# - Document magic Expect Header values
# - Internal fuzz support?
#
-# Copyright (c) 2007-2020 Fabian Keil <fk@fabiankeil.de>
+# Copyright (c) 2007-2021 Fabian Keil <fk@fabiankeil.de>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
use Getopt::Long;
use constant {
- PRT_VERSION => 'Privoxy-Regression-Test 0.7.2',
+ PRT_VERSION => 'Privoxy-Regression-Test 0.7.3',
CURL => 'curl',
CLI_LOOPS => 1,
CLI_MAX_TIME => 5,
CLI_MIN_LEVEL => 0,
- # XXX: why limit at all?
+ # The reason for a maximum test level is explained in the
+ # perldoc section TEST LEVELS near the end of this file.
CLI_MAX_LEVEL => 100,
CLI_FORKS => 0,
CLI_SLEEP_TIME => 0,
+ PRIVOXY_ADDRESS => 'http://127.0.0.1:8118/',
PRIVOXY_CGI_URL => 'http://p.p/',
FELLATIO_URL => 'http://127.0.0.1:8080/',
LEADING_LOG_DATE => 1,
our $leading_log_date = LEADING_LOG_DATE;
our $privoxy_cgi_url = PRIVOXY_CGI_URL;
our $log_level = get_default_log_level();
+ our $proxy = defined $ENV{'http_proxy'} ? $ENV{'http_proxy'} : PRIVOXY_ADDRESS;
}
sub get_default_log_level() {
sub check_for_forbidden_characters($) {
my $string = shift;
- my $allowed = '[-=\dA-Za-z~{}\[\]:./();\t ,+@"_%?&*^]';
+ my $allowed = '[-=\dA-Za-z~{}\[\]:./();\t ,+@"_%?&*^|]';
unless ($string =~ m/^$allowed*$/o) {
my $forbidden = $string;
my ($token, $value) = (undef, undef);
# Remove leading and trailing white space and a
- # a leading <pre> which is part of the first line.
+ # leading <pre> which is part of the first line.
s@^\s*(<pre>)?@@;
s@\s*$@@;
sub get_status_code($) {
my $buffer_ref = shift;
+ our $privoxy_cgi_url;
+
+ my $skip_connection_established_response = $privoxy_cgi_url =~ m@^https://@;
my @buffer = @{$buffer_ref};
foreach (@buffer) {
+ if ($skip_connection_established_response) {
+
+ next if (m@^HTTP/1\.1 200 Connection established@);
+ next if (m@^\r\n$@);
+ $skip_connection_established_response = 0;
+ }
+
if (/^HTTP\/\d\.\d (\d{3})/) {
return $1;
# Enable the action to test
$curl_parameters .= '-H \'X-Privoxy-Control: ' . $test->{'tag'} . '\' ';
- # The header to filter
- $curl_parameters .= '-H \'' . $header . '\' ';
+
+ # Add the header to filter
+ if ($privoxy_cgi_url =~ m@^https://@ and $header =~ m@^Host:@) {
+ $curl_parameters .= '--proxy-header \'' . $header . '\' ';
+ } else {
+ $curl_parameters .= '-H \'' . $header . '\' ';
+ }
$curl_parameters .= ' ';
$curl_parameters .= $privoxy_cgi_url;
print << " EOF"
Options and their default values if they have any:
+ [--check-bad-ssl]
[--debug $cli_options{'debug'}]
[--forks $cli_options{'forks'}]
[--fuzzer-address]
[--max-level $cli_options{'max-level'}]
[--max-time $cli_options{'max-time'}]
[--min-level $cli_options{'min-level'}]
- [--privoxy-address]
+ [--privoxy-address $cli_options{'privoxy-address'}]
[--privoxy-cgi-prefix $privoxy_cgi_url]
[--retries $cli_options{'retries'}]
[--show-skipped-tests]
our %cli_options;
our $log_level;
+ our $proxy;
$cli_options{'debug'} = $log_level;
$cli_options{'forks'} = CLI_FORKS;
$cli_options{'min-level'} = CLI_MIN_LEVEL;
$cli_options{'sleep-time'}= CLI_SLEEP_TIME;
$cli_options{'retries'} = CLI_RETRIES;
+ $cli_options{'privoxy-address'} = $proxy;
}
sub parse_cli_options() {
init_cli_options();
GetOptions (
+ 'check-bad-ssl' => \$cli_options{'check-bad-ssl'},
'debug=i' => \$cli_options{'debug'},
'forks=i' => \$cli_options{'forks'},
'fuzzer-address=s' => \$cli_options{'fuzzer-address'},
}
}
+sub check_bad_ssl() {
+ my $failures = 0;
+ my @bad_ssl_urls_to_check = (
+ "https://expired.badssl.com/",
+ "https://wrong.host.badssl.com/",
+ "https://self-signed.badssl.com/",
+ "https://untrusted-root.badssl.com/",
+ "https://no-common-name.badssl.com/", # XXX: Certificate has expired ...
+ "https://no-subject.badssl.com/", # XXX: Certificate has expired ...
+ "https://incomplete-chain.badssl.com/",
+ );
+ # This is needed for get_status_code() to skip the
+ # status code from the "HTTP/1.1 200 Connection established"
+ # reply.
+ our $privoxy_cgi_url = "https://p.p/";
+
+ log_message("Requesting pages from badssl.com with various " .
+ "certificate problems. This will only work if Privoxy " .
+ "has been configured properly and can reach the Internet.");
+
+ foreach my $url_to_check (@bad_ssl_urls_to_check) {
+ my ($buffer_ref, $status_code);
+ log_message("Requesting $url_to_check");
+
+ $buffer_ref = get_page_with_curl($url_to_check);
+ $status_code = get_status_code($buffer_ref);
+
+ if (!check_status_code_result($status_code, "403")) {
+ $failures++;
+ }
+
+ }
+ if ($failures == 0) {
+ log_message("All requests resulted in status code 403 as expected.");
+ } else {
+ log_message("There were $failures requests that did not result in status code 403!");
+ }
+
+ return $failures;
+}
+
sub main() {
init_our_variables();
parse_cli_options();
init_proxy_settings('vanilla-proxy');
+ if (cli_option_is_set('check-bad-ssl')) {
+ exit check_bad_ssl();
+ }
load_regression_tests();
init_proxy_settings('fuzz-proxy');
start_forks(get_cli_option('forks')) if cli_option_is_set('forks');
=head1 SYNOPSIS
-B<privoxy-regression-test> [B<--debug bitmask>] [B<--forks> forks]
+B<privoxy-regression-test> [B<--check-bad-ssl>] [B<--debug bitmask>] [B<--forks> forks]
[B<--fuzzer-feeding>] [B<--fuzzer-feeding>] [B<--help>] [B<--level level>]
[B<--local-test-file testfile>] [B<--loops count>] [B<--max-level max-level>]
[B<--max-time max-time>] [B<--min-level min-level>] B<--privoxy-address proxy-address>
=head1 OPTIONS
+B<--check-bad-ssl> Instead of running the regression tests
+as described above, request pages from badssl.com with bad
+certificates to verify that Privoxy is detecting the
+certificate issues. Only works if Privoxy has been compiled
+with FEATURE_HTTPS_INSPECTION, has been configured properly
+and can reach the Internet.
+
B<--debug bitmask> Add the bitmask provided as integer
to the debug settings.
B<--privoxy-address proxy-address> Privoxy's listening address.
If it's not set, the value of the environment variable http_proxy
-will be used. B<proxy-address> has to be specified in http_proxy
-syntax.
+will be used unless the variable isn't set in which case
+http://127.0.0.1:8118/ will be used. B<proxy-address> has to
+be specified in http_proxy syntax.
B<--privoxy-cgi-prefix privoxy-cgi-prefix> The prefix to use when
building URLs that are supposed to reach Privoxy's CGI interface.
=head1 SEE ALSO
-privoxy(1) curl(1)
+privoxy(8) curl(1)
=head1 AUTHOR