core - Optimize cors tests
This commit is contained in:
parent
3f51f59bcb
commit
7158e7e9a1
|
@ -5,6 +5,7 @@ services:
|
|||
build: .
|
||||
environment:
|
||||
PYTHONUNBUFFERED: "1"
|
||||
GENERATE_SELF_SIGNED_SSL: "no"
|
||||
USE_CORS: "no"
|
||||
CORS_ALLOW_ORIGIN: "*"
|
||||
CORS_EXPOSE_HEADERS: "Content-Length,Content-Range"
|
||||
|
|
|
@ -15,7 +15,7 @@ services:
|
|||
USE_BUNKERNET: "no"
|
||||
USE_BLACKLIST: "no"
|
||||
LOG_LEVEL: "info"
|
||||
GENERATE_SELF_SIGNED_SSL: "yes"
|
||||
GENERATE_SELF_SIGNED_SSL: "no"
|
||||
ALLOWED_METHODS: "GET|POST|HEAD|OPTIONS"
|
||||
|
||||
# ? CORS settings
|
||||
|
|
|
@ -9,12 +9,14 @@ from time import sleep
|
|||
|
||||
|
||||
try:
|
||||
ssl = getenv("GENERATE_SELF_SIGNED_SSL", "no") == "yes"
|
||||
|
||||
ready = False
|
||||
retries = 0
|
||||
while not ready:
|
||||
with suppress(RequestException):
|
||||
status_code = get(
|
||||
"https://www.example.com",
|
||||
f"http{'s' if ssl else ''}://www.example.com",
|
||||
headers={"Host": "www.example.com"},
|
||||
verify=False,
|
||||
).status_code
|
||||
|
@ -35,180 +37,199 @@ try:
|
|||
)
|
||||
sleep(5)
|
||||
|
||||
firefox_options = Options()
|
||||
firefox_options.add_argument("--headless")
|
||||
|
||||
use_cors = getenv("USE_CORS", "no")
|
||||
cors_allow_origin = getenv("CORS_ALLOW_ORIGIN", "*").replace("\\", "").replace("^", "").replace("$", "")
|
||||
use_cors = getenv("USE_CORS", "no") == "yes"
|
||||
cors_allow_origin = (
|
||||
getenv("CORS_ALLOW_ORIGIN", "*")
|
||||
.replace("\\", "")
|
||||
.replace("^", "")
|
||||
.replace("$", "")
|
||||
)
|
||||
cors_expose_headers = getenv("CORS_EXPOSE_HEADERS", "Content-Length,Content-Range")
|
||||
cors_max_age = getenv("CORS_MAX_AGE", "86400")
|
||||
cors_allow_credentials = getenv("CORS_ALLOW_CREDENTIALS", "no") == "yes"
|
||||
cors_allow_credentials = (
|
||||
"true" if getenv("CORS_ALLOW_CREDENTIALS", "no") == "yes" else "false"
|
||||
)
|
||||
cors_allow_methods = getenv("CORS_ALLOW_METHODS", "GET, POST, OPTIONS")
|
||||
cors_allow_headers = getenv(
|
||||
"CORS_ALLOW_HEADERS",
|
||||
"DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range",
|
||||
)
|
||||
|
||||
print(
|
||||
f"ℹ️ Sending a HEAD request to http{'s' if ssl else ''}://www.example.com ...",
|
||||
flush=True,
|
||||
)
|
||||
|
||||
response = head(
|
||||
f"http{'s' if ssl else ''}://www.example.com",
|
||||
headers={
|
||||
"Host": "www.example.com",
|
||||
"Origin": f"http{'s' if ssl else ''}://bwadm.example.com",
|
||||
},
|
||||
verify=False,
|
||||
)
|
||||
response.raise_for_status()
|
||||
|
||||
if any(
|
||||
header in response.headers
|
||||
for header in (
|
||||
"Access-Control-Max-Age",
|
||||
"Access-Control-Allow-Credentials",
|
||||
"Access-Control-Allow-Methods",
|
||||
"Access-Control-Allow-Headers",
|
||||
)
|
||||
):
|
||||
print(
|
||||
f"❌ One of the preflight request headers is present in the response headers, it should not be ...\nheaders: {response.headers}",
|
||||
)
|
||||
exit(1)
|
||||
|
||||
for header, value in (
|
||||
("Access-Control-Allow-Origin", cors_allow_origin),
|
||||
("Access-Control-Expose-Headers", cors_expose_headers),
|
||||
):
|
||||
if use_cors:
|
||||
if value != response.headers.get(header):
|
||||
print(
|
||||
f"❌ The {header} header is set to \"{response.headers.get(header, 'header missing')}\", it should be \"{value}\" ...\nheaders: {response.headers}",
|
||||
flush=True,
|
||||
)
|
||||
exit(1)
|
||||
print(
|
||||
f'✅ The {header} header is set to "{value}" ...',
|
||||
flush=True,
|
||||
)
|
||||
else:
|
||||
if header in response.headers:
|
||||
print(
|
||||
f'❌ The {header} header is present in the response headers while the setting USE_CORS is set to "no", it should not be ...\nheaders: {response.headers}',
|
||||
)
|
||||
exit(1)
|
||||
print(
|
||||
f"✅ The {header} header is not present in the response headers as expected ...",
|
||||
flush=True,
|
||||
)
|
||||
|
||||
sleep(1)
|
||||
|
||||
print(
|
||||
f"ℹ️ Sending a preflight request to http{'s' if ssl else ''}://www.example.com ...",
|
||||
flush=True,
|
||||
)
|
||||
|
||||
response = options(
|
||||
f"http{'s' if ssl else ''}://www.example.com",
|
||||
headers={
|
||||
"Host": "www.example.com",
|
||||
"Origin": f"http{'s' if ssl else ''}://bwadm.example.com",
|
||||
},
|
||||
verify=False,
|
||||
)
|
||||
response.raise_for_status()
|
||||
|
||||
if use_cors:
|
||||
if (
|
||||
cors_allow_credentials == "false"
|
||||
and "Access-Control-Allow-Credentials" in response.headers
|
||||
):
|
||||
print(
|
||||
f'❌ The Access-Control-Allow-Credentials header is present in the response headers while the setting CORS_ALLOW_CREDENTIALS is set to "no", it should not be ...\nheaders: {response.headers}',
|
||||
)
|
||||
exit(1)
|
||||
elif (
|
||||
cors_allow_credentials == "true"
|
||||
and "Access-Control-Allow-Credentials" not in response.headers
|
||||
):
|
||||
print(
|
||||
f'❌ The Access-Control-Allow-Credentials header is not present in the response headers while the setting CORS_ALLOW_CREDENTIALS is set to "yes", it should be ...\nheaders: {response.headers}',
|
||||
)
|
||||
exit(1)
|
||||
print(
|
||||
f"✅ The Access-Control-Allow-Credentials header is{' not' if cors_allow_credentials == 'false' else ''} present as expected ...",
|
||||
flush=True,
|
||||
)
|
||||
|
||||
for header, value in (
|
||||
("Access-Control-Allow-Credentials", cors_allow_credentials),
|
||||
("Access-Control-Max-Age", cors_max_age),
|
||||
("Access-Control-Allow-Methods", cors_allow_methods),
|
||||
("Access-Control-Allow-Headers", cors_allow_headers),
|
||||
):
|
||||
if use_cors:
|
||||
if (
|
||||
header == "Access-Control-Allow-Credentials"
|
||||
and cors_allow_credentials == "false"
|
||||
):
|
||||
continue
|
||||
|
||||
if value != response.headers.get(header):
|
||||
print(
|
||||
f"❌ The {header} header is set to \"{response.headers.get(header, 'header missing')}\", it should be \"{value}\" ...\nheaders: {response.headers}",
|
||||
flush=True,
|
||||
)
|
||||
exit(1)
|
||||
print(
|
||||
f'✅ The {header} header is set to "{value}" ...',
|
||||
flush=True,
|
||||
)
|
||||
else:
|
||||
if header in response.headers:
|
||||
print(
|
||||
f'❌ The {header} header is present in the response headers while the setting USE_CORS is set to "no", it should not be ...\nheaders: {response.headers}',
|
||||
)
|
||||
exit(1)
|
||||
print(
|
||||
f"✅ The {header} header is not present in the response headers as expected ...",
|
||||
flush=True,
|
||||
)
|
||||
|
||||
if any(
|
||||
[
|
||||
cors_allow_origin != "*",
|
||||
cors_expose_headers != "Content-Length,Content-Range",
|
||||
]
|
||||
):
|
||||
print(
|
||||
"ℹ️ Sending a HEAD request to https://www.example.com ...",
|
||||
flush=True,
|
||||
)
|
||||
|
||||
response = head(
|
||||
"https://www.example.com", headers={"Host": "www.example.com", "Origin": "https://www.example.com"}, verify=False
|
||||
)
|
||||
response.raise_for_status()
|
||||
|
||||
if any(
|
||||
header in response.headers
|
||||
for header in (
|
||||
"Access-Control-Max-Age",
|
||||
"Access-Control-Allow-Credentials",
|
||||
"Access-Control-Allow-Methods",
|
||||
"Access-Control-Allow-Headers",
|
||||
)
|
||||
):
|
||||
print(
|
||||
f"❌ One of the preflight request headers is present in the response headers, it should not be ...\nheaders: {response.headers}",
|
||||
)
|
||||
exit(1)
|
||||
elif cors_allow_origin != response.headers.get("Access-Control-Allow-Origin"):
|
||||
print(
|
||||
f"❌ The Access-Control-Allow-Origin header is set to {response.headers.get('Access-Control-Allow-Origin', 'missing')}, it should be {cors_allow_origin} ...\nheaders: {response.headers}",
|
||||
flush=True,
|
||||
)
|
||||
exit(1)
|
||||
elif cors_allow_origin != "*":
|
||||
print(
|
||||
f"✅ The Access-Control-Allow-Origin header is set to {cors_allow_origin} ...",
|
||||
flush=True,
|
||||
)
|
||||
elif cors_expose_headers != response.headers.get(
|
||||
"Access-Control-Expose-Headers"
|
||||
):
|
||||
print(
|
||||
f"❌ The Access-Control-Expose-Headers header is set to {response.headers.get('Access-Control-Expose-Headers', 'missing')}, it should be {cors_expose_headers} ...\nheaders: {response.headers}",
|
||||
flush=True,
|
||||
)
|
||||
exit(1)
|
||||
elif cors_expose_headers != "Content-Length,Content-Range":
|
||||
print(
|
||||
f"✅ The Access-Control-Expose-Headers header is set to {cors_expose_headers} ...",
|
||||
flush=True,
|
||||
)
|
||||
|
||||
exit(0)
|
||||
elif any(
|
||||
[
|
||||
cors_max_age != "86400",
|
||||
cors_allow_credentials,
|
||||
cors_allow_credentials == "true",
|
||||
cors_allow_methods != "GET, POST, OPTIONS",
|
||||
cors_allow_headers
|
||||
!= "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range",
|
||||
]
|
||||
):
|
||||
print(
|
||||
"ℹ️ Sending a preflight request to https://www.example.com ...",
|
||||
flush=True,
|
||||
)
|
||||
|
||||
response = options(
|
||||
"https://www.example.com", headers={"Host": "www.example.com", "Origin": "https://www.example.com"}, verify=False
|
||||
)
|
||||
response.raise_for_status()
|
||||
|
||||
if (
|
||||
not cors_allow_credentials
|
||||
and "Access-Control-Allow-Credentials" in response.headers
|
||||
):
|
||||
print(
|
||||
f"❌ The Access-Control-Allow-Credentials header is present in the response headers while the setting CORS_ALLOW_CREDENTIALS is set to {cors_allow_credentials}, it should not be ...\nheaders: {response.headers}",
|
||||
)
|
||||
exit(1)
|
||||
elif cors_max_age != response.headers.get("Access-Control-Max-Age"):
|
||||
print(
|
||||
f"❌ The Access-Control-Max-Age header is set to {response.headers.get('Access-Control-Max-Age', 'missing')}, it should be {cors_max_age} ...\nheaders: {response.headers}",
|
||||
flush=True,
|
||||
)
|
||||
exit(1)
|
||||
elif cors_max_age != "86400":
|
||||
print(
|
||||
f"✅ The Access-Control-Max-Age header is set to {cors_max_age} ...",
|
||||
flush=True,
|
||||
)
|
||||
elif (
|
||||
cors_allow_credentials
|
||||
and "Access-Control-Allow-Credentials" not in response.headers
|
||||
):
|
||||
print(
|
||||
f"❌ The Access-Control-Allow-Credentials header is not present in the response headers while the setting CORS_ALLOW_CREDENTIALS is set to {cors_allow_credentials}, it should be ...\nheaders: {response.headers}",
|
||||
)
|
||||
exit(1)
|
||||
elif cors_allow_methods != response.headers.get("Access-Control-Allow-Methods"):
|
||||
print(
|
||||
f"❌ The Access-Control-Allow-Methods header is set to {response.headers.get('Access-Control-Allow-Methods', 'missing')}, it should be {cors_allow_methods} ...\nheaders: {response.headers}",
|
||||
)
|
||||
exit(1)
|
||||
elif cors_allow_methods != "GET, POST, OPTIONS":
|
||||
print(
|
||||
f"✅ The Access-Control-Allow-Methods is set to {cors_allow_methods} ...",
|
||||
flush=True,
|
||||
)
|
||||
elif cors_allow_headers != response.headers.get("Access-Control-Allow-Headers"):
|
||||
print(
|
||||
f"❌ The Access-Control-Allow-Headers header is set to {response.headers.get('Access-Control-Allow-Headers', 'missing')}, it should be {cors_allow_headers} ...\nheaders: {response.headers}",
|
||||
flush=True,
|
||||
)
|
||||
exit(1)
|
||||
elif (
|
||||
cors_allow_headers
|
||||
!= "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"
|
||||
):
|
||||
print(
|
||||
f"✅ The Access-Control-Allow-Headers header is set to {cors_allow_headers} ...",
|
||||
flush=True,
|
||||
)
|
||||
else:
|
||||
print(
|
||||
f"✅ The Access-Control-Allow-Credentials header is present and set to {cors_allow_credentials} ...",
|
||||
flush=True,
|
||||
)
|
||||
|
||||
exit(0)
|
||||
|
||||
sleep(0.5)
|
||||
|
||||
firefox_options = Options()
|
||||
firefox_options.add_argument("--headless")
|
||||
|
||||
print("ℹ️ Starting Firefox ...", flush=True)
|
||||
with webdriver.Firefox(options=firefox_options) as driver:
|
||||
driver.delete_all_cookies()
|
||||
driver.maximize_window()
|
||||
|
||||
print(
|
||||
"ℹ️ Sending a javascript request to https://www.example.com ...",
|
||||
f"ℹ️ Sending a javascript request to http{'s' if ssl else ''}://www.example.com ...",
|
||||
flush=True,
|
||||
)
|
||||
error = False
|
||||
|
||||
try:
|
||||
driver.execute_script(
|
||||
"""var xhttp = new XMLHttpRequest();
|
||||
xhttp.open("GET", "https://www.example.com", false);
|
||||
xhttp.setRequestHeader("Host", "www.example.com");
|
||||
xhttp.send();"""
|
||||
f"""
|
||||
var xhttp = new XMLHttpRequest();
|
||||
xhttp.open("GET", "http{'s' if ssl else ''}://www.example.com", false);
|
||||
xhttp.setRequestHeader("Host", "www.example.com");
|
||||
xhttp.send();
|
||||
"""
|
||||
)
|
||||
except JavascriptException as e:
|
||||
if not f"{e}".startswith("Message: NetworkError"):
|
||||
print(f"❌ {e}", flush=True)
|
||||
error = True
|
||||
|
||||
if use_cors == "no" and not error:
|
||||
if not use_cors and not error:
|
||||
print("❌ CORS is enabled, it shouldn't be, exiting ...", flush=True)
|
||||
exit(1)
|
||||
elif use_cors == "yes" and error:
|
||||
elif use_cors and error:
|
||||
print("❌ CORS are not working as expected, exiting ...", flush=True)
|
||||
exit(1)
|
||||
|
||||
|
|
|
@ -20,7 +20,8 @@ cleanup_stack () {
|
|||
exit_code=$?
|
||||
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_CORS: "yes"@USE_CORS: "no"@' {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_ORIGIN: "^https://www\\\\.example\\\\.com$$"@CORS_ALLOW_ORIGIN: "\*"@' {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "yes"@GENERATE_SELF_SIGNED_SSL: "no"@' {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_ORIGIN: ".*"$@CORS_ALLOW_ORIGIN: "\*"@' {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_EXPOSE_HEADERS: "X-Test"@CORS_EXPOSE_HEADERS: "Content-Length,Content-Range"@' {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_MAX_AGE: "3600"@CORS_MAX_AGE: "86400"@' {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_CREDENTIALS: "yes"@CORS_ALLOW_CREDENTIALS: "no"@' {} \;
|
||||
|
@ -46,35 +47,21 @@ cleanup_stack () {
|
|||
# Cleanup stack on exit
|
||||
trap cleanup_stack EXIT
|
||||
|
||||
for test in "deactivated" "activated" "allow_origin" "expose_headers" "max_age" "allow_credentials" "allow_methods" "allow_headers"
|
||||
for test in "deactivated" "activated" "tweaked_settings"
|
||||
do
|
||||
if [ "$test" = "deactivated" ] ; then
|
||||
echo "🛰️ Running tests without cors ..."
|
||||
elif [ "$test" = "activated" ] ; then
|
||||
echo "🛰️ Running tests with cors ..."
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_CORS: "no"@USE_CORS: "yes"@' {} \;
|
||||
elif [ "$test" = "allow_origin" ] ; then
|
||||
echo "🛰️ Running tests with cors allow origin set to https://www.example.com ..."
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_ORIGIN: "\*"@CORS_ALLOW_ORIGIN: "^https://www\\\\.example\\\\.com$$"@' {} \;
|
||||
elif [ "$test" = "expose_headers" ] ; then
|
||||
echo "🛰️ Running tests with cors expose headers set to X-Test ..."
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_ORIGIN: "^https://www\\\\.example\\\\.com$$"@CORS_ALLOW_ORIGIN: "\*"@' {} \;
|
||||
elif [ "$test" = "tweaked_settings" ] ; then
|
||||
echo "🛰️ Running tests with tweaked cors settings ..."
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "no"@GENERATE_SELF_SIGNED_SSL: "yes"@' {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_ORIGIN: "\*"@CORS_ALLOW_ORIGIN: "^https://bwadm\\\\.example\\\\.com$$"@' {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_EXPOSE_HEADERS: "Content-Length,Content-Range"@CORS_EXPOSE_HEADERS: "X-Test"@' {} \;
|
||||
elif [ "$test" = "max_age" ] ; then
|
||||
echo "🛰️ Running tests with cors max age set to 3600 ..."
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_EXPOSE_HEADERS: "X-Test"@CORS_EXPOSE_HEADERS: "Content-Length,Content-Range"@' {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_MAX_AGE: "86400"@CORS_MAX_AGE: "3600"@' {} \;
|
||||
elif [ "$test" = "allow_credentials" ] ; then
|
||||
echo "🛰️ Running tests with cors allow credentials is set to yes ..."
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_MAX_AGE: "3600"@CORS_MAX_AGE: "86400"@' {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_CREDENTIALS: "no"@CORS_ALLOW_CREDENTIALS: "yes"@' {} \;
|
||||
elif [ "$test" = "allow_methods" ] ; then
|
||||
echo "🛰️ Running tests with cors allow methods is set to GET, HEAD, POST, OPTIONS ..."
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_CREDENTIALS: "yes"@CORS_ALLOW_CREDENTIALS: "no"@' {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_METHODS: "GET, POST, OPTIONS"@CORS_ALLOW_METHODS: "GET, HEAD, POST, OPTIONS"@' {} \;
|
||||
elif [ "$test" = "allow_headers" ] ; then
|
||||
echo "🛰️ Running tests with cors allow headers is set to X-Test ..."
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_METHODS: "GET, HEAD, POST, OPTIONS"@CORS_ALLOW_METHODS: "GET, POST, OPTIONS"@' {} \;
|
||||
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_HEADERS: "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"@CORS_ALLOW_HEADERS: "X-Test"@' {} \;
|
||||
fi
|
||||
|
||||
|
|
Loading…
Reference in New Issue