annotate mod_firewall/test.lib.lua @ 5401:c8d04ac200fc

mod_http_oauth2: Reject loopback URIs as client_uri This really should be a proper website with info, https://localhost is not good enough. Ideally we'd validate that it's got proper DNS and is actually reachable, but triggering HTTP or even DNS lookups seems like it would carry abuse potential that would best to avoid.
author Kim Alvefur <zash@zash.se>
date Tue, 02 May 2023 16:20:55 +0200
parents 001c756ead7d
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
2804
b50f7b9fdbbb mod_firewall/test: Declare globals from mod_firewall that are used [luacheck]
Kim Alvefur <zash@zash.se>
parents: 2585
diff changeset
1 -- luacheck: globals load_unload_scripts
2585
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 local set = require "util.set";
2852
668447566edf mod_firewall/test: Import the ltn12 library correctly
Kim Alvefur <zash@zash.se>
parents: 2808
diff changeset
3 local ltn12 = require "ltn12";
2585
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 local xmppstream = require "util.xmppstream";
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 local function stderr(...)
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 io.stderr:write("** ", table.concat({...}, "\t", 1, select("#", ...)), "\n");
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 end
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 return function (arg)
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 require "net.http".request = function (url, ex, cb)
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 stderr("Making HTTP request to "..url);
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 local body_table = {};
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 local ok, response_status, response_headers = require "ssl.https".request({
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
16 url = url;
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17 headers = ex.headers;
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
18 method = ex.body and "POST" or "GET";
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
19 sink = ltn12.sink.table(body_table);
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
20 source = ex.body and ltn12.source.string(ex.body) or nil;
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
21 });
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
22 stderr("HTTP response "..response_status);
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
23 cb(table.concat(body_table), response_status, { headers = response_headers });
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
24 return true;
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
25 end;
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 local stats_dropped, stats_passed = 0, 0;
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 load_unload_scripts(set.new(arg));
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
30 local stream_callbacks = { default_ns = "jabber:client" };
2807
2c3334131a7d mod_firewall/test: Trim trailing whitespace [luacheck]
Kim Alvefur <zash@zash.se>
parents: 2806
diff changeset
31
2806
93a4b13ca9f6 mod_firewall/test: Use session passed as argument instead of upvalue
Kim Alvefur <zash@zash.se>
parents: 2805
diff changeset
32 function stream_callbacks.streamopened(session)
2585
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 session.notopen = nil;
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 end
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 function stream_callbacks.streamclosed()
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 end
2808
2cc02ee82e8c mod_firewall/test: Move session variable to avoid warning about it being shadowed [luacheck]
Kim Alvefur <zash@zash.se>
parents: 2807
diff changeset
37 function stream_callbacks.error(session, error_name, error_message) -- luacheck: ignore 212/session
2585
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38 stderr("Fatal error parsing XML stream: "..error_name..": "..tostring(error_message))
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 assert(false);
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 end
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 function stream_callbacks.handlestanza(session, stanza)
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 if not module:fire_event("firewall/chains/deliver", { origin = session, stanza = stanza }) then
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 stats_passed = stats_passed + 1;
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 print(stanza);
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45 print("");
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 else
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47 stats_dropped = stats_dropped + 1;
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 end
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 end
2807
2c3334131a7d mod_firewall/test: Trim trailing whitespace [luacheck]
Kim Alvefur <zash@zash.se>
parents: 2806
diff changeset
50
2808
2cc02ee82e8c mod_firewall/test: Move session variable to avoid warning about it being shadowed [luacheck]
Kim Alvefur <zash@zash.se>
parents: 2807
diff changeset
51 local session = { notopen = true };
4015
001c756ead7d mod_firewall/test: Print replies to stderr instead of crashing
Kim Alvefur <zash@zash.se>
parents: 3761
diff changeset
52 function session.send(stanza)
001c756ead7d mod_firewall/test: Print replies to stderr instead of crashing
Kim Alvefur <zash@zash.se>
parents: 3761
diff changeset
53 stderr("Reply:", "\n"..tostring(stanza).."\n");
001c756ead7d mod_firewall/test: Print replies to stderr instead of crashing
Kim Alvefur <zash@zash.se>
parents: 3761
diff changeset
54 end
2585
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 local stream = xmppstream.new(session, stream_callbacks);
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
56 stream:feed("<stream:stream xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client'>");
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
57 local line_count = 0;
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
58 for line in io.lines() do
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
59 line_count = line_count + 1;
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
60 local ok, err = stream:feed(line.."\n");
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
61 if not ok then
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
62 stderr("Fatal XML parse error on line "..line_count..": "..err);
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
63 return 1;
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64 end
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65 end
2807
2c3334131a7d mod_firewall/test: Trim trailing whitespace [luacheck]
Kim Alvefur <zash@zash.se>
parents: 2806
diff changeset
66
2585
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
67 stderr("Summary");
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
68 stderr("-------");
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
69 stderr("");
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
70 stderr(stats_dropped + stats_passed, "processed");
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
71 stderr(stats_passed, "passed");
3761
0ae28bf0c546 mod_firewall: Fix typo [codespell]
Kim Alvefur <zash@zash.se>
parents: 2852
diff changeset
72 stderr(stats_dropped, "dropped");
2585
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
73 stderr(line_count, "input lines");
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
74 stderr("");
02c6ae745c4f mod_firewall: Add 'test' subcommand to read stanzas from stdin and test them against rules
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
75 end