http-response set-header SHA1 "%[var(txn.hash),digest(sha1),hex,lower]" + http-response set-header SHA224 "%[var(txn.hash),digest(sha224),hex,lower]" + http-response set-header SHA256 "%[var(txn.hash),digest(sha256),hex,lower]" + http-response set-header SHA384 "%[var(txn.hash),digest(sha384),hex,lower]" + http-response set-header SHA512 "%[var(txn.hash),digest(sha512),hex,lower]" + + default_backend be + + backend be + server s1 ${s1_addr}:${s1_port} +} -start + +client c1 -connect ${h1_fe_sock} { + txreq -url "/" \ + -hdr "Hash: 1" + rxresp + expect resp.status == 200 + expect resp.http.sha1 == "356a192b7913b04c54574d18c28d46e6395428ab" + expect resp.http.sha224 == "e25388fde8290dc286a6164fa2d97e551b53498dcbf7bc378eb1f178" + expect resp.http.sha256 == "6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b" + expect resp.http.sha384 == "47f05d367b0c32e438fb63e6cf4a5f35c2aa2f90dc7543f8a41a0f95ce8a40a313ab5cf36134a2068c4c969cb50db776" + expect resp.http.sha512 == "4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a" + txreq -url "/" \ + -hdr "Hash: 2" + rxresp + expect resp.status == 200 + expect resp.http.sha1 == "da4b9237bacccdf19c0760cab7aec4a8359010b0" + expect resp.http.sha224 == "58b2aaa0bfae7acc021b3260e941117b529b2e69de878fd7d45c61a9" + expect resp.http.sha256 == "d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35" + expect resp.http.sha384 == "d063457705d66d6f016e4cdd747db3af8d70ebfd36badd63de6c8ca4a9d8bfb5d874e7fbd750aa804dcaddae7eeef51e" + expect resp.http.sha512 == "40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114" +} -run diff --git a/reg-tests/converter/field.vtc b/reg-tests/converter/field.vtc new file mode 100644 index 0000000..1243728 --- /dev/null +++ b/reg-tests/converter/field.vtc @@ -0,0 +1,39 @@ +varnishtest "field converter Test" + +feature ignore_unknown_macro + +server s1 { + rxreq + txresp -hdr "Connection: close" +} -repeat 3 -start + +haproxy h1 -conf { + defaults + mode http + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + + frontend fe + bind "fd@${fe}" + + #### requests + http-request set-var(txn.uri) path + http-response set-header Found %[var(txn.uri),field(3,/)] if { var(txn.uri),field(3,/) -m found } + + default_backend be + + backend be + server s1 ${s1_addr}:${s1_port} +} -start + +client c1 -connect ${h1_fe_sock} { + txreq -url "/foo/bar/baz" + rxresp + expect resp.status == 200 + expect resp.http.found == "bar" + txreq -url "/foo" + rxresp + expect resp.status == 200 + expect resp.http.found == "<undef>" +} -run diff --git a/reg-tests/converter/fix.vtc b/reg-tests/converter/fix.vtc new file mode 100644 index 0000000..8206da3 --- /dev/null +++ b/reg-tests/converter/fix.vtc @@ -0,0 +1,235 @@ +varnishtest "fix converters Test" +#REQUIRE_VERSION=2.4 + +feature ignore_unknown_macro + +server s1 { + # Valid FIX-4.0 logon + recv 92 + # 8=FIX|4.0|9=66|35=A|34=1|49=EXECUTOR|52=20201029-10:54:19|56=CLIENT1|98=0|108=30|10=147| + sendhex "383d4649582e342e3001393d36360133353d410133343d310134393d4558454355544f520135323d32303230313032392d31303a35343a31390135363d434c49454e54310139383d30013130383d33300131303d31343701" + close + + # Valid FIX-4.1 logon + accept + recv 98 + # 8=FIX.4.1|9=72|35=A|34=1|49=EXECUTOR|52=20201029-12:43:07|56=CLIENT1|98=0|108=30|141=Y|10=187| + sendhex "383d4649582e342e3101393d37320133353d410133343d310134393d4558454355544f520135323d32303230313032392d31323a34333a30370135363d434c49454e54310139383d30013130383d3330013134313d590131303d31383701" + close + + # Valid FIX-4.2 logon + accept + recv 98 + # 8=FIX.4.2|9=79|35=A|34=1|49=EXECUTOR|52=20201029-12:55:12.101414|56=CLIENT1|98=0|108=30|141=Y|10=027| + sendhex "383d4649582e342e3201393d37390133353d410133343d310134393d4558454355544f520135323d32303230313032392d31323a35353a31322e3130313431340135363d434c49454e54310139383d30013130383d3330013134313d590131303d30323701" + close + + # Valid FIX-4.3 logon + accept + recv 125 + # 8=FIX.4.3|9=79|35=A|34=1|49=EXECUTOR|52=20201029-12:58:50.891371|56=CLIENT1|98=0|108=30|141=Y|10=051| + sendhex "383d4649582e342e3301393d37390133353d410133343d310134393d4558454355544f520135323d32303230313032392d31323a35383a35302e3839313337310135363d434c49454e54310139383d30013130383d3330013134313d590131303d30353101" + close + + # Valid FIX-4.4 logon + accept + recv 125 + # 8=FIX.4.4|9=79|35=A|34=1|49=EXECUTOR|52=20201029-13:02:44.535360|56=CLIENT1|98=0|108=30|141=Y|10=038| + sendhex "383d4649582e342e3401393d37390133353d410133343d310134393d4558454355544f520135323d32303230313032392d31333a30323a34342e3533353336300135363d434c49454e54310139383d30013130383d3330013134313d590131303d30333801" + close + + # Valid FIX-5.0 logon + accept + recv 140 + # 8=FIXT.1.1|9=86|35=A|34=1|49=EXECUTOR|52=20201029-13:13:22.626384|56=CLIENT1|98=0|108=30|141=Y|1137=7|10=184| + sendhex "383d464958542e312e3101393d38360133353d410133343d310134393d4558454355544f520135323d32303230313032392d31333a31333a32322e3632363338340135363d434c49454e54310139383d30013130383d3330013134313d5901313133373d370131303d31383401" +} -start + +server s2 { + # Valid FIX-4.4 logon + recv 125 + # 8=FIX.4.4|9=79|35=A|34=1|49=EXECUTOR|52=20201029-13:02:44.535360|56=CLIENT1|98=0|108=30|141=Y|10=038| + sendhex "383d4649582e342e3401393d37390133353d410133343d310134393d4558454355544f520135323d32303230313032392d31333a30323a34342e3533353336300135363d434c49454e54310139383d30013130383d3330013134313d590131303d30333801" + +} -start + +haproxy h1 -conf { + defaults + mode tcp + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + + frontend fe1 + bind "fd@${fe1}" + tcp-request inspect-delay 1s + tcp-request content reject unless { req.payload(0,0),fix_is_valid } + default_backend be1 + + frontend fe2 + bind "fd@${fe2}" + tcp-request inspect-delay 1s + tcp-request content reject unless { req.payload(0,0),fix_is_valid } + tcp-request content set-var(req.fix_vsn) req.payload(0,0),fix_tag_value(BeginString) + tcp-request content set-var(req.fix_len) req.payload(0,0),fix_tag_value(BodyLength) + tcp-request content set-var(req.fix_type) req.payload(0,0),fix_tag_value(MsgType) + tcp-request content set-var(req.fix_sender) req.payload(0,0),fix_tag_value(SenderCompID) + tcp-request content set-var(req.fix_target) req.payload(0,0),fix_tag_value(TargetCompID) + tcp-request content set-var(req.fix_chksum) req.payload(0,0),fix_tag_value(CheckSum) + tcp-request content reject if ! { var(req.fix_vsn) -m str "FIX.4.4" } || ! { var(req.fix_len) -m str "102" } + tcp-request content reject if ! { var(req.fix_type) -m str "A" } || ! { var(req.fix_sender) -m str "CLIENT1" } + tcp-request content reject if ! { var(req.fix_target) -m str "EXECUTOR" } || ! { var(req.fix_chksum) -m str "252" } + default_backend be2 + + backend be1 + server s1 ${s1_addr}:${s1_port} + tcp-response inspect-delay 1s + tcp-response content reject unless { res.payload(0,0),fix_is_valid } + + backend be2 + server s2 ${s2_addr}:${s2_port} + tcp-response inspect-delay 1s + tcp-response content reject unless { res.payload(0,0),fix_is_valid } + tcp-response content set-var(res.fix_vsn) res.payload(0,0),fix_tag_value(8) + tcp-response content set-var(res.fix_len) res.payload(0,0),fix_tag_value(9) + tcp-response content set-var(res.fix_type) res.payload(0,0),fix_tag_value(35) + tcp-response content set-var(res.fix_sender) res.payload(0,0),fix_tag_value(49) + tcp-response content set-var(res.fix_target) res.payload(0,0),fix_tag_value(56) + tcp-response content set-var(res.fix_chksum) res.payload(0,0),fix_tag_value(10) + tcp-response content reject if ! { var(res.fix_vsn) -m str "FIX.4.4" } || ! { var(res.fix_len) -m str "79" } + tcp-response content reject if ! { var(res.fix_type) -m str "A" } || ! { var(res.fix_sender) -m str "EXECUTOR" } + tcp-response content reject if ! { var(res.fix_target) -m str "CLIENT1" } || ! { var(res.fix_chksum) -m str "038" } +} -start + +client c1_4_0 -connect ${h1_fe1_sock} { + # Valid FIX-4.0 logon + # 8=FIX|4.0|9=70|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-10:54:19.617|98=0|108=30|10=090| + sendhex "383d4649582e342e3001393d37300133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31303a35343a31392e3631370139383d30013130383d33300131303d30393001" + recv 88 + expect_close +} -run + +client c1_4_1 -connect ${h1_fe1_sock} { + # Valid FIX-4.1 logon + # 8=FIX.4.1|9=76|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-12:43:07.940|98=0|108=30|141=Y|10=138| + sendhex "383d4649582e342e3101393d37360133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31323a34333a30372e3934300139383d30013130383d3330013134313d590131303d31333801" + recv 94 + expect_close +} -run + +client c1_4_2 -connect ${h1_fe1_sock} { + # Valid FIX-4.2 logon + # 8=FIX.4.2|9=76|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-12:55:12.100|98=0|108=30|141=Y|10=126| + sendhex "383d4649582e342e3201393d37360133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31323a35353a31322e3130300139383d30013130383d3330013134313d590131303d31323601" + recv 101 + expect_close +} -run + +client c1_4_3 -connect ${h1_fe1_sock} { + # Valid FIX-4.3 logon + # 8=FIX.4.3|9=102|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-12:58:50.889|98=0|108=30|141=Y|553=Username|554=Password|10=012| + sendhex "383d4649582e342e3301393d3130320133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31323a35383a35302e3838390139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d30313201" + recv 101 + expect_close +} -run + +client c1_4_4 -connect ${h1_fe1_sock} { + # Valid FIX-4.4 logon + # 8=FIX.4.4|9=102|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=0|108=30|141=Y|553=Username|554=Password|10=252| + sendhex "383d4649582e342e3401393d3130320133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353201" + recv 101 + expect_close +} -run + +client c1_5_0 -connect ${h1_fe1_sock} { + # Valid FIX-5.0 logon + # 8=FIXT.1.1|9=116|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:13:22.624|1128=7|98=0|108=30|141=Y|553=Username|554=Password|1137=7|10=204| + sendhex "383d464958542e312e3101393d3131360133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a31333a32322e36323401313132383d370139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f726401313133373d370131303d32303401" + recv 109 + expect_close +} -run + +client c2_1 -connect ${h1_fe1_sock} { + # InValid FIX-4.4: Empty TagName (missing EncryptMethod <98> tag name) + # 8=FIX.4.4|9=100|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|=0|108=30|141=Y|553=Username|554=Password|10=252| + sendhex "383d4649582e342e3401393d3130300133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e353238013d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353201" + expect_close +} -run + +client c2_2 -connect ${h1_fe1_sock} { + # InValid FIX-4.4: Empty TagValue (missing EncryptMethod <98> tag value) + # 8=FIX.4.4|9=101|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=|108=30|141=Y|553=Username|554=Password|10=252| + sendhex "383d4649582e342e3401393d3130310133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353201" + expect_close +} -run + +client c2_3 -connect ${h1_fe1_sock} { + # InValid FIX-4.4: Empty Tag no delimiter (missing delimiter for EncryptMethod <98> tag) + # 8=FIX.4.4|9=101|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98|108=30|141=Y|553=Username|554=Password|10=252| + sendhex "383d4649582e342e3401393d3130300133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e353238013938013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353201" + expect_close +} -run + +client c2_4 -connect ${h1_fe1_sock} { + # Invalid FIX-4.4: First tag != BeginString + # 9=102|8=FIX.4.4|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=0|108=30|141=Y|553=Username|554=Password|10=252| + sendhex "393d31303201383d4649582e342e340133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353201" + expect_close +} -run + +client c2_5 -connect ${h1_fe1_sock} { + # Invalid FIX-4.4: Second tag != BodyLength + # 8=FIX.4.4|35=A|9=102|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=0|108=30|141=Y|553=Username|554=Password|10=252| + sendhex "383d4649582e342e340133353d4101393d3130320134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353201" + expect_close +} -run + +client c2_6 -connect ${h1_fe1_sock} { + # Invalid FIX-4.4: Third tag != MsgType + # 8=FIX.4.4|9=102|49=CLIENT1|35=A|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=0|108=30|141=Y|553=Username|554=Password|10=252| + sendhex "383d4649582e342e3401393d3130320134393d434c49454e54310133353d410135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353201" + expect_close +} -run + +client c2_7 -connect ${h1_fe1_sock} { + # Invalid FIX-4.4: Bad body length (too short 100 != 102) + # 8=FIX.4.4|9=100|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=0|108=30|141=Y|553=Username|554=Password|10=252| + sendhex "383d4649582e342e3401393d3130300133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353201" + expect_close +} -run + +client c2_8 -connect ${h1_fe1_sock} { + # Invalid FIX-4.4: Bad body length (too long 105 != 102) + # 8=FIX.4.4|9=105|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=0|108=30|141=Y|553=Username|554=Password|10=252|XXX + sendhex "383d4649582e342e3401393d3130350133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353201585858" + expect_close +} -run + +client c2_9 -connect ${h1_fe1_sock} { + # Invalid FIX-4.4: Too short checksum value (< 3 digit) + # 8=FIX.4.4|9=102|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=0|108=30|141=Y|553=Username|554=Password|10=25| + sendhex "383d4649582e342e3401393d3130320133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d323501" + expect_close +} -run + +client c2_10 -connect ${h1_fe1_sock} { + # Invalid FIX-4.4: Too long checksum value (> 3 digit) + # 8=FIX.4.4|9=102|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=0|108=30|141=Y|553=Username|554=Password|10=2520| + sendhex "383d4649582e342e3401393d3130320133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d3235323001" + expect_close +} -run + +client c2_11 -connect ${h1_fe1_sock} { + # Invalid FIX-4.4: invalid checksum value (253 != 252) + # 8=FIX.4.4|9=102|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=0|108=30|141=Y|553=Username|554=Password|10=253| + sendhex "383d4649582e342e3401393d3130320133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353301" + expect_close +} -run + + +client c3_1 -connect ${h1_fe2_sock} { + # 8=FIX.4.4|9=102|35=A|49=CLIENT1|56=EXECUTOR|34=1|52=20201029-13:02:44.528|98=0|108=30|141=Y|553=Username|554=Password|10=252| + sendhex "383d4649582e342e3401393d3130320133353d410134393d434c49454e54310135363d4558454355544f520133343d310135323d32303230313032392d31333a30323a34342e3532380139383d30013130383d3330013134313d59013535333d557365726e616d65013535343d50617373776f72640131303d32353201" + recv 101 + expect_close +} -run diff --git a/reg-tests/converter/hmac.vtc b/reg-tests/converter/hmac.vtc new file mode 100644 index 0000000..230a44d --- /dev/null +++ b/reg-tests/converter/hmac.vtc @@ -0,0 +1,55 @@ +varnishtest "HMAC converter Test" + +#REQUIRE_VERSION=2.2 +#REQUIRE_OPTION=OPENSSL + +feature ignore_unknown_macro + +server s1 { + rxreq + txresp -hdr "Connection: close" +} -repeat 2 -start + +haproxy h1 -conf { + defaults + mode http + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + + frontend fe + bind "fd@${fe}" + + #### requests + http-request set-var(txn.hash) req.hdr(hash) + http-request set-var(txn.key) str(my_super_secret_long_key),base64 + + http-response set-header SHA1-short "%[var(txn.hash),hmac(sha1,a2V5),hex,lower]" + http-response set-header SHA1-long "%[var(txn.hash),hmac(sha1,txn.key),hex,lower]" + http-response set-header SHA256-short "%[var(txn.hash),hmac(sha256,a2V5),hex,lower]" + http-response set-header SHA256-long "%[var(txn.hash),hmac(sha256,txn.key),hex,lower]" + + default_backend be + + backend be + server s1 ${s1_addr}:${s1_port} +} -start + +client c1 -connect ${h1_fe_sock} { + txreq -url "/" \ + -hdr "Hash: 1" + rxresp + expect resp.status == 200 + expect resp.http.sha1-short == "e23feb105f9622241bf23db1638cd2b4208b1f53" + expect resp.http.sha1-long == "87b10ddcf39e26f6bd7c3b0e38e0125997b255be" + expect resp.http.sha256-short == "6da91fb91517be1f5cdcf3af91d7d40c717dd638a306157606fb2e584f7ae926" + expect resp.http.sha256-long == "2fb3de6a462c54d1803f946b52202f3a8cd46548ffb3f789b4ac11a4361ffef2" + txreq -url "/" \ + -hdr "Hash: 2" + rxresp + expect resp.status == 200 + expect resp.http.sha1-short == "311219c4a80c5ef81b1cee5505236c1d0ab1922c" + expect resp.http.sha1-long == "c5758af565ba4b87b3db49c8b32d4a94d430cb78" + expect resp.http.sha256-short == "ae7b3ee87b8c9214f714df1c2042c7a985b9d711e9938a063937ad1636775a88" + expect resp.http.sha256-long == "c073191a2ebf29f510444b92c187d62199d84b58f58dceeadb91994c170a9a16" +} -run diff --git a/reg-tests/converter/iif.vtc b/reg-tests/converter/iif.vtc new file mode 100644 index 0000000..f412daf --- /dev/null +++ b/reg-tests/converter/iif.vtc @@ -0,0 +1,46 @@ +varnishtest "iif converter Test" +#REQUIRE_VERSION=2.3 + +feature ignore_unknown_macro + +server s1 { + rxreq + txresp -hdr "Connection: close" +} -repeat 3 -start + +haproxy h1 -conf { + defaults + mode http + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + + frontend fe + bind "fd@${fe}" + + #### requests + http-request set-var(txn.iif) req.hdr_cnt(count),iif(ok,ko) + http-response set-header iif %[var(txn.iif)] + + default_backend be + + backend be + server s1 ${s1_addr}:${s1_port} +} -start + +client c1 -connect ${h1_fe_sock} { + txreq + rxresp + expect resp.status == 200 + expect resp.http.iif == "ko" + txreq \ + -hdr "count: 1" + rxresp + expect resp.status == 200 + expect resp.http.iif == "ok" + txreq \ + -hdr "count: 1,2" + rxresp + expect resp.status == 200 + expect resp.http.iif == "ok" +} -run diff --git a/reg-tests/converter/json.vtc b/reg-tests/converter/json.vtc new file mode 100644 index 0000000..1f37c9f --- /dev/null +++ b/reg-tests/converter/json.vtc @@ -0,0 +1,40 @@ +varnishtest "json converter test" + + +feature ignore_unknown_macro + +server s1 { + rxreq + txresp +} -repeat 2 -start + +haproxy h1 -conf { + defaults + mode http + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + + frontend fe + bind "fd@${fe}" + + http-response set-header json0 "%[str(foo 1/2),json]" + # bad UTF-8 sequence + http-response set-header json1 "%[str(\xE0),json(utf8)]" + # bad UTF-8 sequence, but removes them + http-response set-header json2 "%[str(-\xE0-),json(utf8s)]" + + default_backend be + + backend be + server s1 ${s1_addr}:${s1_port} +} -start + +client c1 -connect ${h1_fe_sock} { + txreq -url "/" + rxresp + expect resp.http.json0 == "foo 1\\/2" + expect resp.http.json1 == "" + expect resp.http.json2 == "--" + expect resp.status == 200 +} -run diff --git a/reg-tests/converter/json_query.vtc b/reg-tests/converter/json_query.vtc new file mode 100644 index 0000000..f78c393 --- /dev/null +++ b/reg-tests/converter/json_query.vtc @@ -0,0 +1,101 @@ +varnishtest "JSON Query converters Test" +#REQUIRE_VERSION=2.4 + +feature ignore_unknown_macro + +server s1 { + rxreq + txresp -hdr "Connection: close" +} -repeat 8 -start + +haproxy h1 -conf { + global + # WT: limit false-positives causing "HTTP header incomplete" due to + # idle server connections being randomly used and randomly expiring + # under us. + tune.idle-pool.shared off + + defaults + mode http + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + option http-buffer-request + + frontend fe + bind "fd@${fe}" + tcp-request inspect-delay 1s + + http-request set-var(sess.header_json) req.hdr(Authorization),json_query('$.iss') + http-request set-var(sess.pay_json) req.body,json_query('$.iss') + http-request set-var(sess.pay_int) req.body,json_query('$.integer',"int"),add(1) + http-request set-var(sess.pay_neg_int) req.body,json_query('$.negativ-integer',"int"),add(1) + http-request set-var(sess.pay_double) req.body,json_query('$.double') + http-request set-var(sess.pay_boolean_true) req.body,json_query('$.boolean-true') + http-request set-var(sess.pay_boolean_false) req.body,json_query('$.boolean-false') + http-request set-var(sess.pay_mykey) req.body,json_query('$.my\\.key') + + http-response set-header x-var_header %[var(sess.header_json)] + http-response set-header x-var_body %[var(sess.pay_json)] + http-response set-header x-var_body_int %[var(sess.pay_int)] + http-response set-header x-var_body_neg_int %[var(sess.pay_neg_int)] + http-response set-header x-var_body_double %[var(sess.pay_double)] + http-response set-header x-var_body_boolean_true %[var(sess.pay_boolean_true)] + http-response set-header x-var_body_boolean_false %[var(sess.pay_boolean_false)] + http-response set-header x-var_body_mykey %[var(sess.pay_mykey)] + + default_backend be + + backend be + server s1 ${s1_addr}:${s1_port} +} -start + +client c1 -connect ${h1_fe_sock} { + txreq -url "/" \ + -hdr "Authorization: {\"iss\":\"kubernetes.io/serviceaccount\"}" + rxresp + expect resp.status == 200 + expect resp.http.x-var_header ~ "kubernetes.io/serviceaccount" + + txreq -url "/" \ + -body "{\"iss\":\"kubernetes.io/serviceaccount\"}" + rxresp + expect resp.status == 200 + expect resp.http.x-var_body ~ "kubernetes.io/serviceaccount" + + txreq -url "/" \ + -body "{\"integer\":4}" + rxresp + expect resp.status == 200 + expect resp.http.x-var_body_int ~ "5" + + txreq -url "/" \ + -body "{\"integer\":-4}" + rxresp + expect resp.status == 200 + expect resp.http.x-var_body_int ~ "-3" + + txreq -url "/" \ + -body "{\"double\":4.5}" + rxresp + expect resp.status == 200 + expect resp.http.x-var_body_double ~ "4.5" + + txreq -url "/" \ + -body "{\"boolean-true\":true}" + rxresp + expect resp.status == 200 + expect resp.http.x-var_body_boolean_true == 1 + + txreq -url "/" \ + -body "{\"boolean-false\":false}" + rxresp + expect resp.status == 200 + expect resp.http.x-var_body_boolean_false == 0 + + txreq -url "/" \ + -body "{\"my.key\":\"myvalue\"}" + rxresp + expect resp.status == 200 + expect resp.http.x-var_body_mykey ~ "myvalue" +} -run
\ No newline at end of file diff --git a/reg-tests/converter/mqtt.vtc b/reg-tests/converter/mqtt.vtc new file mode 100644 index 0000000..fc3daca --- /dev/null +++ b/reg-tests/converter/mqtt.vtc @@ -0,0 +1,238 @@ +varnishtest "mqtt converters Test" +#REQUIRE_VERSION=2.4 + +feature ignore_unknown_macro + +server s1 { + # MQTT 3.1.1 CONNECT packet (id: test_subaaaaaa... [len = 200]) + recv 215 + sendhex "20020000" + close + + # MQTT 3.1.1 CONNECT packet (id: <empty> - username: test - passwd: passwd) + accept + recv 28 + sendhex "20020000" + close + + # MQTT 3.1.1 CONNECT packet (id: test_sub - username: test - passwd: passwd - will_topic: willtopic - will_payload: willpayload) + accept + recv 60 + sendhex "20020000" + close + + # MQTT 5.0 CONNECT packet (id: test_sub) + accept + recv 26 + sendhex "200600000322000a" + + # MQTT 5.0 CONNECT packet (id: test_sub - username: test - passwd: passwd) + accept + recv 40 + sendhex "200600000322000a" + + # MQTT 5.0 complex CONNECT/CONNACK packet + accept + recv 128 + sendhex "20250000221100000078217fff24012501270000ffff22000a2600016100016226000163000164" + close + + # Invalid MQTT 3.1.1 CONNACK packet with invalid flags (!= 0x00) + accept + recv 22 + sendhex "21020000" + expect_close + + # MQTT 3.1 CONNECT packet (id: test_sub - username: test - passwd: passwd) + accept + recv 38 + sendhex "20020000" +} -start + +server s2 { + # MQTT 5.0 complex CONNECT packet + recv 128 + sendhex "20250000221100000078217fff24012501270000ffff22000a2600016100016226000163000164" +} -start + +haproxy h1 -conf { + defaults + mode tcp + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + + frontend fe1 + bind "fd@${fe1}" + tcp-request inspect-delay 1s + tcp-request content reject unless { req.payload(0,0),mqtt_is_valid } + default_backend be1 + + frontend fe2 + bind "fd@${fe2}" + tcp-request inspect-delay 1s + tcp-request content reject unless { req.payload(0,0),mqtt_is_valid } + tcp-request content set-var(req.flags) req.payload(0,0),mqtt_field_value(connect,flags) + tcp-request content set-var(req.protoname) req.payload(0,0),mqtt_field_value(connect,protocol_name) + tcp-request content set-var(req.protovsn) req.payload(0,0),mqtt_field_value(connect,protocol_version) + tcp-request content set-var(req.clientid) req.payload(0,0),mqtt_field_value(connect,client_identifier) + tcp-request content set-var(req.willtopic) req.payload(0,0),mqtt_field_value(connect,will_topic) + tcp-request content set-var(req.willbody) req.payload(0,0),mqtt_field_value(connect,will_payload) + tcp-request content set-var(req.user) req.payload(0,0),mqtt_field_value(connect,username) + tcp-request content set-var(req.pass) req.payload(0,0),mqtt_field_value(connect,password) + tcp-request content set-var(req.maxpktsz) req.payload(0,0),mqtt_field_value(connect,39) + tcp-request content set-var(req.reqpbinfo) req.payload(0,0),mqtt_field_value(connect,23) + tcp-request content set-var(req.ctype) req.payload(0,0),mqtt_field_value(connect,3) + tcp-request content set-var(req.willrsptopic) req.payload(0,0),mqtt_field_value(connect,8) + tcp-request content reject if ! { var(req.protoname) -m str "MQTT" } || ! { var(req.protovsn) -m str "5" } + tcp-request content reject if ! { var(req.flags) -m str "238" } || ! { var(req.clientid) -m str "test_sub" } + tcp-request content reject if ! { var(req.user) -m str "test" } || ! { var(req.pass) -m str "passwd" } + tcp-request content reject if ! { var(req.willtopic) -m str "willtopic" } || ! { var(req.willbody) -m str "willpayload" } + tcp-request content reject if ! { var(req.maxpktsz) -m str "20" } || ! { var(req.reqpbinfo) -m str "1" } + tcp-request content reject if ! { var(req.ctype) -m str "text/plain" } || ! { var(req.willrsptopic) -m str "willrsptopic" } + default_backend be2 + + backend be1 + server s1 ${s1_addr}:${s1_port} + tcp-response inspect-delay 1s + tcp-response content reject unless { res.payload(0,0),mqtt_is_valid } + + backend be2 + server s2 ${s2_addr}:${s2_port} + tcp-response inspect-delay 1s + tcp-response content reject unless { res.payload(0,0),mqtt_is_valid } + tcp-response content set-var(res.flags) res.payload(0,0),mqtt_field_value(connack,flags) + tcp-response content set-var(res.protovsn) res.payload(0,0),mqtt_field_value(connack,protocol_version) + tcp-response content set-var(res.rcode) res.payload(0,0),mqtt_field_value(connack,reason_code) + tcp-response content set-var(res.sessexpint) res.payload(0,0),mqtt_field_value(connack,17) + tcp-response content set-var(res.recvmax) res.payload(0,0),mqtt_field_value(connack,33) + tcp-response content set-var(res.maxqos) res.payload(0,0),mqtt_field_value(connack,36) + tcp-response content set-var(res.retainavail) res.payload(0,0),mqtt_field_value(connack,37) + tcp-response content set-var(res.maxpktsz) res.payload(0,0),mqtt_field_value(connack,39) + tcp-response content set-var(res.topicaliasmax) res.payload(0,0),mqtt_field_value(connack,34) + tcp-response content reject if ! { var(res.protovsn) -m str "5" } || ! { var(res.flags) -m str "0" } + tcp-response content reject if ! { var(res.rcode) -m str "0" } || ! { var(res.sessexpint) -m str "120" } + tcp-response content reject if ! { var(res.recvmax) -m str "32767" } || ! { var(res.maxqos) -m str "1" } + tcp-response content reject if ! { var(res.retainavail) -m str "1" } || ! { var(res.maxpktsz) -m str "65535" } + tcp-response content reject if ! { var(res.topicaliasmax) -m str "10" } +} -start + +client c1_311_1 -connect ${h1_fe1_sock} { + # Valid MQTT 3.1.1 CONNECT packet (id: test_sub) + sendhex "10d40100044d5154540402003c00c8746573745f737562616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161" + recv 4 + expect_close +} -run + +client c1_311_2 -connect ${h1_fe1_sock} { + # Valid MQTT 3.1.1 CONNECT packet (id: <empty> - username: test - passwd: passwd) + sendhex "101a00044d51545404c2003c00000004746573740006706173737764" + recv 4 + expect_close +} -run + +client c1_311_3 -connect ${h1_fe1_sock} { + # Valid MQTT 3.1.1 CONNECT packet (id: test_sub - username: test - passwd: passwd - will_topic: willtopic - will_payload: willpayload) + sendhex "103a00044d51545404ee003c0008746573745f737562000977696c6c746f706963000b77696c6c7061796c6f61640004746573740006706173737764" + recv 4 + expect_close +} -run + +client c1_50_1 -connect ${h1_fe1_sock} { + # Valid MQTT 5.0 CONNECT packet (id: test_sub) + sendhex "101800044d5154540502003c032100140008746573745f737562" + recv 8 + expect_close +} -run + +client c1_50_2 -connect ${h1_fe1_sock} { + # Valid MQTT 5.0 CONNECT packet (id: test_sub - username: test - passwd: passwd) + sendhex "102600044d51545405c2003c032100140008746573745f7375620004746573740006706173737764" + recv 8 + expect_close +} -run + +client c1_50_3 -connect ${h1_fe1_sock} { + # Valid MQTT 5.0 complex CONNECT/CONNACK packet + sendhex "107e00044d51545405ee003c182700000014170126000161000162260001630001642100140008746573745f7375622a03000a746578742f706c61696e08000c77696c6c727370746f7069632600016500016626000167000168000977696c6c746f706963000b77696c6c7061796c6f61640004746573740006706173737764" + recv 39 + expect_close +} -run + +client c2_311_1 -connect ${h1_fe1_sock} { + # Invalid MQTT 3.1.1 PINREQ + sendhex "d000" + expect_close +} -run + +client c2_311_2 -connect ${h1_fe1_sock} { + # Invalid MQTT 3.1.1 CONNECT packet with invalid flags (!= 0x00) + sendhex "111400044d5154540402003c0008746573745f737562" + expect_close +} -run + +client c2_311_3 -connect ${h1_fe1_sock} { + # Invalid MQTT 3.1.1 CONNACK packet with invalid flags (!= 0x00) + sendhex "101400044d5154540402003c0008746573745f737562" + expect_close +} -run + +client c2_311_4 -connect ${h1_fe1_sock} { + # Invalid MQTT 3.1.1 CONNECT with too long remaing_length ( > 4 bytes) + sendhex "10ffffffff1400044d5154540402003c0008746573745f737562" + expect_close +} -run + +client c2_311_4 -connect ${h1_fe1_sock} { + # Invalid MQTT 3.1.1 CONNECT with not matching ( 0x13 != 0x14) + sendhex "101300044d5154540402003c000874657374a5f737562" + expect_close +} -run + +client c2_311_4 -connect ${h1_fe1_sock} { + # Invalid MQTT 3.1.1 CONNECT with not matching ( 0x18 != 0x14) + sendhex "101800044d5154540402003c000874657374a5f737562ffffffff" + expect_close +} -run + + +client c2_50_1 -connect ${h1_fe2_sock} { + # complex MQTT 5.0 CONNECT/CONNACK packet + # - CONNECT : + # client-id : test_sub + # username : test + # password : passwd + # will-topic : willtopic + # will-payload: willpayload + # connect props: + # maximum-packet-size : 20 + # request-problem-information: 1 + # user-property : name=a value=b + # user-property : name=c value=d + # will props: + # content-type : text/plain + # response-topic: willrsptopic + # user-property : name=e value=f + # user-property : name=g value=h + # - CONNACK : + # flags : 0x00 + # reason-code: 0x00 + # connack props: + # session-Expiry-interval: 120 + # receive-maximum : 32767 + # maximum-qos : 1 + # retain-available : 1 + # maximum-packet-size : 65535 + # topic-alias-maximum : 10 + # user-property : name=a value=b + # user-property : name=c value=d + sendhex "107e00044d51545405ee003c182700000014170126000161000162260001630001642100140008746573745f7375622a03000a746578742f706c61696e08000c77696c6c727370746f7069632600016500016626000167000168000977696c6c746f706963000b77696c6c7061796c6f61640004746573740006706173737764" + recv 39 + expect_close +} -run + +client c3_31_1 -connect ${h1_fe1_sock} { + # Valid MQTT 3.1 CONNECT packet (id: test_sub - username: test - passwd: passwd) + sendhex "102400064d514973647003c200000008746573745f7375620004746573740006706173737764" + recv 4 +} -run
\ No newline at end of file diff --git a/reg-tests/converter/secure_memcmp.vtc b/reg-tests/converter/secure_memcmp.vtc new file mode 100644 index 0000000..6ff74e6 --- /dev/null +++ b/reg-tests/converter/secure_memcmp.vtc @@ -0,0 +1,143 @@ +varnishtest "secure_memcmp converter Test" + +#REQUIRE_VERSION=2.2 +#REQUIRE_OPTION=OPENSSL + +feature ignore_unknown_macro + +server s1 { + rxreq + txresp -hdr "Connection: close" +} -repeat 4 -start + +server s2 { + rxreq + txresp -hdr "Connection: close" +} -repeat 7 -start + +haproxy h1 -conf { + global + # WT: limit false-positives causing "HTTP header incomplete" due to + # idle server connections being randomly used and randomly expiring + # under us. + tune.idle-pool.shared off + + defaults + mode http + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + + frontend fe + # This frontend matches two base64 encoded values and does not need to + # handle null bytes. + + bind "fd@${fe}" + + #### requests + http-request set-var(txn.hash) req.hdr(hash) + http-request set-var(txn.raw) req.hdr(raw) + + acl is_match var(txn.raw),sha1,base64,secure_memcmp(txn.hash) + + http-response set-header Match true if is_match + http-response set-header Match false if !is_match + + default_backend be + + frontend fe2 + # This frontend matches two binary values, needing to handle null + # bytes. + bind "fd@${fe2}" + + #### requests + http-request set-var(txn.hash) req.hdr(hash),b64dec + http-request set-var(txn.raw) req.hdr(raw) + + acl is_match var(txn.raw),sha1,secure_memcmp(txn.hash) + + http-response set-header Match true if is_match + http-response set-header Match false if !is_match + + default_backend be2 + + backend be + server s1 ${s1_addr}:${s1_port} + + backend be2 + server s2 ${s2_addr}:${s2_port} +} -start + +client c1 -connect ${h1_fe_sock} { + txreq -url "/" \ + -hdr "Raw: 1" \ + -hdr "Hash: NWoZK3kTsExUV00Ywo1G5jlUKKs=" + rxresp + expect resp.status == 200 + expect resp.http.match == "true" + txreq -url "/" \ + -hdr "Raw: 2" \ + -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELA=" + rxresp + expect resp.status == 200 + expect resp.http.match == "true" + txreq -url "/" \ + -hdr "Raw: 2" \ + -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELX=" + rxresp + expect resp.status == 200 + expect resp.http.match == "false" + txreq -url "/" \ + -hdr "Raw: 3" \ + -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELA=" + rxresp + expect resp.status == 200 + expect resp.http.match == "false" +} -run + +client c2 -connect ${h1_fe2_sock} { + txreq -url "/" \ + -hdr "Raw: 1" \ + -hdr "Hash: NWoZK3kTsExUV00Ywo1G5jlUKKs=" + rxresp + expect resp.status == 200 + expect resp.http.match == "true" + txreq -url "/" \ + -hdr "Raw: 2" \ + -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELA=" + rxresp + expect resp.status == 200 + expect resp.http.match == "true" + txreq -url "/" \ + -hdr "Raw: 2" \ + -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELX=" + rxresp + expect resp.status == 200 + expect resp.http.match == "false" + txreq -url "/" \ + -hdr "Raw: 3" \ + -hdr "Hash: 2kuSN7rMzfGcB2DKt67EqDWQELA=" + rxresp + expect resp.status == 200 + expect resp.http.match == "false" + + # Test for values with leading nullbytes. + txreq -url "/" \ + -hdr "Raw: 6132845" \ + -hdr "Hash: AAAAVaeL9nNcSok1j6sd40EEw8s=" + rxresp + expect resp.status == 200 + expect resp.http.match == "true" + txreq -url "/" \ + -hdr "Raw: 49177200" \ + -hdr "Hash: AAAA9GLglTNv2JoMv2n/w9Xadhc=" + rxresp + expect resp.status == 200 + expect resp.http.match == "true" + txreq -url "/" \ + -hdr "Raw: 6132845" \ + -hdr "Hash: AAAA9GLglTNv2JoMv2n/w9Xadhc=" + rxresp + expect resp.status == 200 + expect resp.http.match == "false" +} -run diff --git a/reg-tests/converter/sha2.vtc b/reg-tests/converter/sha2.vtc new file mode 100644 index 0000000..e90e274 --- /dev/null +++ b/reg-tests/converter/sha2.vtc @@ -0,0 +1,57 @@ +varnishtest "sha2 converter Test" + +#REQUIRE_VERSION=2.1 +#REQUIRE_OPTION=OPENSSL + +feature ignore_unknown_macro + +server s1 { + rxreq + txresp +} -repeat 2 -start + +haproxy h1 -conf { + defaults + mode http + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + + frontend fe + bind "fd@${fe}" + + #### requests + http-request set-var(txn.hash) req.hdr(hash) + + http-response set-header SHA2 "%[var(txn.hash),sha2,hex,lower]" + http-response set-header SHA2-224 "%[var(txn.hash),sha2(224),hex,lower]" + http-response set-header SHA2-256 "%[var(txn.hash),sha2(256),hex,lower]" + http-response set-header SHA2-384 "%[var(txn.hash),sha2(384),hex,lower]" + http-response set-header SHA2-512 "%[var(txn.hash),sha2(512),hex,lower]" + + default_backend be + + backend be + server s1 ${s1_addr}:${s1_port} +} -start + +client c1 -connect ${h1_fe_sock} { + txreq -url "/" \ + -hdr "Hash: 1" + rxresp + expect resp.status == 200 + expect resp.http.sha2 == "6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b" + expect resp.http.sha2-224 == "e25388fde8290dc286a6164fa2d97e551b53498dcbf7bc378eb1f178" + expect resp.http.sha2-256 == "6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b" + expect resp.http.sha2-384 == "47f05d367b0c32e438fb63e6cf4a5f35c2aa2f90dc7543f8a41a0f95ce8a40a313ab5cf36134a2068c4c969cb50db776" + expect resp.http.sha2-512 == "4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a" + txreq -url "/" \ + -hdr "Hash: 2" + rxresp + expect resp.status == 200 + expect resp.http.sha2 == "d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35" + expect resp.http.sha2-224 == "58b2aaa0bfae7acc021b3260e941117b529b2e69de878fd7d45c61a9" + expect resp.http.sha2-256 == "d4735e3a265e16eee03f59718b9b5d03019c07d8b6c51f90da3a666eec13ab35" + expect resp.http.sha2-384 == "d063457705d66d6f016e4cdd747db3af8d70ebfd36badd63de6c8ca4a9d8bfb5d874e7fbd750aa804dcaddae7eeef51e" + expect resp.http.sha2-512 == "40b244112641dd78dd4f93b6c9190dd46e0099194d5a44257b7efad6ef9ff4683da1eda0244448cb343aa688f5d3efd7314dafe580ac0bcbf115aeca9e8dc114" +} -run diff --git a/reg-tests/converter/url_dec.vtc b/reg-tests/converter/url_dec.vtc new file mode 100644 index 0000000..d5e317b --- /dev/null +++ b/reg-tests/converter/url_dec.vtc @@ -0,0 +1,37 @@ +varnishtest "url_dec converter Test" + + +feature ignore_unknown_macro + +server s1 { + rxreq + txresp +} -repeat 2 -start + +haproxy h1 -conf { + defaults + mode http + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + + frontend fe + bind "fd@${fe}" + + http-request set-var(txn.url) url + http-response set-header url_dec0 "%[var(txn.url),url_dec]" + http-response set-header url_dec1 "%[var(txn.url),url_dec(1)]" + + default_backend be + + backend be + server s1 ${s1_addr}:${s1_port} +} -start + +client c1 -connect ${h1_fe_sock} { + txreq -url "/bla+%20?foo%3Dbar%2B42+42%20" + rxresp + expect resp.http.url_dec0 == "/bla+ ?foo=bar+42 42 " + expect resp.http.url_dec1 == "/bla ?foo=bar+42 42 " + expect resp.status == 200 +} -run diff --git a/reg-tests/converter/url_enc.vtc b/reg-tests/converter/url_enc.vtc new file mode 100644 index 0000000..74acac8 --- /dev/null +++ b/reg-tests/converter/url_enc.vtc @@ -0,0 +1,43 @@ +varnishtest "url_enc converter test" + +#REQUIRE_VERSION=2.4 + +feature ignore_unknown_macro + +server s1 { + rxreq + txresp +} -repeat 2 -start + +haproxy h1 -conf { + defaults + mode http + timeout connect "${HAPROXY_TEST_TIMEOUT-5s}" + timeout client "${HAPROXY_TEST_TIMEOUT-5s}" + timeout server "${HAPROXY_TEST_TIMEOUT-5s}" + + frontend fe + bind "fd@${fe}" + + http-request set-var(txn.url0) "str(foo=bar+42 42 )" + http-request set-var(txn.url1) "var(txn.url0),url_enc" + http-request set-var(txn.url2) "var(txn.url1),url_dec" + http-request set-var(txn.url3) "var(txn.url2),url_enc(query)" + http-response set-header url_enc0 "%[var(txn.url1)]" + http-response set-header url_dec "%[var(txn.url2)]" + http-response set-header url_enc1 "%[var(txn.url3)]" + + default_backend be + + backend be + server s1 ${s1_addr}:${s1_port} +} -start + +client c1 -connect ${h1_fe_sock} { + txreq -url "/" + rxresp + expect resp.http.url_enc0 == "foo%3Dbar%2B42%2042%20" + expect resp.http.url_dec == "foo=bar+42 42 " + expect resp.http.url_enc1 == "foo%3Dbar%2B42%2042%20" + expect resp.status == 200 +} -run |