librewolf/bunkerized-nginx
4
0
Fork 1
mirror of https://github.com/bunkerity/bunkerized-nginx synced 2023-12-13 21:30:18 +01:00
Code Issues Projects Releases Wiki Activity

Added more linux core tests

Browse source
This commit is contained in:
Théophile Diot 2023-09-20 16:41:33 +02:00
parent 84a27a3fc3
commit 06da40bf13
No known key found for this signature in database
GPG key ID: 248FEA4BAE400D06
23 changed files with 1831 additions and 615 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/test-core-linux.yml vendored
View file

@ -26,7 +26,7 @@ jobs:
run: |
sudo apt purge -y firefox
sudo apt update
sudo apt install --no-install-recommends -y git nodejs tar bzip2 wget curl grep libx11-xcb1 libappindicator3-1 libasound2 libdbus-glib-1-2 libxtst6 libxt6 php-fpm unzip
sudo apt install --no-install-recommends -y openssl git nodejs tar bzip2 wget curl grep libx11-xcb1 libappindicator3-1 libasound2 libdbus-glib-1-2 libxtst6 libxt6 php-fpm unzip
wget -O firefox-setup.tar.bz2 "https://download.mozilla.org/?product=firefox-latest-ssl&os=linux64"
tar -xjf firefox-setup.tar.bz2 -C /opt/
sudo ln -s /opt/firefox/firefox /usr/bin/firefox

2
tests/core/badbehavior/test.sh
View file

@ -229,8 +229,6 @@ do
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛡️ Showing Geckodriver logs ..."
sudo cat geckodriver.log
fi
exit 1
else

2
tests/core/brotli/test.sh
View file

@ -168,8 +168,6 @@ do
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛡️ Showing Geckodriver logs ..."
sudo cat geckodriver.log
fi
exit 1
else

2
tests/core/bwcli/test.sh
View file

@ -154,8 +154,6 @@ if [ $? -ne 0 ] ; then
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛡️ Showing Geckodriver logs ..."
sudo cat geckodriver.log
fi
exit 1
else

2
tests/core/clientcache/test.sh
View file

@ -211,8 +211,6 @@ do
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛡️ Showing Geckodriver logs ..."
sudo cat geckodriver.log
fi
exit 1
else

5
tests/core/customcert/test.sh
View file

@ -88,9 +88,6 @@ if [ "$integration" == "docker" ] ; then
exit 1
fi
else
echo "🔏 Installing openssl ..."
sudo apt-get install openssl -y
echo "🔏 Generating certificate for www.example.com ..."
openssl req -nodes -x509 -newkey rsa:4096 -keyout /tmp/privatekey.key -out /tmp/certificate.pem -days 365 -subj /CN=www.example.com/
if [ $? -ne 0 ] ; then
@ -202,8 +199,6 @@ do
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛡️ Showing Geckodriver logs ..."
sudo cat geckodriver.log
fi
exit 1
else

2
tests/core/db/test.sh
View file

@ -422,8 +422,6 @@ do
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛡️ Showing Geckodriver logs ..."
sudo cat geckodriver.log
fi
exit 1
else

169
tests/core/errors/test.sh
View file

@ -1,17 +1,35 @@
#!/bin/bash
echo "⭕ Building errors stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "⭕ Pull failed ❌"
if [ -z "$integration" ] ; then
echo "⭕ Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "⭕ Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "⭕ Build failed ❌"
exit 1
echo "⭕ Building errors stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "⭕ Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "⭕ Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "ERRORS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "INTERCEPTED_ERROR_CODES=400 401 403 404 405 413 429 500 501 502 503 504" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
sudo cp "403.html" "/var/www/html/errors/403.html"
fi
manual=0
@ -19,8 +37,15 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@ERRORS: "403=/errors/403.html"@ERRORS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@INTERCEPTED_ERROR_CODES: "400 401 404 405 413 429 500 501 502 503 504"@INTERCEPTED_ERROR_CODES: "400 401 403 404 405 413 429 500 501 502 503 504"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@ERRORS: "403=/errors/403.html"@ERRORS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@INTERCEPTED_ERROR_CODES: "400 401 403 404 405 413 429 500 501 502 503 504"@INTERCEPTED_ERROR_CODES: "400 401 403 404 405 413 429 500 501 502 503 504"@' {} \;
else
sudo sed -i 's@ERRORS=.*$@ERRORS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@INTERCEPTED_ERROR_CODES=.*$@INTERCEPTED_ERROR_CODES=400 401 403 404 405 413 429 500 501 502 503 504@' /etc/bunkerweb/variables.env
unset ERRORS
unset INTERCEPTED_ERROR_CODES
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -28,10 +53,15 @@ cleanup_stack () {
echo "⭕ Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "⭕ Down failed ❌"
echo "⭕ Cleanup failed ❌"
exit 1
fi
@ -47,23 +77,43 @@ do
echo "⭕ Running tests with default configuration ..."
elif [ "$test" = "custom_403" ] ; then
echo "⭕ Running tests with a custom 403 page ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@ERRORS: ""@ERRORS: "403=/errors/403.html"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@ERRORS: ""@ERRORS: "403=/errors/403.html"@' {} \;
else
sudo sed -i 's@ERRORS=@ERRORS=403=/errors/403.html@' /etc/bunkerweb/variables.env
export ERRORS="403=/errors/403.html"
fi
elif [ "$test" = "without_403" ] ; then
echo "⭕ Running tests without a 403 being intercepted ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@ERRORS: "403=/errors/403.html"@ERRORS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@INTERCEPTED_ERROR_CODES: "400 401 403 404 405 413 429 500 501 502 503 504"@INTERCEPTED_ERROR_CODES: "400 401 404 405 413 429 500 501 502 503 504"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@ERRORS: "403=/errors/403.html"@ERRORS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@INTERCEPTED_ERROR_CODES: "400 401 403 404 405 413 429 500 501 502 503 504"@INTERCEPTED_ERROR_CODES: "400 401 404 405 413 429 500 501 502 503 504"@' {} \;
else
sudo sed -i 's@ERRORS=.*$@ERRORS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@INTERCEPTED_ERROR_CODES=.*$@INTERCEPTED_ERROR_CODES=400 401 404 405 413 429 500 501 502 503 504@' /etc/bunkerweb/variables.env
unset ERRORS
export INTERCEPTED_ERROR_CODES="400 401 404 405 413 429 500 501 502 503 504"
fi
fi
echo "⭕ Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "⭕ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "⭕ Up failed ❌"
echo "⭕ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "⭕ Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "⭕ Start failed ❌"
exit 1
fi
fi
@ -71,37 +121,72 @@ do
# Check if stack is healthy
echo "⭕ Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("errors-bw-1" "errors-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("errors-bw-1" "errors-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "⭕ Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "⭕ Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "⭕ Docker stack is not healthy ❌"
exit 1
fi
else
while [ $i -lt 120 ] ; do
check="$(sudo cat /var/log/bunkerweb/error.log | grep "BunkerWeb is ready")"
if ! [ -z "$check" ] ; then
echo "⭕ Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "⭕ Linux stack is not healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "⭕ Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "⭕ Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛡️ Showing Geckodriver logs ..."
sudo cat geckodriver.log
fi
exit 1
else
echo "⭕ Test \"$test\" succeeded ✅"

150
tests/core/gzip/test.sh
View file

@ -1,17 +1,33 @@
#!/bin/bash
echo "🗜️ Building gzip stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker app1
if [ $? -ne 0 ] ; then
echo "🗜️ Pull failed ❌"
if [ -z "$integration" ] ; then
echo "🗜️ Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🗜️ Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🗜️ Build failed ❌"
exit 1
echo "🗜️ Building gzip stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker app1
if [ $? -ne 0 ] ; then
echo "🗜️ Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🗜️ Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "USE_GZIP=no" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
fi
manual=0
@ -19,7 +35,12 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_GZIP: "yes"@USE_GZIP: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_GZIP: "yes"@USE_GZIP: "no"@' {} \;
else
sudo sed -i 's@USE_GZIP=.*$@USE_GZIP=no@' /etc/bunkerweb/variables.env
unset USE_GZIP
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -27,10 +48,15 @@ cleanup_stack () {
echo "🗜️ Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🗜️ Down failed ❌"
echo "🗜️ Cleanup failed ❌"
exit 1
fi
@ -46,19 +72,32 @@ do
echo "🗜️ Running tests without gzip ..."
elif [ "$test" = "activated" ] ; then
echo "🗜️ Running tests with gzip ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_GZIP: "no"@USE_GZIP: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_GZIP: "no"@USE_GZIP: "yes"@' {} \;
else
sudo sed -i 's@USE_GZIP=.*$@USE_GZIP=yes@' /etc/bunkerweb/variables.env
export USE_GZIP="yes"
fi
fi
echo "🗜️ Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🗜️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🗜️ Up failed ❌"
echo "🗜️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🗜️ Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🗜️ Start failed ❌"
exit 1
fi
fi
@ -66,37 +105,70 @@ do
# Check if stack is healthy
echo "🗜️ Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("gzip-bw-1" "gzip-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("gzip-bw-1" "gzip-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🗜️ Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🗜️ Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🗜️ Docker stack is not healthy ❌"
exit 1
fi
else
while [ $i -lt 120 ] ; do
check="$(sudo cat /var/log/bunkerweb/error.log | grep "BunkerWeb is ready")"
if ! [ -z "$check" ] ; then
echo "🗜️ Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🗜️ Linux stack is not healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🗜️ Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🗜️ Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🗜️ Test \"$test\" succeeded ✅"

352
tests/core/headers/test.sh
View file

@ -1,17 +1,51 @@
#!/bin/bash
echo "🎛️ Building headers stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker bw-php
if [ $? -ne 0 ] ; then
echo "🎛️ Pull failed ❌"
if [ -z "$integration" ] ; then
echo "🎛️ Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🎛️ Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🎛️ Build failed ❌"
exit 1
echo "🎛️ Building headers stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker bw-php
if [ $? -ne 0 ] ; then
echo "🎛️ Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🎛️ Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
sudo cp -r www/* /var/www/html/
sudo chown -R www-data:nginx /var/www/html
sudo find /var/www/html -type f -exec chmod 0640 {} \;
sudo find /var/www/html -type d -exec chmod 0750 {} \;
echo "LOCAL_PHP=/run/php/php-fpm.sock" | sudo tee -a /etc/bunkerweb/variables.env
echo "LOCAL_PHP_PATH=/var/www/html" | sudo tee -a /etc/bunkerweb/variables.env
echo "GENERATE_SELF_SIGNED_SSL=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "CUSTOM_HEADER=" | sudo tee -a /etc/bunkerweb/variables.env
echo "REMOVE_HEADERS=Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version" | sudo tee -a /etc/bunkerweb/variables.env
echo "STRICT_TRANSPORT_SECURITY=max-age=31536000" | sudo tee -a /etc/bunkerweb/variables.env
echo "COOKIE_FLAGS=* HttpOnly SameSite=Lax" | sudo tee -a /etc/bunkerweb/variables.env
echo "COOKIE_AUTO_SECURE_FLAG=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "CONTENT_SECURITY_POLICY=object-src 'none'; form-action 'self'; frame-ancestors 'self';" | sudo tee -a /etc/bunkerweb/variables.env
echo "REFERRER_POLICY=strict-origin-when-cross-origin" | sudo tee -a /etc/bunkerweb/variables.env
echo "PERMISSIONS_POLICY=accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()" | sudo tee -a /etc/bunkerweb/variables.env
echo "FEATURE_POLICY=accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';" | sudo tee -a /etc/bunkerweb/variables.env
echo "X_FRAME_OPTIONS=SAMEORIGIN" | sudo tee -a /etc/bunkerweb/variables.env
echo "X_CONTENT_TYPE_OPTIONS=nosniff" | sudo tee -a /etc/bunkerweb/variables.env
echo "X_XSS_PROTECTION=1; mode=block" | sudo tee -a /etc/bunkerweb/variables.env
fi
manual=0
@ -19,28 +53,61 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@CUSTOM_HEADER: "X-Test: test"@CUSTOM_HEADER: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REMOVE_HEADERS: ".*"$@REMOVE_HEADERS: "Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@STRICT_TRANSPORT_SECURITY: "max-age=86400"@STRICT_TRANSPORT_SECURITY: "max-age=31536000"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@COOKIE_FLAGS: ".*"$@COOKIE_FLAGS: "* HttpOnly SameSite=Lax"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "yes"@GENERATE_SELF_SIGNED_SSL: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@COOKIE_AUTO_SECURE_FLAG: "no"@COOKIE_AUTO_SECURE_FLAG: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CONTENT_SECURITY_POLICY: ".*"$@CONTENT_SECURITY_POLICY: "object-src '"'"'none'"'"'; form-action '"'"'self'"'"'; frame-ancestors '"'"'self'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REFERRER_POLICY: "no-referrer"@REFERRER_POLICY: "strict-origin-when-cross-origin"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@PERMISSIONS_POLICY: ".*"$@PERMISSIONS_POLICY: "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@FEATURE_POLICY: ".*"$@FEATURE_POLICY: "accelerometer '"'"'none'"'"'; ambient-light-sensor '"'"'none'"'"'; autoplay '"'"'none'"'"'; battery '"'"'none'"'"'; camera '"'"'none'"'"'; display-capture '"'"'none'"'"'; document-domain '"'"'none'"'"'; encrypted-media '"'"'none'"'"'; execution-while-not-rendered '"'"'none'"'"'; execution-while-out-of-viewport '"'"'none'"'"'; fullscreen '"'"'none'"'"'; geolocation '"'"'none'"'"'; gyroscope '"'"'none'"'"'; layout-animation '"'"'none'"'"'; legacy-image-formats '"'"'none'"'"'; magnetometer '"'"'none'"'"'; microphone '"'"'none'"'"'; midi '"'"'none'"'"'; navigation-override '"'"'none'"'"'; payment '"'"'none'"'"'; picture-in-picture '"'"'none'"'"'; publickey-credentials-get '"'"'none'"'"'; speaker-selection '"'"'none'"'"'; sync-xhr '"'"'none'"'"'; unoptimized-images '"'"'none'"'"'; unsized-media '"'"'none'"'"'; usb '"'"'none'"'"'; screen-wake-lock '"'"'none'"'"'; web-share '"'"'none'"'"'; xr-spatial-tracking '"'"'none'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_FRAME_OPTIONS: "DENY"@X_FRAME_OPTIONS: "SAMEORIGIN"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_CONTENT_TYPE_OPTIONS: ""@X_CONTENT_TYPE_OPTIONS: "nosniff"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_XSS_PROTECTION: "0"@X_XSS_PROTECTION: "1; mode=block"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@CUSTOM_HEADER: "X-Test: test"@CUSTOM_HEADER: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REMOVE_HEADERS: ".*"$@REMOVE_HEADERS: "Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@STRICT_TRANSPORT_SECURITY: "max-age=86400"@STRICT_TRANSPORT_SECURITY: "max-age=31536000"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@COOKIE_FLAGS: ".*"$@COOKIE_FLAGS: "* HttpOnly SameSite=Lax"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "yes"@GENERATE_SELF_SIGNED_SSL: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@COOKIE_AUTO_SECURE_FLAG: "no"@COOKIE_AUTO_SECURE_FLAG: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CONTENT_SECURITY_POLICY: ".*"$@CONTENT_SECURITY_POLICY: "object-src '"'"'none'"'"'; form-action '"'"'self'"'"'; frame-ancestors '"'"'self'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REFERRER_POLICY: "no-referrer"@REFERRER_POLICY: "strict-origin-when-cross-origin"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@PERMISSIONS_POLICY: ".*"$@PERMISSIONS_POLICY: "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@FEATURE_POLICY: ".*"$@FEATURE_POLICY: "accelerometer '"'"'none'"'"'; ambient-light-sensor '"'"'none'"'"'; autoplay '"'"'none'"'"'; battery '"'"'none'"'"'; camera '"'"'none'"'"'; display-capture '"'"'none'"'"'; document-domain '"'"'none'"'"'; encrypted-media '"'"'none'"'"'; execution-while-not-rendered '"'"'none'"'"'; execution-while-out-of-viewport '"'"'none'"'"'; fullscreen '"'"'none'"'"'; geolocation '"'"'none'"'"'; gyroscope '"'"'none'"'"'; layout-animation '"'"'none'"'"'; legacy-image-formats '"'"'none'"'"'; magnetometer '"'"'none'"'"'; microphone '"'"'none'"'"'; midi '"'"'none'"'"'; navigation-override '"'"'none'"'"'; payment '"'"'none'"'"'; picture-in-picture '"'"'none'"'"'; publickey-credentials-get '"'"'none'"'"'; speaker-selection '"'"'none'"'"'; sync-xhr '"'"'none'"'"'; unoptimized-images '"'"'none'"'"'; unsized-media '"'"'none'"'"'; usb '"'"'none'"'"'; screen-wake-lock '"'"'none'"'"'; web-share '"'"'none'"'"'; xr-spatial-tracking '"'"'none'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_FRAME_OPTIONS: "DENY"@X_FRAME_OPTIONS: "SAMEORIGIN"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_CONTENT_TYPE_OPTIONS: ""@X_CONTENT_TYPE_OPTIONS: "nosniff"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_XSS_PROTECTION: "0"@X_XSS_PROTECTION: "1; mode=block"@' {} \;
if [[ $(sed '27!d' docker-compose.yml) = ' COOKIE_FLAGS_1: "bw_cookie SameSite=Lax"' ]] ; then
sed -i '27d' docker-compose.yml
if [[ $(sed '27!d' docker-compose.yml) = ' COOKIE_FLAGS_1: "bw_cookie SameSite=Lax"' ]] ; then
sed -i '27d' docker-compose.yml
fi
if [[ $(sed '13!d' docker-compose.test.yml) = ' COOKIE_FLAGS_1: "bw_cookie SameSite=Lax"' ]] ; then
sed -i '13d' docker-compose.test.yml
fi
else
sudo sed -i 's@GENERATE_SELF_SIGNED_SSL=.*$@GENERATE_SELF_SIGNED_SSL=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@CUSTOM_HEADER=.*$@CUSTOM_HEADER=@' /etc/bunkerweb/variables.env
sudo sed -i 's@REMOVE_HEADERS=.*$@REMOVE_HEADERS=Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version@' /etc/bunkerweb/variables.env
sudo sed -i 's@STRICT_TRANSPORT_SECURITY=.*$@STRICT_TRANSPORT_SECURITY=max-age=31536000@' /etc/bunkerweb/variables.env
sudo sed -i 's@COOKIE_FLAGS=.*$@COOKIE_FLAGS=* HttpOnly SameSite=Lax@' /etc/bunkerweb/variables.env
sudo sed -i 's@COOKIE_AUTO_SECURE_FLAG=.*$@COOKIE_AUTO_SECURE_FLAG=yes@' /etc/bunkerweb/variables.env
sudo sed -i "s@CONTENT_SECURITY_POLICY=.*$@CONTENT_SECURITY_POLICY=object-src 'none'; form-action 'self'; frame-ancestors 'self';@" /etc/bunkerweb/variables.env
sudo sed -i 's@REFERRER_POLICY=.*$@REFERRER_POLICY=strict-origin-when-cross-origin@' /etc/bunkerweb/variables.env
sudo sed -i 's@PERMISSIONS_POLICY=.*$@PERMISSIONS_POLICY=accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()@' /etc/bunkerweb/variables.env
sudo sed -i "s@FEATURE_POLICY=.*$@FEATURE_POLICY=accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';@" /etc/bunkerweb/variables.env
sudo sed -i 's@X_FRAME_OPTIONS=.*$@X_FRAME_OPTIONS=SAMEORIGIN@' /etc/bunkerweb/variables.env
sudo sed -i 's@X_CONTENT_TYPE_OPTIONS=.*$@X_CONTENT_TYPE_OPTIONS=nosniff@' /etc/bunkerweb/variables.env
sudo sed -i 's@X_XSS_PROTECTION=.*$@X_XSS_PROTECTION=1; mode=block@' /etc/bunkerweb/variables.env
unset GENERATE_SELF_SIGNED_SSL
unset CUSTOM_HEADER
unset REMOVE_HEADERS
unset STRICT_TRANSPORT_SECURITY
unset COOKIE_FLAGS
unset COOKIE_AUTO_SECURE_FLAG
unset CONTENT_SECURITY_POLICY
unset REFERRER_POLICY
unset PERMISSIONS_POLICY
unset FEATURE_POLICY
unset X_FRAME_OPTIONS
unset X_CONTENT_TYPE_OPTIONS
unset X_XSS_PROTECTION
if [[ $(sudo tail -n 1 /etc/bunkerweb/variables.env) = 'COOKIE_FLAGS_1=bw_cookie SameSite=Lax' ]] ; then
sudo sed -i '$ d' /etc/bunkerweb/variables.env
fi
unset COOKIE_FLAGS_1
fi
if [[ $(sed '13!d' docker-compose.test.yml) = ' COOKIE_FLAGS_1: "bw_cookie SameSite=Lax"' ]] ; then
sed -i '13d' docker-compose.test.yml
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -48,10 +115,15 @@ cleanup_stack () {
echo "🎛️ Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🎛️ Down failed ❌"
echo "🎛️ Cleanup failed ❌"
exit 1
fi
@ -65,56 +137,131 @@ for test in "without_ssl" "no_httponly_flag" "multiple_no_httponly_flag" "with_s
do
if [ "$test" = "without_ssl" ] ; then
echo "🎛️ Running tests without ssl and with tweaked settings ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@CUSTOM_HEADER: ""@CUSTOM_HEADER: "X-Test: test"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REMOVE_HEADERS: ".*"$@REMOVE_HEADERS: "X-Powered-By X-AspNet-Version X-AspNetMvc-Version"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@STRICT_TRANSPORT_SECURITY: "max-age=31536000"@STRICT_TRANSPORT_SECURITY: "max-age=86400"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CONTENT_SECURITY_POLICY: ".*"$@CONTENT_SECURITY_POLICY: "object-src '"'"'none'"'"'; frame-ancestors '"'"'self'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REFERRER_POLICY: "strict-origin-when-cross-origin"@REFERRER_POLICY: "no-referrer"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@PERMISSIONS_POLICY: ".*"$@PERMISSIONS_POLICY: "geolocation=(self), microphone=()"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@FEATURE_POLICY: ".*"$@FEATURE_POLICY: "geolocation '"'"'self'"'"'; microphone '"'"'none'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_FRAME_OPTIONS: "SAMEORIGIN"@X_FRAME_OPTIONS: "DENY"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_CONTENT_TYPE_OPTIONS: "nosniff"@X_CONTENT_TYPE_OPTIONS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_XSS_PROTECTION: "1; mode=block"@X_XSS_PROTECTION: "0"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@CUSTOM_HEADER: ""@CUSTOM_HEADER: "X-Test: test"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REMOVE_HEADERS: ".*"$@REMOVE_HEADERS: "X-Powered-By X-AspNet-Version X-AspNetMvc-Version"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@STRICT_TRANSPORT_SECURITY: "max-age=31536000"@STRICT_TRANSPORT_SECURITY: "max-age=86400"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CONTENT_SECURITY_POLICY: ".*"$@CONTENT_SECURITY_POLICY: "object-src '"'"'none'"'"'; frame-ancestors '"'"'self'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REFERRER_POLICY: "strict-origin-when-cross-origin"@REFERRER_POLICY: "no-referrer"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@PERMISSIONS_POLICY: ".*"$@PERMISSIONS_POLICY: "geolocation=(self), microphone=()"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@FEATURE_POLICY: ".*"$@FEATURE_POLICY: "geolocation '"'"'self'"'"'; microphone '"'"'none'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_FRAME_OPTIONS: "SAMEORIGIN"@X_FRAME_OPTIONS: "DENY"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_CONTENT_TYPE_OPTIONS: "nosniff"@X_CONTENT_TYPE_OPTIONS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_XSS_PROTECTION: "1; mode=block"@X_XSS_PROTECTION: "0"@' {} \;
else
sudo sed -i 's@CUSTOM_HEADER=.*$@CUSTOM_HEADER=X-Test: test@' /etc/bunkerweb/variables.env
sudo sed -i 's@REMOVE_HEADERS=.*$@REMOVE_HEADERS=X-Powered-By X-AspNet-Version X-AspNetMvc-Version@' /etc/bunkerweb/variables.env
sudo sed -i 's@STRICT_TRANSPORT_SECURITY=.*$@STRICT_TRANSPORT_SECURITY=max-age=86400@' /etc/bunkerweb/variables.env
sudo sed -i "s@CONTENT_SECURITY_POLICY=.*$@CONTENT_SECURITY_POLICY=object-src 'none'; frame-ancestors 'self';@" /etc/bunkerweb/variables.env
sudo sed -i 's@REFERRER_POLICY=.*$@REFERRER_POLICY=no-referrer@' /etc/bunkerweb/variables.env
sudo sed -i 's@PERMISSIONS_POLICY=.*$@PERMISSIONS_POLICY=geolocation=(self), microphone=()@' /etc/bunkerweb/variables.env
sudo sed -i "s@FEATURE_POLICY=.*$@FEATURE_POLICY=geolocation 'self'; microphone 'none';@" /etc/bunkerweb/variables.env
sudo sed -i 's@X_FRAME_OPTIONS=.*$@X_FRAME_OPTIONS=DENY@' /etc/bunkerweb/variables.env
sudo sed -i 's@X_CONTENT_TYPE_OPTIONS=.*$@X_CONTENT_TYPE_OPTIONS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@X_XSS_PROTECTION=.*$@X_XSS_PROTECTION=0@' /etc/bunkerweb/variables.env
export CUSTOM_HEADER="X-Test: test"
export REMOVE_HEADERS="X-Powered-By X-AspNet-Version X-AspNetMvc-Version"
export STRICT_TRANSPORT_SECURITY="max-age=86400"
export CONTENT_SECURITY_POLICY="object-src 'none'; frame-ancestors 'self';"
export REFERRER_POLICY="no-referrer"
export PERMISSIONS_POLICY="geolocation=(self), microphone=()"
export FEATURE_POLICY="geolocation 'self'; microphone 'none';"
export X_FRAME_OPTIONS="DENY"
export X_CONTENT_TYPE_OPTIONS=""
export X_XSS_PROTECTION="0"
fi
elif [ "$test" = "no_httponly_flag" ] ; then
echo "🎛️ Running tests without HttpOnly flag for cookies and with default values ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@COOKIE_FLAGS: ".*"$@COOKIE_FLAGS: "* SameSite=Lax"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CUSTOM_HEADER: "X-Test: test"@CUSTOM_HEADER: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REMOVE_HEADERS: ".*"$@REMOVE_HEADERS: "Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@STRICT_TRANSPORT_SECURITY: "max-age=86400"@STRICT_TRANSPORT_SECURITY: "max-age=31536000"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "yes"@GENERATE_SELF_SIGNED_SSL: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CONTENT_SECURITY_POLICY: ".*"$@CONTENT_SECURITY_POLICY: "object-src '"'"'none'"'"'; form-action '"'"'self'"'"'; frame-ancestors '"'"'self'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REFERRER_POLICY: "no-referrer"@REFERRER_POLICY: "strict-origin-when-cross-origin"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@PERMISSIONS_POLICY: ".*"$@PERMISSIONS_POLICY: "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@FEATURE_POLICY: ".*"$@FEATURE_POLICY: "accelerometer '"'"'none'"'"'; ambient-light-sensor '"'"'none'"'"'; autoplay '"'"'none'"'"'; battery '"'"'none'"'"'; camera '"'"'none'"'"'; display-capture '"'"'none'"'"'; document-domain '"'"'none'"'"'; encrypted-media '"'"'none'"'"'; execution-while-not-rendered '"'"'none'"'"'; execution-while-out-of-viewport '"'"'none'"'"'; fullscreen '"'"'none'"'"'; geolocation '"'"'none'"'"'; gyroscope '"'"'none'"'"'; layout-animation '"'"'none'"'"'; legacy-image-formats '"'"'none'"'"'; magnetometer '"'"'none'"'"'; microphone '"'"'none'"'"'; midi '"'"'none'"'"'; navigation-override '"'"'none'"'"'; payment '"'"'none'"'"'; picture-in-picture '"'"'none'"'"'; publickey-credentials-get '"'"'none'"'"'; speaker-selection '"'"'none'"'"'; sync-xhr '"'"'none'"'"'; unoptimized-images '"'"'none'"'"'; unsized-media '"'"'none'"'"'; usb '"'"'none'"'"'; screen-wake-lock '"'"'none'"'"'; web-share '"'"'none'"'"'; xr-spatial-tracking '"'"'none'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_FRAME_OPTIONS: "DENY"@X_FRAME_OPTIONS: "SAMEORIGIN"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_CONTENT_TYPE_OPTIONS: ""@X_CONTENT_TYPE_OPTIONS: "nosniff"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_XSS_PROTECTION: "0"@X_XSS_PROTECTION: "1; mode=block"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@COOKIE_FLAGS: ".*"$@COOKIE_FLAGS: "* SameSite=Lax"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CUSTOM_HEADER: "X-Test: test"@CUSTOM_HEADER: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REMOVE_HEADERS: ".*"$@REMOVE_HEADERS: "Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@STRICT_TRANSPORT_SECURITY: "max-age=86400"@STRICT_TRANSPORT_SECURITY: "max-age=31536000"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "yes"@GENERATE_SELF_SIGNED_SSL: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CONTENT_SECURITY_POLICY: ".*"$@CONTENT_SECURITY_POLICY: "object-src '"'"'none'"'"'; form-action '"'"'self'"'"'; frame-ancestors '"'"'self'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REFERRER_POLICY: "no-referrer"@REFERRER_POLICY: "strict-origin-when-cross-origin"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@PERMISSIONS_POLICY: ".*"$@PERMISSIONS_POLICY: "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@FEATURE_POLICY: ".*"$@FEATURE_POLICY: "accelerometer '"'"'none'"'"'; ambient-light-sensor '"'"'none'"'"'; autoplay '"'"'none'"'"'; battery '"'"'none'"'"'; camera '"'"'none'"'"'; display-capture '"'"'none'"'"'; document-domain '"'"'none'"'"'; encrypted-media '"'"'none'"'"'; execution-while-not-rendered '"'"'none'"'"'; execution-while-out-of-viewport '"'"'none'"'"'; fullscreen '"'"'none'"'"'; geolocation '"'"'none'"'"'; gyroscope '"'"'none'"'"'; layout-animation '"'"'none'"'"'; legacy-image-formats '"'"'none'"'"'; magnetometer '"'"'none'"'"'; microphone '"'"'none'"'"'; midi '"'"'none'"'"'; navigation-override '"'"'none'"'"'; payment '"'"'none'"'"'; picture-in-picture '"'"'none'"'"'; publickey-credentials-get '"'"'none'"'"'; speaker-selection '"'"'none'"'"'; sync-xhr '"'"'none'"'"'; unoptimized-images '"'"'none'"'"'; unsized-media '"'"'none'"'"'; usb '"'"'none'"'"'; screen-wake-lock '"'"'none'"'"'; web-share '"'"'none'"'"'; xr-spatial-tracking '"'"'none'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_FRAME_OPTIONS: "DENY"@X_FRAME_OPTIONS: "SAMEORIGIN"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_CONTENT_TYPE_OPTIONS: ""@X_CONTENT_TYPE_OPTIONS: "nosniff"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_XSS_PROTECTION: "0"@X_XSS_PROTECTION: "1; mode=block"@' {} \;
else
sudo sed -i 's@COOKIE_FLAGS=.*$@COOKIE_FLAGS=* HttpOnly SameSite=Lax@' /etc/bunkerweb/variables.env
sudo sed -i 's@CUSTOM_HEADER=.*$@CUSTOM_HEADER=@' /etc/bunkerweb/variables.env
sudo sed -i 's@REMOVE_HEADERS=.*$@REMOVE_HEADERS=Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version@' /etc/bunkerweb/variables.env
sudo sed -i 's@STRICT_TRANSPORT_SECURITY=.*$@STRICT_TRANSPORT_SECURITY=max-age=31536000@' /etc/bunkerweb/variables.env
sudo sed -i 's@GENERATE_SELF_SIGNED_SSL=.*$@GENERATE_SELF_SIGNED_SSL=no@' /etc/bunkerweb/variables.env
sudo sed -i "s@CONTENT_SECURITY_POLICY=.*$@CONTENT_SECURITY_POLICY=object-src 'none'; form-action 'self'; frame-ancestors 'self';@" /etc/bunkerweb/variables.env
sudo sed -i 's@REFERRER_POLICY=.*$@REFERRER_POLICY=strict-origin-when-cross-origin@' /etc/bunkerweb/variables.env
sudo sed -i 's@PERMISSIONS_POLICY=.*$@PERMISSIONS_POLICY=accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()@' /etc/bunkerweb/variables.env
sudo sed -i "s@FEATURE_POLICY=.*$@FEATURE_POLICY=accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';@" /etc/bunkerweb/variables.env
sudo sed -i 's@X_FRAME_OPTIONS=.*$@X_FRAME_OPTIONS=SAMEORIGIN@' /etc/bunkerweb/variables.env
sudo sed -i 's@X_CONTENT_TYPE_OPTIONS=.*$@X_CONTENT_TYPE_OPTIONS=nosniff@' /etc/bunkerweb/variables.env
sudo sed -i 's@X_XSS_PROTECTION=.*$@X_XSS_PROTECTION=1; mode=block@' /etc/bunkerweb/variables.env
export COOKIE_FLAGS="* SameSite=Lax"
unset CUSTOM_HEADER
unset REMOVE_HEADERS
unset STRICT_TRANSPORT_SECURITY
unset CONTENT_SECURITY_POLICY
unset REFERRER_POLICY
unset PERMISSIONS_POLICY
unset FEATURE_POLICY
unset X_FRAME_OPTIONS
unset X_CONTENT_TYPE_OPTIONS
unset X_XSS_PROTECTION
fi
elif [ "$test" = "multiple_no_httponly_flag" ] ; then
echo "🎛️ Running tests with HttpOnly flag overriden for cookie \"bw_cookie\" and default cookies flags ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@COOKIE_FLAGS: ".*"$@COOKIE_FLAGS: "* HttpOnly SameSite=Lax"@' {} \;
sed -i '27i \ COOKIE_FLAGS_1: "bw_cookie SameSite=Lax"' docker-compose.yml
sed -i '13i \ COOKIE_FLAGS_1: "bw_cookie SameSite=Lax"' docker-compose.test.yml
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@COOKIE_FLAGS: ".*"$@COOKIE_FLAGS: "* HttpOnly SameSite=Lax"@' {} \;
sed -i '27i \ COOKIE_FLAGS_1: "bw_cookie SameSite=Lax"' docker-compose.yml
sed -i '13i \ COOKIE_FLAGS_1: "bw_cookie SameSite=Lax"' docker-compose.test.yml
else
sudo sed -i 's@COOKIE_FLAGS=.*$@COOKIE_FLAGS=* HttpOnly SameSite=Lax@' /etc/bunkerweb/variables.env
echo "COOKIE_FLAGS_1=bw_cookie SameSite=Lax" | sudo tee -a /etc/bunkerweb/variables.env
export COOKIE_FLAGS="* HttpOnly SameSite=Lax"
export COOKIE_FLAGS_1="bw_cookie SameSite=Lax"
fi
elif [ "$test" = "with_ssl" ] ; then
echo "🎛️ Running tests with ssl ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "no"@GENERATE_SELF_SIGNED_SSL: "yes"@' {} \;
sed -i '27d' docker-compose.yml
sed -i '13d' docker-compose.test.yml
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "no"@GENERATE_SELF_SIGNED_SSL: "yes"@' {} \;
sed -i '27d' docker-compose.yml
sed -i '13d' docker-compose.test.yml
else
sudo sed -i 's@GENERATE_SELF_SIGNED_SSL=.*$@GENERATE_SELF_SIGNED_SSL=yes@' /etc/bunkerweb/variables.env
sudo sed -i '$ d' /etc/bunkerweb/variables.env
export GENERATE_SELF_SIGNED_SSL="yes"
fi
elif [ "$test" = "no_cookie_auto_secure_flag" ] ; then
echo "🎛️ Running tests without cookie_auto_secure_flag ..."
echo " Keeping the generated self-signed SSL certificate"
find . -type f -name 'docker-compose.*' -exec sed -i 's@COOKIE_AUTO_SECURE_FLAG: "yes"@COOKIE_AUTO_SECURE_FLAG: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@COOKIE_AUTO_SECURE_FLAG: "yes"@COOKIE_AUTO_SECURE_FLAG: "no"@' {} \;
else
sudo sed -i 's@COOKIE_AUTO_SECURE_FLAG=.*$@COOKIE_AUTO_SECURE_FLAG=no@' /etc/bunkerweb/variables.env
export COOKIE_AUTO_SECURE_FLAG="no"
fi
fi
echo "🎛️ Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🎛️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🎛️ Up failed ❌"
echo "🎛️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🎛️ Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🎛️ Start failed ❌"
exit 1
fi
fi
@ -122,37 +269,70 @@ do
# Check if stack is healthy
echo "🎛️ Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("headers-bw-1" "headers-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("headers-bw-1" "headers-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🎛️ Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🎛️ Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🎛️ Docker stack is not healthy ❌"
exit 1
fi
else
while [ $i -lt 120 ] ; do
check="$(sudo cat /var/log/bunkerweb/error.log | grep "BunkerWeb is ready")"
if ! [ -z "$check" ] ; then
echo "🎛️ Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🎛️ Linux stack is not healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🎛️ Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🎛️ Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🎛️ Test \"$test\" succeeded ✅"

136
tests/core/inject/test.sh
View file

@ -1,26 +1,47 @@
#!/bin/bash
echo "💉 Building inject stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "💉 Pull failed ❌"
if [ -z "$integration" ] ; then
echo "💉 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "💉 Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "💉 Build failed ❌"
exit 1
echo "💉 Building inject stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "💉 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "💉 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "INJECT_BODY=TEST" | sudo tee -a /etc/bunkerweb/variables.env
sudo cp index.html /var/www/html/index.html
fi
cleanup_stack () {
echo "💉 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "💉 Down failed ❌"
echo "💉 Cleanup failed ❌"
exit 1
fi
@ -33,15 +54,23 @@ trap cleanup_stack EXIT
echo "💉 Running tests while injecting TEST into the HTML page ..."
echo "💉 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "💉 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "💉 Up failed ❌"
echo "💉 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "💉 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "💉 Start failed ❌"
exit 1
fi
fi
@ -49,37 +78,70 @@ fi
# Check if stack is healthy
echo "💉 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("inject-bw-1" "inject-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("inject-bw-1" "inject-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "💉 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "💉 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "💉 Docker stack is not healthy ❌"
exit 1
fi
else
while [ $i -lt 120 ] ; do
check="$(sudo cat /var/log/bunkerweb/error.log | grep "BunkerWeb is ready")"
if ! [ -z "$check" ] ; then
echo "💉 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "💉 Linux stack is not healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "💉 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "💉 Test \"inject\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "💉 Test \"inject\" succeeded ✅"

240
tests/core/limit/test.sh
View file

@ -1,17 +1,38 @@
#!/bin/bash
echo "🎚️ Building limit stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🎚️ Pull failed ❌"
if [ -z "$integration" ] ; then
echo "🎚️ Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🎚️ Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🎚️ Build failed ❌"
exit 1
echo "🎚️ Building limit stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🎚️ Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🎚️ Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "BAD_BEHAVIOR_STATUS_CODES=400 401 403 405 429 444" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_LIMIT_REQ=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "LIMIT_REQ_URL=/" | sudo tee -a /etc/bunkerweb/variables.env
echo "LIMIT_REQ_RATE=2r/s" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_LIMIT_CONN=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "LIMIT_CONN_MAX_HTTP1=1" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
fi
manual=0
@ -19,27 +40,48 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_LIMIT_REQ: "yes"@USE_LIMIT_REQ: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@LIMIT_REQ_URL: ".*"$@LIMIT_REQ_URL: "/"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@LIMIT_REQ_RATE: ".*"$@LIMIT_REQ_RATE: "2r/s"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_LIMIT_CONN: "no"@USE_LIMIT_CONN: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_LIMIT_REQ: "yes"@USE_LIMIT_REQ: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@LIMIT_REQ_URL: ".*"$@LIMIT_REQ_URL: "/"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@LIMIT_REQ_RATE: ".*"$@LIMIT_REQ_RATE: "2r/s"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_LIMIT_CONN: "no"@USE_LIMIT_CONN: "yes"@' {} \;
if [[ $(sed '22!d' docker-compose.yml) = ' LIMIT_REQ_URL_1: "/custom"' ]] ; then
sed -i '22d' docker-compose.yml
if [[ $(sed '22!d' docker-compose.yml) = ' LIMIT_REQ_URL_1: "/custom"' ]] ; then
sed -i '22d' docker-compose.yml
fi
if [[ $(sed '22!d' docker-compose.yml) = ' LIMIT_REQ_RATE_1: "4r/s"' ]] ; then
sed -i '22d' docker-compose.yml
fi
if [[ $(sed '11!d' docker-compose.test.yml) = ' LIMIT_REQ_URL_1: "/custom"' ]] ; then
sed -i '11d' docker-compose.test.yml
fi
if [[ $(sed '11!d' docker-compose.test.yml) = ' LIMIT_REQ_RATE_1: "4r/s"' ]] ; then
sed -i '11d' docker-compose.test.yml
fi
else
sudo sed -i 's@USE_LIMIT_REQ=.*$@USE_LIMIT_REQ=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@LIMIT_REQ_URL=.*$@LIMIT_REQ_URL=/@' /etc/bunkerweb/variables.env
sudo sed -i 's@LIMIT_REQ_RATE=.*$@LIMIT_REQ_RATE=2r/s@' /etc/bunkerweb/variables.env
sudo sed -i 's@USE_LIMIT_CONN=.*$@USE_LIMIT_CONN=yes@' /etc/bunkerweb/variables.env
unset USE_LIMIT_REQ
unset LIMIT_REQ_URL
unset LIMIT_REQ_RATE
unset USE_LIMIT_CONN
if [[ $(sudo tail -n 1 /etc/bunkerweb/variables.env) = 'LIMIT_REQ_URL_1=/custom' ]] ; then
sudo truncate -s -1 /etc/bunkerweb/variables.env
fi
if [[ $(sudo tail -n 1 /etc/bunkerweb/variables.env) = 'LIMIT_REQ_RATE_1=4r/s' ]] ; then
sudo truncate -s -1 /etc/bunkerweb/variables.env
fi
unset LIMIT_REQ_URL_1
unset LIMIT_REQ_RATE_1
fi
if [[ $(sed '22!d' docker-compose.yml) = ' LIMIT_REQ_RATE_1: "4r/s"' ]] ; then
sed -i '22d' docker-compose.yml
fi
if [[ $(sed '11!d' docker-compose.test.yml) = ' LIMIT_REQ_URL_1: "/custom"' ]] ; then
sed -i '11d' docker-compose.test.yml
fi
if [[ $(sed '11!d' docker-compose.test.yml) = ' LIMIT_REQ_RATE_1: "4r/s"' ]] ; then
sed -i '11d' docker-compose.test.yml
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -47,10 +89,15 @@ cleanup_stack () {
echo "🎚️ Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🎚️ Down failed ❌"
echo "🎚️ Cleanup failed ❌"
exit 1
fi
@ -67,32 +114,64 @@ do
elif [ "$test" = "limit_req" ] ; then
echo "🎚️ Running tests with limit req activated ..."
echo " Deactivating limit conn ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_LIMIT_CONN: "yes"@USE_LIMIT_CONN: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_LIMIT_REQ: "no"@USE_LIMIT_REQ: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_LIMIT_CONN: "yes"@USE_LIMIT_CONN: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_LIMIT_REQ: "no"@USE_LIMIT_REQ: "yes"@' {} \;
else
sudo sed -i 's@USE_LIMIT_CONN=.*$@USE_LIMIT_CONN=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@USE_LIMIT_REQ=.*$@USE_LIMIT_REQ=yes@' /etc/bunkerweb/variables.env
export USE_LIMIT_CONN="no"
export USE_LIMIT_REQ="yes"
fi
elif [ "$test" = "augmented" ] ; then
echo "🎚️ Running tests with limit req rate set to 10r/s ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@LIMIT_REQ_RATE: ".*"$@LIMIT_REQ_RATE: "10r/s"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@LIMIT_REQ_RATE: ".*"$@LIMIT_REQ_RATE: "10r/s"@' {} \;
else
sudo sed -i 's@LIMIT_REQ_RATE=.*$@LIMIT_REQ_RATE=10r/s@' /etc/bunkerweb/variables.env
export LIMIT_REQ_RATE="10r/s"
fi
elif [ "$test" = "custom_endpoint_rate" ] ; then
echo "🎚️ Running tests with a custom endpoint rate ..."
sed -i '22i \ LIMIT_REQ_URL_1: "/custom"' docker-compose.yml
sed -i '23i \ LIMIT_REQ_RATE_1: "4r/s"' docker-compose.yml
sed -i '11i \ LIMIT_REQ_URL_1: "/custom"' docker-compose.test.yml
sed -i '12i \ LIMIT_REQ_RATE_1: "4r/s"' docker-compose.test.yml
if [ "$integration" == "docker" ] ; then
sed -i '22i \ LIMIT_REQ_URL_1: "/custom"' docker-compose.yml
sed -i '23i \ LIMIT_REQ_RATE_1: "4r/s"' docker-compose.yml
sed -i '11i \ LIMIT_REQ_URL_1: "/custom"' docker-compose.test.yml
sed -i '12i \ LIMIT_REQ_RATE_1: "4r/s"' docker-compose.test.yml
else
echo "LIMIT_REQ_URL_1=/custom" | sudo tee -a /etc/bunkerweb/variables.env
echo "LIMIT_REQ_RATE_1=4r/s" | sudo tee -a /etc/bunkerweb/variables.env
export LIMIT_REQ_URL_1="/custom"
export LIMIT_REQ_RATE_1="4r/s"
fi
elif [ "$test" = "deactivated_req" ] ; then
echo "🎚️ Running tests without limit req ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_LIMIT_REQ: "yes"@USE_LIMIT_REQ: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_LIMIT_REQ: "yes"@USE_LIMIT_REQ: "no"@' {} \;
else
sudo sed -i 's@USE_LIMIT_REQ=.*$@USE_LIMIT_REQ=no@' /etc/bunkerweb/variables.env
export USE_LIMIT_REQ="no"
fi
fi
echo "🎚️ Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🎚️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🎚️ Up failed ❌"
echo "🎚️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🎚️ Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🎚️ Start failed ❌"
exit 1
fi
fi
@ -100,37 +179,70 @@ do
# Check if stack is healthy
echo "🎚️ Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("limit-bw-1" "limit-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("limit-bw-1" "limit-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🎚️ Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🎚️ Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🎚️ Docker stack is not healthy ❌"
exit 1
fi
else
while [ $i -lt 120 ] ; do
check="$(sudo cat /var/log/bunkerweb/error.log | grep "BunkerWeb is ready")"
if ! [ -z "$check" ] ; then
echo "🎚️ Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🎚️ Linux stack is not healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🎚️ Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🎚️ Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🎚️ Test \"$test\" succeeded ✅"

239
tests/core/misc/test.sh
View file

@ -1,17 +1,45 @@
#!/bin/bash
echo "🗃️ Building misc stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🗃️ Pull failed ❌"
if [ -z "$integration" ] ; then
echo "🗃️ Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🗃️ Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🗃️ Build failed ❌"
exit 1
echo "🗃️ Building misc stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🗃️ Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🗃️ Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "GENERATE_SELF_SIGNED_SSL=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_MODSECURITY=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "DISABLE_DEFAULT_SERVER=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "REDIRECT_HTTP_TO_HTTPS=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "AUTO_REDIRECT_HTTP_TO_HTTPS=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "ALLOWED_METHODS=GET|POST|HEAD" | sudo tee -a /etc/bunkerweb/variables.env
echo "MAX_CLIENT_SIZE=5m" | sudo tee -a /etc/bunkerweb/variables.env
echo "SERVE_FILES=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "SSL_PROTOCOLS=TLSv1.2 TLSv1.3" | sudo tee -a /etc/bunkerweb/variables.env
echo "HTTP2=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "LISTEN_HTTP=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "DENY_HTTP_STATUS=403" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
fi
manual=0
@ -19,15 +47,36 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "yes"@GENERATE_SELF_SIGNED_SSL: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@DISABLE_DEFAULT_SERVER: "yes"@DISABLE_DEFAULT_SERVER: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@ALLOWED_METHODS: ".*"$@ALLOWED_METHODS: "GET|POST|HEAD"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@MAX_CLIENT_SIZE: "10m"@MAX_CLIENT_SIZE: "5m"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SERVE_FILES: "no"@SERVE_FILES: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SSL_PROTOCOLS: "TLSv1.2"@SSL_PROTOCOLS: "TLSv1.2 TLSv1.3"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@HTTP2: "no"@HTTP2: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@LISTEN_HTTP: "no"@LISTEN_HTTP: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@DENY_HTTP_STATUS: "444"@DENY_HTTP_STATUS: "403"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "yes"@GENERATE_SELF_SIGNED_SSL: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@DISABLE_DEFAULT_SERVER: "yes"@DISABLE_DEFAULT_SERVER: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@ALLOWED_METHODS: ".*"$@ALLOWED_METHODS: "GET|POST|HEAD"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@MAX_CLIENT_SIZE: "10m"@MAX_CLIENT_SIZE: "5m"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SERVE_FILES: "no"@SERVE_FILES: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SSL_PROTOCOLS: "TLSv1.2"@SSL_PROTOCOLS: "TLSv1.2 TLSv1.3"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@HTTP2: "no"@HTTP2: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@LISTEN_HTTP: "no"@LISTEN_HTTP: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@DENY_HTTP_STATUS: "444"@DENY_HTTP_STATUS: "403"@' {} \;
else
sudo sed -i 's@GENERATE_SELF_SIGNED_SSL=.*$@GENERATE_SELF_SIGNED_SSL=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@DISABLE_DEFAULT_SERVER=.*$@DISABLE_DEFAULT_SERVER=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@ALLOWED_METHODS=.*$@ALLOWED_METHODS=GET|POST|HEAD@' /etc/bunkerweb/variables.env
sudo sed -i 's@MAX_CLIENT_SIZE=.*$@MAX_CLIENT_SIZE=5m@' /etc/bunkerweb/variables.env
sudo sed -i 's@SERVE_FILES=.*$@SERVE_FILES=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@SSL_PROTOCOLS=.*$@SSL_PROTOCOLS=TLSv1.2 TLSv1.3@' /etc/bunkerweb/variables.env
sudo sed -i 's@HTTP2=.*$@HTTP2=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@LISTEN_HTTP=.*$@LISTEN_HTTP=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@DENY_HTTP_STATUS=.*$@DENY_HTTP_STATUS=403@' /etc/bunkerweb/variables.env
unset GENERATE_SELF_SIGNED_SSL
unset DISABLE_DEFAULT_SERVER
unset ALLOWED_METHODS
unset MAX_CLIENT_SIZE
unset SERVE_FILES
unset SSL_PROTOCOLS
unset HTTP2
unset LISTEN_HTTP
unset DENY_HTTP_STATUS
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -35,10 +84,15 @@ cleanup_stack () {
echo "🗃️ Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🗃️ Down failed ❌"
echo "🗃️ Cleanup failed ❌"
exit 1
fi
@ -54,37 +108,77 @@ do
echo "🗃️ Running tests when misc settings have default values except MAX_CLIENT_SIZE which have the value \"5m\" ..."
elif [ "$test" = "ssl_generated" ] ; then
echo "🗃️ Running tests when misc settings have default values and the ssl is generated in self signed ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "no"@GENERATE_SELF_SIGNED_SSL: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "no"@GENERATE_SELF_SIGNED_SSL: "yes"@' {} \;
else
sudo sed -i 's@GENERATE_SELF_SIGNED_SSL=.*$@GENERATE_SELF_SIGNED_SSL=yes@' /etc/bunkerweb/variables.env
export GENERATE_SELF_SIGNED_SSL="yes"
fi
elif [ "$test" = "tweaked" ] ; then
echo "🗃️ Running tests when misc settings have tweaked values ..."
echo " Keeping the ssl generated in self signed ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@DISABLE_DEFAULT_SERVER: "no"@DISABLE_DEFAULT_SERVER: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@ALLOWED_METHODS: ".*"$@ALLOWED_METHODS: "POST|HEAD"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@MAX_CLIENT_SIZE: "5m"@MAX_CLIENT_SIZE: "10m"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SERVE_FILES: "yes"@SERVE_FILES: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@HTTP2: "yes"@HTTP2: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@DISABLE_DEFAULT_SERVER: "no"@DISABLE_DEFAULT_SERVER: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@ALLOWED_METHODS: ".*"$@ALLOWED_METHODS: "POST|HEAD"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@MAX_CLIENT_SIZE: "5m"@MAX_CLIENT_SIZE: "10m"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SERVE_FILES: "yes"@SERVE_FILES: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@HTTP2: "yes"@HTTP2: "no"@' {} \;
else
sudo sed -i 's@DISABLE_DEFAULT_SERVER=.*$@DISABLE_DEFAULT_SERVER=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@ALLOWED_METHODS=.*$@ALLOWED_METHODS=POST|HEAD@' /etc/bunkerweb/variables.env
sudo sed -i 's@MAX_CLIENT_SIZE=.*$@MAX_CLIENT_SIZE=10m@' /etc/bunkerweb/variables.env
sudo sed -i 's@SERVE_FILES=.*$@SERVE_FILES=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@HTTP2=.*$@HTTP2=no@' /etc/bunkerweb/variables.env
export DISABLE_DEFAULT_SERVER="yes"
export ALLOWED_METHODS="POST|HEAD"
export MAX_CLIENT_SIZE="10m"
export SERVE_FILES="no"
export HTTP2="no"
fi
elif [ "$test" = "deny_status_444" ] ; then
echo "🗃️ Running tests when the server's deny status is set to 444 ..."
echo " Keeping the ssl generated in self signed ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@DENY_HTTP_STATUS: "403"@DENY_HTTP_STATUS: "444"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@DENY_HTTP_STATUS: "403"@DENY_HTTP_STATUS: "444"@' {} \;
else
sudo sed -i 's@DENY_HTTP_STATUS=.*$@DENY_HTTP_STATUS=444@' /etc/bunkerweb/variables.env
export DENY_HTTP_STATUS="444"
fi
elif [ "$test" = "TLSv1.2" ] ; then
echo "🗃️ Running tests with only TLSv1.2 enabled and when the server is not listening on http ..."
echo " Keeping the ssl generated in self signed ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@DISABLE_DEFAULT_SERVER: "yes"@DISABLE_DEFAULT_SERVER: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SSL_PROTOCOLS: "TLSv1.2 TLSv1.3"@SSL_PROTOCOLS: "TLSv1.2"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@LISTEN_HTTP: "yes"@LISTEN_HTTP: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@DISABLE_DEFAULT_SERVER: "yes"@DISABLE_DEFAULT_SERVER: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SSL_PROTOCOLS: "TLSv1.2 TLSv1.3"@SSL_PROTOCOLS: "TLSv1.2"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@LISTEN_HTTP: "yes"@LISTEN_HTTP: "no"@' {} \;
else
sudo sed -i 's@DISABLE_DEFAULT_SERVER=.*$@DISABLE_DEFAULT_SERVER=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@SSL_PROTOCOLS=.*$@SSL_PROTOCOLS=TLSv1.2@' /etc/bunkerweb/variables.env
sudo sed -i 's@LISTEN_HTTP=.*$@LISTEN_HTTP=no@' /etc/bunkerweb/variables.env
export DISABLE_DEFAULT_SERVER="no"
export SSL_PROTOCOLS="TLSv1.2"
export LISTEN_HTTP="no"
fi
fi
echo "🗃️ Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🗃️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🗃️ Up failed ❌"
echo "🗃️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🗃️ Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🗃️ Start failed ❌"
exit 1
fi
fi
@ -92,37 +186,70 @@ do
# Check if stack is healthy
echo "🗃️ Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("misc-bw-1" "misc-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("misc-bw-1" "misc-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🗃️ Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🗃️ Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🗃️ Docker stack is not healthy ❌"
exit 1
fi
else
while [ $i -lt 120 ] ; do
check="$(sudo cat /var/log/bunkerweb/error.log | grep "BunkerWeb is ready")"
if ! [ -z "$check" ] ; then
echo "🗃️ Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🗃️ Linux stack is not healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🗃️ Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🗃️ Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🗃️ Test \"$test\" succeeded ✅"

169
tests/core/modsecurity/test.sh
View file

@ -1,17 +1,37 @@
#!/bin/bash
echo "👮 Building modsecurity stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "👮 Pull failed ❌"
if [ -z "$integration" ] ; then
echo "👮 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "👮 Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "👮 Build failed ❌"
exit 1
echo "👮 Building modsecurity stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "👮 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "👮 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "USE_MODSECURITY=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_MODSECURITY_CRS=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "MODSECURITY_SEC_AUDIT_ENGINE=RelevantOnly" | sudo tee -a /etc/bunkerweb/variables.env
echo "MODSECURITY_SEC_RULE_ENGINE=On" | sudo tee -a /etc/bunkerweb/variables.env
echo "MODSECURITY_SEC_AUDIT_LOG_PARTS=ABCFHZ" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
fi
manual=0
@ -19,8 +39,15 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_MODSECURITY: "no"@USE_MODSECURITY: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_MODSECURITY_CRS: "no"@USE_MODSECURITY_CRS: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_MODSECURITY: "no"@USE_MODSECURITY: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_MODSECURITY_CRS: "no"@USE_MODSECURITY_CRS: "yes"@' {} \;
else
sudo sed -i 's@USE_MODSECURITY=.*$@USE_MODSECURITY=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@USE_MODSECURITY_CRS=.*$@USE_MODSECURITY_CRS=yes@' /etc/bunkerweb/variables.env
unset USE_MODSECURITY
unset USE_MODSECURITY_CRS
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -28,10 +55,15 @@ cleanup_stack () {
echo "👮 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "👮 Down failed ❌"
echo "👮 Cleanup failed ❌"
exit 1
fi
@ -47,23 +79,43 @@ do
echo "👮 Running tests with modsecurity activated ..."
elif [ "$test" = "crs_deactivated" ] ; then
echo "👮 Running tests without the CRS ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_MODSECURITY_CRS: "yes"@USE_MODSECURITY_CRS: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_MODSECURITY_CRS: "yes"@USE_MODSECURITY_CRS: "no"@' {} \;
else
sudo sed -i 's@USE_MODSECURITY_CRS=.*$@USE_MODSECURITY_CRS=no@' /etc/bunkerweb/variables.env
export USE_MODSECURITY_CRS="no"
fi
elif [ "$test" = "deactivated" ] ; then
echo "👮 Running tests without modsecurity ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_MODSECURITY_CRS: "no"@USE_MODSECURITY_CRS: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_MODSECURITY: "yes"@USE_MODSECURITY: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_MODSECURITY_CRS: "no"@USE_MODSECURITY_CRS: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_MODSECURITY: "yes"@USE_MODSECURITY: "no"@' {} \;
else
sudo sed -i 's@USE_MODSECURITY_CRS=.*$@USE_MODSECURITY_CRS=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@USE_MODSECURITY=.*$@USE_MODSECURITY=no@' /etc/bunkerweb/variables.env
unset USE_MODSECURITY_CRS
export USE_MODSECURITY="no"
fi
fi
echo "👮 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "👮 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "👮 Up failed ❌"
echo "👮 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "👮 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "👮 Start failed ❌"
exit 1
fi
fi
@ -71,37 +123,70 @@ do
# Check if stack is healthy
echo "👮 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("modsecurity-bw-1" "modsecurity-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("modsecurity-bw-1" "modsecurity-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "👮 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "👮 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "👮 Docker stack is not healthy ❌"
exit 1
fi
else
while [ $i -lt 120 ] ; do
check="$(sudo cat /var/log/bunkerweb/error.log | grep "BunkerWeb is ready")"
if ! [ -z "$check" ] ; then
echo "👮 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "👮 Linux stack is not healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "👮 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "👮 Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "👮 Test \"$test\" succeeded ✅"

164
tests/core/redirect/test.sh
View file

@ -1,17 +1,34 @@
#!/bin/bash
echo "↩️ Building redirect stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker app1
if [ $? -ne 0 ] ; then
echo "↩️ Pull failed ❌"
if [ -z "$integration" ] ; then
echo "↩️ Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "↩️ Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "↩️ Build failed ❌"
exit 1
echo "↩️ Building redirect stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker app1
if [ $? -ne 0 ] ; then
echo "↩️ Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "↩️ Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "REDIRECT_TO=" | sudo tee -a /etc/bunkerweb/variables.env
echo "REDIRECT_TO_REQUEST_URI=no" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
fi
manual=0
@ -19,8 +36,15 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIRECT_TO: "http://brightlushsilveryawn\.neverssl\.com/online/"@REDIRECT_TO: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIRECT_TO_REQUEST_URI: "yes"@REDIRECT_TO_REQUEST_URI: "no"@' {} \;
if [ "$integration" = "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIRECT_TO: "http://brightlushsilveryawn\.neverssl\.com/online/"@REDIRECT_TO: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIRECT_TO_REQUEST_URI: "yes"@REDIRECT_TO_REQUEST_URI: "no"@' {} \;
else
sudo sed -i 's@REDIRECT_TO=.*$@REDIRECT_TO=@' /etc/bunkerweb/variables.env
sudo sed -i 's@REDIRECT_TO_REQUEST_URI=.*$@REDIRECT_TO_REQUEST_URI=no@' /etc/bunkerweb/variables.env
unset REDIRECT_TO
unset REDIRECT_TO_REQUEST_URI
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -28,10 +52,15 @@ cleanup_stack () {
echo "↩️ Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "↩️ Down failed ❌"
echo "↩️ Cleanup failed ❌"
exit 1
fi
@ -45,22 +74,40 @@ for test in "redirect" "redirect_uri"
do
if [ "$test" = "redirect" ] ; then
echo "↩️ Running tests when redirecting to http://brightlushsilveryawn.neverssl.com/online/ ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIRECT_TO: ""@REDIRECT_TO: "http://brightlushsilveryawn.neverssl.com/online/"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIRECT_TO: ""@REDIRECT_TO: "http://brightlushsilveryawn.neverssl.com/online/"@' {} \;
else
echo "REDIRECT_TO=http://brightlushsilveryawn.neverssl.com/online/" | sudo tee -a /etc/bunkerweb/variables.env
export REDIRECT_TO="http://brightlushsilveryawn.neverssl.com/online/"
fi
elif [ "$test" = "redirect_uri" ] ; then
echo "↩️ Running tests when redirecting to uri test ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIRECT_TO_REQUEST_URI: "no"@REDIRECT_TO_REQUEST_URI: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIRECT_TO_REQUEST_URI: "no"@REDIRECT_TO_REQUEST_URI: "yes"@' {} \;
else
echo "REDIRECT_TO_REQUEST_URI=yes" | sudo tee -a /etc/bunkerweb/variables.env
export REDIRECT_TO_REQUEST_URI="yes"
fi
fi
echo "↩️ Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "↩️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "↩️ Up failed ❌"
echo "↩️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "↩️ Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "↩️ Start failed ❌"
exit 1
fi
fi
@ -68,37 +115,72 @@ do
# Check if stack is healthy
echo "↩️ Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("redirect-bw-1" "redirect-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("redirect-bw-1" "redirect-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "↩️ Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "↩️ Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "↩️ Docker stack is not healthy ❌"
exit 1
fi
else
while [ $i -lt 120 ] ; do
check="$(sudo cat /var/log/bunkerweb/error.log | grep "BunkerWeb is ready")"
if ! [ -z "$check" ] ; then
echo "↩️ Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "↩️ Linux stack is not healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "↩️ Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "↩️ Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛡️ Showing Geckodriver logs ..."
sudo cat geckodriver.log
fi
exit 1
else
echo "↩️ Test \"$test\" succeeded ✅"

1
tests/core/redis/docker-compose.test.yml
View file

@ -7,7 +7,6 @@ services:
PYTHONUNBUFFERED: "1"
USE_REVERSE_SCAN: "no"
USE_ANTIBOT: "no"
BLACKLIST_IP: ""
REDIS_HOST: "bw-redis"
REDIS_PORT: "6379"

15
tests/core/redis/main.py
View file

@ -15,13 +15,13 @@ from uvicorn import run
fastapi_proc = None
try:
redis_host = getenv("REDIS_HOST")
redis_host = getenv("REDIS_HOST", "127.0.0.1")
if not redis_host:
print("❌ Redis host is not set, exiting ...", flush=True)
exit(1)
redis_port = getenv("REDIS_PORT", "")
redis_port = getenv("REDIS_PORT", "6379")
if not redis_port.isdigit():
print("❌ Redis port doesn't seem to be a number, exiting ...", flush=True)
@ -29,7 +29,7 @@ try:
redis_port = int(redis_port)
redis_db = getenv("REDIS_DATABASE", "")
redis_db = getenv("REDIS_DATABASE", "0")
if not redis_db.isdigit():
print("❌ Redis database doesn't seem to be a number, exiting ...", flush=True)
@ -63,7 +63,14 @@ try:
print(" Testing Reverse Scan, starting FastAPI ...", flush=True)
app = FastAPI()
fastapi_proc = Process(
target=run, args=(app,), kwargs=dict(host="0.0.0.0", port=8080)
target=run,
args=(app,),
kwargs=dict(
host="0.0.0.0"
if getenv("TEST_TYPE", "docker") == "docker"
else "127.0.0.1",
port=8080,
),
)
fastapi_proc.start()

272
tests/core/redis/test.sh
View file

@ -1,26 +1,83 @@
#!/bin/bash
echo "🧰 Building redis stack ..."
integration=$1
if [ -z "$integration" ] ; then
echo "🧰 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🧰 Integration \"$integration\" is not supported ❌"
exit 1
fi
echo "🧰 Building redis stack for integration \"$integration\" ..."
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🧰 Pull failed ❌"
exit 1
fi
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🧰 Pull failed ❌"
exit 1
fi
echo "🧰 Building custom redis image ..."
docker compose build bw-redis
if [ $? -ne 0 ] ; then
echo "🧰 Build failed ❌"
exit 1
fi
echo "🧰 Building custom redis image ..."
docker compose build bw-redis
if [ $? -ne 0 ] ; then
echo "🧰 Build failed ❌"
exit 1
fi
echo "🧰 Building tests images ..."
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🧰 Build failed ❌"
exit 1
echo "🧰 Building tests images ..."
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🧰 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
sudo sed -i "/^USE_BLACKLIST=/d" /etc/bunkerweb/variables.env
echo "BLACKLIST_IP_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "SESSIONS_NAME=test" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_REVERSE_SCAN=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_ANTIBOT=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_GREYLIST=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_IP=0.0.0.0/0" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_COUNTRY=AU" | sudo tee -a /etc/bunkerweb/variables.env
echo "🧰 Installing Redis ..."
sudo apt install --no-install-recommends -y redis
redis-server --daemonize yes
if [ $? -ne 0 ] ; then
echo "🧰 Redis start failed ❌"
exit 1
fi
echo "🧰 Redis installed ✅"
echo "🧰 Generating redis certs ..."
mkdir tls
openssl genrsa -out tls/ca.key 4096
openssl req \
-x509 -new -nodes -sha256 \
-key tls/ca.key \
-days 365 \
-subj /CN=bw-redis/ \
-out tls/ca.crt
openssl req \
-x509 -nodes -newkey rsa:4096 \
-keyout tls/redis.key \
-out tls/redis.pem \
-days 365 \
-subj /CN=bw-redis/
sudo chmod -R 640 tls
echo "🧰 Certs generated ✅"
echo "USE_REDIS=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "REDIS_HOST=127.0.0.1" | sudo tee -a /etc/bunkerweb/variables.env
echo "REDIS_PORT=6379" | sudo tee -a /etc/bunkerweb/variables.env
echo "REDIS_DATABASE=0" | sudo tee -a /etc/bunkerweb/variables.env
echo "REDIS_SSL=no" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
export TEST_TYPE="linux"
fi
manual=0
@ -28,12 +85,25 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "yes"@USE_REVERSE_SCAN: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_ANTIBOT: "cookie"@USE_ANTIBOT: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IP: "0\.0\.0\.0/0"@BLACKLIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PORT: "[0-9]*"@REDIS_PORT: "6379"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_DATABASE: "1"@REDIS_DATABASE: "0"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SSL: "yes"@REDIS_SSL: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "yes"@USE_REVERSE_SCAN: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_ANTIBOT: "cookie"@USE_ANTIBOT: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PORT: "[0-9]*"@REDIS_PORT: "6379"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_DATABASE: "1"@REDIS_DATABASE: "0"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SSL: "yes"@REDIS_SSL: "no"@' {} \;
else
sudo rm -rf tls
sudo sed -i 's@USE_REVERSE_SCAN=.*$@USE_REVERSE_SCAN=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@USE_ANTIBOT=.*$@USE_ANTIBOT=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@REDIS_PORT=.*$@REDIS_PORT=6379@' /etc/bunkerweb/variables.env
sudo sed -i 's@REDIS_DATABASE=.*$@REDIS_DATABASE=0@' /etc/bunkerweb/variables.env
sudo sed -i 's@REDIS_SSL=.*$@REDIS_SSL=no@' /etc/bunkerweb/variables.env
unset USE_REVERSE_SCAN
unset USE_ANTIBOT
unset REDIS_PORT
unset REDIS_DATABASE
unset REDIS_SSL
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -41,10 +111,15 @@ cleanup_stack () {
echo "🧰 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🧰 Down failed ❌"
echo "🧰 Cleanup failed ❌"
exit 1
fi
@ -60,29 +135,75 @@ do
echo "🧰 Running tests with redis with default values ..."
elif [ "$test" = "reverse_scan" ] ; then
echo "🧰 Running tests with redis with reverse scan activated ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "no"@USE_REVERSE_SCAN: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "no"@USE_REVERSE_SCAN: "yes"@' {} \;
else
sudo sed -i 's@USE_REVERSE_SCAN=.*$@USE_REVERSE_SCAN=yes@' /etc/bunkerweb/variables.env
export USE_REVERSE_SCAN="yes"
fi
elif [ "$test" = "antibot" ] ; then
echo "🧰 Running tests with redis with antibot cookie activated ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "yes"@USE_REVERSE_SCAN: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_ANTIBOT: "no"@USE_ANTIBOT: "cookie"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "yes"@USE_REVERSE_SCAN: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_ANTIBOT: "no"@USE_ANTIBOT: "cookie"@' {} \;
else
sudo sed -i 's@USE_REVERSE_SCAN=.*$@USE_REVERSE_SCAN=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@USE_ANTIBOT=.*$@USE_ANTIBOT=cookie@' /etc/bunkerweb/variables.env
export USE_REVERSE_SCAN="no"
export USE_ANTIBOT="cookie"
fi
elif [ "$test" = "tweaked" ] ; then
echo "🧰 Running tests with redis' settings tweaked ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_ANTIBOT: "cookie"@USE_ANTIBOT: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PORT: "[0-9]*"@REDIS_PORT: "6380"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_DATABASE: "0"@REDIS_DATABASE: "1"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SSL: "no"@REDIS_SSL: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_ANTIBOT: "cookie"@USE_ANTIBOT: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PORT: "[0-9]*"@REDIS_PORT: "6380"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_DATABASE: "0"@REDIS_DATABASE: "1"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SSL: "no"@REDIS_SSL: "yes"@' {} \;
else
sudo sed -i 's@USE_ANTIBOT=.*$@USE_ANTIBOT=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@REDIS_PORT=.*$@REDIS_PORT=6380@' /etc/bunkerweb/variables.env
sudo sed -i 's@REDIS_DATABASE=.*$@REDIS_DATABASE=1@' /etc/bunkerweb/variables.env
sudo sed -i 's@REDIS_SSL=.*$@REDIS_SSL=yes@' /etc/bunkerweb/variables.env
unset USE_ANTIBOT
unset REDIS_PORT
unset REDIS_DATABASE
unset REDIS_SSL
echo "🧰 Stoping redis ..."
redis-cli shutdown
if [ $? -ne 0 ] ; then
echo "🧰 Redis stop failed ❌"
exit 1
fi
echo "🧰 Redis stopped ✅"
echo "🧰 Starting redis with tweaked settings ..."
redis-server --tls-port 6380 --port 0 --tls-cert-file tls/redis.pem --tls-key-file tls/redis.key --tls-ca-cert-file tls/ca.crt --tls-auth-clients no --daemonize yes
if [ $? -ne 0 ] ; then
echo "🧰 Redis start failed ❌"
exit 1
fi
echo "🧰 Redis started ✅"
fi
fi
echo "🧰 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🧰 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🧰 Up failed ❌"
echo "🧰 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🧰 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🧰 Start failed ❌"
exit 1
fi
fi
@ -90,37 +211,72 @@ do
# Check if stack is healthy
echo "🧰 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("redis-bw-1" "redis-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("redis-bw-1" "redis-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🧰 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🧰 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🧰 Docker stack is not healthy ❌"
exit 1
fi
else
while [ $i -lt 120 ] ; do
check="$(sudo cat /var/log/bunkerweb/error.log | grep "BunkerWeb is ready")"
if ! [ -z "$check" ] ; then
echo "🧰 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🧰 Linux stack is not healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🧰 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🧰 Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛡️ Showing Geckodriver logs ..."
sudo cat geckodriver.log
fi
exit 1
else
echo "🧰 Test \"$test\" succeeded ✅"

11
tests/core/reversescan/main.py
View file

@ -8,13 +8,20 @@ from uvicorn import run
app = FastAPI()
fastapi_proc = Process(target=run, args=(app,), kwargs=dict(host="0.0.0.0", port=80))
fastapi_proc = Process(
target=run,
args=(app,),
kwargs=dict(
host="0.0.0.0" if getenv("TEST_TYPE", "docker") == "docker" else "127.0.0.1",
port=80,
),
)
fastapi_proc.start()
sleep(1)
try:
use_reverse_scan = getenv("USE_REVERSE_SCAN", "no") == "yes"
use_reverse_scan = getenv("USE_REVERSE_SCAN", "yes") == "yes"
reverse_scan_ports = getenv("REVERSE_SCAN_PORTS", "22 80 443 3128 8000 8080")
print(f" Trying to access http://www.example.com ...", flush=True)

164
tests/core/reversescan/test.sh
View file

@ -1,17 +1,36 @@
#!/bin/bash
echo "🕵️ Building reversescan stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🕵️ Pull failed ❌"
if [ -z "$integration" ] ; then
echo "🕵️ Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🕵️ Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🕵️ Build failed ❌"
exit 1
echo "🕵️ Building reversescan stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🕵️ Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🕵️ Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "USE_REVERSE_SCAN=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "REVERSE_SCAN_PORTS=22 80 443 3128 8000 8080" | sudo tee -a /etc/bunkerweb/variables.env
echo "REVERSE_SCAN_TIMEOUT=500" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
export TEST_TYPE="linux"
fi
manual=0
@ -19,8 +38,15 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "no"@USE_REVERSE_SCAN: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REVERSE_SCAN_PORTS: ".*"$@REVERSE_SCAN_PORTS: "22 80 443 3128 8000 8080"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "no"@USE_REVERSE_SCAN: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REVERSE_SCAN_PORTS: ".*"$@REVERSE_SCAN_PORTS: "22 80 443 3128 8000 8080"@' {} \;
else
sudo sed -i 's@USE_REVERSE_SCAN=.*$@USE_REVERSE_SCAN=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@REVERSE_SCAN_PORTS=.*$@REVERSE_SCAN_PORTS=22 80 443 3128 8000 8080@' /etc/bunkerweb/variables.env
unset USE_REVERSE_SCAN
unset REVERSE_SCAN_PORTS
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -28,10 +54,15 @@ cleanup_stack () {
echo "🕵️ Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🕵️ Down failed ❌"
echo "🕵️ Cleanup failed ❌"
exit 1
fi
@ -47,22 +78,40 @@ do
echo "🕵️ Running tests with default reverse scan ..."
elif [ "$test" = "tweaked_ports" ] ; then
echo "🕵️ Running tests while removing the 80 port being scanned ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@REVERSE_SCAN_PORTS: ".*"$@REVERSE_SCAN_PORTS: "22 443 3128 8000 8080"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@REVERSE_SCAN_PORTS: ".*"$@REVERSE_SCAN_PORTS: "22 443 3128 8000 8080"@' {} \;
else
sudo sed -i 's@REVERSE_SCAN_PORTS=.*$@REVERSE_SCAN_PORTS=22 443 3128 8000 8080@' /etc/bunkerweb/variables.env
export REVERSE_SCAN_PORTS="22 443 3128 8000 8080"
fi
elif [ "$test" = "deactivated" ] ; then
echo "🕵️ Running tests without the reverse scan ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "yes"@USE_REVERSE_SCAN: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "yes"@USE_REVERSE_SCAN: "no"@' {} \;
else
sudo sed -i 's@USE_REVERSE_SCAN=.*$@USE_REVERSE_SCAN=no@' /etc/bunkerweb/variables.env
export USE_REVERSE_SCAN="no"
fi
fi
echo "🕵️ Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🕵️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🕵️ Up failed ❌"
echo "🕵️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🕵️ Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🕵️ Start failed ❌"
exit 1
fi
fi
@ -70,37 +119,70 @@ do
# Check if stack is healthy
echo "🕵️ Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("reversescan-bw-1" "reversescan-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("reversescan-bw-1" "reversescan-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🕵️ Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🕵️ Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🕵️ Docker stack is not healthy ❌"
exit 1
fi
else
while [ $i -lt 120 ] ; do
check="$(sudo cat /var/log/bunkerweb/error.log | grep "BunkerWeb is ready")"
if ! [ -z "$check" ] ; then
echo "🕵️ Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🕵️ Linux stack is not healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🕵️ Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🕵️ Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🕵️ Test \"$test\" succeeded ✅"

172
tests/core/selfsigned/test.sh
View file

@ -1,17 +1,35 @@
#!/bin/bash
echo "🔑 Building selfsigned stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🔑 Pull failed ❌"
if [ -z "$integration" ] ; then
echo "🔑 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🔑 Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🔑 Build failed ❌"
exit 1
echo "🔑 Building selfsigned stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🔑 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🔑 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "GENERATE_SELF_SIGNED_SSL=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "SELF_SIGNED_SSL_EXPIRY=365" | sudo tee -a /etc/bunkerweb/variables.env
echo "SELF_SIGNED_SSL_SUBJ=/CN=www.example.com/" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
fi
manual=0
@ -19,9 +37,18 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "yes"@GENERATE_SELF_SIGNED_SSL: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SELF_SIGNED_SSL_EXPIRY: "30"@SELF_SIGNED_SSL_EXPIRY: "365"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SELF_SIGNED_SSL_SUBJ: "/CN=example.com/"@SELF_SIGNED_SSL_SUBJ: "/CN=www.example.com/"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "yes"@GENERATE_SELF_SIGNED_SSL: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SELF_SIGNED_SSL_EXPIRY: "30"@SELF_SIGNED_SSL_EXPIRY: "365"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SELF_SIGNED_SSL_SUBJ: "/CN=example.com/"@SELF_SIGNED_SSL_SUBJ: "/CN=www.example.com/"@' {} \;
else
sudo sed -i 's@GENERATE_SELF_SIGNED_SSL=.*$@GENERATE_SELF_SIGNED_SSL=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@SELF_SIGNED_SSL_EXPIRY=.*$@SELF_SIGNED_SSL_EXPIRY=365@' /etc/bunkerweb/variables.env
sudo sed -i 's@SELF_SIGNED_SSL_SUBJ=.*$@SELF_SIGNED_SSL_SUBJ=/CN=www.example.com/@' /etc/bunkerweb/variables.env
unset GENERATE_SELF_SIGNED_SSL
unset SELF_SIGNED_SSL_EXPIRY
unset SELF_SIGNED_SSL_SUBJ
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -29,10 +56,15 @@ cleanup_stack () {
echo "🔑 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🔑 Down failed ❌"
echo "🔑 Cleanup failed ❌"
exit 1
fi
@ -48,23 +80,44 @@ do
echo "🔑 Running tests without selfsigned ..."
elif [ "$test" = "activated" ] ; then
echo "🔑 Running tests with selfsigned activated ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "no"@GENERATE_SELF_SIGNED_SSL: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "no"@GENERATE_SELF_SIGNED_SSL: "yes"@' {} \;
else
sudo sed -i 's@GENERATE_SELF_SIGNED_SSL=.*$@GENERATE_SELF_SIGNED_SSL=yes@' /etc/bunkerweb/variables.env
export GENERATE_SELF_SIGNED_SSL="yes"
fi
elif [ "$test" = "tweaked_options" ] ; then
echo "🔑 Running tests with selfsigned's options tweaked ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@SELF_SIGNED_SSL_EXPIRY: "365"@SELF_SIGNED_SSL_EXPIRY: "30"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SELF_SIGNED_SSL_SUBJ: "/CN=www.example.com/"@SELF_SIGNED_SSL_SUBJ: "/CN=example.com/"@' {} \;
echo " Keeping the generated self-signed SSL certificate"
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@SELF_SIGNED_SSL_EXPIRY: "365"@SELF_SIGNED_SSL_EXPIRY: "30"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SELF_SIGNED_SSL_SUBJ: "/CN=www.example.com/"@SELF_SIGNED_SSL_SUBJ: "/CN=example.com/"@' {} \;
else
sudo sed -i 's@SELF_SIGNED_SSL_EXPIRY=.*$@SELF_SIGNED_SSL_EXPIRY=30@' /etc/bunkerweb/variables.env
sudo sed -i 's@SELF_SIGNED_SSL_SUBJ=.*$@SELF_SIGNED_SSL_SUBJ=/CN=example.com/@' /etc/bunkerweb/variables.env
export SELF_SIGNED_SSL_EXPIRY="30"
export SELF_SIGNED_SSL_SUBJ="/CN=example.com/"
fi
fi
echo "🔑 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🔑 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🔑 Up failed ❌"
echo "🔑 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🔑 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🔑 Start failed ❌"
exit 1
fi
fi
@ -72,37 +125,70 @@ do
# Check if stack is healthy
echo "🔑 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("selfsigned-bw-1" "selfsigned-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("selfsigned-bw-1" "selfsigned-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🔑 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🔑 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🔑 Docker stack is not healthy ❌"
exit 1
fi
else
while [ $i -lt 120 ] ; do
check="$(sudo cat /var/log/bunkerweb/error.log | grep "BunkerWeb is ready")"
if ! [ -z "$check" ] ; then
echo "🔑 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🔑 Linux stack is not healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🔑 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🔑 Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🔑 Test \"$test\" succeeded ✅"

5
tests/core/sessions/main.py
View file

@ -58,7 +58,10 @@ try:
print(" Reloading BunkerWeb ...", flush=True)
response = post("http://192.168.0.2:5000/reload", headers={"Host": "bwapi"})
response = post(
f"http://{'192.168.0.2' if getenv('TEST_TYPE', 'docker') == 'docker' else '127.0.0.1'}:5000/reload",
headers={"Host": "bwapi"},
)
if response.status_code != 200:
print("❌ An error occurred when restarting BunkerWeb, exiting ...", flush=True)

170
tests/core/sessions/test.sh
View file

@ -1,17 +1,36 @@
#!/bin/bash
echo "🧳 Building sessions stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🧳 Pull failed ❌"
if [ -z "$integration" ] ; then
echo "🧳 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🧳 Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🧳 Build failed ❌"
exit 1
echo "🧳 Building sessions stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🧳 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🧳 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "USE_ANTIBOT=cookie" | sudo tee -a /etc/bunkerweb/variables.env
echo "SESSIONS_SECRET=random" | sudo tee -a /etc/bunkerweb/variables.env
echo "SESSIONS_NAME=random" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
export TEST_TYPE="linux"
fi
manual=0
@ -19,8 +38,15 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@SESSIONS_SECRET: ".*"$@SESSIONS_SECRET: "random"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SESSIONS_NAME: ".*"$@SESSIONS_NAME: "random"@' {} \;
if [ "$integration" = "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@SESSIONS_SECRET: ".*"$@SESSIONS_SECRET: "random"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SESSIONS_NAME: ".*"$@SESSIONS_NAME: "random"@' {} \;
else
sudo sed -i 's@SESSIONS_SECRET=.*$@SESSIONS_SECRET=random@' /etc/bunkerweb/variables.env
sudo sed -i 's@SESSIONS_NAME=.*$@SESSIONS_NAME=random@' /etc/bunkerweb/variables.env
unset SESSIONS_SECRET
unset SESSIONS_NAME
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -28,10 +54,15 @@ cleanup_stack () {
echo "🧳 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🧳 Down failed ❌"
echo "🧳 Cleanup failed ❌"
exit 1
fi
@ -47,23 +78,43 @@ do
echo "🧳 Running tests with random secret and random name ..."
elif [ "$test" = "manual_name" ] ; then
echo "🧳 Running tests where session name is equal to \"test\" ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@SESSIONS_NAME: ".*"$@SESSIONS_NAME: "test"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@SESSIONS_NAME: ".*"$@SESSIONS_NAME: "test"@' {} \;
else
sudo sed -i 's@SESSIONS_NAME=.*$@SESSIONS_NAME=test@' /etc/bunkerweb/variables.env
export SESSIONS_NAME="test"
fi
elif [ "$test" = "manual_secret" ] ; then
echo "🧳 Running tests where session secret is equal to \"test\" ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@SESSIONS_NAME: ".*"$@SESSIONS_NAME: "random"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SESSIONS_SECRET: ".*"$@SESSIONS_SECRET: "test"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@SESSIONS_NAME: ".*"$@SESSIONS_NAME: "random"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SESSIONS_SECRET: ".*"$@SESSIONS_SECRET: "test"@' {} \;
else
sudo sed -i 's@SESSIONS_NAME=.*$@SESSIONS_NAME=random@' /etc/bunkerweb/variables.env
sudo sed -i 's@SESSIONS_SECRET=.*$@SESSIONS_SECRET=test@' /etc/bunkerweb/variables.env
unset SESSIONS_NAME
export SESSIONS_SECRET="test"
fi
fi
echo "🧳 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🧳 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🧳 Up failed ❌"
echo "🧳 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🧳 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🧳 Start failed ❌"
exit 1
fi
fi
@ -71,37 +122,72 @@ do
# Check if stack is healthy
echo "🧳 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("sessions-bw-1" "sessions-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("sessions-bw-1" "sessions-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🧳 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🧳 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🧳 Docker stack is not healthy ❌"
exit 1
fi
else
while [ $i -lt 120 ] ; do
check="$(sudo cat /var/log/bunkerweb/error.log | grep "BunkerWeb is ready")"
if ! [ -z "$check" ] ; then
echo "🧳 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🧳 Linux stack is not healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🧳 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🧳 Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛡️ Showing Geckodriver logs ..."
sudo cat geckodriver.log
fi
exit 1
else
echo "🧳 Test \"$test\" succeeded ✅"