I made a small mistake in the last patch, here is the correct one Kushagra
On Tue, Feb 9, 2016 at 1:23 AM, Kushagra Singh < [email protected]> wrote: > Hi, > > I worked on the new test today, it is functional after applying the the > last patch by Tim suggested. > > I am facing a problem here. I am trying to set a secure cookie over an > insecure connection (without applying my patch, so the test should fail). > The cookie, although being set (cross checked it in the log), is not being > saved in the file due to some reason I'm unable to figure out. I am sure > that its not being saved as I tried printing the file content in the test > (it shows up in the log). Is there any reason it should not be getting > saved? > > PFA the test and modifications to expected_files hook. > > Kushagra > > > > On Wed, Feb 3, 2016 at 1:46 PM, Darshit Shah <[email protected]> wrote: > >> That's no problem. Just mentioning it, so the thread stays alive and >> we don't entirely forget about it. >> >> On 3 February 2016 at 09:11, Kushagra Singh >> <[email protected]> wrote: >> > I'm out of town right now, I'll be able to get back to it in a couple of >> > days. Sorry for the delay! >> > >> > Regards, >> > Kushagra >> > >> > >> > On Wed, 3 Feb 2016 13:39 Darshit Shah <[email protected]> wrote: >> >> >> >> That's fine. The patch was good. >> >> >> >> Now waiting on Kushagra's tests and his copyright assignment to go >> through >> >> >> >> On 1 February 2016 at 21:13, Tim Rühsen <[email protected]> wrote: >> >> > Ups, just pushed your patch accidentially (thanks anyway). >> >> > I wanted to wait for Darshit to confirm it... >> >> > >> >> > Regards, Tim >> >> > >> >> > Am Sonntag, 31. Januar 2016, 17:40:12 schrieb Ander Juaristi: >> >> >> The test looks good to me, but I think I've spotted a bug _in the >> test >> >> >> engine_ where the 'RejectHeader' rule doesn't get enforced. >> >> >> >> >> >> You can strip the 'secure' parameter from this testcase and still it >> >> >> will >> >> >> pass. I've written a patch to fix this. >> >> >> >> >> >> I.e. this: >> >> >> >> >> >> ---request begin--- >> >> >> GET /File2 HTTP/1.1 >> >> >> User-Agent: Wget/1.16.3.168-be847 (linux-gnu) >> >> >> Accept: */* >> >> >> Accept-Encoding: identity >> >> >> Host: 127.0.0.1:44832 >> >> >> Connection: Keep-Alive >> >> >> Cookie: sess-id=0213 >> >> >> >> >> >> ---request end--- >> >> >> HTTP request sent, awaiting response... 127.0.0.1 - - [31/Jan/2016 >> >> >> 17:33:20] >> >> >> "GET /File2 HTTP/1.1" 200 - >> >> >> >> >> >> ---response begin--- >> >> >> HTTP/1.1 200 OK >> >> >> Server: BaseHTTP/0.6 Python/3.4.3+ >> >> >> Date: Sun, 31 Jan 2016 16:33:20 GMT >> >> >> content-length: 29 >> >> >> content-type: text/plain >> >> >> >> >> >> versus this: >> >> >> >> >> >> ---request begin--- >> >> >> GET /File2 HTTP/1.1 >> >> >> User-Agent: Wget/1.16.3.168-be847 (linux-gnu) >> >> >> Accept: */* >> >> >> Accept-Encoding: identity >> >> >> Host: 127.0.0.1:37251 >> >> >> Connection: Keep-Alive >> >> >> Cookie: sess-id=0213 >> >> >> >> >> >> ---request end--- >> >> >> HTTP request sent, awaiting response... 127.0.0.1 - - [31/Jan/2016 >> >> >> 17:34:18] >> >> >> code 400, message Blacklisted Header Cookie received 127.0.0.1 - - >> >> >> [31/Jan/2016 17:34:18] "GET /File2 HTTP/1.1" 400 - >> >> >> >> >> >> ---response begin--- >> >> >> HTTP/1.1 400 Blacklisted Header Cookie received >> >> >> Server: BaseHTTP/0.6 Python/3.4.3+ >> >> >> Date: Sun, 31 Jan 2016 16:34:18 GMT >> >> >> Content-Type: text/html;charset=utf-8 >> >> >> Connection: close >> >> >> Content-Length: 483 >> >> >> >> >> >> ---response end--- >> >> >> 400 Blacklisted Header Cookie received >> >> >> Header Cookie received >> >> >> URI content encoding = ‘utf-8’ >> >> >> Disabling further reuse of socket 3. >> >> >> Closed fd 3 >> >> >> 2016-01-31 17:34:18 ERROR 400: Blacklisted Header Cookie received. >> >> >> >> >> >> On 01/30/2016 09:31 PM, Kushagra Singh wrote: >> >> >> > Hi, >> >> >> > >> >> >> > I'm a bit stuck while writing tests. How do I test the fact that a >> >> >> > secure >> >> >> > only cookie does not get saved over an insecure connection? Even >> if >> >> >> > the >> >> >> > cookie gets saved, it will not be transmitted over an insecure >> >> >> > connection >> >> >> > (cookie_matches_url() ensures that). So even though I can see in >> the >> >> >> > log >> >> >> > that the cookie is not saved, I can't figure out how exactly to >> test >> >> >> > that >> >> >> > in the test suite, since I cannot check using RejectHeader. Please >> >> >> > find >> >> >> > attached the test I have written. >> >> >> > >> >> >> > And one thing I noticed, Test-Proto.py tries to import HTTP and >> HTTPS >> >> >> > classes from " misc.constants", which is wrong. It should be >> imported >> >> >> > from >> >> >> > test.base_test right? >> >> >> > >> >> >> > Regards, >> >> >> > Kushagra >> >> >> >> >> >> Regards, >> >> >> - AJ >> >> > >> >> > >> >> >> >> >> >> >> >> -- >> >> Thanking You, >> >> Darshit Shah >> >> >> > >> >> >> >> -- >> Thanking You, >> Darshit Shah >> > >
From 85414c3a07d84fc63b84983b1999b6e4c291e75e Mon Sep 17 00:00:00 2001 From: kush789 <[email protected]> Date: Tue, 9 Feb 2016 02:29:08 +0530 Subject: [PATCH] Added Test-reject-secure-cookie --- testenv/Makefile.am | 1 + testenv/Test-reject-secure-cookie.py | 73 ++++++++++++++++++++++++++++++++++++ testenv/conf/expected_files.py | 5 ++- 3 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 testenv/Test-reject-secure-cookie.py diff --git a/testenv/Makefile.am b/testenv/Makefile.am index 370c404..084d435 100644 --- a/testenv/Makefile.am +++ b/testenv/Makefile.am @@ -68,6 +68,7 @@ if HAVE_PYTHON3 Test--spider-r.py \ Test--rejected-log.py \ Test-redirect-crash.py \ + Test-reject-secure-cookie.py \ Test-reserved-chars.py \ Test-condget.py \ $(METALINK_TESTS) diff --git a/testenv/Test-reject-secure-cookie.py b/testenv/Test-reject-secure-cookie.py new file mode 100644 index 0000000..57e8ffd --- /dev/null +++ b/testenv/Test-reject-secure-cookie.py @@ -0,0 +1,73 @@ +#!/usr/bin/env python3 +from sys import exit +from test.http_test import HTTPTest +from test.base_test import HTTP +from misc.wget_file import WgetFile + +""" + This test ensures that a secure-only cookie is rejected over an insecure + connection +""" +TEST_NAME = "Reject Secure Cookie" +############# File Definitions ############################################### +File1 = """All happy families are alike; +Each unhappy family is unhappy in its own way""" +File2 = "" +# Expected cookie file should be empty + +File1_rules = { + "SendHeader" : { + "Set-Cookie" : "sess-id=0213; path=/; secure" + } +} + +A_File = WgetFile ("File1", File1, rules=File1_rules) +B_File = WgetFile ("mycookies.wget", File2) + +WGET_OPTIONS = "--save-cookies=mycookies.wget" +WGET_URLS = [["File1"]] + +Servers = [HTTP] + +Files = [[A_File]] + +ExpectedReturnCode = 0 + +def postfunc(): + cookie_file_content = [] + + with open("mycookies.wget", 'r') as fp: + cookie_file_content = fp.readlines() + print (cookie_file_content) + + cookie_file_content = cookie_file_content[4:] + # Removing first four lines (comments generated by wget) + + with open("mycookies.wget", 'w') as fp: + for line in cookie_file_content: + fp.write(line) + + return [A_File, B_File] + +################ Pre and Post Test Hooks ##################################### +pre_test = { + "ServerFiles" : Files, +} +test_options = { + "WgetCommands" : WGET_OPTIONS, + "Urls" : WGET_URLS +} +post_test = { + "ExpectedFiles" : postfunc, + "ExpectedRetcode" : ExpectedReturnCode +} + +err = HTTPTest ( + name=TEST_NAME, + pre_hook=pre_test, + test_params=test_options, + post_hook=post_test, + protocols=Servers +).begin () + +exit (err) diff --git a/testenv/conf/expected_files.py b/testenv/conf/expected_files.py index 5362771..c9a333f 100644 --- a/testenv/conf/expected_files.py +++ b/testenv/conf/expected_files.py @@ -17,7 +17,10 @@ files are found, else returns gracefully. @hook() class ExpectedFiles: def __init__(self, expected_fs): - self.expected_fs = expected_fs + if callable(expected_fs): + self.expected_fs = expected_fs() + else: + self.expected_fs = expected_fs @staticmethod def gen_local_fs_snapshot(): -- 1.9.1
