librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

Merge branch 'dev' of github.com:bunkerity/bunkerweb into dev

This commit is contained in:
florian 2023-05-19 12:39:53 +02:00
parent 179beea4d7 1d126e1d0e
commit 93c766e564
No known key found for this signature in database
GPG Key ID: 3D80806F12602A7C
5 changed files with 15 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/bw/Dockerfile
View File

@ -69,7 +69,7 @@ RUN apk add --no-cache pcre bash python3 && \
ln -s /proc/1/fd/1 /var/log/nginx/access.log
# Fix CVEs
RUN apk add "libcrypto3>=3.0.8-r4" "libssl3>=3.0.8-r4"
RUN apk add "libcrypto3>=3.0.8-r4" "libssl3>=3.0.8-r4" "curl>=8.1.0-r0" "libcurl>=8.1.0-r0"
VOLUME /data /etc/nginx

1
tests/core/cors/docker-compose.yml
View File

@ -17,6 +17,7 @@ services:
LOG_LEVEL: "info"
GENERATE_SELF_SIGNED_SSL: "no"
ALLOWED_METHODS: "GET|POST|HEAD|OPTIONS"
CUSTOM_CONF_SEVER_HTTP_main: "location /options { default_type 'text/plain'; content_by_lua_block { if ngx.var.request_method == \"OPTIONS\" then ngx.say(\"Hello, world!\") end } }"
# ? CORS settings
USE_CORS: "no"

7
tests/core/cors/main.py
View File

@ -113,19 +113,20 @@ try:
sleep(1)
print(
f" Sending a preflight request to http{'s' if ssl else ''}://www.example.com ...",
f" Sending a preflight request to http{'s' if ssl else ''}://www.example.com/options ...",
flush=True,
)
response = options(
f"http{'s' if ssl else ''}://www.example.com",
f"http{'s' if ssl else ''}://www.example.com/options",
headers={
"Host": "www.example.com",
"Origin": f"http{'s' if ssl else ''}://bwadm.example.com",
},
verify=False,
)
response.raise_for_status()
if response.status_code != 404:
response.raise_for_status()
if use_cors:
if (

15
tests/core/misc/main.py
View File

@ -1,6 +1,6 @@
from os import getenv
from subprocess import run
from requests import ConnectionError, head, options, post
from requests import ConnectionError, get, head, post
from socket import create_connection
from ssl import CERT_NONE, create_default_context
from time import sleep
@ -141,19 +141,20 @@ try:
allowed_methods = getenv("ALLOWED_METHODS", "GET|POST|HEAD")
print(
f" Sending a OPTIONS request to http{'s' if ssl_generated else ''}://www.example.com to test ALLOWED_METHODS",
f" Sending a GET request to http{'s' if ssl_generated else ''}://www.example.com to test ALLOWED_METHODS",
flush=True,
)
response = options(
response = get(
f"http{'s' if ssl_generated else ''}://www.example.com",
headers={"Host": "www.example.com"},
verify=False,
)
if response.status_code == 405:
if "OPTIONS" in allowed_methods:
if "GET" in allowed_methods:
print(
"❌ Request got rejected, even if OPTIONS is in allowed methods, exiting ...",
"❌ Request got rejected, even if GET is in allowed methods, exiting ...",
flush=True,
)
exit(1)
@ -163,9 +164,9 @@ try:
if response.status_code != 404:
response.raise_for_status()
if "OPTIONS" not in allowed_methods:
if "GET" not in allowed_methods:
print(
"❌ Request didn't get rejected, even if OPTIONS is not in allowed methods, exiting ...",
"❌ Request didn't get rejected, even if GET is not in allowed methods, exiting ...",
flush=True,
)
exit(1)

2
tests/core/misc/test.sh
View File

@ -59,7 +59,7 @@ do
echo "🗃️ Running tests when misc settings have tweaked values ..."
echo " Keeping the ssl generated in self signed ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@DISABLE_DEFAULT_SERVER: "no"@DISABLE_DEFAULT_SERVER: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@ALLOWED_METHODS: ".*"$@ALLOWED_METHODS: "GET|POST|HEAD|OPTIONS"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@ALLOWED_METHODS: ".*"$@ALLOWED_METHODS: "POST|HEAD"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@MAX_CLIENT_SIZE: "5m"@MAX_CLIENT_SIZE: "10m"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SERVE_FILES: "yes"@SERVE_FILES: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@HTTP2: "yes"@HTTP2: "no"@' {} \;