X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=tools%2Fprivoxy-regression-test.pl;h=c2c8f859d9d46f63da7a59f27f966412599e05ef;hb=24087b67c87f979f62414349bd93a87390a4019f;hp=49d2804fd30d38ab90bc420dca882c0732813ab7;hpb=3a58973cba633709edb6e1f1fd0f18a84f004e85;p=privoxy.git diff --git a/tools/privoxy-regression-test.pl b/tools/privoxy-regression-test.pl index 49d2804f..c2c8f859 100755 --- a/tools/privoxy-regression-test.pl +++ b/tools/privoxy-regression-test.pl @@ -17,7 +17,7 @@ # - Document magic Expect Header values # - Internal fuzz support? # -# Copyright (c) 2007-2020 Fabian Keil +# Copyright (c) 2007-2021 Fabian Keil # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above @@ -53,6 +53,7 @@ use constant { CLI_FORKS => 0, CLI_SLEEP_TIME => 0, + PRIVOXY_ADDRESS => 'http://127.0.0.1:8118/', PRIVOXY_CGI_URL => 'http://p.p/', FELLATIO_URL => 'http://127.0.0.1:8080/', LEADING_LOG_DATE => 1, @@ -90,6 +91,7 @@ sub init_our_variables() { our $leading_log_date = LEADING_LOG_DATE; our $privoxy_cgi_url = PRIVOXY_CGI_URL; our $log_level = get_default_log_level(); + our $proxy = defined $ENV{'http_proxy'} ? $ENV{'http_proxy'} : PRIVOXY_ADDRESS; } sub get_default_log_level() { @@ -1703,7 +1705,7 @@ Options and their default values if they have any: [--max-level $cli_options{'max-level'}] [--max-time $cli_options{'max-time'}] [--min-level $cli_options{'min-level'}] - [--privoxy-address] + [--privoxy-address $cli_options{'privoxy-address'}] [--privoxy-cgi-prefix $privoxy_cgi_url] [--retries $cli_options{'retries'}] [--show-skipped-tests] @@ -1730,6 +1732,7 @@ sub init_cli_options() { our %cli_options; our $log_level; + our $proxy; $cli_options{'debug'} = $log_level; $cli_options{'forks'} = CLI_FORKS; @@ -1739,6 +1742,7 @@ sub init_cli_options() { $cli_options{'min-level'} = CLI_MIN_LEVEL; $cli_options{'sleep-time'}= CLI_SLEEP_TIME; $cli_options{'retries'} = CLI_RETRIES; + $cli_options{'privoxy-address'} = $proxy; } sub parse_cli_options() { @@ -1750,6 +1754,7 @@ sub parse_cli_options() { init_cli_options(); GetOptions ( + 'check-bad-ssl' => \$cli_options{'check-bad-ssl'}, 'debug=i' => \$cli_options{'debug'}, 'forks=i' => \$cli_options{'forks'}, 'fuzzer-address=s' => \$cli_options{'fuzzer-address'}, @@ -1824,11 +1829,55 @@ sub start_forks($) { } } +sub check_bad_ssl() { + my $failures = 0; + my @bad_ssl_urls_to_check = ( + "https://expired.badssl.com/", + "https://wrong.host.badssl.com/", + "https://self-signed.badssl.com/", + "https://untrusted-root.badssl.com/", + "https://no-common-name.badssl.com/", # XXX: Certificate has expired ... + "https://no-subject.badssl.com/", # XXX: Certificate has expired ... + "https://incomplete-chain.badssl.com/", + ); + # This is needed for get_status_code() to skip the + # status code from the "HTTP/1.1 200 Connection established" + # reply. + our $privoxy_cgi_url = "https://p.p/"; + + log_message("Requesting pages from badssl.com with various " . + "certificate problems. This will only work if Privoxy " . + "has been configured properly and can reach the Internet."); + + foreach my $url_to_check (@bad_ssl_urls_to_check) { + my ($buffer_ref, $status_code); + log_message("Requesting $url_to_check"); + + $buffer_ref = get_page_with_curl($url_to_check); + $status_code = get_status_code($buffer_ref); + + if (!check_status_code_result($status_code, "403")) { + $failures++; + } + + } + if ($failures == 0) { + log_message("All requests resulted in status code 403 as expected."); + } else { + log_message("There were $failures requests that did not result in status code 403!"); + } + + return $failures; +} + sub main() { init_our_variables(); parse_cli_options(); init_proxy_settings('vanilla-proxy'); + if (cli_option_is_set('check-bad-ssl')) { + exit check_bad_ssl(); + } load_regression_tests(); init_proxy_settings('fuzz-proxy'); start_forks(get_cli_option('forks')) if cli_option_is_set('forks'); @@ -1843,7 +1892,7 @@ B - A regression test "framework" for Privoxy. =head1 SYNOPSIS -B [B<--debug bitmask>] [B<--forks> forks] +B [B<--check-bad-ssl>] [B<--debug bitmask>] [B<--forks> forks] [B<--fuzzer-feeding>] [B<--fuzzer-feeding>] [B<--help>] [B<--level level>] [B<--local-test-file testfile>] [B<--loops count>] [B<--max-level max-level>] [B<--max-time max-time>] [B<--min-level min-level>] B<--privoxy-address proxy-address> @@ -1993,6 +2042,13 @@ a given file without having to remove or disable the tests completely. =head1 OPTIONS +B<--check-bad-ssl> Instead of running the regression tests +as described above, request pages from badssl.com with bad +certificates to verify that Privoxy is detecting the +certificate issues. Only works if Privoxy has been compiled +with FEATURE_HTTPS_INSPECTION, has been configured properly +and can reach the Internet. + B<--debug bitmask> Add the bitmask provided as integer to the debug settings. @@ -2043,8 +2099,9 @@ above or equal to the numerical B. B<--privoxy-address proxy-address> Privoxy's listening address. If it's not set, the value of the environment variable http_proxy -will be used. B has to be specified in http_proxy -syntax. +will be used unless the variable isn't set in which case +http://127.0.0.1:8118/ will be used. B has to +be specified in http_proxy syntax. B<--privoxy-cgi-prefix privoxy-cgi-prefix> The prefix to use when building URLs that are supposed to reach Privoxy's CGI interface. @@ -2130,7 +2187,7 @@ Privoxy-Regression-Test in a meaningful way. =head1 SEE ALSO -privoxy(1) curl(1) +privoxy(8) curl(1) =head1 AUTHOR