You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by me...@apache.org on 2021/02/25 01:33:32 UTC

[apisix] branch master updated: test: add fuzzing case for the route with serverless-post-function (#3639)

This is an automated email from the ASF dual-hosted git repository.

membphis pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git


The following commit(s) were added to refs/heads/master by this push:
     new 5591595  test: add fuzzing case for the route with serverless-post-function (#3639)
5591595 is described below

commit 55915952282ba4d4d5f807379e3dbd5cbfcaf517
Author: idbeta <id...@gmail.com>
AuthorDate: Thu Feb 25 09:33:25 2021 +0800

    test: add fuzzing case for the route with serverless-post-function (#3639)
    
    relate #3340
---
 .github/workflows/fuzzing-ci.yaml                |   8 +-
 t/fuzzing/public.py                              |   2 +-
 t/fuzzing/serverless_route_test.py               | 112 +++++++++++++++++++++++
 t/fuzzing/{route_test.py => simpleroute_test.py} |   0
 4 files changed, 119 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/fuzzing-ci.yaml b/.github/workflows/fuzzing-ci.yaml
index 1b27660..04b30d1 100644
--- a/.github/workflows/fuzzing-ci.yaml
+++ b/.github/workflows/fuzzing-ci.yaml
@@ -51,9 +51,13 @@ jobs:
       run: |
         pip install typing boofuzz
 
-    - name: run test
+    - name: run simpleroute test
       run: |
-        python $PWD/t/fuzzing/route_test.py
+        python $PWD/t/fuzzing/simpleroute_test.py
+
+    - name: run serverless route test
+      run: |
+        python $PWD/t/fuzzing/serverless_route_test.py
 
     - name: echo test log
       # more than 150k lines, so only display the last log, actually, this step is not needed.
diff --git a/t/fuzzing/public.py b/t/fuzzing/public.py
index e91a49a..00f4ed2 100644
--- a/t/fuzzing/public.py
+++ b/t/fuzzing/public.py
@@ -29,7 +29,7 @@ def check_log(*logs):
     apisix_errorlog = logs[1]
     apisix_accesslog = logs[2]
 
-    cmds = ['cat %s | grep -a "fail"'%boofuzz_log, 'cat %s | grep -a "error"'%apisix_errorlog, 'cat %s | grep -a " 500 "'%apisix_accesslog]
+    cmds = ['cat %s | grep -a "fail"'%boofuzz_log, 'cat %s | grep -a "error" | grep -v "invalid request body"'%apisix_errorlog, 'cat %s | grep -a " 500 "'%apisix_accesslog]
     for cmd in cmds:
         r = subprocess.Popen(cmd, stdout=subprocess.PIPE, shell=True)
         assert r.stdout.read().strip() == ""
diff --git a/t/fuzzing/serverless_route_test.py b/t/fuzzing/serverless_route_test.py
new file mode 100644
index 0000000..190ce36
--- /dev/null
+++ b/t/fuzzing/serverless_route_test.py
@@ -0,0 +1,112 @@
+#! /usr/bin/env python
+
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+import subprocess
+from public import *
+from boofuzz import *
+
+def create_route():
+    command = '''curl -i http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+    "uri": "/post*",
+    "methods": ["POST"],
+    "plugins": {
+        "serverless-post-function": {
+            "functions": ["return function()\n local core = require(\"apisix.core\")\n   ngx.req.read_body()\n    local req_body = ngx.req.get_body_data()\n    if req_body == \"{\\\"a\\\":\\\"b\\\"}\"  then\n  return\n else\n  ngx.exit(ngx.HTTP_BAD_REQUEST)\n end\n end\n"]
+        }
+    },
+    "upstream": {
+        "nodes": {
+            "127.0.0.1:6666": 1
+        },
+        "type": "roundrobin"
+    }
+}'
+    '''
+    subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
+
+def main():
+    fw = open(cur_dir() + "/test.log",'wb')
+    fuzz_loggers = [FuzzLoggerText(file_handle=fw)]
+    session = Session(
+        target=Target(
+            connection=TCPSocketConnection("127.0.0.1", 9080, send_timeout=5.0, recv_timeout=5.0, server=False)
+        ),
+        fuzz_loggers=fuzz_loggers,
+        keep_web_open=False,
+    )
+
+    s_initialize(name="Request")
+    with s_block("Request-Line"):
+        s_group("Method", ["GET", "HEAD", "POST", "PUT", "DELETE", "CONNECT", "OPTIONS", "TRACE"])
+        s_delim(" ", name="space-1")
+        s_string("/post", name="Request-URI")
+        s_delim(" ", name="space-2")
+        s_string("HTTP/1.1", name="HTTP-Version")
+        s_static("\r\n", name="Request-Line-CRLF")
+        s_string("Host:", name="Host-Line")
+        s_delim(" ", name="space-3")
+        s_string("127.0.0.1:9080", name="Host-Line-Value")
+        s_static("\r\n", name="Host-Line-CRLF")
+        s_static('User-Agent', name='User-Agent-Header')
+        s_delim(':', name='User-Agent-Colon-1')
+        s_delim(' ', name='User-Agent-Space-1')
+        s_string('Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3223.8 Safari/537.36', name='User-Agent-Value')
+        s_static('\r\n', name='User-Agent-CRLF'),
+        s_static('Accept', name='Accept-Header')
+        s_delim(':', name='Accept-Colon-1')
+        s_delim(' ', name='Accept-Space-1')
+        s_string('text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8', name='Accept-Value')
+        s_static('\r\n', name='Accept-CRLF')
+        s_static("Content-Length:", name="Content-Length-Header")
+        s_delim(" ", name="space-4")
+        s_size("Body-Content", output_format="ascii", name="Content-Length-Value")
+        s_static("\r\n", "Content-Length-CRLF")
+        s_static('Connection', name='Connection-Header')
+        s_delim(':', name='Connection-Colon-1')
+        s_delim(' ', name='Connection-Space-1')
+        s_group('Connection-Type', ['keep-alive', 'close'])
+        s_static('\r\n', 'Connection-CRLF')
+        s_static('Content-Type', name='Content-Type-Header')
+        s_delim(':', name='Content-Type-Colon-1')
+        s_delim(' ', name='Content-Type-Space-1')
+        s_string('application/x-www-form-urlencoded', name='Content-Type-Value')
+        s_static('\r\n', name='Content-Type-CRLF')
+    s_static("\r\n", "Request-CRLF")
+
+    with s_block("Body-Content"):
+        s_string('{"a":"b"}', name="Body-Content-Value")
+
+    session.connect(s_get("Request"))
+    session.fuzz()
+
+if __name__ == "__main__":
+    # before test
+    create_route()
+    r1 = check_process()
+    main()
+    # after test
+    boofuzz_log = cur_dir() + "/test.log"
+    apisix_errorlog = "~/work/apisix/apisix/logs/error.log"
+    apisix_accesslog = "~/work/apisix/apisix/logs/access.log"
+    check_log(boofuzz_log, apisix_errorlog, apisix_accesslog)
+    r2 = check_process()
+    if r2 != r1:
+        print("before test, nginx's process list:%s,\nafter test, nginx's process list:%s"%(r1,r2))
+        raise AssertionError
diff --git a/t/fuzzing/route_test.py b/t/fuzzing/simpleroute_test.py
similarity index 100%
rename from t/fuzzing/route_test.py
rename to t/fuzzing/simpleroute_test.py