1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
|
# Tests for the HTTP server
# Copyright (C) 2025 Nguyễn Gia Phong
#
# This file is part of scadere.
#
# Scadere is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Scadere is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with scadere. If not, see <https://www.gnu.org/licenses/>.
from asyncio import open_unix_connection, start_unix_server
from contextlib import asynccontextmanager, contextmanager
from copy import deepcopy
from datetime import datetime
from email.parser import BytesHeaderParser
from functools import partial
from http import HTTPMethod
from pathlib import Path
from shutil import rmtree
from tempfile import mkdtemp, mkstemp
from urllib.parse import urljoin, urlsplit
from xml.etree.ElementTree import (XML, XMLParser, indent,
tostring as str_from_xml)
from hypothesis import HealthCheck, given, settings
from hypothesis.strategies import (booleans, composite, data,
datetimes, from_type, integers,
sampled_from, sets, text, uuids)
from hypothesis.provisional import domains, urls
from pytest import raises
from scadere.check import base64_from_str, printable
from scadere.listen import (handle, is_subdomain, path, parse_summary,
str_from_base64, with_trailing_slash, xml)
ATOM_NAMESPACES = {'': 'http://www.w3.org/2005/Atom'}
XHTML_NAMESPACES = {'': 'http://www.w3.org/1999/xhtml'}
def ports():
"""Return a Hypothesis strategy for TCP ports."""
return integers(1, 65535)
def serials():
"""Return a Hypothesis strategy for TLS serial number."""
return integers(1, 256**20-1)
def base64s():
"""Return a Hypothesis strategy for printable strings in base64."""
return text().filter(printable).map(base64_from_str)
@given(domains(), ports(), serials(), text())
def test_path(hostname, port, number, string):
r = path(hostname, port, number, string).split('/')
assert r[0] == hostname
assert int(r[1]) == port
assert int(r[3]) == number
assert str_from_base64(r[2]) == string
@given(domains(), sets(domains()))
def test_is_subdomain(subject, objects):
if not objects:
assert is_subdomain(subject, objects)
elif is_subdomain(subject, objects):
assert any(child == '' or child.endswith('.')
for child in map(subject.removesuffix, objects))
else:
for obj in objects:
assert (not subject.endswith(obj)
or not subject.removesuffix(obj).endswith('.'))
def xml_unsupported_type(child):
"""Check if child is of a type supported by the XML constructor."""
return not isinstance(child, (tuple, str, int, datetime))
@given(text(), from_type(type).flatmap(from_type).filter(xml_unsupported_type))
def test_xml_unsupported_type(tag, child):
with raises(AssertionError, match='Expected code to be unreachable'):
xml((tag, {}, child))
@composite
def certificates(draw):
"""Return a Hypothesis strategy for certificate summaries."""
valid = draw(booleans())
not_before = draw(datetimes()).isoformat() if valid else 'N/A'
not_after = draw(datetimes()).isoformat()
hostname = draw(domains())
port = draw(ports())
number = draw(serials()) if valid else draw(uuids(version=4)).int
string = draw(base64s())
return f'{not_before} {not_after} {hostname} {port} {number} {string}'
@contextmanager
def tmp_cert_file(lines):
cert_file = Path(mkstemp(text=True)[1])
cert_file.write_text('\n'.join(lines))
try:
yield cert_file
finally:
cert_file.unlink()
def is_base_url(url):
"""Check if the given URL has a trailing slash.
The parser for command-line arguments
enforces this property for base URLs.
"""
return url.endswith('/')
@given(urls())
def test_with_trailing_slash(url):
if is_base_url(url):
assert with_trailing_slash(url) == url
else:
assert with_trailing_slash(url) == f'{url}/'
def is_root(base_url, url):
"""Check if the given URL points to the same base URL.
Paths starting with // are excluded because urljoin
sometimes confuse them with URL scheme.
"""
base_path = urlsplit(base_url).path
url_path = urlsplit(url).path
return urlsplit(urljoin(base_url, url_path)).path == base_path
def has_usual_path(url):
"""Check if the given URL path tends to mess with urljoin."""
return is_root(url, url)
@asynccontextmanager
async def connect(socket):
"""Return a read-write stream for an asyncio TCP connection."""
reader, writer = await open_unix_connection(socket)
try:
yield reader, writer
finally:
writer.close()
await writer.wait_closed()
async def write_request(writer, request):
"""Write given request."""
writer.write(request.encode())
await writer.drain()
assert writer.can_write_eof()
writer.write_eof()
async def fetch_xml(socket, url, content_type):
"""Fetch the content at the URL from the socket."""
header_parser = BytesHeaderParser()
xml_parser = XMLParser(encoding='utf-8')
async with connect(socket) as (reader, writer):
await write_request(writer, f'GET {url} HTTP/1.1\r\n')
status = await reader.readuntil(b'\r\n')
assert status == b'HTTP/1.1 200 OK\r\n'
headers_bytes = await reader.readuntil(b'\r\n\r\n')
headers = header_parser.parsebytes(headers_bytes)
assert headers['Content-Type'] == content_type
content = await reader.read()
assert len(content) == int(headers['Content-Length'])
return XML(content.decode(), xml_parser)
def equal_xml(a, b):
"""Check if the two XML elements are equal."""
a_copy, b_copy = deepcopy(a), deepcopy(b)
indent(a_copy)
indent(b_copy)
return str_from_xml(a_copy).rstrip() == str_from_xml(b_copy).rstrip()
async def check_feed(socket, base_url):
"""Check the Atom feed at the given path and its entry pages."""
feed = await fetch_xml(socket, base_url, 'application/atom+xml')
for entry in feed.findall('entry', ATOM_NAMESPACES):
link = entry.find('link', ATOM_NAMESPACES).attrib
assert link['rel'] == 'alternate'
page = await fetch_xml(socket, link['href'], link['type'])
assert equal_xml(entry.find('.//dl', XHTML_NAMESPACES),
page.find('.//dl', XHTML_NAMESPACES))
async def check_server(handler, func, *args):
"""Test request handler using func."""
d = Path(mkdtemp())
socket = d / 'sock'
try:
async with await start_unix_server(handler, socket):
await func(socket, *args)
finally:
rmtree(d)
def unique_netlocs(summaries):
"""Return summaries for unique network locations."""
return {parse_summary(summary)[2:4]: summary
for summary in summaries}.values()
@given(urls().filter(is_base_url).filter(has_usual_path),
sets(certificates(), min_size=1).map(unique_netlocs),
text().filter(printable))
@settings(suppress_health_check=[HealthCheck.too_slow])
async def test_content(base_url, certs, title):
base_path = urlsplit(base_url).path
with tmp_cert_file(certs) as cert_file:
handler = partial(handle, cert_file, base_url, title=title)
await check_server(handler, check_feed, base_path)
async def bad_request(socket, request):
"""Expect from socket a HTTP response with status 400."""
async with connect(socket) as (reader, writer):
await write_request(writer, request)
status = await reader.readuntil(b'\r\n')
assert status == b'HTTP/1.1 400 Bad Request\r\n'
@given(text().filter(lambda request: '\r\n' not in request))
async def test_incomplete_request(request):
with tmp_cert_file(()) as cert_file:
handler = partial(handle, cert_file, 'http://localhost')
await check_server(handler, bad_request, request)
async def not_found(socket, url):
"""Send GET request for URL and expect HTTP status 404 from socket."""
async with connect(socket) as (reader, writer):
await write_request(writer, f'GET {url} HTTP/1\r\n')
status = await reader.readuntil(b'\r\n')
assert status == b'HTTP/1 404 Not Found\r\n'
@given(data())
@settings(suppress_health_check=[HealthCheck.too_slow])
async def test_unrecognized_url(drawer):
base_url = drawer.draw(urls().filter(is_base_url), label='base URL')
url = drawer.draw(urls().filter(lambda url: not is_root(base_url, url)),
label='request URL')
with tmp_cert_file(()) as cert_file:
handler = partial(handle, cert_file, base_url)
await check_server(handler, not_found, urlsplit(url).path)
async def method_not_allowed(socket, method, url):
"""Expect from socket a HTTP response with status 405."""
async with connect(socket) as (reader, writer):
await write_request(writer, f'{method} {url} HTTP/1.1\r\n')
status = await reader.readuntil(b'\r\n')
assert status == b'HTTP/1.1 405 Method Not Allowed\r\n'
@given(urls(), sampled_from(HTTPMethod).filter(lambda method: method != 'GET'))
async def test_unallowed_method(base_url, method):
with tmp_cert_file(()) as cert_file:
handler = partial(handle, cert_file, base_url)
await check_server(handler, method_not_allowed, method.value, base_url)
async def unsupported_http_version(socket, url, version):
"""Expect from socket a HTTP response with status 505."""
async with connect(socket) as (reader, writer):
await write_request(writer, f'GET {url} HTTP/{version}\r\n')
status = await reader.readuntil(b'\r\n')
assert status == b'HTTP/1.1 505 HTTP Version Not Supported\r\n'
@given(urls().filter(is_base_url).filter(has_usual_path), integers(10))
async def test_unsupported_http_version(base_url, version):
with tmp_cert_file(()) as cert_file:
handler = partial(handle, cert_file, base_url)
await check_server(handler, unsupported_http_version,
base_url, version)
|
