Main RocketGit repo
/tests/http.inc.php (5710dde5f59754fa9da5710af9b7b7bc2f57414c) (7418 bytes) (mode 100644) (type blob)
<?php
if (!isset($test_ua))
$test_ua = "curl";
/*
* Clean all cookies
*/
function clean_cookies()
{
global $_testns;
$path = __DIR__ . '/jars';
if (!file_exists($path))
return;
rg_log('Cleaning cookies...');
$cookie_jar = $path . '/' . $_testns;
@unlink($cookie_jar);
}
/*
* This is called at the begining of all tests
*/
function prepare_http()
{
clean_cookies();
}
/*
* Data is an array
*/
$http_handles = array();
function do_req($url, &$data, &$headers)
{
global $test_ua, $test_referer;
global $cookie_jar;
global $http_handles;
global $http_client;
global $_testns;
if (!isset($http_client))
$http_client = $_testns;
$path = __DIR__ . '/jars';
if (!file_exists($path))
mkdir($path);
$cookie_jar = $path . '/' . $http_client;
if (!is_array($data))
$data = array();
if (!is_array($headers)) {
rg_log("Headers is not an array, reset it.");
$headers = array();
}
if (!strstr($url, '?'))
$url .= '?rg_debug=1';
else
$url .= '&rg_debug=1';
$url .= '&tid=' . rg_id(10); // to easy identify requests in the logs
rg_log_ml("do_req url[$url] data=" . print_r($data, TRUE)
. "headers=" . print_r($headers, TRUE));
$c = FALSE;
if (isset($http_handles[$http_client]))
$c = $http_handles[$http_client];
if ($c === FALSE) {
$c = curl_init();
$http_handles[$http_client] = $c;
}
curl_setopt($c, CURLOPT_URL, $url);
if (!empty($data)) {
curl_setopt($c, CURLOPT_POST, 1);
curl_setopt($c, CURLOPT_POSTFIELDS, $data);
} else {
curl_setopt($c, CURLOPT_POST, 0);
curl_setopt($c, CURLOPT_POSTFIELDS, '');
}
curl_setopt($c, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($c, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($c, CURLOPT_HEADER, 1);
curl_setopt($c, CURLOPT_HTTPHEADER, $headers);
curl_setopt($c, CURLOPT_USERAGENT, $test_ua);
curl_setopt($c, CURLOPT_REFERER, $test_referer);
curl_setopt($c, CURLOPT_CERTINFO, TRUE);
curl_setopt($c, CURLOPT_VERBOSE, TRUE);
curl_setopt($c, CURLOPT_ENCODING , 'gzip');
curl_setopt($c, CURLOPT_COOKIEJAR, $cookie_jar);
curl_setopt($c, CURLOPT_COOKIEFILE, $cookie_jar);
// HTTP/2
if (curl_version()['features'] & CURL_VERSION_HTTP2)
curl_setopt($c, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_2_0);
$err = @fopen('php://temp', 'w');
if ($err !== FALSE) {
curl_setopt($c, CURLOPT_STDERR, $err);
} else {
rg_log('Cannot open stderr redirection!');
}
$r = curl_exec($c);
if ($err !== FALSE) {
rewind($err);
$xerr = @fread($err, 16 * 4096);
fclose($err);
rg_log_ml($xerr);
}
if ($r === FALSE) {
rg_log_ml("Cannot load (url=$url), data: "
. print_r($data, TRUE));
rg_log("curl error: " . curl_error($c));
return FALSE;
}
$ret = array();
$header_size = curl_getinfo($c, CURLINFO_HEADER_SIZE);
$ret['header'] = substr($r, 0, $header_size);
$ret['body'] = substr($r, $header_size);
// Check for XSS
if (stristr($ret['body'], '<xss>')) {
file_put_contents('http_xss.out', $ret['body']);
rg_log("Found <xss> token! Check http_xss.out. Not good!");
exit(1);
}
// Check with tidy
if (!empty($ret['body'])) { // we may have a redirect
// some fixes
$ret['body'] = str_replace('autocomplete="off"', '', $ret['body']);
$ret['body'] = str_replace('<xss>', '|xss|', $ret['body']);
file_put_contents("http.tidy.in", $ret['body']);
$cmd = "tidy -errors -utf8 -file http.tidy.out http.tidy.in";
$r = rg_exec($cmd, '', FALSE, FALSE, FALSE);
if ($r['ok'] != 1) {
rg_log_ml('tidy error: ' . $r['stderr']);
rg_log_ml(file_get_contents('http.tidy.out'));
exit(1);
}
}
// Check if a '@@' is present
if (strstr($ret['body'], '@@')) {
$t = explode('@@', $ret['body']);
$t = explode('@@', $t[1]);
if (!strstr($t[0], ' ')) {
rg_log_ml("We have unresolved variables: [" . $t[0] . "]!");
exit(1);
}
}
// Find cookies
$ret['cookies'] = array();
$x = preg_match_all('/Set-Cookie: (.*?)=(.*?)[;]/',
$ret['header'], $matches, PREG_SET_ORDER);
if ($x !== FALSE) {
foreach ($matches as $junk => $info) {
$k = $info[1];
$v = $info[2];
$ret['cookies'][$k] = $v;
}
}
//rg_log_ml('ret[cookies]: ' . print_r($ret['cookies'], TRUE));
$ret['sid'] = '';
if (isset($ret['cookies']['sidu']))
$ret['sid'] = $ret['cookies']['sidu'];
if (isset($ret['cookies']['sids']))
$ret['sid'] = $ret['cookies']['sids'];
$ret['tokens'] = array();
$x = preg_match_all('/ name="token" value="([a-zA-Z0-9_:]*)"/',
$ret['body'], $matches);
//rg_log_ml('DEBUG: matches: ' . print_r($matches, TRUE));
if (($x === FALSE) || (!isset($matches[1]))) {
//rg_log("CHECK: no token found");
} else {
foreach ($matches[1] as $m) {
$t = explode(':', $m);
if (!isset($t[1])) {
rg_log_ml('body: ' . print_r($ret['body'], TRUE));
rg_log_ml('matches: ' . print_r($matches[1], TRUE));
rg_log('Invalid debug token (no prefix): ' . $m);
exit(1);
}
$ret['tokens'][$t[1]] = $t[0];
}
}
rg_log_ml('DEBUG ret[tokens]: ' . print_r($ret['tokens'], TRUE));
// find logout token
$x = preg_match('/logout\?token=([a-zA-Z0-9:]*)"/', $ret['body'], $matches);
//rg_log_ml('DEBUG: matches[logout]: ' . print_r($matches, TRUE));
if (($x === FALSE) || (!isset($matches[1]))) {
$ret['tokens']['logout'] = '';
} else {
$t = explode(':', $matches[1]);
$ret['tokens']['logout'] = $t[0];
}
$x = preg_match_all('/ class="secret_token">([A-Z0-9]*)</', $ret['body'], $matches);
if (($x !== FALSE) && (isset($matches[1])) && isset($matches[1][0])) {
$ret['totp_secret'] = $matches[1][0];
rg_log('DEBUG ret[totp_secret]=' . $ret['totp_secret']);
}
@rename('http-last.out', 'http-prev.out');
file_put_contents('http-last.out', $ret['body']);
return $ret;
}
/*
* Helper function that will do the login
*/
function test_login($url, $rg_ui)
{
global $test_ua;
// First we need to load the form so we can get the token
$data = array();
$r = do_req($url . "/op/login", $data, $headers);
if ($r === FALSE) {
rg_log('Cannot load login form!');
return FALSE;
}
if (!isset($r['tokens']['login'])) {
rg_log_ml('r: ' . print_r($r, TRUE));
rg_log('Login token not returned!');
return FALSE;
}
$good_token = $r['tokens']['login'];
// Now, post login form
rg_log("Do the real login post request");
$data = array(
"doit" => 1,
"token" => $good_token,
"user" => $rg_ui['username'],
"pass" => $rg_ui['pass'],
"lock_ip" => 1
);
if (isset($rg_ui['t']))
$data['t'] = $rg_ui['t'];
$headers = array();
$r = do_req($url . "/op/login", $data, $headers);
if ($r === FALSE) {
rg_log_ml("Cannot login: " . print_r($r, TRUE));
return FALSE;
}
if (strstr($r['body'], "invalid user")) {
rg_log_ml(print_r($r, TRUE));
rg_log("Login invalid. Check above!");
return FALSE;
}
return $r;
}
/*
* Restore password aaaa for user catab
*/
function test_restore($db)
{
$salt = 'd0a41957b835fbf7bfe63b750db15108cc048259';
$pass = 'aaaa';
$pass = rg_user_pass($salt, $pass);
$sql = "UPDATE users SET salt = '$salt'"
. ", pass = '$pass'"
. ", session_time = 3600"
. " WHERE username = 'catab'";
$res = rg_sql_query($db, $sql);
if ($res == FALSE) {
rg_log("Cannot update (" . rg_sql_error() . ")!");
exit(1);
}
rg_sql_free_result($res);
rg_cache_unset('user::4::info', RG_SOCKET_NO_WAIT);
}
/*
* Set user agent
*/
function test_set_ua($s)
{
global $test_ua;
$test_ua = $s;
}
/*
* Set referer
*/
function test_set_referer($s)
{
global $test_referer;
$test_referer = $s;
}
?>
| Mode | Type | Size | Ref | File |
|---|---|---|---|---|
| 100644 | blob | 9 | f3c7a7c5da68804a1bdf391127ba34aed33c3cca | .exclude |
| 100644 | blob | 102 | eaeb7d777062c60a55cdd4b5734902cdf6e1790c | .gitignore |
| 100644 | blob | 341 | 4f4fc30b693128521d8deabbd0e1a09e46b6ced5 | AUTHORS |
| 100644 | blob | 1132 | dd65951315f3de6d52d52a82fca59889d1d95187 | Certs.txt |
| 100644 | blob | 1178 | 18c1f4f5d5cc03c630566e39418788160c2b0a24 | History.txt |
| 100644 | blob | 34520 | dba13ed2ddf783ee8118c6a581dbf75305f816a3 | LICENSE |
| 100644 | blob | 3398 | cf75b360b8a3e6ef86bc4a42648e353bd58c2a80 | Makefile.in |
| 100644 | blob | 5649 | 0be60bc826db4b315efb6e15cb499a577c3340d2 | README |
| 100644 | blob | 136232 | 9a1643c1672b63d18b16775918520c7f559f0ddf | TODO |
| 100644 | blob | 1294 | f22911eb777f0695fcf81ad686eac133eb11fcc4 | TODO-plans |
| 100644 | blob | 203 | a2863c67c3da44126b61a15a6f09738c25e0fbe0 | TODO.perf |
| 100644 | blob | 1044 | 9bb3652b3937eb624dba0f2d8efff7ce6c0ce0e2 | TODO.vm |
| 040000 | tree | - | 21928e906ad2907a55c2e81c2a8b0502b586b8a0 | artwork |
| 100644 | blob | 4707 | 0da219f933a61fe4d34eb59e1a3829e19e3d246e | compare.csv |
| 100755 | blob | 30 | 92c4bc48245c00408cd7e1fd89bc1a03058f4ce4 | configure |
| 040000 | tree | - | 69114e8648f8e0e7173c76e30ca6bbfcece7df31 | debian |
| 040000 | tree | - | e1f903261de934d6a656f07278d8c99446eaf9e9 | docker |
| 040000 | tree | - | f67d3605efbd6422a8acdd953578991139266391 | docs |
| 100755 | blob | 16720 | 52405deef0d3708e7553022e1e9db73faa28d05c | duilder |
| 100644 | blob | 536 | 96c75f943c5bf93b54dbddf678e8a99d7ba4ff93 | duilder.conf |
| 040000 | tree | - | 2f3d689ae2a6df46f805b6a1d7e0036ad8304874 | hooks |
| 040000 | tree | - | 6d06d271895cb6d3d508335148a66e52e6a56e2c | inc |
| 040000 | tree | - | c070ac2ad296b44903e5e3495d81a905802a3d78 | misc |
| 100644 | blob | 3766 | a0f894a1e351d296c73467c75f4508a5ed85fc1e | rocketgit.spec.in |
| 040000 | tree | - | ebabf40af80662ecb8b82a95bfd91800db6ca18a | root |
| 040000 | tree | - | c6edd648d12e2e98861583d5a0d5eab8381b2c06 | samples |
| 040000 | tree | - | 7b6bd5c91f898dcee3e820cf289852c86291982a | scripts |
| 040000 | tree | - | f0806d955c8d64a3c1522c5ee97c4295a6203c5e | selinux |
| 100755 | blob | 256 | 462ccd108c431f54e380cdac2329129875a318b5 | spell_check.sh |
| 040000 | tree | - | cb54e074b3ca35943edfcda9dd9cfcd281bcd9e7 | techdocs |
| 040000 | tree | - | 0a6340f78c2c656cc34c9b3b59dcf26e581bafee | tests |
| 040000 | tree | - | bc0ac4ce1d9e6c858f09fa0c615f1c9f55609b6f | tools |
Hints:
Before first commit, do not forget to setup your git environment:
Clone this repository using HTTP(S):
Clone this repository using ssh (do not forget to upload a key first):
Clone this repository using git:
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"
git config --global user.email "your@email_here"
Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/catalinux/rocketgit
Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit
Clone this repository using git:
git clone git://git.rocketgit.com/user/catalinux/rocketgit
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main
... make some changes and some commits ...
git push origin main
RocketGit
Rocket your launch!
Rocket your launch!