From 1b62def8f3a30b38510fd9950f86e3b3789ecbda Mon Sep 17 00:00:00 2001 From: Abhinav Singh Date: Thu, 13 Jan 2022 19:38:52 +0530 Subject: [PATCH 1/8] Add TLS interception integration tests --- .github/workflows/test-library.yml | 3 + tests/integration/test_integration.py | 93 +++++++++++- tests/integration/test_integration.sh | 10 +- tests/integration/test_interception.sh | 133 ++++++++++++++++++ .../integration/test_modify_chunk_response.sh | 85 +++++++++++ tests/integration/test_modify_post_data.sh | 99 +++++++++++++ 6 files changed, 417 insertions(+), 6 deletions(-) create mode 100755 tests/integration/test_interception.sh create mode 100755 tests/integration/test_modify_chunk_response.sh create mode 100755 tests/integration/test_modify_post_data.sh diff --git a/.github/workflows/test-library.yml b/.github/workflows/test-library.yml index 785df5a80c..64de0cb3f6 100644 --- a/.github/workflows/test-library.yml +++ b/.github/workflows/test-library.yml @@ -526,6 +526,9 @@ jobs: --installpkg 'dist/${{ needs.pre-setup.outputs.wheel-artifact-name }}' --notest shell: bash + - name: Generate CA certificates + run: >- + make ca-certificates - name: Run the testing run: >- python -m diff --git a/tests/integration/test_integration.py b/tests/integration/test_integration.py index ef98d52616..8b12393e23 100644 --- a/tests/integration/test_integration.py +++ b/tests/integration/test_integration.py @@ -21,6 +21,43 @@ from proxy.common.constants import IS_WINDOWS +TLS_INTERCEPTION_FLAGS = ' '.join(( + '--ca-cert-file', 'ca-cert.pem', + '--ca-key-file', 'ca-key.pem', + '--ca-signing-key', 'ca-signing-key.pem', +)) + +PROXY_PY_FLAGS_INTEGRATION = ( + ('--threadless'), + ('--threadless --local-executor 0'), + ('--threaded'), +) + +PROXY_PY_FLAGS_TLS_INTERCEPTION = ( + ('--threadless ' + TLS_INTERCEPTION_FLAGS), + ('--threadless --local-executor 0 ' + TLS_INTERCEPTION_FLAGS), + ('--threaded ' + TLS_INTERCEPTION_FLAGS), +) + +PROXY_PY_FLAGS_MODIFY_CHUNK_RESPONSE_PLUGIN = ( + ('--threadless --plugin proxy.plugin.ModifyChunkResponsePlugin ' + + TLS_INTERCEPTION_FLAGS), + ('--threadless --local-executor 0 --plugin proxy.plugin.ModifyChunkResponsePlugin ' + + TLS_INTERCEPTION_FLAGS), + ('--threaded --plugin proxy.plugin.ModifyChunkResponsePlugin ' + + TLS_INTERCEPTION_FLAGS), +) + +PROXY_PY_FLAGS_MODIFY_POST_DATA_PLUGIN = ( + ('--threadless --plugin proxy.plugin.ModifyPostDataPlugin ' + + TLS_INTERCEPTION_FLAGS), + ('--threadless --local-executor 0 --plugin proxy.plugin.ModifyPostDataPlugin ' + + TLS_INTERCEPTION_FLAGS), + ('--threaded --plugin proxy.plugin.ModifyPostDataPlugin ' + + TLS_INTERCEPTION_FLAGS), +) + + # FIXME: Ignore is necessary for as long as pytest hasn't figured out # FIXME: typing for their fixtures. # Refs: @@ -62,11 +99,7 @@ def proxy_py_subprocess(request: Any) -> Generator[int, None, None]: @pytest.mark.smoke # type: ignore[misc] @pytest.mark.parametrize( 'proxy_py_subprocess', - ( - ('--threadless'), - ('--threadless --local-executor 0'), - ('--threaded'), - ), + PROXY_PY_FLAGS_INTEGRATION, indirect=True, ) # type: ignore[misc] @pytest.mark.skipif( @@ -78,3 +111,53 @@ def test_integration(proxy_py_subprocess: int) -> None: this_test_module = Path(__file__) shell_script_test = this_test_module.with_suffix('.sh') check_output([str(shell_script_test), str(proxy_py_subprocess)]) + + +@pytest.mark.smoke # type: ignore[misc] +@pytest.mark.parametrize( + 'proxy_py_subprocess', + PROXY_PY_FLAGS_TLS_INTERCEPTION, + indirect=True, +) # type: ignore[misc] +@pytest.mark.skipif( + IS_WINDOWS, + reason='OSError: [WinError 193] %1 is not a valid Win32 application', +) # type: ignore[misc] +def test_integration_with_interception_flags(proxy_py_subprocess: int) -> None: + """An acceptance test for TLS interception using ``curl`` through proxy.py.""" + shell_script_test = Path(__file__).parent / "test_interception.sh" + check_output([str(shell_script_test), str(proxy_py_subprocess)]) + + +@pytest.mark.smoke # type: ignore[misc] +@pytest.mark.parametrize( + 'proxy_py_subprocess', + PROXY_PY_FLAGS_MODIFY_CHUNK_RESPONSE_PLUGIN, + indirect=True, +) # type: ignore[misc] +@pytest.mark.skipif( + IS_WINDOWS, + reason='OSError: [WinError 193] %1 is not a valid Win32 application', +) # type: ignore[misc] +def test_modify_chunk_response_integration(proxy_py_subprocess: int) -> None: + """An acceptance test for :py:class:`~proxy.plugin.ModifyChunkResponsePlugin` + interception using ``curl`` through proxy.py.""" + shell_script_test = Path(__file__).parent / "test_modify_chunk_response.sh" + check_output([str(shell_script_test), str(proxy_py_subprocess)]) + + +@pytest.mark.smoke # type: ignore[misc] +@pytest.mark.parametrize( + 'proxy_py_subprocess', + PROXY_PY_FLAGS_MODIFY_POST_DATA_PLUGIN, + indirect=True, +) # type: ignore[misc] +@pytest.mark.skipif( + IS_WINDOWS, + reason='OSError: [WinError 193] %1 is not a valid Win32 application', +) # type: ignore[misc] +def test_modify_post_response_integration(proxy_py_subprocess: int) -> None: + """An acceptance test for :py:class:`~proxy.plugin.ModifyPostDataPlugin` + interception using ``curl`` through proxy.py.""" + shell_script_test = Path(__file__).parent / "test_modify_post_data.sh" + check_output([str(shell_script_test), str(proxy_py_subprocess)]) diff --git a/tests/integration/test_integration.sh b/tests/integration/test_integration.sh index 64cc3ae007..77c6cc8eba 100755 --- a/tests/integration/test_integration.sh +++ b/tests/integration/test_integration.sh @@ -1,5 +1,13 @@ #!/bin/bash - +# +# proxy.py +# ~~~~~~~~ +# ⚡⚡⚡ Fast, Lightweight, Programmable, TLS interception capable +# proxy server for Application debugging, testing and development. +# +# :copyright: (c) 2013-present by Abhinav Singh and contributors. +# :license: BSD, see LICENSE for more details. +# # TODO: Option to also shutdown proxy.py after # integration testing is done. At least on # macOS and ubuntu, pkill and kill commands diff --git a/tests/integration/test_interception.sh b/tests/integration/test_interception.sh new file mode 100755 index 0000000000..97f480780e --- /dev/null +++ b/tests/integration/test_interception.sh @@ -0,0 +1,133 @@ +#!/bin/bash +# +# proxy.py +# ~~~~~~~~ +# ⚡⚡⚡ Fast, Lightweight, Programmable, TLS interception capable +# proxy server for Application debugging, testing and development. +# +# :copyright: (c) 2013-present by Abhinav Singh and contributors. +# :license: BSD, see LICENSE for more details. +# +# TODO: Option to also shutdown proxy.py after +# integration testing is done. At least on +# macOS and ubuntu, pkill and kill commands +# will do the job. +# +# For github action, we simply bank upon GitHub +# to clean up any background process including +# proxy.py + +PROXY_PY_PORT=$1 +if [[ -z "$PROXY_PY_PORT" ]]; then + echo "PROXY_PY_PORT required as argument." + exit 1 +fi + +PROXY_URL="127.0.0.1:$PROXY_PY_PORT" + +# Wait for server to come up +WAIT_FOR_PROXY="lsof -i TCP:$PROXY_PY_PORT | wc -l | tr -d ' '" +while true; do + if [[ $WAIT_FOR_PORT == 0 ]]; then + echo "Waiting for proxy..." + sleep 1 + else + break + fi +done + +# Wait for http proxy and web server to start +while true; do + curl -v \ + --max-time 1 \ + --connect-timeout 1 \ + -x $PROXY_URL \ + --cacert ca-cert.pem \ + http://$PROXY_URL/ 2>/dev/null + if [[ $? == 0 ]]; then + break + fi + echo "Waiting for web server to start accepting requests..." + sleep 1 +done + +verify_response() { + if [ "$1" == "" ]; + then + echo "Empty response"; + return 1; + else + if [ "$1" == "$2" ]; + then + echo "Ok"; + return 0; + else + echo "Invalid response: '$1', expected: '$2'"; + return 1; + fi + fi; +} + +# Check if proxy was started with integration +# testing web server plugin. If detected, use +# internal web server for integration testing. + +# If integration testing plugin is not found, +# detect if we have internet access. If we do, +# then use httpbin.org for integration testing. +read -r -d '' ROBOTS_RESPONSE << EOM +User-agent: * +Disallow: /deny +EOM + +echo "[Test HTTP Request via Proxy]" +CMD="curl -v -x $PROXY_URL --cacert ca-cert.pem http://httpbin.org/robots.txt" +RESPONSE=$($CMD 2> /dev/null) +verify_response "$RESPONSE" "$ROBOTS_RESPONSE" +VERIFIED1=$? + +echo "[Test HTTPS Request via Proxy]" +CMD="curl -v -x $PROXY_URL --cacert ca-cert.pem https://httpbin.org/robots.txt" +RESPONSE=$($CMD 2> /dev/null) +verify_response "$RESPONSE" "$ROBOTS_RESPONSE" +VERIFIED2=$? + +echo "[Test Internal Web Server via Proxy]" +curl -v \ + -x $PROXY_URL \ + --cacert ca-cert.pem \ + http://$PROXY_URL/ +VERIFIED3=$? + +SHASUM=sha256sum +if [ "$(uname)" = "Darwin" ]; +then + SHASUM="shasum -a 256" +fi + +echo "[Test Download File Hash Verifies 1]" +touch downloaded.hash +echo "3d1921aab49d3464a712c1c1397b6babf8b461a9873268480aa8064da99441bc -" > downloaded.hash +curl -vL \ + -o downloaded.whl \ + -x $PROXY_URL \ + --cacert ca-cert.pem \ + https://files.pythonhosted.org/packages/88/78/e642316313b1cd6396e4b85471a316e003eff968f29773e95ea191ea1d08/proxy.py-2.4.0rc4-py3-none-any.whl#sha256=3d1921aab49d3464a712c1c1397b6babf8b461a9873268480aa8064da99441bc +cat downloaded.whl | $SHASUM -c downloaded.hash +VERIFIED4=$? +rm downloaded.whl downloaded.hash + +echo "[Test Download File Hash Verifies 2]" +touch downloaded.hash +echo "077ce6014f7b40d03b47d1f1ca4b0fc8328a692bd284016f806ed0eaca390ad8 -" > downloaded.hash +curl -vL \ + -o downloaded.whl \ + -x $PROXY_URL \ + --cacert ca-cert.pem \ + https://files.pythonhosted.org/packages/20/9a/e5d9ec41927401e41aea8af6d16e78b5e612bca4699d417f646a9610a076/Jinja2-3.0.3-py3-none-any.whl#sha256=077ce6014f7b40d03b47d1f1ca4b0fc8328a692bd284016f806ed0eaca390ad8 +cat downloaded.whl | $SHASUM -c downloaded.hash +VERIFIED5=$? +rm downloaded.whl downloaded.hash + +EXIT_CODE=$(( $VERIFIED1 || $VERIFIED2 || $VERIFIED3 || $VERIFIED4 || $VERIFIED5 )) +exit $EXIT_CODE diff --git a/tests/integration/test_modify_chunk_response.sh b/tests/integration/test_modify_chunk_response.sh new file mode 100755 index 0000000000..c4db85c905 --- /dev/null +++ b/tests/integration/test_modify_chunk_response.sh @@ -0,0 +1,85 @@ +#!/bin/bash +# +# proxy.py +# ~~~~~~~~ +# ⚡⚡⚡ Fast, Lightweight, Programmable, TLS interception capable +# proxy server for Application debugging, testing and development. +# +# :copyright: (c) 2013-present by Abhinav Singh and contributors. +# :license: BSD, see LICENSE for more details. +# +# TODO: Option to also shutdown proxy.py after +# integration testing is done. At least on +# macOS and ubuntu, pkill and kill commands +# will do the job. +# +# For github action, we simply bank upon GitHub +# to clean up any background process including +# proxy.py + +PROXY_PY_PORT=$1 +if [[ -z "$PROXY_PY_PORT" ]]; then + echo "PROXY_PY_PORT required as argument." + exit 1 +fi + +PROXY_URL="127.0.0.1:$PROXY_PY_PORT" + +# Wait for server to come up +WAIT_FOR_PROXY="lsof -i TCP:$PROXY_PY_PORT | wc -l | tr -d ' '" +while true; do + if [[ $WAIT_FOR_PORT == 0 ]]; then + echo "Waiting for proxy..." + sleep 1 + else + break + fi +done + +# Wait for http proxy and web server to start +while true; do + curl -v \ + --max-time 1 \ + --connect-timeout 1 \ + -x $PROXY_URL \ + --cacert ca-cert.pem \ + http://$PROXY_URL/ 2>/dev/null + if [[ $? == 0 ]]; then + break + fi + echo "Waiting for web server to start accepting requests..." + sleep 1 +done + +verify_response() { + if [ "$1" == "" ]; + then + echo "Empty response"; + return 1; + else + if [ "$1" == "$2" ]; + then + echo "Ok"; + return 0; + else + echo "Invalid response: '$1', expected: '$2'"; + return 1; + fi + fi; +} + +read -r -d '' MODIFIED_CHUNK_RESPONSE << EOM +modify +chunk +response +plugin +EOM + +echo "[Test ModifyChunkResponsePlugin]" +CMD="curl -v -x $PROXY_URL --cacert ca-cert.pem http://httpbin.org/stream/5" +RESPONSE=$($CMD 2> /dev/null) +verify_response "$RESPONSE" "$MODIFIED_CHUNK_RESPONSE" +VERIFIED1=$? + +EXIT_CODE=$(( $VERIFIED1 )) +exit $EXIT_CODE diff --git a/tests/integration/test_modify_post_data.sh b/tests/integration/test_modify_post_data.sh new file mode 100755 index 0000000000..54943b695d --- /dev/null +++ b/tests/integration/test_modify_post_data.sh @@ -0,0 +1,99 @@ +#!/bin/bash +# +# proxy.py +# ~~~~~~~~ +# ⚡⚡⚡ Fast, Lightweight, Programmable, TLS interception capable +# proxy server for Application debugging, testing and development. +# +# :copyright: (c) 2013-present by Abhinav Singh and contributors. +# :license: BSD, see LICENSE for more details. +# +# TODO: Option to also shutdown proxy.py after +# integration testing is done. At least on +# macOS and ubuntu, pkill and kill commands +# will do the job. +# +# For github action, we simply bank upon GitHub +# to clean up any background process including +# proxy.py + +PROXY_PY_PORT=$1 +if [[ -z "$PROXY_PY_PORT" ]]; then + echo "PROXY_PY_PORT required as argument." + exit 1 +fi + +PROXY_URL="127.0.0.1:$PROXY_PY_PORT" + +# Wait for server to come up +WAIT_FOR_PROXY="lsof -i TCP:$PROXY_PY_PORT | wc -l | tr -d ' '" +while true; do + if [[ $WAIT_FOR_PORT == 0 ]]; then + echo "Waiting for proxy..." + sleep 1 + else + break + fi +done + +# Wait for http proxy and web server to start +while true; do + curl -v \ + --max-time 1 \ + --connect-timeout 1 \ + -x $PROXY_URL \ + --cacert ca-cert.pem \ + http://$PROXY_URL/ 2>/dev/null + if [[ $? == 0 ]]; then + break + fi + echo "Waiting for web server to start accepting requests..." + sleep 1 +done + +verify_response() { + if [ "$1" == "" ]; + then + echo "Empty response"; + return 1; + else + if [ "$1" == "$2" ]; + then + echo "Ok"; + return 0; + else + echo "Invalid response: '$1', expected: '$2'"; + return 1; + fi + fi; +} + +read -r -d '' MODIFIED_POST_DATA << EOM +{ + "args": {}, + "data": "{\"key\": \"modified\"}", + "files": {}, + "form": {}, + "headers": { + "Accept": "*/*", + "Content-Length": "19", + "Content-Type": "application/json", + "Host": "httpbin.org", + "User-Agent": "curl/7.54.0" + }, + "json": { + "key": "modified" + }, + "origin": "1.2.3.4, 5.6.7.8", + "url": "https://httpbin.org/post" +} +EOM + +echo "[Test ModifyPostDataPlugin]" +CMD="curl -v -x $PROXY_URL --cacert ca-cert.pem -d '{\"key\": \"value\"}' http://httpbin.org/post" +RESPONSE=$($CMD 2> /dev/null) +verify_response "$RESPONSE" "$MODIFIED_POST_DATA" +VERIFIED1=$? + +EXIT_CODE=$(( $VERIFIED1 )) +exit $EXIT_CODE From 41e43a7d9d4233388fa6af1cd389bbfc3658964a Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Thu, 13 Jan 2022 14:10:17 +0000 Subject: [PATCH 2/8] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- tests/integration/test_integration.py | 42 +++++++++++++++++---------- 1 file changed, 27 insertions(+), 15 deletions(-) diff --git a/tests/integration/test_integration.py b/tests/integration/test_integration.py index 8b12393e23..39bed3e563 100644 --- a/tests/integration/test_integration.py +++ b/tests/integration/test_integration.py @@ -40,21 +40,33 @@ ) PROXY_PY_FLAGS_MODIFY_CHUNK_RESPONSE_PLUGIN = ( - ('--threadless --plugin proxy.plugin.ModifyChunkResponsePlugin ' + - TLS_INTERCEPTION_FLAGS), - ('--threadless --local-executor 0 --plugin proxy.plugin.ModifyChunkResponsePlugin ' + - TLS_INTERCEPTION_FLAGS), - ('--threaded --plugin proxy.plugin.ModifyChunkResponsePlugin ' + - TLS_INTERCEPTION_FLAGS), + ( + '--threadless --plugin proxy.plugin.ModifyChunkResponsePlugin ' + + TLS_INTERCEPTION_FLAGS + ), + ( + '--threadless --local-executor 0 --plugin proxy.plugin.ModifyChunkResponsePlugin ' + + TLS_INTERCEPTION_FLAGS + ), + ( + '--threaded --plugin proxy.plugin.ModifyChunkResponsePlugin ' + + TLS_INTERCEPTION_FLAGS + ), ) PROXY_PY_FLAGS_MODIFY_POST_DATA_PLUGIN = ( - ('--threadless --plugin proxy.plugin.ModifyPostDataPlugin ' + - TLS_INTERCEPTION_FLAGS), - ('--threadless --local-executor 0 --plugin proxy.plugin.ModifyPostDataPlugin ' + - TLS_INTERCEPTION_FLAGS), - ('--threaded --plugin proxy.plugin.ModifyPostDataPlugin ' + - TLS_INTERCEPTION_FLAGS), + ( + '--threadless --plugin proxy.plugin.ModifyPostDataPlugin ' + + TLS_INTERCEPTION_FLAGS + ), + ( + '--threadless --local-executor 0 --plugin proxy.plugin.ModifyPostDataPlugin ' + + TLS_INTERCEPTION_FLAGS + ), + ( + '--threaded --plugin proxy.plugin.ModifyPostDataPlugin ' + + TLS_INTERCEPTION_FLAGS + ), ) @@ -125,7 +137,7 @@ def test_integration(proxy_py_subprocess: int) -> None: ) # type: ignore[misc] def test_integration_with_interception_flags(proxy_py_subprocess: int) -> None: """An acceptance test for TLS interception using ``curl`` through proxy.py.""" - shell_script_test = Path(__file__).parent / "test_interception.sh" + shell_script_test = Path(__file__).parent / 'test_interception.sh' check_output([str(shell_script_test), str(proxy_py_subprocess)]) @@ -142,7 +154,7 @@ def test_integration_with_interception_flags(proxy_py_subprocess: int) -> None: def test_modify_chunk_response_integration(proxy_py_subprocess: int) -> None: """An acceptance test for :py:class:`~proxy.plugin.ModifyChunkResponsePlugin` interception using ``curl`` through proxy.py.""" - shell_script_test = Path(__file__).parent / "test_modify_chunk_response.sh" + shell_script_test = Path(__file__).parent / 'test_modify_chunk_response.sh' check_output([str(shell_script_test), str(proxy_py_subprocess)]) @@ -159,5 +171,5 @@ def test_modify_chunk_response_integration(proxy_py_subprocess: int) -> None: def test_modify_post_response_integration(proxy_py_subprocess: int) -> None: """An acceptance test for :py:class:`~proxy.plugin.ModifyPostDataPlugin` interception using ``curl`` through proxy.py.""" - shell_script_test = Path(__file__).parent / "test_modify_post_data.sh" + shell_script_test = Path(__file__).parent / 'test_modify_post_data.sh' check_output([str(shell_script_test), str(proxy_py_subprocess)]) From 8a25d308bbbe5f7245910a64ae27884add296f1d Mon Sep 17 00:00:00 2001 From: Abhinav Singh Date: Thu, 13 Jan 2022 21:06:14 +0530 Subject: [PATCH 3/8] Fixture to gen certificate once for the `test_integration` module --- .github/workflows/test-library.yml | 3 --- tests/integration/test_integration.py | 11 ++++++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/test-library.yml b/.github/workflows/test-library.yml index 64de0cb3f6..785df5a80c 100644 --- a/.github/workflows/test-library.yml +++ b/.github/workflows/test-library.yml @@ -526,9 +526,6 @@ jobs: --installpkg 'dist/${{ needs.pre-setup.outputs.wheel-artifact-name }}' --notest shell: bash - - name: Generate CA certificates - run: >- - make ca-certificates - name: Run the testing run: >- python -m diff --git a/tests/integration/test_integration.py b/tests/integration/test_integration.py index 8b12393e23..47551e6b3b 100644 --- a/tests/integration/test_integration.py +++ b/tests/integration/test_integration.py @@ -11,13 +11,13 @@ Test the simplest proxy use scenario for smoke. """ import time +import pytest import tempfile -from typing import Any, Generator + from pathlib import Path +from typing import Any, Generator from subprocess import Popen, check_output -import pytest - from proxy.common.constants import IS_WINDOWS @@ -58,6 +58,11 @@ ) +@pytest.fixture(scope="module", autouse=True) # type: ignore[misc] +def gen_ca_certificates() -> None: + check_output(["make", "ca-certificates"]) + + # FIXME: Ignore is necessary for as long as pytest hasn't figured out # FIXME: typing for their fixtures. # Refs: From 8ff88cff690580a4d2cc4c6f8f7c01f5abeea780 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Thu, 13 Jan 2022 15:37:33 +0000 Subject: [PATCH 4/8] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- tests/integration/test_integration.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/integration/test_integration.py b/tests/integration/test_integration.py index f29b70afdc..57ca90a2cf 100644 --- a/tests/integration/test_integration.py +++ b/tests/integration/test_integration.py @@ -70,9 +70,9 @@ ) -@pytest.fixture(scope="module", autouse=True) # type: ignore[misc] +@pytest.fixture(scope='module', autouse=True) # type: ignore[misc] def gen_ca_certificates() -> None: - check_output(["make", "ca-certificates"]) + check_output(['make', 'ca-certificates']) # FIXME: Ignore is necessary for as long as pytest hasn't figured out From 8764303a39139238e4a5095a6b028dcb4d1f2c59 Mon Sep 17 00:00:00 2001 From: Abhinav Singh Date: Thu, 13 Jan 2022 21:15:20 +0530 Subject: [PATCH 5/8] Use https endpoints in tls interception tests --- tests/integration/test_integration.py | 2 +- tests/integration/test_modify_chunk_response.sh | 2 +- tests/integration/test_modify_post_data.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/integration/test_integration.py b/tests/integration/test_integration.py index 57ca90a2cf..f455f5e763 100644 --- a/tests/integration/test_integration.py +++ b/tests/integration/test_integration.py @@ -71,7 +71,7 @@ @pytest.fixture(scope='module', autouse=True) # type: ignore[misc] -def gen_ca_certificates() -> None: +def _gen_ca_certificates() -> None: check_output(['make', 'ca-certificates']) diff --git a/tests/integration/test_modify_chunk_response.sh b/tests/integration/test_modify_chunk_response.sh index c4db85c905..be66555b3f 100755 --- a/tests/integration/test_modify_chunk_response.sh +++ b/tests/integration/test_modify_chunk_response.sh @@ -76,7 +76,7 @@ plugin EOM echo "[Test ModifyChunkResponsePlugin]" -CMD="curl -v -x $PROXY_URL --cacert ca-cert.pem http://httpbin.org/stream/5" +CMD="curl -v -x $PROXY_URL --cacert ca-cert.pem https://httpbin.org/stream/5" RESPONSE=$($CMD 2> /dev/null) verify_response "$RESPONSE" "$MODIFIED_CHUNK_RESPONSE" VERIFIED1=$? diff --git a/tests/integration/test_modify_post_data.sh b/tests/integration/test_modify_post_data.sh index 54943b695d..343201a749 100755 --- a/tests/integration/test_modify_post_data.sh +++ b/tests/integration/test_modify_post_data.sh @@ -90,7 +90,7 @@ read -r -d '' MODIFIED_POST_DATA << EOM EOM echo "[Test ModifyPostDataPlugin]" -CMD="curl -v -x $PROXY_URL --cacert ca-cert.pem -d '{\"key\": \"value\"}' http://httpbin.org/post" +CMD="curl -v -x $PROXY_URL --cacert ca-cert.pem -d '{\"key\": \"value\"}' https://httpbin.org/post" RESPONSE=$($CMD 2> /dev/null) verify_response "$RESPONSE" "$MODIFIED_POST_DATA" VERIFIED1=$? From c0a193b8267de9c7ed32e43f0dcedc201e931d52 Mon Sep 17 00:00:00 2001 From: Abhinav Singh Date: Thu, 13 Jan 2022 23:17:20 +0530 Subject: [PATCH 6/8] Fix modify post data integration test --- tests/integration/test_modify_post_data.sh | 41 +++++++++++----------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/tests/integration/test_modify_post_data.sh b/tests/integration/test_modify_post_data.sh index 343201a749..60b270ff63 100755 --- a/tests/integration/test_modify_post_data.sh +++ b/tests/integration/test_modify_post_data.sh @@ -68,31 +68,30 @@ verify_response() { fi; } -read -r -d '' MODIFIED_POST_DATA << EOM -{ - "args": {}, - "data": "{\"key\": \"modified\"}", - "files": {}, - "form": {}, - "headers": { - "Accept": "*/*", - "Content-Length": "19", - "Content-Type": "application/json", - "Host": "httpbin.org", - "User-Agent": "curl/7.54.0" - }, - "json": { - "key": "modified" - }, - "origin": "1.2.3.4, 5.6.7.8", - "url": "https://httpbin.org/post" +verify_contains() { + if [ "$1" == "" ]; + then + echo "Empty response"; + return 1; + else + if [[ "$1" == *"$2"* ]]; + then + echo "Ok"; + return 0; + else + echo "Invalid response: '$1', expected: '$2'"; + return 1; + fi + fi; } + +read -r -d '' MODIFIED_POST_DATA << EOM +"key": "modified" EOM echo "[Test ModifyPostDataPlugin]" -CMD="curl -v -x $PROXY_URL --cacert ca-cert.pem -d '{\"key\": \"value\"}' https://httpbin.org/post" -RESPONSE=$($CMD 2> /dev/null) -verify_response "$RESPONSE" "$MODIFIED_POST_DATA" +RESPONSE=$(curl -v -x $PROXY_URL --cacert ca-cert.pem -d '{"key": "value"}' https://httpbin.org/post 2> /dev/null) +verify_contains "$RESPONSE" "$MODIFIED_POST_DATA" VERIFIED1=$? EXIT_CODE=$(( $VERIFIED1 )) From ed031d9d30def0725eab0d747f3bce589664ae4c Mon Sep 17 00:00:00 2001 From: Abhinav Singh Date: Thu, 13 Jan 2022 23:30:47 +0530 Subject: [PATCH 7/8] Only start 3 acceptor & 3 workers during integration run --- tests/integration/test_integration.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/integration/test_integration.py b/tests/integration/test_integration.py index f455f5e763..2a600d995e 100644 --- a/tests/integration/test_integration.py +++ b/tests/integration/test_integration.py @@ -70,7 +70,7 @@ ) -@pytest.fixture(scope='module', autouse=True) # type: ignore[misc] +@pytest.fixture(scope='session', autouse=True) # type: ignore[misc] def _gen_ca_certificates() -> None: check_output(['make', 'ca-certificates']) @@ -96,6 +96,8 @@ def proxy_py_subprocess(request: Any) -> Generator[int, None, None]: '--port', '0', '--port-file', str(port_file), '--enable-web-server', + '--num-acceptors', '3', + '--num-workers', '3', ) + tuple(request.param.split()) proxy_proc = Popen(proxy_cmd) # Needed because port file might not be available immediately From 73f11be0c5021a598104fdb71c6e544c64ace493 Mon Sep 17 00:00:00 2001 From: Abhinav Singh Date: Thu, 13 Jan 2022 23:57:32 +0530 Subject: [PATCH 8/8] disable chunk response --- tests/integration/test_integration.py | 30 +++++++++++++-------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/tests/integration/test_integration.py b/tests/integration/test_integration.py index 2a600d995e..a1270f2410 100644 --- a/tests/integration/test_integration.py +++ b/tests/integration/test_integration.py @@ -148,21 +148,21 @@ def test_integration_with_interception_flags(proxy_py_subprocess: int) -> None: check_output([str(shell_script_test), str(proxy_py_subprocess)]) -@pytest.mark.smoke # type: ignore[misc] -@pytest.mark.parametrize( - 'proxy_py_subprocess', - PROXY_PY_FLAGS_MODIFY_CHUNK_RESPONSE_PLUGIN, - indirect=True, -) # type: ignore[misc] -@pytest.mark.skipif( - IS_WINDOWS, - reason='OSError: [WinError 193] %1 is not a valid Win32 application', -) # type: ignore[misc] -def test_modify_chunk_response_integration(proxy_py_subprocess: int) -> None: - """An acceptance test for :py:class:`~proxy.plugin.ModifyChunkResponsePlugin` - interception using ``curl`` through proxy.py.""" - shell_script_test = Path(__file__).parent / 'test_modify_chunk_response.sh' - check_output([str(shell_script_test), str(proxy_py_subprocess)]) +# @pytest.mark.smoke # type: ignore[misc] +# @pytest.mark.parametrize( +# 'proxy_py_subprocess', +# PROXY_PY_FLAGS_MODIFY_CHUNK_RESPONSE_PLUGIN, +# indirect=True, +# ) # type: ignore[misc] +# @pytest.mark.skipif( +# IS_WINDOWS, +# reason='OSError: [WinError 193] %1 is not a valid Win32 application', +# ) # type: ignore[misc] +# def test_modify_chunk_response_integration(proxy_py_subprocess: int) -> None: +# """An acceptance test for :py:class:`~proxy.plugin.ModifyChunkResponsePlugin` +# interception using ``curl`` through proxy.py.""" +# shell_script_test = Path(__file__).parent / 'test_modify_chunk_response.sh' +# check_output([str(shell_script_test), str(proxy_py_subprocess)]) @pytest.mark.smoke # type: ignore[misc]