This is an automated email from the ASF dual-hosted git repository.
bneradt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 28878f75b9 url_sig: use Regex instead of pcre (#12564)
28878f75b9 is described below
commit 28878f75b9491744d4349b436f5735aa113aa80f
Author: Brian Neradt <[email protected]>
AuthorDate: Thu Oct 16 11:25:02 2025 -0500
url_sig: use Regex instead of pcre (#12564)
This removes the use of the deprecated pcre library and replaces it with
the ATS core tsutil Regex class.
---
plugins/experimental/url_sig/CMakeLists.txt | 2 +-
plugins/experimental/url_sig/url_sig.cc | 53 ++----
tests/gold_tests/pluginTest/url_sig/url_sig.gold | 4 +
.../gold_tests/pluginTest/url_sig/url_sig.test.py | 202 +++++++++++++++------
4 files changed, 165 insertions(+), 96 deletions(-)
diff --git a/plugins/experimental/url_sig/CMakeLists.txt
b/plugins/experimental/url_sig/CMakeLists.txt
index 4484684f16..41e4e748b7 100644
--- a/plugins/experimental/url_sig/CMakeLists.txt
+++ b/plugins/experimental/url_sig/CMakeLists.txt
@@ -16,5 +16,5 @@
#######################
add_atsplugin(url_sig url_sig.cc)
-target_link_libraries(url_sig PRIVATE OpenSSL::SSL PCRE::PCRE)
+target_link_libraries(url_sig PRIVATE OpenSSL::SSL)
verify_remap_plugin(url_sig)
diff --git a/plugins/experimental/url_sig/url_sig.cc
b/plugins/experimental/url_sig/url_sig.cc
index 67891be2df..5e81b571c7 100644
--- a/plugins/experimental/url_sig/url_sig.cc
+++ b/plugins/experimental/url_sig/url_sig.cc
@@ -33,11 +33,7 @@
#include <cctype>
#include <cstdint>
-#ifdef HAVE_PCRE_PCRE_H
-#include <pcre/pcre.h>
-#else
-#include <pcre.h>
-#endif
+#include "tsutil/Regex.h"
#include <ts/ts.h>
#include <ts/remap.h>
@@ -51,8 +47,7 @@ struct config {
TSHttpStatus err_status;
char *err_url;
char keys[MAX_KEY_NUM][MAX_KEY_LEN];
- pcre *regex;
- pcre_extra *regex_extra;
+ Regex *excl_regex;
int pristine_url_flag;
char *sig_anchor;
bool ignore_expiry;
@@ -65,16 +60,8 @@ free_cfg(struct config *cfg)
TSfree(cfg->err_url);
TSfree(cfg->sig_anchor);
- if (cfg->regex_extra) {
-#ifndef PCRE_STUDY_JIT_COMPILE
- pcre_free(cfg->regex_extra);
-#else
- pcre_free_study(cfg->regex_extra);
-#endif
- }
-
- if (cfg->regex) {
- pcre_free(cfg->regex);
+ if (cfg->excl_regex) {
+ delete cfg->excl_regex;
}
TSfree(cfg);
@@ -197,24 +184,20 @@ TSRemapNewInstance(int argc, char *argv[], void **ih,
char *errbuf, int errbuf_s
} else if (strncmp(line, "sig_anchor", 10) == 0) {
cfg->sig_anchor = TSstrndup(value, strlen(value));
} else if (strncmp(line, "excl_regex", 10) == 0) {
- // compile and study regex
- const char *errptr;
- int erroffset, options = 0;
+ // Compile regex.
+ std::string error;
+ int erroffset = 0;
- if (cfg->regex) {
+ if (cfg->excl_regex) {
Dbg(dbg_ctl, "Skipping duplicate excl_regex");
continue;
}
- cfg->regex = pcre_compile(value, options, &errptr, &erroffset, nullptr);
- if (cfg->regex == nullptr) {
- Dbg(dbg_ctl, "Regex compilation failed with error (%s) at character
%d", errptr, erroffset);
- } else {
-#ifdef PCRE_STUDY_JIT_COMPILE
- options = PCRE_STUDY_JIT_COMPILE;
-#endif
- cfg->regex_extra = pcre_study(
- cfg->regex, options, &errptr); // We do not need to check the error
here because we can still run without the studying?
+ cfg->excl_regex = new Regex();
+ if (!cfg->excl_regex->compile(value, error, erroffset, 0)) {
+ Dbg(dbg_ctl, "Regex compilation failed with error (%s) at character
%d", error.c_str(), erroffset);
+ delete cfg->excl_regex;
+ cfg->excl_regex = nullptr;
}
} else if (strncmp(line, "ignore_expiry", 13) == 0) {
if (strncmp(value, "true", 4) == 0) {
@@ -579,18 +562,16 @@ TSRemapDoRemap(void *ih, TSHttpTxn txnp,
TSRemapRequestInfo *rri)
Dbg(dbg_ctl, "%s", url);
- if (cfg->regex) {
- const int offset = 0, options = 0;
- int ovector[30];
-
+ if (cfg->excl_regex) {
/* Only search up to the first ? or # */
const char *base_url_end = url;
while (*base_url_end && !(*base_url_end == '?' || *base_url_end == '#')) {
++base_url_end;
}
- const int len = base_url_end - url;
+ const size_t len = base_url_end - url;
- if (pcre_exec(cfg->regex, cfg->regex_extra, url, len, offset, options,
ovector, 30) >= 0) {
+ if (cfg->excl_regex->exec(std::string_view(url, len))) {
+ // The user configured this URL to be excluded from signing checks.
goto allow;
}
}
diff --git a/tests/gold_tests/pluginTest/url_sig/url_sig.gold
b/tests/gold_tests/pluginTest/url_sig/url_sig.gold
index 14e00ff5e3..9c43b3c41f 100644
--- a/tests/gold_tests/pluginTest/url_sig/url_sig.gold
+++ b/tests/gold_tests/pluginTest/url_sig/url_sig.gold
@@ -10,6 +10,10 @@
< HTTP/1.1 200 OK
< HTTP/1.1 200 OK
< HTTP/1.1 200 OK
+< HTTP/1.1 403 Forbidden
+< HTTP/1.1 200 OK
+< HTTP/1.1 200 OK
+< HTTP/1.1 200 OK
< HTTP/1.1 200 OK
< HTTP/1.1 200 OK
< HTTP/1.1 200 OK
diff --git a/tests/gold_tests/pluginTest/url_sig/url_sig.test.py
b/tests/gold_tests/pluginTest/url_sig/url_sig.test.py
index 03daee68a7..373255cd63 100644
--- a/tests/gold_tests/pluginTest/url_sig/url_sig.test.py
+++ b/tests/gold_tests/pluginTest/url_sig/url_sig.test.py
@@ -48,6 +48,39 @@ response_header = {"headers": "HTTP/1.1 200
OK\r\nConnection: close\r\n\r\n", "t
# add response to the server dictionary
server.addResponse("sessionfile.log", request_header, response_header)
+# Add responses for excl_regex URLs that should bypass signature checks
+crossdomain_request = {
+ "headers": "GET /crossdomain.xml HTTP/1.1\r\nHost: just.any.thing\r\n\r\n",
+ "timestamp": "1469733493.993",
+ "body": ""
+}
+crossdomain_response = {
+ "headers": "HTTP/1.1 200 OK\r\nConnection: close\r\n\r\n",
+ "timestamp": "1469733493.993",
+ "body": "crossdomain"
+}
+server.addResponse("sessionfile.log", crossdomain_request,
crossdomain_response)
+
+clientaccess_request = {
+ "headers": "GET /clientaccesspolicy.xml HTTP/1.1\r\nHost:
just.any.thing\r\n\r\n",
+ "timestamp": "1469733493.993",
+ "body": ""
+}
+clientaccess_response = {
+ "headers": "HTTP/1.1 200 OK\r\nConnection: close\r\n\r\n",
+ "timestamp": "1469733493.993",
+ "body": "clientaccess"
+}
+server.addResponse("sessionfile.log", clientaccess_request,
clientaccess_response)
+
+test_html_request = {
+ "headers": "GET /test.html HTTP/1.1\r\nHost: just.any.thing\r\n\r\n",
+ "timestamp": "1469733493.993",
+ "body": ""
+}
+test_html_response = {"headers": "HTTP/1.1 200 OK\r\nConnection:
close\r\n\r\n", "timestamp": "1469733493.993", "body": "test"}
+server.addResponse("sessionfile.log", test_html_request, test_html_response)
+
# Define default ATS. Disable the cache to make sure each request is forwarded
# to the origin server.
ts = Test.MakeATSProcess("ts", enable_tls=True, enable_cache=False)
@@ -59,8 +92,8 @@ ts.Disk.records_config.update(
# 'proxy.config.diags.debug.enabled': 1,
# 'proxy.config.diags.debug.tags': 'http|url_sig',
'proxy.config.proxy_name': 'Poxy_Proxy', # This will be the server
name.
- 'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir),
- 'proxy.config.ssl.server.private_key.path':
'{0}'.format(ts.Variables.SSLDir),
+ 'proxy.config.ssl.server.cert.path': ts.Variables.SSLDir,
+ 'proxy.config.ssl.server.private_key.path': ts.Variables.SSLDir,
})
ts.Disk.ssl_multicert_config.AddLine('dest_ip=* ssl_cert_name=server.pem
ssl_key_name=server.key')
@@ -100,124 +133,170 @@ LogTee = f" 2>&1 | grep '^<' | tee -a
{Test.RunDirectory}/url_sig_long.log"
# Bad client / MD5 / P=101 / URL pristine / URL altered.
#
-tr = Test.AddTestRun()
-tr.Processes.Default.StartBefore(ts)
-tr.Processes.Default.StartBefore(server,
ready=When.PortOpen(server.Variables.Port))
-tr.Processes.Default.ReturnCode = 0
-tr.MakeCurlCommand(
+tr = Test.AddTestRun("Bad client IP should fail signature check")
+p = tr.MakeCurlCommand(
f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'http://seven.eight.nine/"; +
"foo/abcde/qrstuvwxyz?C=127.0.0.2&E=33046620008&A=2&K=13&P=101&S=d1f352d4f1d931ad2f441013402d93f8'"
+ LogTee,
ts=ts)
+p.StartBefore(ts)
+p.StartBefore(server, ready=When.PortOpen(server.Variables.Port))
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*403", "Should receive 403
Forbidden")
# With client / MD5 / P=010 / URL pristine / URL altered -- Expired.
#
-tr = Test.AddTestRun()
-tr.Processes.Default.ReturnCode = 0
-tr.MakeCurlCommand(
+tr = Test.AddTestRun("Expired signature should fail")
+p = tr.MakeCurlCommand(
f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'http://seven.eight.nine/"; +
"foo/abcde/qrstuvwxyz?C=127.0.0.1&E=1&A=2&K=13&P=010&S=f237aad1fa010234d7bf8108a0e36387'"
+ LogTee,
ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*403", "Should receive 403
Forbidden")
# With client / No algorithm / P=101 / URL pristine / URL altered.
#
-tr = Test.AddTestRun()
-tr.Processes.Default.ReturnCode = 0
-tr.MakeCurlCommand(
+tr = Test.AddTestRun("Missing algorithm parameter should fail")
+p = tr.MakeCurlCommand(
f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'http://seven.eight.nine/"; +
"foo/abcde/qrstuvwxyz?C=127.0.0.1&E=33046620008&K=13&P=101&S=d1f352d4f1d931ad2f441013402d93f8'"
+ LogTee,
ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*403", "Should receive 403
Forbidden")
# With client / Bad algorithm / P=101 / URL pristine / URL altered.
#
-tr = Test.AddTestRun()
-tr.Processes.Default.ReturnCode = 0
-tr.MakeCurlCommand(
+tr = Test.AddTestRun("Invalid algorithm (A=3) should fail")
+p = tr.MakeCurlCommand(
f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'http://seven.eight.nine/"; +
"foo/abcde/qrstuvwxyz?C=127.0.0.1&E=33046620008&A=3&K=13&P=101&S=d1f352d4f1d931ad2f441013402d93f8'"
+ LogTee,
ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*403", "Should receive 403
Forbidden")
# With client / MD5 / No parts / URL pristine / URL altered.
#
-tr = Test.AddTestRun()
-tr.Processes.Default.ReturnCode = 0
-tr.MakeCurlCommand(
+tr = Test.AddTestRun("Missing parts parameter should fail")
+p = tr.MakeCurlCommand(
f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'http://seven.eight.nine/"; +
"foo/abcde/qrstuvwxyz?C=127.0.0.1&E=33046620008&A=2&K=13&S=d1f352d4f1d931ad2f441013402d93f8'"
+ LogTee,
ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*403", "Should receive 403
Forbidden")
# With client / MD5 / P=10 (bad) / URL pristine / URL altered.
#
-tr = Test.AddTestRun()
-tr.Processes.Default.ReturnCode = 0
-tr.MakeCurlCommand(
+tr = Test.AddTestRun("Invalid parts value (P=10) should fail")
+p = tr.MakeCurlCommand(
f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'http://seven.eight.nine/"; +
"foo/abcde/qrstuvwxyz?C=127.0.0.1&E=33046620008&A=2&K=13&P=10&S=d1f352d4f1d931ad2f441013402d93f8'"
+ LogTee,
ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*403", "Should receive 403
Forbidden")
# With client / MD5 / P=101 / URL pristine / URL altered -- No signature.
#
-tr = Test.AddTestRun()
-tr.Processes.Default.ReturnCode = 0
-tr.MakeCurlCommand(
+tr = Test.AddTestRun("Missing signature parameter should fail")
+p = tr.MakeCurlCommand(
f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'http://seven.eight.nine/"; +
"foo/abcde/qrstuvwxyz?C=127.0.0.1&E=33046620008&A=2&K=13&P=101'" + LogTee,
ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*403", "Should receive 403
Forbidden")
# With client / MD5 / P=101 / URL pristine / URL altered -- Bad signature.
#
-tr = Test.AddTestRun()
-tr.Processes.Default.ReturnCode = 0
-tr.MakeCurlCommand(
+tr = Test.AddTestRun("Incorrect signature should fail")
+p = tr.MakeCurlCommand(
f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'http://seven.eight.nine/"; +
"foo/abcde/qrstuvwxyz?C=127.0.0.1&E=33046620008&A=2&K=13&P=101&S=d1f452d4f1d931ad2f441013402d93f8'"
+ LogTee,
ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*403", "Should receive 403
Forbidden")
# With client / MD5 / P=101 / URL pristine / URL altered -- Spurious &.
#
-tr = Test.AddTestRun()
-tr.Processes.Default.ReturnCode = 0
-tr.MakeCurlCommand(
+tr = Test.AddTestRun("Spurious ampersand should fail signature check")
+p = tr.MakeCurlCommand(
f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'http://seven.eight.nine/"; +
"foo/abcde/qrstuvwxyz?C=127.0.0.1&E=33046620008&A=2&&K=13&P=101&S=d1f352d4f1d931ad2f441013402d93f8#'"
+ LogTee,
ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*403", "Should receive 403
Forbidden")
# Success tests.
+# Test excl_regex feature - URLs matching the exclusion regex should bypass
signature checks.
+# The url_sig.all.config has: excl_regex =
(/crossdomain.xml|/clientaccesspolicy.xml|/test.html)
+#
+tr = Test.AddTestRun("Excluded URL /crossdomain.xml should bypass signature
check")
+p = tr.MakeCurlCommand(
+ f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'http://ten.eleven.twelve/crossdomain.xml'" + LogTee, ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*200", "Should receive 200
OK without signature")
+
+# Test another excluded URL.
+#
+tr = Test.AddTestRun("Excluded URL /clientaccesspolicy.xml should bypass
signature check")
+p = tr.MakeCurlCommand(
+ f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'http://ten.eleven.twelve/clientaccesspolicy.xml'" + LogTee, ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*200", "Should receive 200
OK without signature")
+
+# Test third excluded URL.
+#
+tr = Test.AddTestRun("Excluded URL /test.html should bypass signature check")
+p = tr.MakeCurlCommand(
+ f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'http://ten.eleven.twelve/test.html'" + LogTee, ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*200", "Should receive 200
OK without signature")
+
+# Test that non-excluded URL still requires signature.
+#
+tr = Test.AddTestRun("Non-excluded URL /other.html should require signature
and fail")
+p = tr.MakeCurlCommand(
+ f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'http://ten.eleven.twelve/other.html'" + LogTee, ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*403", "Should receive 403
Forbidden without signature")
+
# With client / SHA1 / P=1 / URL pristine / URL not altered.
#
-tr = Test.AddTestRun()
-tr.Processes.Default.ReturnCode = 0
-tr.MakeCurlCommand(
+tr = Test.AddTestRun("Valid SHA1 signature with client IP should succeed")
+p = tr.MakeCurlCommand(
f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'http://four.five.six/"; +
"foo/abcde/qrstuvwxyz?C=127.0.0.1&E=33046618556&A=1&K=15&P=1&S=f4103561a23adab7723a89b9831d77e0afb61d92'"
+ LogTee,
ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*200", "Should receive 200
OK")
# No client / MD5 / P=1 / URL pristine / URL altered.
#
-tr = Test.AddTestRun()
-tr.Processes.Default.ReturnCode = 0
-tr.MakeCurlCommand(
+tr = Test.AddTestRun("Valid MD5 signature without client IP should succeed")
+p = tr.MakeCurlCommand(
f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'http://seven.eight.nine/"; +
"foo/abcde/qrstuvwxyz?E=33046618586&A=2&K=0&P=1&S=0364efa28afe345544596705b92d20ac'"
+ LogTee,
ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*200", "Should receive 200
OK")
# With client / MD5 / P=010 / URL pristine / URL altered.
#
-tr = Test.AddTestRun()
-tr.Processes.Default.ReturnCode = 0
-tr.MakeCurlCommand(
+tr = Test.AddTestRun("Valid MD5 signature with client IP and P=010 should
succeed")
+p = tr.MakeCurlCommand(
f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'http://seven.eight.nine/"; +
"foo/abcde/qrstuvwxyz?C=127.0.0.1&E=33046619717&A=2&K=13&P=010&S=f237aad1fa010234d7bf8108a0e36387'"
+ LogTee,
ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*200", "Should receive 200
OK")
# With client / MD5 / P=101 / URL pristine / URL altered.
#
-tr = Test.AddTestRun()
-tr.Processes.Default.ReturnCode = 0
-tr.MakeCurlCommand(
+tr = Test.AddTestRun("Valid MD5 signature with client IP and P=101 should
succeed")
+p = tr.MakeCurlCommand(
f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'http://seven.eight.nine/"; +
"foo/abcde/qrstuvwxyz?C=127.0.0.1&E=33046620008&A=2&K=13&P=101&S=d1f352d4f1d931ad2f441013402d93f8'"
+ LogTee,
ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*200", "Should receive 200
OK")
def sign(payload, key):
@@ -233,38 +312,42 @@ path = "foo/abcde/qrstuvwxyz?E=33046618506&A=1&K=7&P=1&S="
to_sign = f"127.0.0.1:{server.Variables.Port}/{path}"
url = "http://one.two.three/"; + path + sign(to_sign,
"dqsgopTSM_doT6iAysasQVUKaPykyb6e")
-tr = Test.AddTestRun()
-tr.Processes.Default.ReturnCode = 0
-tr.MakeCurlCommand(f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'{url}'" + LogTee, ts=ts)
+tr = Test.AddTestRun("Valid SHA1 signature without client IP (non-pristine
URL) should succeed")
+p = tr.MakeCurlCommand(f"--verbose --proxy
http://127.0.0.1:{ts.Variables.port} '{url}'" + LogTee, ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*200", "Should receive 200
OK")
# With client / MD5 / P=101 / URL pristine / URL altered.
# uses url_type pristine in config
-tr = Test.AddTestRun()
-tr.Processes.Default.ReturnCode = 0
-tr.MakeCurlCommand(
+tr = Test.AddTestRun("Valid MD5 signature with pristine URL config should
succeed")
+p = tr.MakeCurlCommand(
f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'http://ten.eleven.twelve/"; +
"foo/abcde/qrstuvwxyz?C=127.0.0.1&E=33046620008&A=2&K=13&P=101&S=586ef8e808caeeea025c525c89ff2638'"
+ LogTee,
ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*200", "Should receive 200
OK")
# Single fail test - check for bad path param inserted
# With client / MD5 / P=101 / URL pristine / URL altered. Bad Path Param
# uses url_type pristine in config
-tr = Test.AddTestRun()
-tr.Processes.Default.ReturnCode = 0
-tr.MakeCurlCommand(
+tr = Test.AddTestRun("Bad path parameter injection should fail signature
check")
+p = tr.MakeCurlCommand(
f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'http://ten.eleven.twelve/"; +
"foo/abcde/qrstuvwxyz;badparam=true?C=127.0.0.1&E=33046620008&A=2&K=13&P=101&S=586ef8e808caeeea025c525c89ff2638'"
+ LogTee,
ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*403", "Should receive 403
Forbidden")
# Success
# With client / SHA1 / P=1 / URL pristine / URL altered. Base64 Encoded Path
Param
-tr = Test.AddTestRun()
-tr.Processes.Default.ReturnCode = 0
-tr.MakeCurlCommand(
+tr = Test.AddTestRun("Valid base64 encoded path parameter signature should
succeed")
+p = tr.MakeCurlCommand(
f"--verbose --proxy http://127.0.0.1:{ts.Variables.port}
'http://ten.eleven.twelve/"; +
"foo/abcde;urlsig=Qz0xMjcuMC4wLjE7RT0zMzA0NjYyMDAwODtBPTI7Sz0xMztQPTEwMTtTPTA1MDllZjljY2VlNjUxZWQ1OTQxM2MyZjE3YmVhODZh/qrstuvwxyz'"
+ LogTee,
ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*200", "Should receive 200
OK")
# Success
# This test must be last since it converts from the long to the short log
output
@@ -274,12 +357,13 @@ path = "foo/abcde/qrstuvwxyz?E=33046618506&A=1&K=7&P=1&S="
to_sign = f"127.0.0.1:{server.Variables.Port}/{path}"
url = f"https://127.0.0.1:{ts.Variables.ssl_port}/{path}"; + sign(to_sign,
"dqsgopTSM_doT6iAysasQVUKaPykyb6e")
-tr = Test.AddTestRun()
-tr.Processes.Default.ReturnCode = 0
-tr.MakeCurlCommandMulti(
+tr = Test.AddTestRun("Valid SHA1 signature over HTTPS should succeed")
+p = tr.MakeCurlCommandMulti(
f"{{curl_base}} --verbose --http1.1 --insecure --header 'Host:
one.two.three' '{url}'" + LogTee +
- " ; grep -F -e '< HTTP' -e Authorization {0}/url_sig_long.log >
{0}/url_sig_short.log ".format(ts.RunDirectory),
+ f" ; grep -F -e '< HTTP' -e Authorization
{ts.RunDirectory}/url_sig_long.log > {ts.RunDirectory}/url_sig_short.log ",
ts=ts)
+p.ReturnCode = 0
+p.Streams.stdout = Testers.ContainsExpression("HTTP.*200", "Should receive 200
OK")
# Overriding the built in ERROR check since we expect some ERROR messages
ts.Disk.diags_log.Content = Testers.ContainsExpression("ERROR", "Some tests
are failure tests")
