summaryrefslogtreecommitdiffstats
path: root/debian/tests
diff options
context:
space:
mode:
Diffstat (limited to 'debian/tests')
-rw-r--r--debian/tests/CVE-2023-25690110
-rw-r--r--debian/tests/control8
-rw-r--r--debian/tests/uwsgi145
3 files changed, 263 insertions, 0 deletions
diff --git a/debian/tests/CVE-2023-25690 b/debian/tests/CVE-2023-25690
new file mode 100644
index 0000000..2aa916f
--- /dev/null
+++ b/debian/tests/CVE-2023-25690
@@ -0,0 +1,110 @@
+#!/bin/bash
+
+# test CVE-2023-25690
+set -eux
+
+RC=0
+fail () {
+ echo "FAIL: $@" >&2
+ RC=1
+}
+
+
+function exit_handler()
+{
+ # fix cp: cannot access '/tmp/autopkgtest-lxc.x06nhp9r/downtmp/CVE-2023-25690-artifacts/apache2': Permission denied
+ chmod -R a+rwX "$AUTOPKGTEST_ARTIFACTS/apache2" || true
+ systemctl status apache2.service || true
+ systemctl stop apache2 || true
+ cat $AUTOPKGTEST_ARTIFACTS/apache2/error.log || true
+ cat $AUTOPKGTEST_ARTIFACTS/apache2/access.log || true
+ cat $AUTOPKGTEST_ARTIFACTS/apache2/error.8080.log || true
+ cat $AUTOPKGTEST_ARTIFACTS/apache2/access.8080.log || true
+}
+trap exit_handler EXIT
+
+
+a2enmod proxy
+a2enmod proxy_http
+a2enmod rewrite
+
+rsync -a /var/log/apache2 "$AUTOPKGTEST_ARTIFACTS"
+rm /var/log/apache2/*
+mount -o bind "$AUTOPKGTEST_ARTIFACTS/apache2" /var/log/apache2
+
+tee /etc/apache2/ports.conf <<'EOF'
+Listen 80
+Listen 8080
+EOF
+
+
+tee /etc/apache2/sites-available/000-default.conf <<'EOF'
+<VirtualHost *:8080>
+ # The ServerName directive sets the request scheme, hostname and port that
+ # the server uses to identify itself. This is used when creating
+ # redirection URLs. In the context of virtual hosts, the ServerName
+ # specifies what hostname must appear in the request's Host: header to
+ # match this virtual host. For the default virtual host (this file) this
+ # value is not decisive as it is used as a last resort host regardless.
+ # However, you must set it for any further virtual host explicitly.
+ #ServerName www.example.com
+
+ ServerAdmin webmaster@localhost
+ DocumentRoot /var/www/html
+
+ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+ # error, crit, alert, emerg.
+ # It is also possible to configure the loglevel for particular
+ # modules, e.g.
+ #LogLevel info ssl:warn
+
+ ErrorLog ${APACHE_LOG_DIR}/error.8080.log
+ CustomLog ${APACHE_LOG_DIR}/access.8080.log combined
+
+ # For most configuration files from conf-available/, which are
+ # enabled or disabled at a global level, it is possible to
+ # include a line for only one particular virtual host. For example the
+ # following line enables the CGI configuration for this host only
+ # after it has been globally disabled with "a2disconf".
+ #Include conf-available/serve-cgi-bin.conf
+</VirtualHost>
+<VirtualHost *:80>
+ # The ServerName directive sets the request scheme, hostname and port that
+ # the server uses to identify itself. This is used when creating
+ # redirection URLs. In the context of virtual hosts, the ServerName
+ # specifies what hostname must appear in the request's Host: header to
+ # match this virtual host. For the default virtual host (this file) this
+ # value is not decisive as it is used as a last resort host regardless.
+ # However, you must set it for any further virtual host explicitly.
+ #ServerName www.example.com
+
+ ServerAdmin webmaster@localhost
+ DocumentRoot /var/www/html
+
+ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+ # error, crit, alert, emerg.
+ # It is also possible to configure the loglevel for particular
+ # modules, e.g.
+ #LogLevel info ssl:warn
+ LogLevel alert rewrite:trace6
+ LogLevel error proxy:trace6
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+ RewriteEngine on
+ RewriteRule "^/here/(.*)" "http://localhost:8080/index.html?$1" [P]
+ ProxyPassReverse "/here/" "http://localhost:8080/"
+</VirtualHost>
+EOF
+
+systemctl restart apache2
+
+CHOKEURL="http://localhost/here/index.html%20HTTP/1.1%0d%0aHost:%20localhost%0d%0aConnection:%20keep-alive%0d%0a%0d%0aGET%20/BAD.html%20HTTP/1.1%0d%0aFoo:%20bar HTTP/1.1"
+wget -S -q --output-document - "$CHOKEURL" || true
+(wget -S -q --output-document /dev/null "$CHOKEURL" 2>&1 || true)
+(wget -S -q --output-document /dev/null "$CHOKEURL" 2>&1 || true) | grep -e '^[[:space:]]*HTTP/1.1 4[[:digit:]][[:digit:]] '
+
+cat $AUTOPKGTEST_ARTIFACTS/apache2/access.8080.log | grep '] "GET /BAD.html HTTP/1.1"' && exit 1
+
+exit 0
+
diff --git a/debian/tests/control b/debian/tests/control
index 2453137..1298110 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -27,3 +27,11 @@ Tests: chroot
Features: no-build-needed
Restrictions: needs-root allow-stderr breaks-testbed
Depends: apache2, wget, dpkg-dev, gcc
+
+Tests: uwsgi
+Restrictions: allow-stderr, needs-root
+Depends: apache2, uwsgi, wget, uwsgi-plugin-python3, rsync, netcat-openbsd | netcat-traditional
+
+Tests: CVE-2023-25690
+Restrictions: allow-stderr, needs-root, isolation-container
+Depends: apache2, rsync, curl, wget
diff --git a/debian/tests/uwsgi b/debian/tests/uwsgi
new file mode 100644
index 0000000..3350144
--- /dev/null
+++ b/debian/tests/uwsgi
@@ -0,0 +1,145 @@
+#!/bin/bash
+set -eux
+
+RC=0
+fail () {
+ echo "FAIL: $@" >&2
+ RC=1
+}
+
+
+function exit_handler()
+{
+ systemctl stop apache2 || true
+ if test -f /run/uwsgi/uwsgi.pid; then
+ kill -TERM $(cat /run/uwsgi/uwsgi.pid)
+ fi
+ cat $AUTOPKGTEST_ARTIFACTS/apache2/error.log || true
+ cat $AUTOPKGTEST_ARTIFACTS/apache2/access.log || true
+ cat $AUTOPKGTEST_ARTIFACTS/apache2/uwsgi.log || true
+ cat $AUTOPKGTEST_ARTIFACTS/apache2/uwsgi.error.log || true
+}
+trap exit_handler EXIT
+
+
+a2enmod proxy
+a2enmod proxy_uwsgi
+
+rsync -a /var/log/apache2 "$AUTOPKGTEST_ARTIFACTS"
+rm /var/log/apache2/*
+mount -o bind "$AUTOPKGTEST_ARTIFACTS/apache2" /var/log/apache2
+
+tee /etc/apache2/sites-available/000-default.conf <<'EOF'
+<VirtualHost *:80>
+ # The ServerName directive sets the request scheme, hostname and port that
+ # the server uses to identify itself. This is used when creating
+ # redirection URLs. In the context of virtual hosts, the ServerName
+ # specifies what hostname must appear in the request's Host: header to
+ # match this virtual host. For the default virtual host (this file) this
+ # value is not decisive as it is used as a last resort host regardless.
+ # However, you must set it for any further virtual host explicitly.
+ #ServerName www.example.com
+
+ ServerAdmin webmaster@localhost
+ DocumentRoot /var/www/html
+
+ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
+ # error, crit, alert, emerg.
+ # It is also possible to configure the loglevel for particular
+ # modules, e.g.
+ #LogLevel info ssl:warn
+
+ ErrorLog ${APACHE_LOG_DIR}/error.log
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+ # For most configuration files from conf-available/, which are
+ # enabled or disabled at a global level, it is possible to
+ # include a line for only one particular virtual host. For example the
+ # following line enables the CGI configuration for this host only
+ # after it has been globally disabled with "a2disconf".
+ #Include conf-available/serve-cgi-bin.conf
+ ProxyPass "/uwsgi" "unix:/run/uwsgi/test.socket|uwsgi://localhost"
+</VirtualHost>
+EOF
+
+systemctl restart apache2
+
+test -d /etc/uwsgi/ || mkdir /etc/uwsgi
+
+
+
+tee /etc/systemd/system/uwsgi-app@.socket <<EOF
+[Unit]
+Description=Socket for uWSGI app %i
+
+[Socket]
+ListenStream=/run/uwsgi/%i.socket
+SocketUser=www-%i
+SocketGroup=www-data
+SocketMode=0660
+
+[Install]
+WantedBy=sockets.target
+EOF
+
+tee /etc/systemd/system/uwsgi-app@.service <<EOF
+[Unit]
+Description=%i uWSGI app
+After=syslog.target
+
+[Service]
+ExecStart=/usr/bin/uwsgi \
+ --ini /etc/uwsgi/apps-available/%i.ini \
+ --socket /run/uwsgi/%i.socket
+User=www-%i
+Group=www-data
+Restart=on-failure
+KillSignal=SIGQUIT
+Type=notify
+StandardError=file:/var/log/apache2/uwsgi.error.log
+StandardOutput=file:/var/log/apache2/uwsgi.log
+NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl daemon-reload
+
+useradd uwsgi_test
+useradd www-test
+
+tee /etc/uwsgi/apps-available/test.ini <<EOF
+[uwsgi]
+chdir=/tmp
+master=True
+cheap=True
+die-on-idle=True
+manage-script-name=True
+plugin=python3
+wsgi-file=/tmp/uwsgi.py
+EOF
+
+
+tee /tmp/uwsgi.py <<'EOF'
+import wsgiref.headers as h
+def application(env, start_response):
+ buggy_header=('buggy','buggy#\r\nbuggy2:buggy2')
+ start_response('200 OK', [('Content-Type','text/html'),buggy_header])
+ ret = "Hello World Headers {}".format(env).encode()
+ return [ret]
+EOF
+chown 'www-test:www-test' /tmp/uwsgi.py
+chmod +x /tmp/uwsgi.py
+
+systemctl enable uwsgi-app@test.socket
+systemctl enable uwsgi-app@test.service
+systemctl start uwsgi-app@test.socket
+systemctl restart apache2
+
+
+wget -S -q --output-document - http://localhost/uwsgi
+wget -q --output-document - http://localhost/uwsgi | grep "^Hello World"
+
+exit $RC
+-