Hi, I worked on the new test today, it is functional after applying the the last patch by Tim suggested.
I am facing a problem here. I am trying to set a secure cookie over an insecure connection (without applying my patch, so the test should fail). The cookie, although being set (cross checked it in the log), is not being saved in the file due to some reason I'm unable to figure out. I am sure that its not being saved as I tried printing the file content in the test (it shows up in the log). Is there any reason it should not be getting saved? PFA the test and modifications to expected_files hook. Kushagra On Wed, Feb 3, 2016 at 1:46 PM, Darshit Shah <[email protected]> wrote: > That's no problem. Just mentioning it, so the thread stays alive and > we don't entirely forget about it. > > On 3 February 2016 at 09:11, Kushagra Singh > <[email protected]> wrote: > > I'm out of town right now, I'll be able to get back to it in a couple of > > days. Sorry for the delay! > > > > Regards, > > Kushagra > > > > > > On Wed, 3 Feb 2016 13:39 Darshit Shah <[email protected]> wrote: > >> > >> That's fine. The patch was good. > >> > >> Now waiting on Kushagra's tests and his copyright assignment to go > through > >> > >> On 1 February 2016 at 21:13, Tim Rühsen <[email protected]> wrote: > >> > Ups, just pushed your patch accidentially (thanks anyway). > >> > I wanted to wait for Darshit to confirm it... > >> > > >> > Regards, Tim > >> > > >> > Am Sonntag, 31. Januar 2016, 17:40:12 schrieb Ander Juaristi: > >> >> The test looks good to me, but I think I've spotted a bug _in the > test > >> >> engine_ where the 'RejectHeader' rule doesn't get enforced. > >> >> > >> >> You can strip the 'secure' parameter from this testcase and still it > >> >> will > >> >> pass. I've written a patch to fix this. > >> >> > >> >> I.e. this: > >> >> > >> >> ---request begin--- > >> >> GET /File2 HTTP/1.1 > >> >> User-Agent: Wget/1.16.3.168-be847 (linux-gnu) > >> >> Accept: */* > >> >> Accept-Encoding: identity > >> >> Host: 127.0.0.1:44832 > >> >> Connection: Keep-Alive > >> >> Cookie: sess-id=0213 > >> >> > >> >> ---request end--- > >> >> HTTP request sent, awaiting response... 127.0.0.1 - - [31/Jan/2016 > >> >> 17:33:20] > >> >> "GET /File2 HTTP/1.1" 200 - > >> >> > >> >> ---response begin--- > >> >> HTTP/1.1 200 OK > >> >> Server: BaseHTTP/0.6 Python/3.4.3+ > >> >> Date: Sun, 31 Jan 2016 16:33:20 GMT > >> >> content-length: 29 > >> >> content-type: text/plain > >> >> > >> >> versus this: > >> >> > >> >> ---request begin--- > >> >> GET /File2 HTTP/1.1 > >> >> User-Agent: Wget/1.16.3.168-be847 (linux-gnu) > >> >> Accept: */* > >> >> Accept-Encoding: identity > >> >> Host: 127.0.0.1:37251 > >> >> Connection: Keep-Alive > >> >> Cookie: sess-id=0213 > >> >> > >> >> ---request end--- > >> >> HTTP request sent, awaiting response... 127.0.0.1 - - [31/Jan/2016 > >> >> 17:34:18] > >> >> code 400, message Blacklisted Header Cookie received 127.0.0.1 - - > >> >> [31/Jan/2016 17:34:18] "GET /File2 HTTP/1.1" 400 - > >> >> > >> >> ---response begin--- > >> >> HTTP/1.1 400 Blacklisted Header Cookie received > >> >> Server: BaseHTTP/0.6 Python/3.4.3+ > >> >> Date: Sun, 31 Jan 2016 16:34:18 GMT > >> >> Content-Type: text/html;charset=utf-8 > >> >> Connection: close > >> >> Content-Length: 483 > >> >> > >> >> ---response end--- > >> >> 400 Blacklisted Header Cookie received > >> >> Header Cookie received > >> >> URI content encoding = ‘utf-8’ > >> >> Disabling further reuse of socket 3. > >> >> Closed fd 3 > >> >> 2016-01-31 17:34:18 ERROR 400: Blacklisted Header Cookie received. > >> >> > >> >> On 01/30/2016 09:31 PM, Kushagra Singh wrote: > >> >> > Hi, > >> >> > > >> >> > I'm a bit stuck while writing tests. How do I test the fact that a > >> >> > secure > >> >> > only cookie does not get saved over an insecure connection? Even if > >> >> > the > >> >> > cookie gets saved, it will not be transmitted over an insecure > >> >> > connection > >> >> > (cookie_matches_url() ensures that). So even though I can see in > the > >> >> > log > >> >> > that the cookie is not saved, I can't figure out how exactly to > test > >> >> > that > >> >> > in the test suite, since I cannot check using RejectHeader. Please > >> >> > find > >> >> > attached the test I have written. > >> >> > > >> >> > And one thing I noticed, Test-Proto.py tries to import HTTP and > HTTPS > >> >> > classes from " misc.constants", which is wrong. It should be > imported > >> >> > from > >> >> > test.base_test right? > >> >> > > >> >> > Regards, > >> >> > Kushagra > >> >> > >> >> Regards, > >> >> - AJ > >> > > >> > > >> > >> > >> > >> -- > >> Thanking You, > >> Darshit Shah > >> > > > > > > -- > Thanking You, > Darshit Shah >
From 60f14da329387b8e440bf4b5665aaae5ffc64b7b Mon Sep 17 00:00:00 2001 From: kush789 <[email protected]> Date: Tue, 9 Feb 2016 01:14:22 +0530 Subject: [PATCH] Added Test-reject-secure-cookies --- testenv/Makefile.am | 1 + testenv/Test-reject-secure-cookie.py | 73 ++++++++++++++++++++++++++++++++++++ testenv/conf/expected_files.py | 5 ++- 3 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 testenv/Test-reject-secure-cookie.py diff --git a/testenv/Makefile.am b/testenv/Makefile.am index 370c404..084d435 100644 --- a/testenv/Makefile.am +++ b/testenv/Makefile.am @@ -68,6 +68,7 @@ if HAVE_PYTHON3 Test--spider-r.py \ Test--rejected-log.py \ Test-redirect-crash.py \ + Test-reject-secure-cookie.py \ Test-reserved-chars.py \ Test-condget.py \ $(METALINK_TESTS) diff --git a/testenv/Test-reject-secure-cookie.py b/testenv/Test-reject-secure-cookie.py new file mode 100644 index 0000000..c629020 --- /dev/null +++ b/testenv/Test-reject-secure-cookie.py @@ -0,0 +1,73 @@ +#!/usr/bin/env python3 +from sys import exit +from test.http_test import HTTPTest +from test.base_test import HTTP +from misc.wget_file import WgetFile + +""" + This test ensures that a secure-only cookie is rejected over an insecure + connection +""" +TEST_NAME = "Reject Secure Cookie" +############# File Definitions ############################################### +File1 = """All happy families are alike; +Each unhappy family is unhappy in its own way""" +File2 = "" +# Expected cookie file should be empty + +File1_rules = { + "SendHeader" : { + "Set-Cookie" : "sess-id=0213; path=/; secure" + } +} + +A_File = WgetFile ("File1", File1, rules=File1_rules) +B_File = WgetFile ("mycookies.wget", File2) + +WGET_OPTIONS = "--save-cookies=mycookies.wget" +WGET_URLS = [["File1"]] + +Servers = [HTTP] + +Files = [[A_File]] + +ExpectedReturnCode = 0 + +def postfunc(): + cookie_file_content = [] + + with open("mycookies.wget", 'r') as fp: + cookie_file_content = fp.readlines() + print (cookie_file_content) + + cookie_file_content = cookie_file_content[4:] + # Removing first four lines (comments generated by wget) + + with open("mycookies.wget", 'w') as fp: + for line in cookie_file_content:cookie_file_content + fp.write(line) + + return [A_File, B_File] + +################ Pre and Post Test Hooks ##################################### +pre_test = { + "ServerFiles" : Files, +} +test_options = { + "WgetCommands" : WGET_OPTIONS, + "Urls" : WGET_URLS +} +post_test = { + "ExpectedFiles" : postfunc, + "ExpectedRetcode" : ExpectedReturnCode +} + +err = HTTPTest ( + name=TEST_NAME, + pre_hook=pre_test, + test_params=test_options, + post_hook=post_test, + protocols=Servers +).begin () + +exit (err) diff --git a/testenv/conf/expected_files.py b/testenv/conf/expected_files.py index 5362771..c9a333f 100644 --- a/testenv/conf/expected_files.py +++ b/testenv/conf/expected_files.py @@ -17,7 +17,10 @@ files are found, else returns gracefully. @hook() class ExpectedFiles: def __init__(self, expected_fs): - self.expected_fs = expected_fs + if callable(expected_fs): + self.expected_fs = expected_fs() + else: + self.expected_fs = expected_fs @staticmethod def gen_local_fs_snapshot(): -- 1.9.1
