Main RocketGit repo
/tests/http.inc.php (c8f3836a94bf56744a5fb8f42acd60e778837179) (10142 bytes) (mode 100644) (type blob)
<?php
/*
* Clean all cookies
*/
function clean_cookies($test)
{
$path = __DIR__ . '/jars';
if (!file_exists($path))
return;
$cookie_jar = $path . '/' . $test;
rg_log('Cleaning cookies from [' . $cookie_jar . ']...');
@unlink($cookie_jar);
}
/*
* This is called at the begining of all tests
*/
function prepare_http($info)
{
clean_cookies($info['id']);
}
/*
* Data is an array
*/
function do_req($info, $url, &$data, &$headers)
{
global $cookie_jar;
static $http_handles = array();
global $_testns;
global $rg_log_sid;
$id = $info['id'];
if (!isset($info['referer']))
$info['referer'] = '';
if (!isset($info['ua']))
$info['ua'] = 'curl';
if (!isset($info['test']))
$info['test'] = $_testns;
$path = __DIR__ . '/jars';
if (!file_exists($path))
mkdir($path);
$cookie_jar = $path . '/' . $id;
if (is_null($data))
$data = array();
if (!is_array($headers)) {
rg_log("Headers is not an array, reset it.");
$headers = array();
}
// to easy identify requests in the logs
if (!strstr($url, '?'))
$url .= '?tid=' . rg_id(10);
else
$url .= '&tid=' . rg_id(10);
$url .= '&_testns=' . $_testns;
$url .= '&rg_log_sid=' . $rg_log_sid;
rg_log_ml('do_req url: ' . $url . "\n"
. 'info=' . print_r($info, TRUE) . "\n"
. 'data=' . print_r($data, TRUE) . "\n"
. 'headers=' . print_r($headers, TRUE));
$c = FALSE;
if (isset($http_handles[$id]))
$c = $http_handles[$id];
if ($c === FALSE) {
$c = curl_init();
$http_handles[$id] = $c;
}
curl_setopt($c, CURLOPT_URL, $url);
if (!empty($data)) {
curl_setopt($c, CURLOPT_POST, 1);
curl_setopt($c, CURLOPT_POSTFIELDS, $data);
} else {
curl_setopt($c, CURLOPT_POST, 0);
}
curl_setopt($c, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($c, CURLOPT_HEADER, 1);
curl_setopt($c, CURLOPT_HTTPHEADER, $headers);
curl_setopt($c, CURLOPT_USERAGENT, $info['ua']);
curl_setopt($c, CURLOPT_REFERER, $info['referer']);
curl_setopt($c, CURLOPT_CERTINFO, TRUE);
curl_setopt($c, CURLOPT_VERBOSE, TRUE);
curl_setopt($c, CURLOPT_ENCODING , 'gzip');
curl_setopt($c, CURLOPT_COOKIEJAR, $cookie_jar);
curl_setopt($c, CURLOPT_COOKIEFILE, $cookie_jar);
// HTTP/2
if (curl_version()['features'] & CURL_VERSION_HTTP2)
curl_setopt($c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0);
$err = @fopen('php://temp', 'w');
if ($err !== FALSE) {
curl_setopt($c, CURLOPT_STDERR, $err);
} else {
rg_log('Cannot open stderr redirection!');
}
$r = curl_exec($c);
if ($err !== FALSE) {
rewind($err);
$xerr = @fread($err, 16 * 4096);
fclose($err);
rg_log_ml($xerr);
}
if ($r === FALSE) {
rg_log_ml("Cannot load (url=$url), data: "
. print_r($data, TRUE));
rg_log("curl error: " . curl_error($c));
exit(1);
}
$ret = array();
$ret['rg_debug_html'] = array();
$ret['ci'] = @curl_getinfo($c);
if ($ret['ci'] === FALSE) {
rg_log('Cannot call curl_getinfo!');
exit(1);
}
//rg_log_debug('ci: ' . print_r($ret['ci'], TRUE));
if ($ret['ci']['http_code'] == 500)
return $ret;
$header_size = $ret['ci']['header_size'];
//rg_log_debug('r (len=' . strlen($r) . '): ' . $r);
//rg_log_debug('header_size: ' . $header_size);
$ret['header'] = substr($r, 0, $header_size);
$ret['body'] = substr($r, $header_size);
if ($ret['ci']['http_code'] != 200)
return $ret;
$x = explode(' --rg_debug_html-- ', $ret['body']);
if (isset($x[2])) {
$j = @json_decode($x[1], TRUE);
if ($j === FALSE) {
rg_log('Cannot decode rg_debug_html json: ' . $x[1]);
exit(1);
}
$ret['rg_debug_html'] = $j;
if (!empty($ret['rg_debug_html']))
rg_log_ml('rg_debug_html: '
. print_r($ret['rg_debug_html'], TRUE));
$ret['body'] = $x[0] . $x[2];
}
if (stristr($ret['header'], 'Content-Type: text/html')) {
// Check for XSS
if (stristr($ret['body'], '<xss>')) {
file_put_contents('http_xss.out', $ret['body']);
rg_log("Found <xss> token! Check http_xss.out. Not good!");
exit(1);
}
}
// TODO: should we compress the file downloads?
if (stristr($ret['header'], 'Content-Disposition: attachment'))
return $ret;
if (!stristr($ret['header'], 'X-RocketGit-skip-compression: 1')
&& (!stristr($ret['header'], 'Content-Encoding: gzip'))) {
rg_log('Content is not compressed!');
exit(1);
}
if (!stristr($ret['header'], 'X-RocketGit-skip-etag: 1')
&& (!stristr($ret['header'], "\n" . 'ETag: '))) {
rg_log('ETag is not present!');
exit(1);
}
// Check with tidy
if (!stristr($ret['header'], 'Content-Type: ')) {
// do nothing
} else if (stristr($ret['header'], 'Content-Type: application/octet-stream')) {
// do nothing
} else if (stristr($ret['header'], 'Content-Type: application/x-rpm')) {
// do nothing
} else if (stristr($ret['header'], 'Content-Type: text/xml')) {
// do nothing - TODO: should we parse it?
} else if (stristr($ret['header'], 'Content-Type: text/html')) {
// some fixes
$ret['body'] = str_replace('autocomplete="off"', '', $ret['body']);
$ret['body'] = str_replace('<xss>', '|xss|', $ret['body']);
$_tf = $_testns . '.tidy';
file_put_contents($_tf . '.in', $ret['body']);
$cmd = 'tidy -errors -utf8 -file ' . escapeshellarg($_tf)
. '.out ' . escapeshellarg($_tf) . '.in';
$r = rg_exec($cmd, '', FALSE, FALSE, FALSE);
if ($r['ok'] != 1) {
rg_log_ml('body: ' . $ret['body']);
rg_log_ml('tidy error: ' . $r['stderr']);
rg_log_ml(file_get_contents($_tf . '.out'));
exit(1);
}
@unlink($_tf . '.in');
@unlink($_tf . '.out');
} else if (stristr($ret['header'], 'Content-Type: application/json')) {
$ret['json'] = @json_decode($ret['body'], TRUE);
if ($ret['json'] === NULL) {
rg_log('body: ' . $ret['body']);
rg_log('Cannot decode JSON: ' . json_last_error_msg() . '!');
exit(1);
}
rg_log_ml('Decoded JSON: ' . print_r($ret['json'], TRUE));
} else {
rg_log('I do not know how to deal with this content-type!');
exit(1);
}
// Check if a '@@' is present
if (strstr($ret['body'], '@@')) {
$t = explode('@@', $ret['body']);
$t = explode('@@', $t[1]);
if (!strstr($t[0], ' ')) {
rg_log_ml('body: ' . $ret['body']);
rg_log("We have unresolved variables: [" . $t[0] . "]!");
exit(1);
}
}
// Find cookies
$ret['cookies'] = array();
$x = preg_match_all('/[sS]et-[cC]ookie: (.*?)=(.*?)[;]/',
$ret['header'], $matches, PREG_SET_ORDER);
if ($x !== FALSE) {
foreach ($matches as $junk => $info) {
$k = $info[1];
$v = $info[2];
$ret['cookies'][$k] = $v;
}
}
//rg_log_ml('ret[cookies]: ' . print_r($ret['cookies'], TRUE));
$ret['sid'] = '';
if (isset($ret['cookies']['sidu']))
$ret['sid'] = $ret['cookies']['sidu'];
if (isset($ret['cookies']['sids']))
$ret['sid'] = $ret['cookies']['sids'];
$ret['tokens'] = array();
$x = preg_match_all('/ name="token" value="([a-zA-Z0-9_:]*)"/',
$ret['body'], $matches);
//rg_log_debug('tokens matches: ' . print_r($matches, TRUE));
if (($x === FALSE) || (!isset($matches[1]))) {
//rg_log("CHECK: no token found");
} else {
foreach ($matches[1] as $m) {
$t = explode(':', $m);
if (!isset($t[1])) {
rg_log_ml('body: ' . print_r($ret['body'], TRUE));
rg_log_ml('matches: ' . print_r($matches[1], TRUE));
rg_log('Invalid debug token (no prefix): ' . $m);
exit(1);
}
$ret['tokens'][$t[1]] = $t[0];
}
}
rg_log('DEBUG ret[tokens]: ' . rg_array2string($ret['tokens']) . '.');
// Collect '<input>' tags
$ret['inputs'] = array();
$x = preg_match_all('/<input .* name="(.*?)" .*value="(.*?)"/uD',
$ret['body'], $matches);
//rg_log_debug('inputs matches: ' . print_r($matches, TRUE));
if (($x === FALSE) || (!isset($matches[1]))) {
//rg_log("CHECK: no token found");
} else {
foreach ($matches[1] as $i => $d)
$ret['inputs'][$d] = $matches[2][$i];
}
//rg_log_ml('DEBUG ret[inputs]: ' .print_r($ret['inputs'], TRUE));
// find logout token
$x = preg_match('/logout\?token=([a-zA-Z0-9:]*)"/', $ret['body'], $matches);
//rg_log_debug('matches[logout]: ' . print_r($matches, TRUE));
if (($x === FALSE) || (!isset($matches[1]))) {
$ret['tokens']['logout'] = '';
} else {
$t = explode(':', $matches[1]);
$ret['tokens']['logout'] = $t[0];
}
$x = preg_match_all('/ class="secret_token">([A-Z0-9]*)</', $ret['body'], $matches);
if (($x !== FALSE) && (isset($matches[1])) && isset($matches[1][0])) {
$ret['totp_secret'] = $matches[1][0];
rg_log('DEBUG ret[totp_secret]=' . $ret['totp_secret']);
}
@rename('http-last.out', 'http-prev.out');
file_put_contents('http-last.out', $ret['body']);
return $ret;
}
/*
* Helper function that will do the login
*/
function test_login($url, $rg_ui)
{
$info = array('id' => $rg_ui['username']);
// First we need to load the form so we can get the token
$data = array();
$r = do_req($info, $url . "/op/login", $data, $headers);
if ($r === FALSE) {
rg_log('Cannot load login form!');
return FALSE;
}
if (!isset($r['tokens']['login'])) {
rg_log_ml('r: ' . print_r($r, TRUE));
rg_log('Login token not returned!');
return FALSE;
}
$good_token = $r['tokens']['login'];
// Now, post login form
rg_log("Do the real login post request");
$data = array(
"doit" => 1,
"token" => $good_token,
"user" => $rg_ui['username'],
"pass" => $rg_ui['pass'],
"lock_ip" => 1
);
if (isset($rg_ui['t']))
$data['t'] = $rg_ui['t'];
$headers = array();
$r = do_req($info, $url . "/op/login", $data, $headers);
if ($r === FALSE) {
rg_log_ml("Cannot login: " . print_r($r, TRUE));
return FALSE;
}
if (strstr($r['body'], "invalid user")) {
rg_log_ml(print_r($r, TRUE));
rg_log("Login invalid. Check above!");
return FALSE;
}
return $r;
}
/*
* Restore password aaaa for user catab
*/
function test_restore($db)
{
$salt = 'd0a41957b835fbf7bfe63b750db15108cc048259';
$pass = 'aaaa';
$pass = rg_user_pass($salt, $pass);
$sql = "UPDATE users SET salt = '$salt'"
. ", pass = '$pass'"
. ", session_time = 3600"
. " WHERE username = 'catab'";
$res = rg_sql_query($db, $sql);
if ($res == FALSE) {
rg_log("Cannot update (" . rg_sql_error() . ")!");
exit(1);
}
rg_sql_free_result($res);
rg_cache_unset('user::4::info', RG_SOCKET_NO_WAIT);
}
| Mode | Type | Size | Ref | File |
|---|---|---|---|---|
| 100644 | blob | 9 | f3c7a7c5da68804a1bdf391127ba34aed33c3cca | .exclude |
| 100644 | blob | 95 | 3e2e24ae7f12c3618604c014e2a5cdbc7572d73d | .gitignore |
| 100644 | blob | 375 | 1f425bcd2049c526744d449511094fc045ceac74 | AUTHORS |
| 100644 | blob | 1132 | dd65951315f3de6d52d52a82fca59889d1d95187 | Certs.txt |
| 100644 | blob | 1538 | 3f88d5ff4a2a7b3328dde912fc95c46e52da9a7d | History.txt |
| 100644 | blob | 34520 | dba13ed2ddf783ee8118c6a581dbf75305f816a3 | LICENSE |
| 100644 | blob | 3341 | 994c8a35a81ada4c768ba38bbea6dae006a35be0 | Makefile.in |
| 100644 | blob | 5013 | 726b89f5ea8777af6099eb82110136fb1702c41b | README |
| 100644 | blob | 179703 | 3a70d08e1af14f7c82650d35086b17d82bb9cf7f | TODO |
| 100644 | blob | 1294 | f22911eb777f0695fcf81ad686eac133eb11fcc4 | TODO-plans |
| 100644 | blob | 203 | a2863c67c3da44126b61a15a6f09738c25e0fbe0 | TODO.perf |
| 100644 | blob | 967 | 56bbaa7c937381fb10a2907b6bbe056ef8cc824a | TODO.vm |
| 040000 | tree | - | 21928e906ad2907a55c2e81c2a8b0502b586b8a0 | artwork |
| 100644 | blob | 5118 | 29b8b86a2eebbd5e33e7fe03c6bb8cf269601dbb | compare.csv |
| 100755 | blob | 30 | 92c4bc48245c00408cd7e1fd89bc1a03058f4ce4 | configure |
| 040000 | tree | - | 9e126f629e04ddbf18a7ad306a0e931a281a2cea | debian |
| 040000 | tree | - | 2e58bf5808e1f01f1e5f9fbc8764427436b6490f | docker |
| 040000 | tree | - | f67d3605efbd6422a8acdd953578991139266391 | docs |
| 100755 | blob | 17577 | 06fe0062db5d1135bcfa1f48a10e84b3596d8c15 | duilder |
| 100644 | blob | 536 | e31b63f440c725a5b491489e6a4bf35ee66ff073 | duilder.conf |
| 040000 | tree | - | 1a62427b7e1e1e78bbb0c05f5d7bc62d7306e4d3 | hooks |
| 040000 | tree | - | de64aef06b9336bac4fcd08ff8c4b51aee044d58 | inc |
| 040000 | tree | - | e255ce234c3993998edc12bc7e93fff555376eda | misc |
| 100644 | blob | 5041 | 9aff7e789afc6ca163c993a32c74be373fcb7990 | rocketgit.spec |
| 040000 | tree | - | 4590e719b10742d0d0eacffc171f226082fa16e4 | root |
| 040000 | tree | - | b86827bac5f0358438c1358179615a5db0dec9a7 | samples |
| 040000 | tree | - | 0d85089831878faad57e957c36a4ad0c7113523f | scripts |
| 040000 | tree | - | a3cb7109a47e7dae03a78667841b986e23baa224 | selinux |
| 100755 | blob | 256 | 462ccd108c431f54e380cdac2329129875a318b5 | spell_check.sh |
| 040000 | tree | - | 16e63d499e2c018ced3a78f3ed162d7b54b168ed | techdocs |
| 040000 | tree | - | 4bf43340a24dd859890f3133b501bbd528389691 | tests |
| 040000 | tree | - | e810d7397575886ef495708d571eb3675f6928ba | tools |
Hints:
Before first commit, do not forget to setup your git environment:
Clone this repository using HTTP(S):
Clone this repository using ssh (do not forget to upload a key first):
Clone this repository using git:
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"
git config --global user.email "your@email_here"
Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/catalinux/rocketgit
Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit
Clone this repository using git:
git clone git://git.rocketgit.com/user/catalinux/rocketgit
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main
... make some changes and some commits ...
git push origin main
RocketGit
Rocket your launch!
Rocket your launch!