path: root/debian/tests
diff options
Diffstat (limited to 'debian/tests')
3 files changed, 263 insertions, 0 deletions
diff --git a/debian/tests/CVE-2023-25690 b/debian/tests/CVE-2023-25690
new file mode 100644
index 0000000..2aa916f
--- /dev/null
+++ b/debian/tests/CVE-2023-25690
@@ -0,0 +1,110 @@
+# test CVE-2023-25690
+set -eux
+fail () {
+ echo "FAIL: $@" >&2
+ RC=1
+function exit_handler()
+ # fix cp: cannot access '/tmp/autopkgtest-lxc.x06nhp9r/downtmp/CVE-2023-25690-artifacts/apache2': Permission denied
+ chmod -R a+rwX "$AUTOPKGTEST_ARTIFACTS/apache2" || true
+ systemctl status apache2.service || true
+ systemctl stop apache2 || true
+ cat $AUTOPKGTEST_ARTIFACTS/apache2/error.log || true
+ cat $AUTOPKGTEST_ARTIFACTS/apache2/access.log || true
+ cat $AUTOPKGTEST_ARTIFACTS/apache2/error.8080.log || true
+ cat $AUTOPKGTEST_ARTIFACTS/apache2/access.8080.log || true
+trap exit_handler EXIT
+a2enmod proxy
+a2enmod proxy_http
+a2enmod rewrite
+rsync -a /var/log/apache2 "$AUTOPKGTEST_ARTIFACTS"
+rm /var/log/apache2/*
+mount -o bind "$AUTOPKGTEST_ARTIFACTS/apache2" /var/log/apache2
+tee /etc/apache2/ports.conf <<'EOF'
+Listen 80
+Listen 8080
+tee /etc/apache2/sites-available/000-default.conf <<'EOF'
+<VirtualHost *:8080>
+ # The ServerName directive sets the request scheme, hostname and port that
+ # the server uses to identify itself. This is used when creating
+ # redirection URLs. In the context of virtual hosts, the ServerName
+ # specifies what hostname must appear in the request's Host: header to
+ # match this virtual host. For the default virtual host (this file) this
+ # value is not decisive as it is used as a last resort host regardless.
+ # However, you must set it for any further virtual host explicitly.
+ #ServerName
+ ServerAdmin webmaster@localhost
+ DocumentRoot /var/www/html
+ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+ # error, crit, alert, emerg.
+ # It is also possible to configure the loglevel for particular
+ # modules, e.g.
+ #LogLevel info ssl:warn
+ ErrorLog ${APACHE_LOG_DIR}/error.8080.log
+ CustomLog ${APACHE_LOG_DIR}/access.8080.log combined
+ # For most configuration files from conf-available/, which are
+ # enabled or disabled at a global level, it is possible to
+ # include a line for only one particular virtual host. For example the
+ # following line enables the CGI configuration for this host only
+ # after it has been globally disabled with "a2disconf".
+ #Include conf-available/serve-cgi-bin.conf
+<VirtualHost *:80>
+ # The ServerName directive sets the request scheme, hostname and port that
+ # the server uses to identify itself. This is used when creating
+ # redirection URLs. In the context of virtual hosts, the ServerName
+ # specifies what hostname must appear in the request's Host: header to
+ # match this virtual host. For the default virtual host (this file) this
+ # value is not decisive as it is used as a last resort host regardless.
+ # However, you must set it for any further virtual host explicitly.
+ #ServerName
+ ServerAdmin webmaster@localhost
+ DocumentRoot /var/www/html
+ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+ # error, crit, alert, emerg.
+ # It is also possible to configure the loglevel for particular
+ # modules, e.g.
+ #LogLevel info ssl:warn
+ LogLevel alert rewrite:trace6
+ LogLevel error proxy:trace6
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+ RewriteEngine on
+ RewriteRule "^/here/(.*)" "http://localhost:8080/index.html?$1" [P]
+ ProxyPassReverse "/here/" "http://localhost:8080/"
+systemctl restart apache2
+CHOKEURL="http://localhost/here/index.html%20HTTP/1.1%0d%0aHost:%20localhost%0d%0aConnection:%20keep-alive%0d%0a%0d%0aGET%20/BAD.html%20HTTP/1.1%0d%0aFoo:%20bar HTTP/1.1"
+wget -S -q --output-document - "$CHOKEURL" || true
+(wget -S -q --output-document /dev/null "$CHOKEURL" 2>&1 || true)
+(wget -S -q --output-document /dev/null "$CHOKEURL" 2>&1 || true) | grep -e '^[[:space:]]*HTTP/1.1 4[[:digit:]][[:digit:]] '
+cat $AUTOPKGTEST_ARTIFACTS/apache2/access.8080.log | grep '] "GET /BAD.html HTTP/1.1"' && exit 1
+exit 0
diff --git a/debian/tests/control b/debian/tests/control
index 2453137..1298110 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -27,3 +27,11 @@ Tests: chroot
Features: no-build-needed
Restrictions: needs-root allow-stderr breaks-testbed
Depends: apache2, wget, dpkg-dev, gcc
+Tests: uwsgi
+Restrictions: allow-stderr, needs-root
+Depends: apache2, uwsgi, wget, uwsgi-plugin-python3, rsync, netcat-openbsd | netcat-traditional
+Tests: CVE-2023-25690
+Restrictions: allow-stderr, needs-root, isolation-container
+Depends: apache2, rsync, curl, wget
diff --git a/debian/tests/uwsgi b/debian/tests/uwsgi
new file mode 100644
index 0000000..3350144
--- /dev/null
+++ b/debian/tests/uwsgi
@@ -0,0 +1,145 @@
+set -eux
+fail () {
+ echo "FAIL: $@" >&2
+ RC=1
+function exit_handler()
+ systemctl stop apache2 || true
+ if test -f /run/uwsgi/; then
+ kill -TERM $(cat /run/uwsgi/
+ fi
+ cat $AUTOPKGTEST_ARTIFACTS/apache2/error.log || true
+ cat $AUTOPKGTEST_ARTIFACTS/apache2/access.log || true
+ cat $AUTOPKGTEST_ARTIFACTS/apache2/uwsgi.log || true
+ cat $AUTOPKGTEST_ARTIFACTS/apache2/uwsgi.error.log || true
+trap exit_handler EXIT
+a2enmod proxy
+a2enmod proxy_uwsgi
+rsync -a /var/log/apache2 "$AUTOPKGTEST_ARTIFACTS"
+rm /var/log/apache2/*
+mount -o bind "$AUTOPKGTEST_ARTIFACTS/apache2" /var/log/apache2
+tee /etc/apache2/sites-available/000-default.conf <<'EOF'
+<VirtualHost *:80>
+ # The ServerName directive sets the request scheme, hostname and port that
+ # the server uses to identify itself. This is used when creating
+ # redirection URLs. In the context of virtual hosts, the ServerName
+ # specifies what hostname must appear in the request's Host: header to
+ # match this virtual host. For the default virtual host (this file) this
+ # value is not decisive as it is used as a last resort host regardless.
+ # However, you must set it for any further virtual host explicitly.
+ #ServerName
+ ServerAdmin webmaster@localhost
+ DocumentRoot /var/www/html
+ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+ # error, crit, alert, emerg.
+ # It is also possible to configure the loglevel for particular
+ # modules, e.g.
+ #LogLevel info ssl:warn
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+ # For most configuration files from conf-available/, which are
+ # enabled or disabled at a global level, it is possible to
+ # include a line for only one particular virtual host. For example the
+ # following line enables the CGI configuration for this host only
+ # after it has been globally disabled with "a2disconf".
+ #Include conf-available/serve-cgi-bin.conf
+ ProxyPass "/uwsgi" "unix:/run/uwsgi/test.socket|uwsgi://localhost"
+systemctl restart apache2
+test -d /etc/uwsgi/ || mkdir /etc/uwsgi
+tee /etc/systemd/system/uwsgi-app@.socket <<EOF
+Description=Socket for uWSGI app %i
+tee /etc/systemd/system/uwsgi-app@.service <<EOF
+Description=%i uWSGI app
+ExecStart=/usr/bin/uwsgi \
+ --ini /etc/uwsgi/apps-available/%i.ini \
+ --socket /run/uwsgi/%i.socket
+systemctl daemon-reload
+useradd uwsgi_test
+useradd www-test
+tee /etc/uwsgi/apps-available/test.ini <<EOF
+tee /tmp/ <<'EOF'
+import wsgiref.headers as h
+def application(env, start_response):
+ buggy_header=('buggy','buggy#\r\nbuggy2:buggy2')
+ start_response('200 OK', [('Content-Type','text/html'),buggy_header])
+ ret = "Hello World Headers {}".format(env).encode()
+ return [ret]
+chown 'www-test:www-test' /tmp/
+chmod +x /tmp/
+systemctl enable uwsgi-app@test.socket
+systemctl enable uwsgi-app@test.service
+systemctl start uwsgi-app@test.socket
+systemctl restart apache2
+wget -S -q --output-document - http://localhost/uwsgi
+wget -q --output-document - http://localhost/uwsgi | grep "^Hello World"
+exit $RC