Commit 07a97c31 authored by Łukasz Nowak's avatar Łukasz Nowak Committed by Łukasz Nowak

caddy-frontend: Defend against malformed value

If the value does not contain "," drop its contents instead of stopping
processing of the whole profile.
parent d107d3a2
......@@ -30,7 +30,7 @@ md5sum = 1cf98844e5daf75a74514dbb292d6506
[template-slave-list]
filename = templates/apache-custom-slave-list.cfg.in
md5sum = 070df949297b0ed9f001166749629bf9
md5sum = 8c34edd339b668ba4b8f5afcfca2f32d
[template-slave-configuration]
filename = templates/custom-virtualhost.conf.in
......@@ -46,7 +46,7 @@ md5sum = 7c987ad75fcce6f5b925c7696ff41971
[template-custom-slave-list]
filename = templates/apache-custom-slave-list.cfg.in
md5sum = 070df949297b0ed9f001166749629bf9
md5sum = 8c34edd339b668ba4b8f5afcfca2f32d
[caddy-backend-url-validator]
filename = templates/caddy-backend-url-validator.in
......
......@@ -274,8 +274,12 @@ wrapper-path = {{ promise_directory }}/${:filename}
{% endif %}
{% set re6st_optimal_test = slave_instance.get('re6st-optimal-test', '') %}
{% if re6st_optimal_test %}
{% set re6st_ipv6 = None %}
{% set re6st_ipv4 = None %}
{% if ',' in re6st_optimal_test %}
{% set re6st_ipv6, re6st_ipv4 = re6st_optimal_test.split(",") %}
{% endif %}
{% if re6st_ipv6 and re6st_ipv4 %}
{% set re6st_optimal_test_section_title = 'check-%s-re6st-optimal-test' % slave_instance.get('slave_reference') %}
{% do part_list.append(re6st_optimal_test_section_title) %}
[{{ re6st_optimal_test_section_title }}]
......
......@@ -3004,3 +3004,68 @@ class TestQuicEnabled(SlaveHttpFrontendTestCase, TestDataMixin):
result_http.headers['Set-Cookie'],
'secured=value;secure, nonsecured=value'
)
class TestSlaveBadParameters(SlaveHttpFrontendTestCase, TestDataMixin):
@classmethod
def getInstanceParameterDict(cls):
return {
'domain': 'example.com',
'nginx-domain': 'nginx.example.com',
'public-ipv4': LOCAL_IPV4,
'apache-certificate': open('wildcard.example.com.crt').read(),
'apache-key': open('wildcard.example.com.key').read(),
'-frontend-authorized-slave-string':
'_apache_custom_http_s-accepted _caddy_custom_http_s-accepted',
'port': HTTPS_PORT,
'plain_http_port': HTTP_PORT,
'nginx_port': NGINX_HTTPS_PORT,
'plain_nginx_port': NGINX_HTTP_PORT,
'monitor-httpd-port': MONITOR_HTTPD_PORT,
'-frontend-config-1-monitor-httpd-port': MONITOR_F1_HTTPD_PORT,
'mpm-graceful-shutdown-timeout': 2,
}
@classmethod
def getSlaveParameterDictDict(cls):
return {
're6st-optimal-test-nocomma': {
're6st-optimal-test': 'nocomma',
},
}
def test_re6st_optimal_test_nocomma(self):
parameter_dict = self.slave_connection_parameter_dict_dict[
're6st-optimal-test-nocomma']
self.assertLogAccessUrlWithPop(
parameter_dict, 're6st-optimal-test-nocomma')
self.assertEqual(
parameter_dict,
{
'domain': 're6stoptimaltestnocomma.example.com',
'replication_number': '1',
'url': 'http://re6stoptimaltestnocomma.example.com',
'site_url': 'http://re6stoptimaltestnocomma.example.com',
'secure_access': 'https://re6stoptimaltestnocomma.example.com',
'public-ipv4': LOCAL_IPV4,
}
)
result = self.fakeHTTPSResult(
parameter_dict['domain'], parameter_dict['public-ipv4'], 'test-path')
self.assertEqual(
der2pem(result.peercert),
open('wildcard.example.com.crt').read())
self.assertEqual(result.status_code, no_backend_response_code)
# assert that there is no nocomma file
monitor_file_list = glob.glob(
os.path.join(
self.instance_path, '*', 'etc', 'monitor-promise',
'check-_re6st-optimal-test-nocomma-re6st-optimal-test'))
self.assertEqual(
[],
monitor_file_list
)
TestSlaveBadParameters-0/var/log/monitor-httpd-error.log
TestSlaveBadParameters-1/var/log/frontend-access.log
TestSlaveBadParameters-1/var/log/frontend-error.log
TestSlaveBadParameters-1/var/log/httpd/_re6st-optimal-test-nocomma_access_log
TestSlaveBadParameters-1/var/log/httpd/_re6st-optimal-test-nocomma_error_log
TestSlaveBadParameters-1/var/log/monitor-httpd-error.log
TestSlaveBadParameters-1/var/log/nginx-access.log
TestSlaveBadParameters-1/var/log/nginx-error.log
TestSlaveBadParameters-1/var/log/trafficserver/manager.log
TestSlaveBadParameters-1/var/log/trafficserver/traffic.out
\ No newline at end of file
TestSlaveBadParameters-0/var/run/monitor-httpd.pid
TestSlaveBadParameters-0/var/run/monitor/monitor-bootstrap.pid
TestSlaveBadParameters-1/var/run/caddy_configuration.signature
TestSlaveBadParameters-1/var/run/httpd.pid
TestSlaveBadParameters-1/var/run/monitor-httpd.pid
TestSlaveBadParameters-1/var/run/monitor/monitor-bootstrap.pid
TestSlaveBadParameters-1/var/run/ncaddy_configuration.signature
TestSlaveBadParameters-1/var/run/nginx.pid
\ No newline at end of file
TestSlaveBadParameters-1/etc/monitor-promise/check-_re6st-optimal-test-nocomma-error-log-last-day
TestSlaveBadParameters-1/etc/monitor-promise/check-_re6st-optimal-test-nocomma-error-log-last-hour
\ No newline at end of file
TestSlaveBadParameters-0/etc/plugin/__init__.py
TestSlaveBadParameters-0/etc/plugin/buildout-TestSlaveBadParameters-0-status.py
TestSlaveBadParameters-0/etc/plugin/check-free-disk-space.py
TestSlaveBadParameters-0/etc/plugin/monitor-bootstrap-status.py
TestSlaveBadParameters-1/etc/plugin/__init__.py
TestSlaveBadParameters-1/etc/plugin/buildout-TestSlaveBadParameters-1-status.py
TestSlaveBadParameters-1/etc/plugin/check-free-disk-space.py
TestSlaveBadParameters-1/etc/plugin/monitor-bootstrap-status.py
\ No newline at end of file
TestSlaveBadParameters-0/etc/promise/monitor-http-frontend
TestSlaveBadParameters-0/etc/promise/monitor-httpd-listening-on-tcp
TestSlaveBadParameters-0/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set
TestSlaveBadParameters-1/etc/promise/caddy-frontend-is-running-actual-software-release
TestSlaveBadParameters-1/etc/promise/caddy_cached
TestSlaveBadParameters-1/etc/promise/caddy_frontend_ipv4_http
TestSlaveBadParameters-1/etc/promise/caddy_frontend_ipv4_https
TestSlaveBadParameters-1/etc/promise/caddy_frontend_ipv6_http
TestSlaveBadParameters-1/etc/promise/caddy_frontend_ipv6_https
TestSlaveBadParameters-1/etc/promise/caddy_ssl_cached
TestSlaveBadParameters-1/etc/promise/frontend-caddy-configuration-promise
TestSlaveBadParameters-1/etc/promise/monitor-http-frontend
TestSlaveBadParameters-1/etc/promise/monitor-httpd-listening-on-tcp
TestSlaveBadParameters-1/etc/promise/nginx-configuration-promise
TestSlaveBadParameters-1/etc/promise/nginx_frontend_ipv4_http
TestSlaveBadParameters-1/etc/promise/nginx_frontend_ipv4_https
TestSlaveBadParameters-1/etc/promise/nginx_frontend_ipv6_http
TestSlaveBadParameters-1/etc/promise/nginx_frontend_ipv6_https
TestSlaveBadParameters-1/etc/promise/promise-monitor-httpd-is-process-older-than-dependency-set
TestSlaveBadParameters-1/etc/promise/promise-nginx-is-process-older-than-dependency-set
TestSlaveBadParameters-1/etc/promise/re6st-connectivity
TestSlaveBadParameters-1/etc/promise/trafficserver-cache-availability
TestSlaveBadParameters-1/etc/promise/trafficserver-port-listening
\ No newline at end of file
TestSlaveBadParameters-0:bootstrap-monitor EXITED
TestSlaveBadParameters-0:certificate_authority-on-watch RUNNING
TestSlaveBadParameters-0:crond RUNNING
TestSlaveBadParameters-0:monitor-httpd-graceful EXITED
TestSlaveBadParameters-0:monitor-httpd-on-watch RUNNING
TestSlaveBadParameters-1:6tunnel-11080-on-watch RUNNING
TestSlaveBadParameters-1:6tunnel-11443-on-watch RUNNING
TestSlaveBadParameters-1:6tunnel-12080-on-watch RUNNING
TestSlaveBadParameters-1:6tunnel-12443-on-watch RUNNING
TestSlaveBadParameters-1:6tunnel-26011-on-watch RUNNING
TestSlaveBadParameters-1:6tunnel-26012-on-watch RUNNING
TestSlaveBadParameters-1:bootstrap-monitor EXITED
TestSlaveBadParameters-1:certificate_authority-on-watch RUNNING
TestSlaveBadParameters-1:crond-on-watch RUNNING
TestSlaveBadParameters-1:frontend-caddy-safe-graceful EXITED
TestSlaveBadParameters-1:frontend-nginx-safe-graceful EXITED
TestSlaveBadParameters-1:frontend_caddy-on-watch RUNNING
TestSlaveBadParameters-1:frontend_nginx-on-watch RUNNING
TestSlaveBadParameters-1:monitor-httpd-graceful EXITED
TestSlaveBadParameters-1:monitor-httpd-on-watch RUNNING
TestSlaveBadParameters-1:trafficserver-on-watch RUNNING
TestSlaveBadParameters-1:trafficserver-reload EXITED
watchdog:watchdog RUNNING
\ No newline at end of file
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment