From fe39ffb8b90ae4e002ed73fe98617cd590abb467 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 27 Apr 2024 08:33:50 +0200 Subject: Adding upstream version 2.4.56. Signed-off-by: Daniel Baumann --- test/modules/core/__init__.py | 1 + test/modules/core/conftest.py | 44 ++++++++++++++++ test/modules/core/test_001_encoding.py | 93 ++++++++++++++++++++++++++++++++++ 3 files changed, 138 insertions(+) create mode 100644 test/modules/core/__init__.py create mode 100644 test/modules/core/conftest.py create mode 100644 test/modules/core/test_001_encoding.py (limited to 'test/modules/core') diff --git a/test/modules/core/__init__.py b/test/modules/core/__init__.py new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/test/modules/core/__init__.py @@ -0,0 +1 @@ + diff --git a/test/modules/core/conftest.py b/test/modules/core/conftest.py new file mode 100644 index 0000000..439cd22 --- /dev/null +++ b/test/modules/core/conftest.py @@ -0,0 +1,44 @@ +import logging +import os + +import pytest +import sys + +from pyhttpd.env import HttpdTestEnv + +sys.path.append(os.path.join(os.path.dirname(__file__), '../..')) + + +def pytest_report_header(config, startdir): + env = HttpdTestEnv() + return f"core [apache: {env.get_httpd_version()}, mpm: {env.mpm_module}, {env.prefix}]" + + +@pytest.fixture(scope="package") +def env(pytestconfig) -> HttpdTestEnv: + level = logging.INFO + console = logging.StreamHandler() + console.setLevel(level) + console.setFormatter(logging.Formatter('%(levelname)s: %(message)s')) + logging.getLogger('').addHandler(console) + logging.getLogger('').setLevel(level=level) + env = HttpdTestEnv(pytestconfig=pytestconfig) + env.setup_httpd() + env.apache_access_log_clear() + env.httpd_error_log.clear_log() + return env + + +@pytest.fixture(autouse=True, scope="package") +def _session_scope(env): + env.httpd_error_log.set_ignored_lognos([ + 'AH10244', # core: invalid URI path + 'AH01264', # mod_cgid script not found + ]) + yield + assert env.apache_stop() == 0 + errors, warnings = env.httpd_error_log.get_missed() + assert (len(errors), len(warnings)) == (0, 0),\ + f"apache logged {len(errors)} errors and {len(warnings)} warnings: \n"\ + "{0}\n{1}\n".format("\n".join(errors), "\n".join(warnings)) + diff --git a/test/modules/core/test_001_encoding.py b/test/modules/core/test_001_encoding.py new file mode 100644 index 0000000..b7ffbaa --- /dev/null +++ b/test/modules/core/test_001_encoding.py @@ -0,0 +1,93 @@ +import pytest + +from pyhttpd.conf import HttpdConf + + +class TestEncoding: + + EXP_AH10244_ERRS = 0 + + @pytest.fixture(autouse=True, scope='class') + def _class_scope(self, env): + conf = HttpdConf(env, extras={ + 'base': f""" + + AllowOverride None + Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch + Require all granted + + """, + f"test2.{env.http_tld}": "AllowEncodedSlashes on", + f"test1.{env.http_tld}": f"ScriptAlias /cgi-bin/ {env.gen_dir}", + }) + conf.add_vhost_test1() + conf.add_vhost_test2() + conf.add_vhost_cgi() + conf.install() + assert env.apache_restart() == 0 + + # check handling of url encodings that are accepted + @pytest.mark.parametrize("path", [ + "/006/006.css", + "/%30%30%36/%30%30%36.css", + "/nothing/../006/006.css", + "/nothing/./../006/006.css", + "/nothing/%2e%2e/006/006.css", + "/nothing/%2e/%2e%2e/006/006.css", + "/nothing/%2e/%2e%2e/006/006%2ecss", + ]) + def test_core_001_01(self, env, path): + url = env.mkurl("https", "test1", path) + r = env.curl_get(url) + assert r.response["status"] == 200 + + # check handling of / normalization + @pytest.mark.parametrize("path", [ + "/006//006.css", + "/006//////////006.css", + "/006////.//////006.css", + "/006////%2e//////006.css", + "/006////%2e//////006%2ecss", + "/006/../006/006.css", + "/006/%2e%2e/006/006.css", + ]) + def test_core_001_03(self, env, path): + url = env.mkurl("https", "test1", path) + r = env.curl_get(url) + assert r.response["status"] == 200 + + # check path traversals + @pytest.mark.parametrize(["path", "status"], [ + ["/../echo.py", 400], + ["/nothing/../../echo.py", 400], + ["/cgi-bin/../../echo.py", 400], + ["/nothing/%2e%2e/%2e%2e/echo.py", 400], + ["/cgi-bin/%2e%2e/%2e%2e/echo.py", 400], + ["/nothing/%%32%65%%32%65/echo.py", 400], + ["/cgi-bin/%%32%65%%32%65/echo.py", 400], + ["/nothing/%%32%65%%32%65/%%32%65%%32%65/h2_env.py", 400], + ["/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/h2_env.py", 400], + ["/nothing/%25%32%65%25%32%65/echo.py", 404], + ["/cgi-bin/%25%32%65%25%32%65/echo.py", 404], + ["/nothing/%25%32%65%25%32%65/%25%32%65%25%32%65/h2_env.py", 404], + ["/cgi-bin/%25%32%65%25%32%65/%25%32%65%25%32%65/h2_env.py", 404], + ]) + def test_core_001_04(self, env, path, status): + url = env.mkurl("https", "test1", path) + r = env.curl_get(url) + assert r.response["status"] == status + if status == 400: + TestEncoding.EXP_AH10244_ERRS += 1 + # the log will have a core:err about invalid URI path + + # check handling of %2f url encodings that are not decoded by default + @pytest.mark.parametrize(["host", "path", "status"], [ + ["test1", "/006%2f006.css", 404], + ["test2", "/006%2f006.css", 200], + ["test2", "/x%252f.test", 200], + ["test2", "/10%25abnormal.txt", 200], + ]) + def test_core_001_20(self, env, host, path, status): + url = env.mkurl("https", host, path) + r = env.curl_get(url) + assert r.response["status"] == status -- cgit v1.2.3