You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by me...@apache.org on 2021/02/25 01:33:32 UTC
[apisix] branch master updated: test: add fuzzing case for the
route with serverless-post-function (#3639)
This is an automated email from the ASF dual-hosted git repository.
membphis pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new 5591595 test: add fuzzing case for the route with serverless-post-function (#3639)
5591595 is described below
commit 55915952282ba4d4d5f807379e3dbd5cbfcaf517
Author: idbeta <id...@gmail.com>
AuthorDate: Thu Feb 25 09:33:25 2021 +0800
test: add fuzzing case for the route with serverless-post-function (#3639)
relate #3340
---
.github/workflows/fuzzing-ci.yaml | 8 +-
t/fuzzing/public.py | 2 +-
t/fuzzing/serverless_route_test.py | 112 +++++++++++++++++++++++
t/fuzzing/{route_test.py => simpleroute_test.py} | 0
4 files changed, 119 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/fuzzing-ci.yaml b/.github/workflows/fuzzing-ci.yaml
index 1b27660..04b30d1 100644
--- a/.github/workflows/fuzzing-ci.yaml
+++ b/.github/workflows/fuzzing-ci.yaml
@@ -51,9 +51,13 @@ jobs:
run: |
pip install typing boofuzz
- - name: run test
+ - name: run simpleroute test
run: |
- python $PWD/t/fuzzing/route_test.py
+ python $PWD/t/fuzzing/simpleroute_test.py
+
+ - name: run serverless route test
+ run: |
+ python $PWD/t/fuzzing/serverless_route_test.py
- name: echo test log
# more than 150k lines, so only display the last log, actually, this step is not needed.
diff --git a/t/fuzzing/public.py b/t/fuzzing/public.py
index e91a49a..00f4ed2 100644
--- a/t/fuzzing/public.py
+++ b/t/fuzzing/public.py
@@ -29,7 +29,7 @@ def check_log(*logs):
apisix_errorlog = logs[1]
apisix_accesslog = logs[2]
- cmds = ['cat %s | grep -a "fail"'%boofuzz_log, 'cat %s | grep -a "error"'%apisix_errorlog, 'cat %s | grep -a " 500 "'%apisix_accesslog]
+ cmds = ['cat %s | grep -a "fail"'%boofuzz_log, 'cat %s | grep -a "error" | grep -v "invalid request body"'%apisix_errorlog, 'cat %s | grep -a " 500 "'%apisix_accesslog]
for cmd in cmds:
r = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True)
assert r.stdout.read().strip() == ""
diff --git a/t/fuzzing/serverless_route_test.py b/t/fuzzing/serverless_route_test.py
new file mode 100644
index 0000000..190ce36
--- /dev/null
+++ b/t/fuzzing/serverless_route_test.py
@@ -0,0 +1,112 @@
+#! /usr/bin/env python
+
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+import subprocess
+from public import *
+from boofuzz import *
+
+def create_route():
+ command = '''curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+ "uri": "/post*",
+ "methods": ["POST"],
+ "plugins": {
+ "serverless-post-function": {
+ "functions": ["return function()\n local core = require(\"apisix.core\")\n ngx.req.read_body()\n local req_body = ngx.req.get_body_data()\n if req_body == \"{\\\"a\\\":\\\"b\\\"}\" then\n return\n else\n ngx.exit(ngx.HTTP_BAD_REQUEST)\n end\n end\n"]
+ }
+ },
+ "upstream": {
+ "nodes": {
+ "127.0.0.1:6666": 1
+ },
+ "type": "roundrobin"
+ }
+}'
+ '''
+ subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
+
+def main():
+ fw = open(cur_dir() + "/test.log",'wb')
+ fuzz_loggers = [FuzzLoggerText(file_handle=fw)]
+ session = Session(
+ target=Target(
+ connection=TCPSocketConnection("127.0.0.1", 9080, send_timeout=5.0, recv_timeout=5.0, server=False)
+ ),
+ fuzz_loggers=fuzz_loggers,
+ keep_web_open=False,
+ )
+
+ s_initialize(name="Request")
+ with s_block("Request-Line"):
+ s_group("Method", ["GET", "HEAD", "POST", "PUT", "DELETE", "CONNECT", "OPTIONS", "TRACE"])
+ s_delim(" ", name="space-1")
+ s_string("/post", name="Request-URI")
+ s_delim(" ", name="space-2")
+ s_string("HTTP/1.1", name="HTTP-Version")
+ s_static("\r\n", name="Request-Line-CRLF")
+ s_string("Host:", name="Host-Line")
+ s_delim(" ", name="space-3")
+ s_string("127.0.0.1:9080", name="Host-Line-Value")
+ s_static("\r\n", name="Host-Line-CRLF")
+ s_static('User-Agent', name='User-Agent-Header')
+ s_delim(':', name='User-Agent-Colon-1')
+ s_delim(' ', name='User-Agent-Space-1')
+ s_string('Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3223.8 Safari/537.36', name='User-Agent-Value')
+ s_static('\r\n', name='User-Agent-CRLF'),
+ s_static('Accept', name='Accept-Header')
+ s_delim(':', name='Accept-Colon-1')
+ s_delim(' ', name='Accept-Space-1')
+ s_string('text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8', name='Accept-Value')
+ s_static('\r\n', name='Accept-CRLF')
+ s_static("Content-Length:", name="Content-Length-Header")
+ s_delim(" ", name="space-4")
+ s_size("Body-Content", output_format="ascii", name="Content-Length-Value")
+ s_static("\r\n", "Content-Length-CRLF")
+ s_static('Connection', name='Connection-Header')
+ s_delim(':', name='Connection-Colon-1')
+ s_delim(' ', name='Connection-Space-1')
+ s_group('Connection-Type', ['keep-alive', 'close'])
+ s_static('\r\n', 'Connection-CRLF')
+ s_static('Content-Type', name='Content-Type-Header')
+ s_delim(':', name='Content-Type-Colon-1')
+ s_delim(' ', name='Content-Type-Space-1')
+ s_string('application/x-www-form-urlencoded', name='Content-Type-Value')
+ s_static('\r\n', name='Content-Type-CRLF')
+ s_static("\r\n", "Request-CRLF")
+
+ with s_block("Body-Content"):
+ s_string('{"a":"b"}', name="Body-Content-Value")
+
+ session.connect(s_get("Request"))
+ session.fuzz()
+
+if __name__ == "__main__":
+ # before test
+ create_route()
+ r1 = check_process()
+ main()
+ # after test
+ boofuzz_log = cur_dir() + "/test.log"
+ apisix_errorlog = "~/work/apisix/apisix/logs/error.log"
+ apisix_accesslog = "~/work/apisix/apisix/logs/access.log"
+ check_log(boofuzz_log, apisix_errorlog, apisix_accesslog)
+ r2 = check_process()
+ if r2 != r1:
+ print("before test, nginx's process list:%s,\nafter test, nginx's process list:%s"%(r1,r2))
+ raise AssertionError
diff --git a/t/fuzzing/route_test.py b/t/fuzzing/simpleroute_test.py
similarity index 100%
rename from t/fuzzing/route_test.py
rename to t/fuzzing/simpleroute_test.py