3 # attack the test server and try to make it fall over
9 A=`which libwebsockets-test-server`
10 INSTALLED=`dirname $A`
17 if [ $? -ne 0 ] ; then
18 echo "(killed it) *******"
21 dd if=$LOG bs=1 skip=$LEN 2>/dev/null
23 if [ "$1" = "default" ] ; then
24 diff /tmp/lwscap $INSTALLED/../share/libwebsockets-test-server/test.html > /dev/null
25 if [ $? -ne 0 ] ; then
26 echo "FAIL: got something other than test.html back"
30 if [ "$1" = "defaultplusforbidden" ] ; then
31 cat $INSTALLED/../share/libwebsockets-test-server/test.html > /tmp/plusforb
32 echo -e -n "HTTP/1.1 403 Forbidden\x0d\x0aserver: libwebsockets\x0d\x0acontent-type: text/html\x0d\x0acontent-length: 38\x0d\x0a\x0d\x0a<html><body><h1>403</h1></body></html>" >> /tmp/plusforb
33 diff /tmp/lwscap /tmp/plusforb > /dev/null
34 if [ $? -ne 0 ] ; then
35 echo "FAIL: got something other than test.html back"
40 if [ "$1" = "forbidden" ] ; then
41 if [ -z "`grep '<h1>403</h1>' /tmp/lwscap`" ] ; then
42 echo "FAIL: should have told forbidden (test server has no dirs)"
47 if [ "$1" = "rejected" ] ; then
48 if [ -z "`grep '<h1>406</h1>' /tmp/lwscap`" ] ; then
49 echo "FAIL: should have told forbidden (test server has no dirs)"
55 if [ "$1" = "media" ] ; then
56 if [ -z "`grep '<h1>415</h1>' /tmp/lwscap`" ] ; then
57 echo "FAIL: should have told unknown media type"
62 if [ "$1" == "0" ] ; then
63 a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep "get\ \ =" | tr -s ' ' | cut -d' ' -f4-`"
64 if [ "$a" != "$2" ] ; then
65 echo "URL path '$a' not $2"
70 if [ "$1" == "1" ] ; then
71 a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 1\: | tr -s ' ' | cut -d' ' -f5-`"
72 if [ "$a" != "$2" ] ; then
73 echo "Arg 1 '$a' not $2"
78 if [ "$1" == "2" ] ; then
79 a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 2\: | tr -s ' ' | cut -d' ' -f5-`"
80 if [ "$a" != "$2" ] ; then
81 echo "Arg 2 '$a' not $2"
85 if [ "$1" == "3" ] ; then
86 a="`dd if=$LOG bs=1 skip=$LEN 2>/dev/null |grep URI\ Arg\ 3\: | tr -s ' ' | cut -d' ' -f5-`"
87 if [ "$a" != "$2" ] ; then
88 echo "Arg 3 '$a' not $2"
100 killall libwebsockets-test-server 2>/dev/null
101 libwebsockets-test-server -d15 2>> $LOG &
104 while [ -z "`grep Listening $LOG`" ] ; do
110 echo "---- /cgi-bin/settingsjs?UPDATE_SETTINGS=1&Root_Channels_1_Channel_name_http_post=%3F&Root_Channels_1_Channel_location_http_post=%3F"
112 echo -e "GET /cgi-bin/settingsjs?UPDATE_SETTINGS=1&Root_Channels_1_Channel_name_http_post=%3F&Root_Channels_1_Channel_location_http_post=%3F HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
113 check 1 "UPDATE_SETTINGS=1"
114 check 2 "Root_Channels_1_Channel_name_http_post=?"
115 check 3 "Root_Channels_1_Channel_location_http_post=?"
119 echo "---- ? processing (/cgi-bin/settings.js?key1=value1)"
121 echo -e "GET /cgi-bin/settings.js?key1=value1 HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
122 check 1 "key1=value1"
126 echo "---- ? processing (/t%3dest?key1%3d2=value1)"
128 echo -e "GET /t%3dest?key1%3d2=value1 HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
130 check 1 "key1_2=value1"
134 echo "---- ? processing (%2f%2e%2e%2f%2e./test.html?arg=1)"
136 echo -e "GET %2f%2e%2e%2f%2e./test.html?arg=1 HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
141 echo "---- ? processing (%2f%2e%2e%2f%2e./test.html?arg=/../.)"
143 echo -e "GET %2f%2e%2e%2f%2e./test.html?arg=/../. HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
148 echo "---- spam enough crap to not be GET"
149 echo "not GET" | nc $SERVER $PORT
153 echo "---- spam more than the name buffer of crap"
154 dd if=/dev/urandom bs=1 count=80 2>/dev/null | nc -i1s $SERVER $PORT
158 echo "---- spam 10MB of crap"
159 dd if=/dev/urandom bs=1 count=655360 | nc -i1s $SERVER $PORT
163 echo "---- malformed URI"
164 echo "GET nonsense................................................................................................................" \
165 | nc -i1s $SERVER $PORT
169 echo "---- missing URI"
170 echo -e "GET HTTP/1.1\x0d\x0a\x0d\x0a" | nc -i1s $SERVER $PORT >/tmp/lwscap
174 echo "---- repeated method"
175 echo -e "GET blah HTTP/1.1\x0d\x0aGET blah HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT >/tmp/lwscap
179 echo "---- crazy header name part"
180 echo -e "GET blah HTTP/1.1\x0d\x0a................................................................................................................" \
181 "......................................................................................................................." \
182 "......................................................................................................................." \
183 "......................................................................................................................." \
184 "......................................................................................................................." \
185 "......................................................................................................................." \
186 "......................................................................................................................." \
187 "......................................................................................................................." \
188 "......................................................................................................................." \
189 "......................................................................................................................." \
190 "......................................................................................................................." \
191 "......................................................................................................................." \
192 "......................................................................................................................." \
193 "......................................................................................................................." \
194 "......................................................................................................................." \
195 "......................................................................................................................." \
196 "......................................................................................................................." \
197 | nc -i1s $SERVER $PORT
201 echo "---- excessive uri content"
202 echo -e "GET ................................................................................................................" \
203 "......................................................................................................................." \
204 "......................................................................................................................." \
205 "......................................................................................................................." \
206 "......................................................................................................................." \
207 "......................................................................................................................." \
208 "......................................................................................................................." \
209 "......................................................................................................................." \
210 "......................................................................................................................." \
211 "......................................................................................................................." \
212 "......................................................................................................................." \
213 "......................................................................................................................." \
214 "......................................................................................................................." \
215 "......................................................................................................................." \
216 "......................................................................................................................." \
217 "......................................................................................................................." \
218 "......................................................................................................................." \
219 | nc -i1s $SERVER $PORT
223 echo "---- good request but http payload coming too (should be ignored and test.html served)"
224 echo -e "GET /test.html HTTP/1.1\x0d\x0a\x0d\x0aILLEGAL-PAYLOAD........................................" \
225 "......................................................................................................................." \
226 "......................................................................................................................." \
227 "......................................................................................................................." \
228 "......................................................................................................................." \
229 "......................................................................................................................." \
230 "......................................................................................................................." \
231 "......................................................................................................................." \
232 "......................................................................................................................." \
233 "......................................................................................................................." \
234 "......................................................................................................................." \
235 "......................................................................................................................." \
236 "......................................................................................................................." \
237 "......................................................................................................................." \
238 "......................................................................................................................." \
239 "......................................................................................................................." \
240 | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
241 check defaultplusforbidden
245 echo "---- nonexistent file"
247 echo -e "GET /nope HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
252 echo "---- relative uri path"
254 echo -e "GET nope HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
259 echo "---- directory attack 1 (/../../../../etc/passwd should be /etc/passswd)"
261 echo -e "GET /../../../../etc/passwd HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
266 echo "---- directory attack 2 (/../ should be /)"
268 echo -e -n "GET /../ HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
273 echo "---- directory attack 3 (/./ should be /)"
275 echo -e -n "GET /./ HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
280 echo "---- directory attack 4 (/blah/.. should be /)"
282 echo -e -n "GET /blah/.. HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
287 echo "---- directory attack 5 (/blah/../ should be /)"
289 echo -e -n "GET /blah/../ HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
294 echo "---- directory attack 6 (/blah/../. should be /)"
296 echo -e -n "GET /blah/../. HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
301 echo "---- directory attack 7 (/%2e%2e%2f../../../etc/passwd should be /etc/passswd)"
303 echo -e -n "GET /%2e%2e%2f../../../etc/passwd HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
308 echo "---- directory attack 8 (%2f%2e%2e%2f%2e./.%2e/.%2e%2fetc/passwd should be /etc/passswd)"
310 echo -e -n "GET %2f%2e%2e%2f%2e./.%2e/.%2e%2fetc/passwd HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
315 echo "---- http/1.1 pipelining"
317 wget -O/tmp/lwsdump http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html http://localhost:7681/test.html 2>&1 | grep "Downloaded: 8 files" > /tmp/lwscap
318 good=`cat $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html $INSTALLED/../share/libwebsockets-test-server/test.html | md5sum | cut -d' ' -f1`
319 if [ "$good" != "`md5sum /tmp/lwsdump | cut -d' ' -f 1`" ] ; then
320 echo "FAIL: mismatched content good=$good received=`md5sum /tmp/lwsdump`"
325 echo "---- mass testing uri variations"
533 /path/to/dir/../other/dir \
536 R=`rm -f /tmp/lwscap ; echo -n -e "GET $i HTTP/1.0\r\n\r\n" | nc localhost 7681 2>/dev/null >/tmp/lwscap; head -n1 /tmp/lwscap| cut -d' ' -f2`
538 cat /tmp/lwscap | head -n1
542 if [ "$R" != "403" ]; then
543 U=`cat $LOG | grep lws_http_serve | tail -n 1 | cut -d':' -f3 | cut -d' ' -f2`
545 echo "- \"$i\" -> $R \"$U\"" >>/tmp/results
547 echo "- \"$i\" -> $R" >>/tmp/results
551 cat <<EOF >/tmp/lwsresult1
552 - "/..../" -> 406 "/..../"
553 - "/.../." -> 406 "/.../"
554 - "/...//" -> 406 "/.../"
555 - "/.../a" -> 406 "/.../a"
556 - "/.../w" -> 406 "/.../w"
557 - "/.../?" -> 406 "/.../"
559 - "/../.." -> 200 "/"
560 - "/.././" -> 200 "/"
561 - "/../.a" -> 415 "/.a"
562 - "/../.w" -> 415 "/.w"
563 - "/../.." -> 200 "/"
565 - "/..//." -> 200 "/"
566 - "/..///" -> 200 "/"
567 - "/..//a" -> 415 "/a"
568 - "/..//w" -> 415 "/w"
569 - "/..//1" -> 415 "/1"
571 - "/../a." -> 415 "/a."
572 - "/../a/" -> 406 "/a/"
573 - "/../aa" -> 415 "/aa"
574 - "/../aw" -> 415 "/aw"
575 - "/../a?" -> 415 "/a"
577 - "/../w." -> 415 "/w."
578 - "/../w/" -> 406 "/w/"
579 - "/../wa" -> 415 "/wa"
580 - "/../ww" -> 415 "/ww"
581 - "/../w?" -> 415 "/w"
583 - "/../?." -> 200 "/"
584 - "/../?/" -> 200 "/"
585 - "/../?a" -> 200 "/"
586 - "/../?w" -> 200 "/"
587 - "/../??" -> 200 "/"
595 - "/./..." -> 415 "/..."
596 - "/./../" -> 200 "/"
597 - "/./..a" -> 415 "/..a"
598 - "/./..w" -> 415 "/..w"
599 - "/./..?" -> 200 "/"
601 - "/.//.." -> 200 "/"
602 - "/.a../" -> 406 "/.a../"
603 - "/.a/.." -> 200 "/"
604 - "/.w../" -> 406 "/.w../"
605 - "/.w/.." -> 200 "/"
606 - "/.?../" -> 415 "/."
607 - "/../.." -> 200 "/"
610 - "//...." -> 415 "/...."
611 - "//.../" -> 406 "/.../"
612 - "//...a" -> 415 "/...a"
613 - "//...w" -> 415 "/...w"
614 - "//...?" -> 415 "/..."
616 - "//../." -> 200 "/"
617 - "//..//" -> 200 "/"
618 - "//../a" -> 415 "/a"
619 - "//../w" -> 415 "/w"
620 - "//../1" -> 415 "/1"
622 - "//..a." -> 415 "/..a."
623 - "//..a/" -> 406 "/..a/"
624 - "//..aa" -> 415 "/..aa"
625 - "//..aw" -> 415 "/..aw"
626 - "//..a?" -> 415 "/..a"
628 - "//..w." -> 415 "/..w."
629 - "//..w/" -> 406 "/..w/"
630 - "//..wa" -> 415 "/..wa"
631 - "//..ww" -> 415 "/..ww"
632 - "//..w?" -> 415 "/..w"
634 - "//..?." -> 200 "/"
635 - "//..?/" -> 200 "/"
636 - "//..?a" -> 415 "/a"
637 - "//..?w" -> 415 "/w"
638 - "//..??" -> 200 "/"
646 - "//./.." -> 200 "/"
647 - "///..." -> 415 "/..."
648 - "///../" -> 200 "/"
649 - "///..a" -> 415 "/..a"
650 - "///..w" -> 415 "/..w"
651 - "///..?" -> 200 "/"
653 - "////.." -> 200 "/"
654 - "//a../" -> 406 "/a../"
655 - "//a/.." -> 200 "/"
656 - "//w../" -> 406 "/w../"
657 - "//w/.." -> 200 "/"
658 - "//?../" -> 200 "/"
659 - "//?/.." -> 200 "/"
662 - "/a.../" -> 406 "/a.../"
663 - "/a../." -> 406 "/a../"
664 - "/a..//" -> 406 "/a../"
665 - "/a../a" -> 406 "/a../a"
666 - "/a../w" -> 406 "/a../w"
667 - "/a../?" -> 406 "/a../"
669 - "/a./.." -> 200 "/"
670 - "/a/..." -> 406 "/a/..."
671 - "/a/../" -> 200 "/"
672 - "/a/..a" -> 406 "/a/..a"
673 - "/a/..w" -> 406 "/a/..w"
674 - "/a/..?" -> 200 "/"
676 - "/a//.." -> 200 "/"
677 - "/aa../" -> 406 "/aa../"
678 - "/aa/.." -> 200 "/"
679 - "/aw../" -> 406 "/aw../"
680 - "/aw/.." -> 200 "/"
681 - "/a?../" -> 415 "/a"
682 - "/a?/.." -> 415 "/a"
685 - "/w.../" -> 406 "/w.../"
686 - "/w../." -> 406 "/w../"
687 - "/w..//" -> 406 "/w../"
688 - "/w../a" -> 406 "/w../a"
689 - "/w../w" -> 406 "/w../w"
690 - "/w../?" -> 406 "/w../"
692 - "/w./.." -> 200 "/"
693 - "/w/..." -> 406 "/w/..."
694 - "/w/../" -> 200 "/"
695 - "/w/..a" -> 406 "/w/..a"
696 - "/w/..w" -> 406 "/w/..w"
697 - "/w/..?" -> 200 "/"
699 - "/w//.." -> 200 "/"
700 - "/wa../" -> 406 "/wa../"
701 - "/wa/.." -> 200 "/"
702 - "/ww../" -> 406 "/ww../"
703 - "/ww/.." -> 200 "/"
704 - "/w?../" -> 415 "/w"
705 - "/w?/.." -> 415 "/w"
708 - "/?.../" -> 200 "/"
709 - "/?../." -> 200 "/"
710 - "/?..//" -> 200 "/"
711 - "/?../a" -> 200 "/"
712 - "/?../w" -> 200 "/"
713 - "/?../?" -> 200 "/"
715 - "/?./.." -> 200 "/"
716 - "/?/..." -> 200 "/"
717 - "/?/../" -> 200 "/"
718 - "/?/..a" -> 200 "/"
719 - "/?/..w" -> 200 "/"
720 - "/?/..?" -> 200 "/"
722 - "/?//.." -> 200 "/"
723 - "/?a../" -> 200 "/"
724 - "/?a/.." -> 200 "/"
725 - "/?w../" -> 200 "/"
726 - "/?w/.." -> 200 "/"
727 - "/??../" -> 200 "/"
728 - "/??/.." -> 200 "/"
754 - "/a/w/../a" -> 406 "/a/a"
755 - "/path/to/dir/../other/dir" -> 406 "/path/to/other/dir"
758 if [ "`md5sum /tmp/results | cut -d' ' -f 1`" != "`md5sum /tmp/lwsresult1 | cut -d' ' -f1`" ] ; then
759 echo "Differences..."
760 diff -urN /tmp/results /tmp/lwsresult1
768 echo "--- survived OK ---"