librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

Tweak reversescan core test to avoid false negative

This commit is contained in:
Théophile Diot 2023-09-23 16:35:48 +01:00
parent 0e9f29cc52
commit 78a29e65ea
No known key found for this signature in database
GPG Key ID: 248FEA4BAE400D06
4 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tests/core/reversescan/docker-compose.test.yml
View File

@ -6,7 +6,7 @@ services:
environment:
PYTHONUNBUFFERED: "1"
USE_REVERSE_SCAN: "yes"
REVERSE_SCAN_PORTS: "22 80 443 3128 8000 8080"
REVERSE_SCAN_PORTS: "80"
REVERSE_SCAN_TIMEOUT: "500"
extra_hosts:
- "www.example.com:192.168.0.2"

2
tests/core/reversescan/docker-compose.yml
View File

@ -17,7 +17,7 @@ services:
# ? REVERSE_SCAN settings
USE_REVERSE_SCAN: "yes"
REVERSE_SCAN_PORTS: "22 80 443 3128 8000 8080"
REVERSE_SCAN_PORTS: "80"
REVERSE_SCAN_TIMEOUT: "500"
networks:
bw-universe:

5
tests/core/reversescan/main.py
View File

@ -1,3 +1,4 @@
from re import search
from time import sleep
from fastapi import FastAPI
from os import getenv
@ -19,7 +20,7 @@ if getenv("TEST_TYPE", "docker") == "docker":
try:
use_reverse_scan = getenv("USE_REVERSE_SCAN", "yes") == "yes"
reverse_scan_ports = getenv("REVERSE_SCAN_PORTS", "22 80 443 3128 8000 8080")
reverse_scan_ports = getenv("REVERSE_SCAN_PORTS", "80")
print(f" Trying to access http://www.example.com ...", flush=True)
status_code = get(
@ -30,7 +31,7 @@ try:
if status_code == 403:
pass
elif use_reverse_scan and " 80 " in reverse_scan_ports:
elif use_reverse_scan and search(r"\b80\b", reverse_scan_ports):
print(
"❌ Request didn't return 403, but reverse scan is enabled and port 80 is in the reverse scan ports list, exiting ...",
flush=True,

12
tests/core/reversescan/test.sh
View File

@ -27,7 +27,7 @@ if [ "$integration" = "docker" ] ; then
else
sudo systemctl stop bunkerweb
echo "USE_REVERSE_SCAN=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "REVERSE_SCAN_PORTS=22 80 443 3128 8000 8080" | sudo tee -a /etc/bunkerweb/variables.env
echo "REVERSE_SCAN_PORTS=80" | sudo tee -a /etc/bunkerweb/variables.env
echo "REVERSE_SCAN_TIMEOUT=500" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
export TEST_TYPE="linux"
@ -40,10 +40,10 @@ cleanup_stack () {
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "no"@USE_REVERSE_SCAN: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REVERSE_SCAN_PORTS: ".*"$@REVERSE_SCAN_PORTS: "22 80 443 3128 8000 8080"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REVERSE_SCAN_PORTS: ".*"$@REVERSE_SCAN_PORTS: "80"@' {} \;
else
sudo sed -i 's@USE_REVERSE_SCAN=.*$@USE_REVERSE_SCAN=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@REVERSE_SCAN_PORTS=.*$@REVERSE_SCAN_PORTS=22 80 443 3128 8000 8080@' /etc/bunkerweb/variables.env
sudo sed -i 's@REVERSE_SCAN_PORTS=.*$@REVERSE_SCAN_PORTS=80@' /etc/bunkerweb/variables.env
unset USE_REVERSE_SCAN
unset REVERSE_SCAN_PORTS
fi
@ -79,10 +79,10 @@ do
elif [ "$test" = "tweaked_ports" ] ; then
echo "🕵️ Running tests while removing the 80 port being scanned ..."
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@REVERSE_SCAN_PORTS: ".*"$@REVERSE_SCAN_PORTS: "22 443 3128 8000 8080"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REVERSE_SCAN_PORTS: ".*"$@REVERSE_SCAN_PORTS: ""@' {} \;
else
sudo sed -i 's@REVERSE_SCAN_PORTS=.*$@REVERSE_SCAN_PORTS=22 443 3128 8000 8080@' /etc/bunkerweb/variables.env
export REVERSE_SCAN_PORTS="22 443 3128 8000 8080"
sudo sed -i 's@REVERSE_SCAN_PORTS=.*$@REVERSE_SCAN_PORTS=@' /etc/bunkerweb/variables.env
export REVERSE_SCAN_PORTS=""
fi
elif [ "$test" = "deactivated" ] ; then
echo "🕵️ Running tests without the reverse scan ..."