From 2d3a48c2a73714fc23c433e05161199b8fbfaf72 Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Sat, 27 Mar 2021 15:04:11 +0100 Subject: [PATCH] Add test scenario client-body-tagger Sponsored by: Robert Klemme --- .../client-body-tagger.action | 11 ++++ .../client-body-tagger.filter | 5 ++ tests/cts/client-body-tagger/data/test1 | 51 +++++++++++++++ tests/cts/client-body-tagger/data/test2 | 51 +++++++++++++++ tests/cts/client-body-tagger/data/test3 | 51 +++++++++++++++ tests/cts/client-body-tagger/data/test4 | 51 +++++++++++++++ tests/cts/client-body-tagger/data/test5 | 60 ++++++++++++++++++ tests/cts/client-body-tagger/data/test6 | 60 ++++++++++++++++++ tests/cts/client-body-tagger/data/test7 | 60 ++++++++++++++++++ tests/cts/client-body-tagger/data/test8 | 63 +++++++++++++++++++ tests/cts/client-body-tagger/privoxy.conf | 25 ++++++++ 11 files changed, 488 insertions(+) create mode 100644 tests/cts/client-body-tagger/client-body-tagger.action create mode 100644 tests/cts/client-body-tagger/client-body-tagger.filter create mode 100644 tests/cts/client-body-tagger/data/test1 create mode 100644 tests/cts/client-body-tagger/data/test2 create mode 100644 tests/cts/client-body-tagger/data/test3 create mode 100644 tests/cts/client-body-tagger/data/test4 create mode 100644 tests/cts/client-body-tagger/data/test5 create mode 100644 tests/cts/client-body-tagger/data/test6 create mode 100644 tests/cts/client-body-tagger/data/test7 create mode 100644 tests/cts/client-body-tagger/data/test8 create mode 100644 tests/cts/client-body-tagger/privoxy.conf diff --git a/tests/cts/client-body-tagger/client-body-tagger.action b/tests/cts/client-body-tagger/client-body-tagger.action new file mode 100644 index 00000000..2bc5848c --- /dev/null +++ b/tests/cts/client-body-tagger/client-body-tagger.action @@ -0,0 +1,11 @@ +{+client-body-tagger{blafasel}} +/ + +{+block{Request body contains blafasel}} +TAG:^content contains blafasel$ + +{+client-body-tagger{bumfidel}} +/tag-bumfidel-requests/ + +{+client-body-filter{bumfidel-to-tralala}} +TAG:^content contains bumfidel$ diff --git a/tests/cts/client-body-tagger/client-body-tagger.filter b/tests/cts/client-body-tagger/client-body-tagger.filter new file mode 100644 index 00000000..dc3ebae3 --- /dev/null +++ b/tests/cts/client-body-tagger/client-body-tagger.filter @@ -0,0 +1,5 @@ +CLIENT-BODY-TAGGER: blafasel Tags requests with "content contains blafasel" if the client body contains the word "blafasel" +s@.*blafasel.*@content contains blafasel@s + +CLIENT-BODY-TAGGER: bumfidel Tags requests with "content contains bumfidel" if the client body contains the word "bumfidel" +s@.*bumfidel.*@content contains bumfidel@s diff --git a/tests/cts/client-body-tagger/data/test1 b/tests/cts/client-body-tagger/data/test1 new file mode 100644 index 00000000..77814a10 --- /dev/null +++ b/tests/cts/client-body-tagger/data/test1 @@ -0,0 +1,51 @@ + + + +HTTP +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +http + + +Two requests to the same URL. The second one is blocked based on a tag applied with client-body-tagger{blafasel}. + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER --next -d blafasel -s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* +Connection: close + + + +200 +403 + + + + diff --git a/tests/cts/client-body-tagger/data/test2 b/tests/cts/client-body-tagger/data/test2 new file mode 100644 index 00000000..0931e571 --- /dev/null +++ b/tests/cts/client-body-tagger/data/test2 @@ -0,0 +1,51 @@ + + + +HTTP +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +http + + +Two requests to the same URL. The second one is large and blocked based on a tag applied with the client-body-tagger{blafasel}. + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER --next -d "blafasel%repeat[5000 x padding]%" -s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* +Connection: close + + + +200 +403 + + + + diff --git a/tests/cts/client-body-tagger/data/test3 b/tests/cts/client-body-tagger/data/test3 new file mode 100644 index 00000000..1968b471 --- /dev/null +++ b/tests/cts/client-body-tagger/data/test3 @@ -0,0 +1,51 @@ + + + +HTTP +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +http + + +Two requests to the same URL. The second one is large and blocked based on a tag. Offending phrase at end of content. + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER --next -d "%repeat[5000 x padding]%blafasel" -s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* +Connection: close + + + +200 +403 + + + + diff --git a/tests/cts/client-body-tagger/data/test4 b/tests/cts/client-body-tagger/data/test4 new file mode 100644 index 00000000..b3429172 --- /dev/null +++ b/tests/cts/client-body-tagger/data/test4 @@ -0,0 +1,51 @@ + + + +HTTP +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +http + + +Two requests to the same URL. The second one is large and blocked based on a tag. Offending phrase in the middle of the content. + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER --next -d "%repeat[5000 x padding]% blafasel tralala" -s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* +Connection: close + + + +200 +403 + + + + diff --git a/tests/cts/client-body-tagger/data/test5 b/tests/cts/client-body-tagger/data/test5 new file mode 100644 index 00000000..092af03d --- /dev/null +++ b/tests/cts/client-body-tagger/data/test5 @@ -0,0 +1,60 @@ + + + +HTTP +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +http + + +Two requests to the same URL. The second one is a POST request but it's not expected to be blocked due to a tag. + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER --next -d "%repeat[5000 x padding]%bumfidel" -s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* +Connection: close + +POST /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* +Content-Length: 35008 +Content-Type: application/x-www-form-urlencoded +Connection: close + +%repeat[5000 x padding]%bumfidel + + +200 +200 + + + + diff --git a/tests/cts/client-body-tagger/data/test6 b/tests/cts/client-body-tagger/data/test6 new file mode 100644 index 00000000..cbb00656 --- /dev/null +++ b/tests/cts/client-body-tagger/data/test6 @@ -0,0 +1,60 @@ + + + +HTTP +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +http + + +Two requests to the same URL. The second one is a POST request and a client-body-filter is enabled based on a tag. + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/tag-bumfidel-requests/%TESTNUMBER --next -d "%repeat[5000 x padding]%bumfidel" -s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/tag-bumfidel-requests/%TESTNUMBER + + + + + +GET /tag-bumfidel-requests/%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* +Connection: close + +POST /tag-bumfidel-requests/%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* +Content-Length: 35007 +Content-Type: application/x-www-form-urlencoded +Connection: close + +%repeat[5000 x padding]%tralala + + +200 +200 + + + + diff --git a/tests/cts/client-body-tagger/data/test7 b/tests/cts/client-body-tagger/data/test7 new file mode 100644 index 00000000..d108d812 --- /dev/null +++ b/tests/cts/client-body-tagger/data/test7 @@ -0,0 +1,60 @@ + + + +HTTP +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +http + + +Two requests to the same URL. The second one is a POST request with an offending word but it's too large to buffer and tag so it gets to pass. (XXX: Privoxy could execute the tagger based on the data that fits into the buffer) + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER --next -d "blafasel%repeat[20000 x padding]%" -s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* +Connection: close + +POST /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* +Content-Length: 140008 +Content-Type: application/x-www-form-urlencoded +Connection: close + +blafasel%repeat[20000 x padding]% + + +200 +200 + + + + diff --git a/tests/cts/client-body-tagger/data/test8 b/tests/cts/client-body-tagger/data/test8 new file mode 100644 index 00000000..c6699150 --- /dev/null +++ b/tests/cts/client-body-tagger/data/test8 @@ -0,0 +1,63 @@ + + + +HTTP +HTTP POST +client-body-tagger + + + + + +HTTP/1.1 200 OK +Connection: close +Content-Type: text/html +X-Connection: swsclose + +Received your input. + + + + + +http + + +Two requests to the same URL. The second one is a POST request with an offending word but it's chunk-encoded so it gets to pass. + + +proxy + + +-s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER --next -H "Transfer-Encoding: chunked" -d "blafasel" -s --write-out '%{stderr}%{response_code}\n' http://%HOSTIP:%HTTPPORT/%TESTNUMBER + + + + + +GET /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* +Connection: close + +POST /%TESTNUMBER HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +User-Agent: curl/%VERSION +Accept: */* +Transfer-Encoding: chunked +Content-Type: application/x-www-form-urlencoded +Connection: close + +8 +blafasel +0 + + + +200 +200 + + + + diff --git a/tests/cts/client-body-tagger/privoxy.conf b/tests/cts/client-body-tagger/privoxy.conf new file mode 100644 index 00000000..96287039 --- /dev/null +++ b/tests/cts/client-body-tagger/privoxy.conf @@ -0,0 +1,25 @@ +listen-address 127.0.0.1:9119 + +debug 1 # Log the destination for each request Privoxy let through. See also debug 1024. +debug 2 # show each connection status +debug 4 # show tagging-related messages +debug 8 # show header parsing +debug 32 # debug force feature +debug 64 # debug regular expression filters +debug 128 # debug redirects +debug 256 # debug GIF de-animation +debug 512 # Common Log Format +debug 1024 # Log the destination for requests Privoxy didn't let through, and the reason why. +debug 4096 # Startup banner and warnings. +debug 8192 # Non-fatal errors + +actionsfile client-body-tagger.action +filterfile client-body-tagger.filter +filterfile ../client-body-filter/client-body-filter.filter + +socket-timeout 3 + +templdir ../../../templates/ + +# Reduce buffer limit so tests can reach it sooner. +buffer-limit 100 -- 2.39.2