-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add basic tests for new JS challenge behaviour #551
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
EvgeniiMekhanik
force-pushed
the
MekhanikEvgenii/fix-1102
branch
6 times, most recently
from
November 16, 2023 20:06
9478438
to
82afba6
Compare
EvgeniiMekhanik
force-pushed
the
MekhanikEvgenii/fix-1102
branch
4 times, most recently
from
December 1, 2023 15:16
a3c9905
to
e743f11
Compare
RomanBelozerov
force-pushed
the
MekhanikEvgenii/fix-1102
branch
from
December 5, 2023 10:35
6477e99
to
80e5c94
Compare
EvgeniiMekhanik
force-pushed
the
MekhanikEvgenii/fix-1102
branch
17 times, most recently
from
December 22, 2023 08:02
b0ca6df
to
d0ac60b
Compare
const-t
approved these changes
May 1, 2024
sessions/test_cookies.py
Outdated
|
||
@parameterize.expand( | ||
[ | ||
# If no options are set, session lifetime is equal to INT_MAX (4294967295) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
INT_MAX on x86 is 2147483647.
- Remove `delay_limit` options from the tests, because it was removed from tempesta. - Implement tests for `max_misses` and redirect mark.
…Js challenge inside vhost, but did not explain the work process. `JSChallengeVhost` and `JSChallengeDefVhostInherit` removed because it is duplicate for `VhostCookies` and `CookiesInherit` from `sessions.test_cookies` New tests: - a bad first request (`POST` method or invalid `Accept` header); - second request is not equal first; - the number of invalid requests is greater than `max_misses`; - block after Tempesta restart; - block after connection restart; - resp_code;
- `*/*` and `text/*` are valid Accept header for JS because they contain 'text/html'; - changed a response status code when Tempesta blocks client connection. 400 Bad Request -> 429 Too Many Requests
- Fix error codes according discussion - Add two tests, first for pipelined POST requests, second for multiple cookie headers - Remove sleep from max misses test (max_misses are counted only per second as other frang settings)
Add max_misses=0 for enforced cookies, where we do not check this option
Cookie options and js_challenge directives in our config are only valid when cookie is present. If Path and Max-Age or Expires are not set in cookie eptions they should be explicitly set by Tempesta FW.
- Add tests where we use x-http-method-override in requests, which should/shouldn't be challenged according it's http method. - Add tests to check session lifetime and Max-Age header in cookie. - Check that we don't drop response with multiple Set-Cookie header field in response with the same cookie-name, but write warning in dmesg.
- enable tests blocked by merged PR - set frang http_strict_host_checking false; - disable configuration tests for remote and TCP segmentation. - Change response status codes when Accept header is */* or text/*. - disable deproxy auto parser for pipelined requests
EvgeniiMekhanik
force-pushed
the
MekhanikEvgenii/fix-1102
branch
2 times, most recently
from
May 2, 2024 13:17
e58969e
to
bf1ac60
Compare
EvgeniiMekhanik
force-pushed
the
MekhanikEvgenii/fix-1102
branch
from
May 2, 2024 15:21
bf1ac60
to
d89a99b
Compare
Also change check client.conn_is_closed() to client.wait_for_connection_close(), to make tests not flaky
EvgeniiMekhanik
force-pushed
the
MekhanikEvgenii/fix-1102
branch
from
May 3, 2024 06:45
d89a99b
to
07556ff
Compare
RomanBelozerov
approved these changes
May 6, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #923