Add test scenario client-body-tagger
authorFabian Keil <fk@fabiankeil.de>
Sat, 27 Mar 2021 14:04:11 +0000 (15:04 +0100)
committerFabian Keil <fk@fabiankeil.de>
Wed, 20 Mar 2024 11:38:39 +0000 (12:38 +0100)
Sponsored by: Robert Klemme

tests/cts/client-body-tagger/client-body-tagger.action [new file with mode: 0644]
tests/cts/client-body-tagger/client-body-tagger.filter [new file with mode: 0644]
tests/cts/client-body-tagger/data/test1 [new file with mode: 0644]
tests/cts/client-body-tagger/data/test2 [new file with mode: 0644]
tests/cts/client-body-tagger/data/test3 [new file with mode: 0644]
tests/cts/client-body-tagger/data/test4 [new file with mode: 0644]
tests/cts/client-body-tagger/data/test5 [new file with mode: 0644]
tests/cts/client-body-tagger/data/test6 [new file with mode: 0644]
tests/cts/client-body-tagger/data/test7 [new file with mode: 0644]
tests/cts/client-body-tagger/data/test8 [new file with mode: 0644]
tests/cts/client-body-tagger/privoxy.conf [new file with mode: 0644]

diff --git a/tests/cts/client-body-tagger/client-body-tagger.action b/tests/cts/client-body-tagger/client-body-tagger.action
new file mode 100644 (file)
index 0000000..2bc5848
--- /dev/null
@@ -0,0 +1,11 @@
+{+client-body-tagger{blafasel}}
+/
+
+{+block{Request body contains blafasel}}
+TAG:^content contains blafasel$
+
+{+client-body-tagger{bumfidel}}
+/tag-bumfidel-requests/
+
+{+client-body-filter{bumfidel-to-tralala}}
+TAG:^content contains bumfidel$
diff --git a/tests/cts/client-body-tagger/client-body-tagger.filter b/tests/cts/client-body-tagger/client-body-tagger.filter
new file mode 100644 (file)
index 0000000..dc3ebae
--- /dev/null
@@ -0,0 +1,5 @@
+CLIENT-BODY-TAGGER: blafasel Tags requests with "content contains blafasel" if the client body contains the word "blafasel"
+s@.*blafasel.*@content contains blafasel@s
+
+CLIENT-BODY-TAGGER: bumfidel Tags requests with "content contains bumfidel" if the client body contains the word "bumfidel"
+s@.*bumfidel.*@content contains bumfidel@s
diff --git a/tests/cts/client-body-tagger/data/test1 b/tests/cts/client-body-tagger/data/test1
new file mode 100644 (file)
index 0000000..77814a1
--- /dev/null
@@ -0,0 +1,51 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+X-Connection: swsclose
+
+Received your input.
+</data>
+</reply>
+
+<client>
+<server>
+http
+</server>
+<name>
+Two requests to the same URL. The second one is blocked based on a tag applied with client-body-tagger{blafasel}.
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER --next -d blafasel -s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+Connection: close\r
+\r
+</protocol>
+<stderr>
+200
+403
+</stderr>
+
+</verify>
+</testcase>
diff --git a/tests/cts/client-body-tagger/data/test2 b/tests/cts/client-body-tagger/data/test2
new file mode 100644 (file)
index 0000000..0931e57
--- /dev/null
@@ -0,0 +1,51 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+X-Connection: swsclose
+
+Received your input.
+</data>
+</reply>
+
+<client>
+<server>
+http
+</server>
+<name>
+Two requests to the same URL. The second one is large and blocked based on a tag applied with the client-body-tagger{blafasel}.
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER --next -d "blafasel%repeat[5000 x padding]%" -s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+Connection: close\r
+\r
+</protocol>
+<stderr>
+200
+403
+</stderr>
+
+</verify>
+</testcase>
diff --git a/tests/cts/client-body-tagger/data/test3 b/tests/cts/client-body-tagger/data/test3
new file mode 100644 (file)
index 0000000..1968b47
--- /dev/null
@@ -0,0 +1,51 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+X-Connection: swsclose
+
+Received your input.
+</data>
+</reply>
+
+<client>
+<server>
+http
+</server>
+<name>
+Two requests to the same URL. The second one is large and blocked based on a tag. Offending phrase at end of content.
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER --next -d "%repeat[5000 x padding]%blafasel" -s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+Connection: close\r
+\r
+</protocol>
+<stderr>
+200
+403
+</stderr>
+
+</verify>
+</testcase>
diff --git a/tests/cts/client-body-tagger/data/test4 b/tests/cts/client-body-tagger/data/test4
new file mode 100644 (file)
index 0000000..b342917
--- /dev/null
@@ -0,0 +1,51 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+X-Connection: swsclose
+
+Received your input.
+</data>
+</reply>
+
+<client>
+<server>
+http
+</server>
+<name>
+Two requests to the same URL. The second one is large and blocked based on a tag. Offending phrase in the middle of the content.
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER --next -d "%repeat[5000 x padding]% blafasel tralala" -s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+Connection: close\r
+\r
+</protocol>
+<stderr>
+200
+403
+</stderr>
+
+</verify>
+</testcase>
diff --git a/tests/cts/client-body-tagger/data/test5 b/tests/cts/client-body-tagger/data/test5
new file mode 100644 (file)
index 0000000..092af03
--- /dev/null
@@ -0,0 +1,60 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+X-Connection: swsclose
+
+Received your input.
+</data>
+</reply>
+
+<client>
+<server>
+http
+</server>
+<name>
+Two requests to the same URL. The second one is a POST request but it's not expected to be blocked due to a tag.
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER --next -d "%repeat[5000 x padding]%bumfidel" -s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol nonewline="yes">
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+Connection: close\r
+\r
+POST /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+Content-Length: 35008\r
+Content-Type: application/x-www-form-urlencoded\r
+Connection: close\r
+\r
+%repeat[5000 x padding]%bumfidel
+</protocol>
+<stderr>
+200
+200
+</stderr>
+
+</verify>
+</testcase>
diff --git a/tests/cts/client-body-tagger/data/test6 b/tests/cts/client-body-tagger/data/test6
new file mode 100644 (file)
index 0000000..cbb0065
--- /dev/null
@@ -0,0 +1,60 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+X-Connection: swsclose
+
+Received your input.
+</data>
+</reply>
+
+<client>
+<server>
+http
+</server>
+<name>
+Two requests to the same URL. The second one is a POST request and a client-body-filter is enabled based on a tag.
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/tag-bumfidel-requests/%TESTNUMBER --next -d "%repeat[5000 x padding]%bumfidel" -s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/tag-bumfidel-requests/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol nonewline="yes">
+GET /tag-bumfidel-requests/%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+Connection: close\r
+\r
+POST /tag-bumfidel-requests/%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+Content-Length: 35007\r
+Content-Type: application/x-www-form-urlencoded\r
+Connection: close\r
+\r
+%repeat[5000 x padding]%tralala
+</protocol>
+<stderr>
+200
+200
+</stderr>
+
+</verify>
+</testcase>
diff --git a/tests/cts/client-body-tagger/data/test7 b/tests/cts/client-body-tagger/data/test7
new file mode 100644 (file)
index 0000000..d108d81
--- /dev/null
@@ -0,0 +1,60 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+X-Connection: swsclose
+
+Received your input.
+</data>
+</reply>
+
+<client>
+<server>
+http
+</server>
+<name>
+Two requests to the same URL. The second one is a POST request with an offending word but it's too large to buffer and tag so it gets to pass. (XXX: Privoxy could execute the tagger based on the data that fits into the buffer)
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER --next -d "blafasel%repeat[20000 x padding]%" -s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol nonewline="yes">
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+Connection: close\r
+\r
+POST /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+Content-Length: 140008\r
+Content-Type: application/x-www-form-urlencoded\r
+Connection: close\r
+\r
+blafasel%repeat[20000 x padding]%
+</protocol>
+<stderr>
+200
+200
+</stderr>
+
+</verify>
+</testcase>
diff --git a/tests/cts/client-body-tagger/data/test8 b/tests/cts/client-body-tagger/data/test8
new file mode 100644 (file)
index 0000000..c669915
--- /dev/null
@@ -0,0 +1,63 @@
+<testcase>
+<info>
+<keywords>
+HTTP
+HTTP POST
+client-body-tagger
+</keywords>
+</info>
+
+<reply>
+<data>
+HTTP/1.1 200 OK
+Connection: close
+Content-Type: text/html
+X-Connection: swsclose
+
+Received your input.
+</data>
+</reply>
+
+<client>
+<server>
+http
+</server>
+<name>
+Two requests to the same URL. The second one is a POST request with an offending word but it's chunk-encoded so it gets to pass.
+</name>
+<features>
+proxy
+</features>
+<command>
+-s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER --next -H "Transfer-Encoding: chunked" -d "blafasel" -s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER
+</command>
+</client>
+
+<verify>
+<protocol>
+GET /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+Connection: close\r
+\r
+POST /%TESTNUMBER HTTP/1.1\r
+Host: %HOSTIP:%HTTPPORT\r
+User-Agent: curl/%VERSION\r
+Accept: */*\r
+Transfer-Encoding: chunked\r
+Content-Type: application/x-www-form-urlencoded\r
+Connection: close\r
+\r
+8\r
+blafasel\r
+0\r
+\r
+</protocol>
+<stderr>
+200
+200
+</stderr>
+
+</verify>
+</testcase>
diff --git a/tests/cts/client-body-tagger/privoxy.conf b/tests/cts/client-body-tagger/privoxy.conf
new file mode 100644 (file)
index 0000000..9628703
--- /dev/null
@@ -0,0 +1,25 @@
+listen-address 127.0.0.1:9119
+
+debug     1 # Log the destination for each request Privoxy let through. See also debug 1024.
+debug     2 # show each connection status
+debug     4 # show tagging-related messages
+debug     8 # show header parsing
+debug    32 # debug force feature
+debug    64 # debug regular expression filters
+debug   128 # debug redirects
+debug   256 # debug GIF de-animation
+debug   512 # Common Log Format
+debug  1024 # Log the destination for requests Privoxy didn't let through, and the reason why.
+debug  4096 # Startup banner and warnings.
+debug  8192 # Non-fatal errors
+
+actionsfile client-body-tagger.action
+filterfile client-body-tagger.filter
+filterfile ../client-body-filter/client-body-filter.filter
+
+socket-timeout 3
+
+templdir ../../../templates/
+
+# Reduce buffer limit so tests can reach it sooner.
+buffer-limit 100