diff --git a/tests/testproxy/GNUmakefile b/tests/testproxy/GNUmakefile index 0e0c814..c4ea223 100644 --- a/tests/testproxy/GNUmakefile +++ b/tests/testproxy/GNUmakefile @@ -2,8 +2,8 @@ PROJECT_ROOT= ../.. TESTPROXY:= ~/.cargo/bin/testproxy TESTPROXY_VERSION=$(shell $(TESTPROXY) -V) -ifneq ($(TESTPROXY_VERSION),testproxy 0.0.3) -$(error Use Testproxy v0.0.3 with this version of SSLproxy, found $(TESTPROXY_VERSION)) +ifneq ($(TESTPROXY_VERSION),testproxy 0.0.4) +$(error Use Testproxy v0.0.4 with this version of SSLproxy, found $(TESTPROXY_VERSION)) endif ifeq ($(findstring -DWITHOUT_USERAUTH,$(shell $(PROJECT_ROOT)/src/sslproxy -V 2>&1 | grep "Features: ")),-DWITHOUT_USERAUTH) @@ -42,10 +42,12 @@ test_split: SSLPROXY_CONF:=$(if $(TLS11),$(SSLPROXY_CONF),sslproxy_no_tls11.conf test_split: SSLPROXY_COMMAND=$(PROJECT_ROOT)/src/sslproxy -n -f $(SSLPROXY_CONF) -o Debug=no -o Daemon=yes -o User=nobody test_split: TESTHARNESS=$(if $(TLS13),testharness_split.json,testharness_split_no_tls13.json) test_split: TESTHARNESS:=$(if $(TLS11),$(TESTHARNESS),testharness_split_no_tls11.json) -test_split: buildsslproxy +test_split: buildsslproxy buildlp + sudo LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) ./lp/lp -f ./lp/lp.conf -o Debug=no -o Daemon=yes -o User=nobody sudo LD_LIBRARY_PATH=$(LD_LIBRARY_PATH) $(SSLPROXY_COMMAND) $(TESTPROXY) -f $(TESTHARNESS) -l 4 sudo pkill sslproxy + sudo pkill lp travis: test diff --git a/tests/testproxy/filter_block_testset_1.json b/tests/testproxy/filter_block_testset_1.json new file mode 100644 index 0000000..61d1fa2 --- /dev/null +++ b/tests/testproxy/filter_block_testset_1.json @@ -0,0 +1,171 @@ +{ + "comment": "Tests for Block filtering rules, HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer", + "configs": { + "1": { + "proto": { + "proto": "tcp" + }, + "client": { + "ip": "127.0.0.1", + "port": "8197" + }, + "server": { + "ip": "127.0.0.1", + "port": "9197" + } + }, + "2": { + "proto": { + "proto": "ssl", + "verify_peer": "no" + }, + "client": { + "ip": "127.0.0.1", + "port": "8198" + }, + "server": { + "ip": "127.0.0.1", + "port": "9198", + "crt": "server.crt", + "key": "server.key" + } + } + }, + "tests": { + "1": { + "comment": "Block filtering rule blocks connection with an extra SSLproxy line", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "" + } + } + }, + "2": { + "comment": "Block filtering rule blocks connection with extra SSLproxy lines", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\nSSLproxy: sslproxy\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "" + } + } + }, + "3": { + "comment": "Block filtering rule blocks connection with Connection header", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: Keep-Alive\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "" + } + } + }, + "4": { + "comment": "Block filtering rule blocks connection upgrading to SSL/TLS, WebSockets or HTTP/2", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nUpgrade: websocket\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "" + } + } + }, + "5": { + "comment": "Block filtering rule blocks connection with Keep-Alive", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nKeep-Alive: keep-alive\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "" + } + } + }, + "6": { + "comment": "Block filtering rule blocks connection with Accept-Encoding", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "" + } + } + }, + "7": { + "comment": "Block filtering rule blocks connection with Via", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "" + } + } + }, + "8": { + "comment": "Block filtering rule blocks connection with X-Forwarded-For", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "" + } + } + }, + "9": { + "comment": "Block filtering rule blocks connection with Referer", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nReferer: referer\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "" + } + } + } + } +} \ No newline at end of file diff --git a/tests/testproxy/filter_divert_testset_1.json b/tests/testproxy/filter_divert_testset_1.json new file mode 100644 index 0000000..b74f8f8 --- /dev/null +++ b/tests/testproxy/filter_divert_testset_1.json @@ -0,0 +1,170 @@ +{ + "comment": "Tests for Divert filtering rules, HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer", + "configs": { + "1": { + "proto": { + "proto": "tcp" + }, + "client": { + "ip": "127.0.0.1", + "port": "8191" + }, + "server": { + "ip": "127.0.0.1", + "port": "9191" + } + }, + "2": { + "proto": { + "proto": "ssl", + "crt": "server.crt", + "key": "server.key" + }, + "client": { + "ip": "127.0.0.1", + "port": "8192" + }, + "server": { + "ip": "127.0.0.1", + "port": "9192" + } + } + }, + "tests": { + "1": { + "comment": "Divert filtering rule removes any extra SSLproxy line, and appends Connection: close", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n" + } + } + }, + "2": { + "comment": "Divert filtering rule removes all extra SSLproxy lines", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\nSSLproxy: sslproxy\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n" + } + } + }, + "3": { + "comment": "Divert filtering rule changes Connection header to close", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: Keep-Alive\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n" + } + } + }, + "4": { + "comment": "Divert filtering rule suppresses upgrading to SSL/TLS, WebSockets or HTTP/2", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nUpgrade: websocket\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n" + } + } + }, + "5": { + "comment": "Divert filtering rule removes Keep-Alive", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nKeep-Alive: keep-alive\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n" + } + } + }, + "6": { + "comment": "Divert filtering rule does not remove Accept-Encoding by default (it's a config option)", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\nConnection: close\r\n\r\n" + } + } + }, + "7": { + "comment": "Divert filtering rule removes Via", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n" + } + } + }, + "8": { + "comment": "Divert filtering rule removes X-Forwarded-For", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n" + } + } + }, + "9": { + "comment": "Divert filtering rule removes Referer", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nReferer: referer\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n" + } + } + } + } +} \ No newline at end of file diff --git a/tests/testproxy/filter_pass_testset_1.json b/tests/testproxy/filter_pass_testset_1.json new file mode 100644 index 0000000..4dab617 --- /dev/null +++ b/tests/testproxy/filter_pass_testset_1.json @@ -0,0 +1,217 @@ +{ + "comment": "Tests for Pass filtering rules, HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer", + "configs": { + "1": { + "proto": { + "proto": "tcp" + }, + "client": { + "ip": "127.0.0.1", + "port": "8195" + }, + "server": { + "ip": "127.0.0.1", + "port": "9195" + } + }, + "2": { + "proto": { + "proto": "ssl", + "verify_peer": "no" + }, + "client": { + "ip": "127.0.0.1", + "port": "8196" + }, + "server": { + "ip": "127.0.0.1", + "port": "9196", + "crt": "server.crt", + "key": "server.key" + } + } + }, + "tests": { + "1": { + "comment": "Pass filtering rule does not remove any extra SSLproxy line, and does not append Connection: close", + "states": { + "1": { + "testend": "server", + "cmd": "reconnect", + "payload": "", + "comment": "Pass rules cause sslproxy to disconnect/reconnect to the server, so the reconnect cmd instructs the server to allow it" + }, + "2": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\n\r\n" + }, + "3": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\n\r\n" + } + } + }, + "2": { + "comment": "Pass filtering rule does not remove any extra SSLproxy lines", + "states": { + "1": { + "testend": "server", + "cmd": "reconnect", + "payload": "" + }, + "2": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\nSSLproxy: sslproxy\r\n\r\n" + }, + "3": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\nSSLproxy: sslproxy\r\n\r\n" + } + } + }, + "3": { + "comment": "Pass filtering rule does not change Connection header to close", + "states": { + "1": { + "testend": "server", + "cmd": "reconnect", + "payload": "" + }, + "2": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: Keep-Alive\r\n\r\n" + }, + "3": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: Keep-Alive\r\n\r\n" + } + } + }, + "4": { + "comment": "Pass filtering rule does not suppress upgrading to SSL/TLS, WebSockets or HTTP/2", + "states": { + "1": { + "testend": "server", + "cmd": "reconnect", + "payload": "" + }, + "2": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nUpgrade: websocket\r\n\r\n" + }, + "3": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nUpgrade: websocket\r\n\r\n" + } + } + }, + "5": { + "comment": "Pass filtering rule does not remove Keep-Alive", + "states": { + "1": { + "testend": "server", + "cmd": "reconnect", + "payload": "" + }, + "2": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nKeep-Alive: keep-alive\r\n\r\n" + }, + "3": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nKeep-Alive: keep-alive\r\n\r\n" + } + } + }, + "6": { + "comment": "Pass filtering rule does not remove Accept-Encoding", + "states": { + "1": { + "testend": "server", + "cmd": "reconnect", + "payload": "" + }, + "2": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\n\r\n" + }, + "3": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\n\r\n" + } + } + }, + "7": { + "comment": "Pass filtering rule does not remove Via", + "states": { + "1": { + "testend": "server", + "cmd": "reconnect", + "payload": "" + }, + "2": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\n\r\n" + }, + "3": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\n\r\n" + } + } + }, + "8": { + "comment": "Pass filtering rule does not remove X-Forwarded-For", + "states": { + "1": { + "testend": "server", + "cmd": "reconnect", + "payload": "" + }, + "2": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\n\r\n" + }, + "3": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\n\r\n" + } + } + }, + "9": { + "comment": "Pass filtering rule does not remove Referer", + "states": { + "1": { + "testend": "server", + "cmd": "reconnect", + "payload": "" + }, + "2": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nReferer: referer\r\n\r\n" + }, + "3": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nReferer: referer\r\n\r\n" + } + } + } + } +} diff --git a/tests/testproxy/filter_split_testset_1.json b/tests/testproxy/filter_split_testset_1.json new file mode 100644 index 0000000..6d30746 --- /dev/null +++ b/tests/testproxy/filter_split_testset_1.json @@ -0,0 +1,170 @@ +{ + "comment": "Tests for Split filtering rules, HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer", + "configs": { + "1": { + "proto": { + "proto": "tcp" + }, + "client": { + "ip": "127.0.0.1", + "port": "8193" + }, + "server": { + "ip": "127.0.0.1", + "port": "9193" + } + }, + "2": { + "proto": { + "proto": "ssl", + "crt": "server.crt", + "key": "server.key" + }, + "client": { + "ip": "127.0.0.1", + "port": "8194" + }, + "server": { + "ip": "127.0.0.1", + "port": "9194" + } + } + }, + "tests": { + "1": { + "comment": "Split filtering rule removes any extra SSLproxy line, and appends Connection: close", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n" + } + } + }, + "2": { + "comment": "Split filtering rule removes all extra SSLproxy lines", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nSSLproxy: sslproxy\r\nSSLproxy: sslproxy\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n" + } + } + }, + "3": { + "comment": "Split filtering rule changes Connection header to close", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: Keep-Alive\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n" + } + } + }, + "4": { + "comment": "Split filtering rule suppresses upgrading to SSL/TLS, WebSockets or HTTP/2", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nUpgrade: websocket\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n" + } + } + }, + "5": { + "comment": "Split filtering rule removes Keep-Alive", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nKeep-Alive: keep-alive\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n" + } + } + }, + "6": { + "comment": "Split filtering rule does not remove Accept-Encoding by default (it's a config option)", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nAccept-Encoding: encoding\r\nConnection: close\r\n\r\n" + } + } + }, + "7": { + "comment": "Split filtering rule does not remove Via (it is removed by child conns)", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nVia: via\r\nConnection: close\r\n\r\n" + } + } + }, + "8": { + "comment": "Split filtering rule does not remove X-Forwarded-For (it is removed by child conns)", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nX-Forwarded-For: x-forwarded-for\r\nConnection: close\r\n\r\n" + } + } + }, + "9": { + "comment": "Split filtering rule removes Referer", + "states": { + "1": { + "testend": "client", + "cmd": "send", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nReferer: referer\r\n\r\n" + }, + "2": { + "testend": "server", + "cmd": "recv", + "payload": "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n" + } + } + } + } +} diff --git a/tests/testproxy/http_testset_split_1.json b/tests/testproxy/http_testset_split_1.json index 7aee89e..fec1e3f 100644 --- a/tests/testproxy/http_testset_split_1.json +++ b/tests/testproxy/http_testset_split_1.json @@ -1,5 +1,5 @@ { - "comment": "SSLsplit mode tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer", + "comment": "Split mode tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer", "configs": { "1": { "proto": { @@ -122,7 +122,7 @@ } }, "7": { - "comment": "SSLsplit mode does not remove Via (it is removed by child conns)", + "comment": "Split mode does not remove Via (it is removed by child conns)", "states": { "1": { "testend": "client", @@ -137,7 +137,7 @@ } }, "8": { - "comment": "SSLsplit mode does not removes X-Forwarded-For (it is removed by child conns)", + "comment": "Split mode does not remove X-Forwarded-For (it is removed by child conns)", "states": { "1": { "testend": "client", diff --git a/tests/testproxy/proto_validate_testset_split_4.json b/tests/testproxy/proto_validate_testset_split_4.json index 3d7d270..d89eb31 100644 --- a/tests/testproxy/proto_validate_testset_split_4.json +++ b/tests/testproxy/proto_validate_testset_split_4.json @@ -1,5 +1,5 @@ { - "comment": "Tests for SMTP", + "comment": "Split mode tests for SMTP", "configs": { "1": { "proto": { @@ -238,4 +238,4 @@ } } } -} \ No newline at end of file +} diff --git a/tests/testproxy/sslproxy.conf b/tests/testproxy/sslproxy.conf index cb404e6..b4b2e4f 100644 --- a/tests/testproxy/sslproxy.conf +++ b/tests/testproxy/sslproxy.conf @@ -325,3 +325,108 @@ ProxySpec { # SSLsplit mode tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer ProxySpec http 127.0.0.1 8190 127.0.0.1 9190 ProxySpec https 127.0.0.1 8463 127.0.0.1 9463 + +# Tests for Divert filtering rules +ProxySpec { + Proto http + Addr 127.0.0.1 + Port 8191 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9191 + Divert no + # Match rules should not change filter action + Match from ip 127.0.0.1 to ip 127.0.0.1 + Divert from ip 127.0.0.1 to ip 127.0.0.1 + Match from ip 127.0.0.1 to ip 127.0.0.1 +} +ProxySpec { + Proto https + Addr 127.0.0.1 + Port 8192 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9192 + Divert no + Match from ip 127.0.0.1 to ip 127.0.0.1 + Divert from ip 127.0.0.1 to ip 127.0.0.1 + Match from ip 127.0.0.1 to ip 127.0.0.1 +} + +# Tests for Split filtering rules +ProxySpec { + Proto http + Addr 127.0.0.1 + Port 8193 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9193 + Divert yes + Match from ip 127.0.0.1 to ip 127.0.0.1 + Split from ip 127.0.0.1 to ip 127.0.0.1 + Match from ip 127.0.0.1 to ip 127.0.0.1 +} +ProxySpec { + Proto https + Addr 127.0.0.1 + Port 8194 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9194 + Divert yes + Match from ip 127.0.0.1 to ip 127.0.0.1 + Split from ip 127.0.0.1 to ip 127.0.0.1 + Match from ip 127.0.0.1 to ip 127.0.0.1 +} + +# Tests for Pass filtering rules +ProxySpec { + Proto http + Addr 127.0.0.1 + Port 8195 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9195 + Divert yes + Match from ip 127.0.0.1 to ip 127.0.0.1 + Pass from ip 127.0.0.1 to ip 127.0.0.1 log connect + Match from ip 127.0.0.1 to ip 127.0.0.1 +} +ProxySpec { + Proto https + Addr 127.0.0.1 + Port 8196 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9196 + Divert yes + Match from ip 127.0.0.1 to ip 127.0.0.1 + Pass from ip 127.0.0.1 to ip 127.0.0.1 log connect + Match from ip 127.0.0.1 to ip 127.0.0.1 +} + +# Tests for Block filtering rules +ProxySpec { + Proto http + Addr 127.0.0.1 + Port 8197 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9197 + Divert yes + Match from ip 127.0.0.1 to ip 127.0.0.1 + Block from ip 127.0.0.1 to ip 127.0.0.1 + Match from ip 127.0.0.1 to ip 127.0.0.1 +} +ProxySpec { + Proto https + Addr 127.0.0.1 + Port 8198 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9198 + Divert yes + Match from ip 127.0.0.1 to ip 127.0.0.1 + Block from ip 127.0.0.1 to ip 127.0.0.1 + Match from ip 127.0.0.1 to ip 127.0.0.1 +} diff --git a/tests/testproxy/sslproxy_no_tls11.conf b/tests/testproxy/sslproxy_no_tls11.conf index c95d9b8..dc5bdb4 100644 --- a/tests/testproxy/sslproxy_no_tls11.conf +++ b/tests/testproxy/sslproxy_no_tls11.conf @@ -274,3 +274,107 @@ ProxySpec { # SSLsplit mode tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer ProxySpec http 127.0.0.1 8190 127.0.0.1 9190 ProxySpec https 127.0.0.1 8463 127.0.0.1 9463 + +# Tests for Divert filtering rules +ProxySpec { + Proto http + Addr 127.0.0.1 + Port 8191 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9191 + Divert no + Match from ip 127.0.0.1 to ip 127.0.0.1 + Divert from ip 127.0.0.1 to ip 127.0.0.1 + Match from ip 127.0.0.1 to ip 127.0.0.1 +} +ProxySpec { + Proto https + Addr 127.0.0.1 + Port 8192 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9192 + Divert no + Match from ip 127.0.0.1 to ip 127.0.0.1 + Divert from ip 127.0.0.1 to ip 127.0.0.1 + Match from ip 127.0.0.1 to ip 127.0.0.1 +} + +# Tests for Split filtering rules +ProxySpec { + Proto http + Addr 127.0.0.1 + Port 8193 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9193 + Divert yes + Match from ip 127.0.0.1 to ip 127.0.0.1 + Split from ip 127.0.0.1 to ip 127.0.0.1 + Match from ip 127.0.0.1 to ip 127.0.0.1 +} +ProxySpec { + Proto https + Addr 127.0.0.1 + Port 8194 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9194 + Divert yes + Match from ip 127.0.0.1 to ip 127.0.0.1 + Split from ip 127.0.0.1 to ip 127.0.0.1 + Match from ip 127.0.0.1 to ip 127.0.0.1 +} + +# Tests for Pass filtering rules +ProxySpec { + Proto http + Addr 127.0.0.1 + Port 8195 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9195 + Divert yes + Match from ip 127.0.0.1 to ip 127.0.0.1 + Pass from ip 127.0.0.1 to ip 127.0.0.1 log connect + Match from ip 127.0.0.1 to ip 127.0.0.1 +} +ProxySpec { + Proto https + Addr 127.0.0.1 + Port 8196 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9196 + Divert yes + Match from ip 127.0.0.1 to ip 127.0.0.1 + Pass from ip 127.0.0.1 to ip 127.0.0.1 log connect + Match from ip 127.0.0.1 to ip 127.0.0.1 +} + +# Tests for Block filtering rules +ProxySpec { + Proto http + Addr 127.0.0.1 + Port 8197 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9197 + Divert yes + Match from ip 127.0.0.1 to ip 127.0.0.1 + Block from ip 127.0.0.1 to ip 127.0.0.1 + Match from ip 127.0.0.1 to ip 127.0.0.1 +} +ProxySpec { + Proto https + Addr 127.0.0.1 + Port 8198 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9198 + Divert yes + Match from ip 127.0.0.1 to ip 127.0.0.1 + Block from ip 127.0.0.1 to ip 127.0.0.1 + Match from ip 127.0.0.1 to ip 127.0.0.1 +} diff --git a/tests/testproxy/sslproxy_no_tls13.conf b/tests/testproxy/sslproxy_no_tls13.conf index 30e7c58..c5352dc 100644 --- a/tests/testproxy/sslproxy_no_tls13.conf +++ b/tests/testproxy/sslproxy_no_tls13.conf @@ -314,3 +314,107 @@ ProxySpec { # SSLsplit mode tests for HTTP request headers: SSLproxy, Connection, Upgrade, Keep-Alive, Accept-Encoding, Via, X-Forwarded-For, and Referer ProxySpec http 127.0.0.1 8190 127.0.0.1 9190 ProxySpec https 127.0.0.1 8463 127.0.0.1 9463 + +# Tests for Divert filtering rules +ProxySpec { + Proto http + Addr 127.0.0.1 + Port 8191 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9191 + Divert no + Match from ip 127.0.0.1 to ip 127.0.0.1 + Divert from ip 127.0.0.1 to ip 127.0.0.1 + Match from ip 127.0.0.1 to ip 127.0.0.1 +} +ProxySpec { + Proto https + Addr 127.0.0.1 + Port 8192 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9192 + Divert no + Match from ip 127.0.0.1 to ip 127.0.0.1 + Divert from ip 127.0.0.1 to ip 127.0.0.1 + Match from ip 127.0.0.1 to ip 127.0.0.1 +} + +# Tests for Split filtering rules +ProxySpec { + Proto http + Addr 127.0.0.1 + Port 8193 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9193 + Divert yes + Match from ip 127.0.0.1 to ip 127.0.0.1 + Split from ip 127.0.0.1 to ip 127.0.0.1 + Match from ip 127.0.0.1 to ip 127.0.0.1 +} +ProxySpec { + Proto https + Addr 127.0.0.1 + Port 8194 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9194 + Divert yes + Match from ip 127.0.0.1 to ip 127.0.0.1 + Split from ip 127.0.0.1 to ip 127.0.0.1 + Match from ip 127.0.0.1 to ip 127.0.0.1 +} + +# Tests for Pass filtering rules +ProxySpec { + Proto http + Addr 127.0.0.1 + Port 8195 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9195 + Divert yes + Match from ip 127.0.0.1 to ip 127.0.0.1 + Pass from ip 127.0.0.1 to ip 127.0.0.1 log connect + Match from ip 127.0.0.1 to ip 127.0.0.1 +} +ProxySpec { + Proto https + Addr 127.0.0.1 + Port 8196 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9196 + Divert yes + Match from ip 127.0.0.1 to ip 127.0.0.1 + Pass from ip 127.0.0.1 to ip 127.0.0.1 log connect + Match from ip 127.0.0.1 to ip 127.0.0.1 +} + +# Tests for Block filtering rules +ProxySpec { + Proto http + Addr 127.0.0.1 + Port 8197 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9197 + Divert yes + Match from ip 127.0.0.1 to ip 127.0.0.1 + Block from ip 127.0.0.1 to ip 127.0.0.1 + Match from ip 127.0.0.1 to ip 127.0.0.1 +} +ProxySpec { + Proto https + Addr 127.0.0.1 + Port 8198 + DivertPort 8080 + TargetAddr 127.0.0.1 + TargetPort 9198 + Divert yes + Match from ip 127.0.0.1 to ip 127.0.0.1 + Block from ip 127.0.0.1 to ip 127.0.0.1 + Match from ip 127.0.0.1 to ip 127.0.0.1 +} diff --git a/tests/testproxy/testharness.json b/tests/testproxy/testharness.json index 8d85b12..659cc08 100644 --- a/tests/testproxy/testharness.json +++ b/tests/testproxy/testharness.json @@ -42,6 +42,15 @@ "6": "userauth_testset_1.json", "7": "userauth_testset_2.json" } + }, + "5": { + "comment": "Filtering rules tests", + "testsets": { + "1": "filter_divert_testset_1.json", + "2": "filter_split_testset_1.json", + "3": "filter_pass_testset_1.json", + "4": "filter_block_testset_1.json" + } } } } diff --git a/tests/testproxy/testharness_no_tls11.json b/tests/testproxy/testharness_no_tls11.json index 2908deb..2bbcc49 100644 --- a/tests/testproxy/testharness_no_tls11.json +++ b/tests/testproxy/testharness_no_tls11.json @@ -37,6 +37,15 @@ "6": "userauth_testset_1.json", "7": "userauth_testset_2.json" } + }, + "5": { + "comment": "Filtering rules tests", + "testsets": { + "1": "filter_divert_testset_1.json", + "2": "filter_split_testset_1.json", + "3": "filter_pass_testset_1.json", + "4": "filter_block_testset_1.json" + } } } } \ No newline at end of file diff --git a/tests/testproxy/testharness_no_tls13.json b/tests/testproxy/testharness_no_tls13.json index e16b7d6..0fa0a8f 100644 --- a/tests/testproxy/testharness_no_tls13.json +++ b/tests/testproxy/testharness_no_tls13.json @@ -41,6 +41,15 @@ "6": "userauth_testset_1.json", "7": "userauth_testset_2.json" } + }, + "5": { + "comment": "Filtering rules tests", + "testsets": { + "1": "filter_divert_testset_1.json", + "2": "filter_split_testset_1.json", + "3": "filter_pass_testset_1.json", + "4": "filter_block_testset_1.json" + } } } } diff --git a/tests/testproxy/testharness_split.json b/tests/testproxy/testharness_split.json index 6527a75..25de1b7 100644 --- a/tests/testproxy/testharness_split.json +++ b/tests/testproxy/testharness_split.json @@ -42,6 +42,15 @@ "6": "userauth_testset_1.json", "7": "userauth_testset_2.json" } + }, + "5": { + "comment": "Filtering rules tests", + "testsets": { + "1": "filter_divert_testset_1.json", + "2": "filter_split_testset_1.json", + "3": "filter_pass_testset_1.json", + "4": "filter_block_testset_1.json" + } } } } diff --git a/tests/testproxy/testharness_split_no_tls11.json b/tests/testproxy/testharness_split_no_tls11.json index 66e5ea7..e865eb9 100644 --- a/tests/testproxy/testharness_split_no_tls11.json +++ b/tests/testproxy/testharness_split_no_tls11.json @@ -37,6 +37,15 @@ "6": "userauth_testset_1.json", "7": "userauth_testset_2.json" } + }, + "5": { + "comment": "Filtering rules tests", + "testsets": { + "1": "filter_divert_testset_1.json", + "2": "filter_split_testset_1.json", + "3": "filter_pass_testset_1.json", + "4": "filter_block_testset_1.json" + } } } } \ No newline at end of file diff --git a/tests/testproxy/testharness_split_no_tls13.json b/tests/testproxy/testharness_split_no_tls13.json index 58ee5ce..33bde37 100644 --- a/tests/testproxy/testharness_split_no_tls13.json +++ b/tests/testproxy/testharness_split_no_tls13.json @@ -41,6 +41,15 @@ "6": "userauth_testset_1.json", "7": "userauth_testset_2.json" } + }, + "5": { + "comment": "Filtering rules tests", + "testsets": { + "1": "filter_divert_testset_1.json", + "2": "filter_split_testset_1.json", + "3": "filter_pass_testset_1.json", + "4": "filter_block_testset_1.json" + } } } }