Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add whitelist and greylist linux core tests

Browse source
This commit is contained in:
Théophile Diot 2023-09-23 09:02:35 +01:00
parent 9a17e92d62
commit ae9450d0dc
No known key found for this signature in database
GPG key ID: 248FEA4BAE400D06
9 changed files with 684 additions and 214 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
tests/core/greylist/api/main.py
View file

@ -1,3 +1,4 @@
from os import getenv
from fastapi import FastAPI
from fastapi.responses import PlainTextResponse
@ -7,7 +8,7 @@ app = FastAPI()
@app.get("/ip")
async def ip():
return PlainTextResponse("192.168.0.3\n10.0.0.0/8\n127.0.0.1/32")
return PlainTextResponse("192.168.0.3\n10.0.0.0/8\n127.0.0.0/24")
@app.get("/rdns")
@ -17,7 +18,7 @@ async def rdns():
@app.get("/asn")
async def asn():
return PlainTextResponse("1234\n13335\n5678")
return PlainTextResponse(f"1234\n{getenv('AS_NUMBER', '13335')}\n5678")
@app.get("/user_agent")
@ -28,3 +29,9 @@ async def user_agent():
@app.get("/uri")
async def uri():
return PlainTextResponse("/admin\n/login")
if __name__ == "__main__":
import uvicorn
uvicorn.run(app, host="127.0.0.1", port=8080)

3
tests/core/greylist/docker-compose.yml
View file

@ -60,6 +60,8 @@ services:
greylist-api:
build: api
environment:
AS_NUMBER: ""
networks:
bw-docker:
bw-services:
@ -68,6 +70,7 @@ services:
volumes:
bw-data:
networks:
bw-universe:
name: bw-universe

15
tests/core/greylist/init/main.py
View file

@ -1,8 +1,9 @@
from datetime import date
from gzip import GzipFile
from io import BytesIO
from pathlib import Path
from os import getenv, sep
from maxminddb import MODE_FD, open_database
from pathlib import Path
from requests import get
# Compute the mmdb URL
@ -18,7 +19,13 @@ with get(mmdb_url, stream=True) as resp:
file_content.write(chunk)
file_content.seek(0)
with open_database(GzipFile(fileobj=file_content, mode="rb"), mode=MODE_FD) as reader:
output_path = (
Path(sep, "output", "ip_asn.txt")
if getenv("TEST_TYPE", "docker") == "docker"
else Path(".", "ip_asn.txt")
)
with open_database(GzipFile(fileobj=file_content, mode="rb"), mode=MODE_FD) as reader: # type: ignore
dbip_asn = reader.get("1.0.0.3")
if not dbip_asn:
@ -26,8 +33,8 @@ with open_database(GzipFile(fileobj=file_content, mode="rb"), mode=MODE_FD) as r
exit(1)
print(
f"✅ ASN for IP 1.0.0.3 is {dbip_asn['autonomous_system_number']}, saving it to /output/ip_asn.txt",
f"✅ ASN for IP 1.0.0.3 is {dbip_asn['autonomous_system_number']}, saving it to {output_path}", # type: ignore
flush=True,
)
Path("/output/ip_asn.txt").write_text(str(dbip_asn["autonomous_system_number"]))
output_path.write_text(str(dbip_asn["autonomous_system_number"])) # type: ignore

8
tests/core/greylist/main.py
View file

@ -47,7 +47,13 @@ try:
print(" Sending a request to http://www.example.com ...", flush=True)
status_code = get(
"http://www.example.com", headers={"Host": "www.example.com"}
"http://www.example.com",
headers={"Host": "www.example.com"}
| (
{"X-Forwarded-For": "1.0.0.3"}
if getenv("TEST_TYPE", "docker") == "linux" and _global
else {}
),
).status_code
print(f" Status code: {status_code}", flush=True)

408
tests/core/greylist/test.sh
View file

@ -1,47 +1,106 @@
#!/bin/bash
echo "🏁 Building greylist stack ..."
integration=$1
if [ -z "$integration" ] ; then
echo "🏁 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🏁 Integration \"$integration\" is not supported ❌"
exit 1
fi
echo "🏁 Building greylist stack for integration \"$integration\" ..."
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🏁 Pull failed ❌"
exit 1
fi
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🏁 Pull failed ❌"
exit 1
fi
echo "🏁 Building custom api image ..."
docker compose build greylist-api
if [ $? -ne 0 ] ; then
echo "🏁 Build failed ❌"
exit 1
fi
echo "🏁 Building custom api image ..."
docker compose build greylist-api
if [ $? -ne 0 ] ; then
echo "🏁 Build failed ❌"
exit 1
fi
echo "🏁 Building tests images ..."
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🏁 Build failed ❌"
exit 1
echo "🏁 Building tests images ..."
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🏁 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "USE_REAL_IP=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "REAL_IP_FROM=127.0.0.0/24" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_GREYLIST=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_IP=" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_IP_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_RDNS_GLOBAL=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_RDNS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_RDNS_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_ASN=" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_ASN_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_USER_AGENT=" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_USER_AGENT_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_URI=" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_URI_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
export TEST_TYPE="linux"
fi
manual=0
end=0
as_number=0
AS_NUMBER=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
rm -rf init/output
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_GREYLIST: "yes"@USE_GREYLIST: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP: "192.168.0.0/24"@GREYLIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP_URLS: "http://greylist-api:8080/ip"@GREYLIST_IP_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS_GLOBAL: "no"@GREYLIST_RDNS_GLOBAL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS: ".bw-services"@GREYLIST_RDNS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS_URLS: "http://greylist-api:8080/rdns"@GREYLIST_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN: "[0-9]*"@GREYLIST_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN_URLS: "http://greylist-api:8080/asn"@GREYLIST_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT: "BunkerBot"@GREYLIST_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT_URLS: "http://greylist-api:8080/user_agent"@GREYLIST_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_URI: "/admin"@GREYLIST_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_URI_URLS: "http://greylist-api:8080/uri"@GREYLIST_URI_URLS: ""@' {} \;
if [ "$integration" = "docker" ] ; then
rm -rf init/output
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_GREYLIST: "yes"@USE_GREYLIST: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP: "192.168.0.0/24"@GREYLIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP_URLS: "http://greylist-api:8080/ip"@GREYLIST_IP_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS_GLOBAL: "no"@GREYLIST_RDNS_GLOBAL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS: ".bw-services"@GREYLIST_RDNS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS_URLS: "http://greylist-api:8080/rdns"@GREYLIST_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN: "[0-9]*"@GREYLIST_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN_URLS: "http://greylist-api:8080/asn"@GREYLIST_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT: "BunkerBot"@GREYLIST_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT_URLS: "http://greylist-api:8080/user_agent"@GREYLIST_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_URI: "/admin"@GREYLIST_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_URI_URLS: "http://greylist-api:8080/uri"@GREYLIST_URI_URLS: ""@' {} \;
else
sudo sed -i 's@USE_GREYLIST=.*$@USE_GREYLIST=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_IP=.*$@GREYLIST_IP=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_IP_URLS=.*$@GREYLIST_IP_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_RDNS_GLOBAL=.*$@GREYLIST_RDNS_GLOBAL=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_RDNS=.*$@GREYLIST_RDNS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_RDNS_URLS=.*$@GREYLIST_RDNS_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_ASN=.*$@GREYLIST_ASN=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_ASN_URLS=.*$@GREYLIST_ASN_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_USER_AGENT=.*$@GREYLIST_USER_AGENT=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_USER_AGENT_URLS=.*$@GREYLIST_USER_AGENT_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_URI=.*$@GREYLIST_URI=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_URI_URLS=.*$@GREYLIST_URI_URLS=@' /etc/bunkerweb/variables.env
unset USE_GREYLIST
unset GREYLIST_IP
unset GREYLIST_IP_URLS
unset GREYLIST_RDNS_GLOBAL
unset GREYLIST_RDNS
unset GREYLIST_RDNS_URLS
unset GREYLIST_ASN
unset GREYLIST_ASN_URLS
unset GREYLIST_USER_AGENT
unset GREYLIST_USER_AGENT_URLS
unset GREYLIST_URI
unset GREYLIST_URI_URLS
sudo killall python3
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -49,10 +108,15 @@ cleanup_stack () {
echo "🏁 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🏁 Down failed ❌"
echo "🏁 Cleanup failed ❌"
exit 1
fi
@ -63,39 +127,83 @@ cleanup_stack () {
trap cleanup_stack EXIT
echo "🏁 Initializing workspace ..."
rm -rf init/output
mkdir -p init/output
docker compose -f docker-compose.init.yml up --build
if [ $? -ne 0 ] ; then
echo "🏁 Build failed ❌"
exit 1
elif ! [[ -f "init/output/ip_asn.txt" ]]; then
echo "🏁 ip_asn.txt not found ❌"
exit 1
if [ "$integration" == "docker" ] ; then
rm -rf init/output
mkdir -p init/output
docker compose -f docker-compose.init.yml up --build
if [ $? -ne 0 ] ; then
echo "🏁 Init failed ❌"
exit 1
elif ! [[ -f "init/output/ip_asn.txt" ]]; then
echo "🏁 ip_asn.txt not found ❌"
exit 1
fi
AS_NUMBER=$(cat init/output/ip_asn.txt)
rm -rf init/output
else
echo "🏁 Starting init ..."
python3 init/main.py
if [ $? -ne 0 ] ; then
echo "🏁 Init failed ❌"
exit 1
elif ! [[ -f "ip_asn.txt" ]]; then
echo "🏁 ip_asn.txt not found ❌"
exit 1
fi
AS_NUMBER=$(cat ip_asn.txt)
fi
as_number=$(cat init/output/ip_asn.txt)
if [[ $as_number = "" ]]; then
if [[ $AS_NUMBER = "" ]]; then
echo "🏁 AS number not found ❌"
exit 1
fi
rm -rf init/output
export AS_NUMBER
for test in "deactivated" "ip" "ip_urls" "rdns" "rdns_global" "rdns_urls" "asn" "asn_urls" "user_agent" "user_agent_urls" "uri" "uri_urls"
if [ "$integration" == "docker" ] ; then
sudo sed -i 's@AS_NUMBER: ".*"$@AS_NUMBER: "'"$AS_NUMBER"'"@' docker-compose.yml
else
echo "🏁 Starting api ..."
python3 api/main.py &
fi
tests="deactivated ip ip_urls asn asn_urls user_agent user_agent_urls uri uri_urls"
if [ "$integration" == "docker" ] ; then
tests="deactivated ip ip_urls rdns rdns_global rdns_urls asn asn_urls user_agent user_agent_urls uri uri_urls"
fi
for test in $tests
do
if [ "$test" = "deactivated" ] ; then
echo "🏁 Running tests when the greylist is deactivated ..."
elif [ "$test" = "ip" ] ; then
echo "🏁 Running tests with the network 192.168.0.0/24 in the grey list ..."
echo " Activating the greylist for all the future tests ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_GREYLIST: "no"@USE_GREYLIST: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP: ""@GREYLIST_IP: "192.168.0.0/24"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏁 Running tests with the network 192.168.0.0/24 in the grey list ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_GREYLIST: "no"@USE_GREYLIST: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP: ""@GREYLIST_IP: "192.168.0.0/24"@' {} \;
else
echo "🏁 Running tests with the network 127.0.0.0/24 in the grey list ..."
sudo sed -i 's@USE_GREYLIST=.*$@USE_GREYLIST=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_IP=.*$@GREYLIST_IP=127.0.0.0/24@' /etc/bunkerweb/variables.env
export USE_GREYLIST="yes"
export GREYLIST_IP="127.0.0.0/24"
fi
elif [ "$test" = "ip_urls" ] ; then
echo "🏁 Running tests with greylist's ip url set to http://greylist-api:8080/ip ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP: "192.168.0.0/24"@GREYLIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP_URLS: ""@GREYLIST_IP_URLS: "http://greylist-api:8080/ip"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏁 Running tests with greylist's ip url set to http://greylist-api:8080/ip ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP: "192.168.0.0/24"@GREYLIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP_URLS: ""@GREYLIST_IP_URLS: "http://greylist-api:8080/ip"@' {} \;
else
echo "🏁 Running tests with greylist's ip url set to http://127.0.0.1:8080/ip ..."
sudo sed -i 's@GREYLIST_IP=.*$@GREYLIST_IP=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_IP_URLS=.*$@GREYLIST_IP_URLS=http://127.0.0.1:8080/ip@' /etc/bunkerweb/variables.env
unset GREYLIST_IP
export GREYLIST_IP_URLS="http://127.0.0.1:8080/ip"
fi
elif [ "$test" = "rdns" ] ; then
echo "🏁 Running tests with greylist's rdns set to .bw-services ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP_URLS: "http://greylist-api:8080/ip"@GREYLIST_IP_URLS: ""@' {} \;
@ -109,42 +217,95 @@ do
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS: ".bw-services"@GREYLIST_RDNS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS_URLS: ""@GREYLIST_RDNS_URLS: "http://greylist-api:8080/rdns"@' {} \;
elif [ "$test" = "asn" ] ; then
echo "🏁 Running tests with greylist's asn set to $as_number ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS_GLOBAL: "no"@GREYLIST_RDNS_GLOBAL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS_URLS: "http://greylist-api:8080/rdns"@GREYLIST_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN: ""@GREYLIST_ASN: "'"$as_number"'"@' {} \;
echo "🏁 Running tests with greylist's asn set to $AS_NUMBER ..."
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS_GLOBAL: "no"@GREYLIST_RDNS_GLOBAL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS_URLS: "http://greylist-api:8080/rdns"@GREYLIST_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN: ""@GREYLIST_ASN: "'"$AS_NUMBER"'"@' {} \;
else
sudo sed -i 's@GREYLIST_IP_URLS=.*$@GREYLIST_IP_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_ASN=.*$@GREYLIST_ASN='"$AS_NUMBER"'@' /etc/bunkerweb/variables.env
unset GREYLIST_IP_URLS
export GREYLIST_ASN="$AS_NUMBER"
fi
elif [ "$test" = "asn_urls" ] ; then
echo "🏁 Running tests with greylist's asn url set to http://greylist-api:8080/asn ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN: "'"$as_number"'"@GREYLIST_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN_URLS: ""@GREYLIST_ASN_URLS: "http://greylist-api:8080/asn"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏁 Running tests with greylist's asn url set to http://greylist-api:8080/asn ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN: "'"$AS_NUMBER"'"@GREYLIST_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN_URLS: ""@GREYLIST_ASN_URLS: "http://greylist-api:8080/asn"@' {} \;
else
echo "🏁 Running tests with greylist's asn url set to http://127.0.0.1:8080/asn ..."
sudo sed -i 's@GREYLIST_ASN=.*$@GREYLIST_ASN=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_ASN_URLS=.*$@GREYLIST_ASN_URLS=http://127.0.0.1:8080/asn@' /etc/bunkerweb/variables.env
unset GREYLIST_ASN
export GREYLIST_ASN_URLS="http://127.0.0.1:8080/asn"
fi
elif [ "$test" = "user_agent" ] ; then
echo "🏁 Running tests with greylist's user_agent set to BunkerBot ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN_URLS: "http://greylist-api:8080/asn"@GREYLIST_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT: ""@GREYLIST_USER_AGENT: "BunkerBot"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN_URLS: "http://greylist-api:8080/asn"@GREYLIST_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT: ""@GREYLIST_USER_AGENT: "BunkerBot"@' {} \;
else
sudo sed -i 's@GREYLIST_ASN_URLS=.*$@GREYLIST_ASN_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_USER_AGENT=.*$@GREYLIST_USER_AGENT=BunkerBot@' /etc/bunkerweb/variables.env
unset GREYLIST_ASN_URLS
export GREYLIST_USER_AGENT="BunkerBot"
fi
elif [ "$test" = "user_agent_urls" ] ; then
echo "🏁 Running tests with greylist's user_agent url set to http://greylist-api:8080/user_agent ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT: "BunkerBot"@GREYLIST_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT_URLS: ""@GREYLIST_USER_AGENT_URLS: "http://greylist-api:8080/user_agent"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏁 Running tests with greylist's user_agent url set to http://greylist-api:8080/user_agent ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT: "BunkerBot"@GREYLIST_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT_URLS: ""@GREYLIST_USER_AGENT_URLS: "http://greylist-api:8080/user_agent"@' {} \;
else
echo "🏁 Running tests with greylist's user_agent url set to http://127.0.0.1:8080/user_agent ..."
sudo sed -i 's@GREYLIST_USER_AGENT=.*$@GREYLIST_USER_AGENT=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_USER_AGENT_URLS=.*$@GREYLIST_USER_AGENT_URLS=http://127.0.0.1:8080/user_agent@' /etc/bunkerweb/variables.env
unset GREYLIST_USER_AGENT
export GREYLIST_USER_AGENT_URLS="http://127.0.0.1:8080/user_agent"
fi
elif [ "$test" = "uri" ] ; then
echo "🏁 Running tests with greylist's uri set to /admin ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT_URLS: "http://greylist-api:8080/user_agent"@GREYLIST_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_URI: ""@GREYLIST_URI: "/admin"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT_URLS: "http://greylist-api:8080/user_agent"@GREYLIST_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_URI: ""@GREYLIST_URI: "/admin"@' {} \;
else
sudo sed -i 's@GREYLIST_USER_AGENT_URLS=.*$@GREYLIST_USER_AGENT_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_URI=.*$@GREYLIST_URI=/admin@' /etc/bunkerweb/variables.env
unset GREYLIST_USER_AGENT_URLS
export GREYLIST_URI="/admin"
fi
elif [ "$test" = "uri_urls" ] ; then
echo "🏁 Running tests with greylist's uri url set to http://greylist-api:8080/uri ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_URI: "/admin"@GREYLIST_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_URI_URLS: ""@GREYLIST_URI_URLS: "http://greylist-api:8080/uri"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏁 Running tests with greylist's uri url set to http://greylist-api:8080/uri ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_URI: "/admin"@GREYLIST_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_URI_URLS: ""@GREYLIST_URI_URLS: "http://greylist-api:8080/uri"@' {} \;
else
echo "🏁 Running tests with greylist's uri url set to http://127.0.0.1:8080/uri ..."
sudo sed -i 's@GREYLIST_URI=.*$@GREYLIST_URI=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_URI_URLS=.*$@GREYLIST_URI_URLS=http://127.0.0.1:8080/uri@' /etc/bunkerweb/variables.env
unset GREYLIST_URI
export GREYLIST_URI_URLS="http://127.0.0.1:8080/uri"
fi
fi
echo "🏁 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🏁 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🏁 Up failed ❌"
echo "🏁 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🏁 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🏁 Start failed ❌"
exit 1
fi
fi
@ -152,27 +313,48 @@ do
# Check if stack is healthy
echo "🏁 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("greylist-bw-1" "greylist-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("greylist-bw-1" "greylist-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🏁 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🏁 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🏁 Docker stack is not healthy ❌"
exit 1
fi
else
while [ $i -lt 120 ] ; do
check="$(sudo cat /var/log/bunkerweb/error.log | grep "BunkerWeb is ready")"
if ! [ -z "$check" ] ; then
echo "🏁 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🏁 Linux stack is not healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🏁 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
@ -180,26 +362,56 @@ do
if ! [[ "$test" = "user_agent" || "$test" = "user_agent_urls" || "$test" = "uri" || "$test" = "uri_urls" ]] ; then
echo "🏁 Running global container tests ..."
docker compose -f docker-compose.test.yml up global-tests --abort-on-container-exit --exit-code-from global-tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up global-tests --abort-on-container-exit --exit-code-from global-tests
else
export GLOBAL="1"
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🏁 Test \"$test\" failed for global tests ❌"
echo "🛡️ Showing BunkerWeb, BunkerWeb Scheduler and Custom API logs ..."
docker compose logs bw bw-scheduler greylist-api
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler greylist-api
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🏁 Test \"$test\" succeeded for global tests ✅"
fi
if [ "$integration" == "linux" ] ; then
sleep 1
fi
fi
echo "🏁 Running local container tests ..."
docker compose -f docker-compose.test.yml up local-tests --abort-on-container-exit --exit-code-from local-tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up local-tests --abort-on-container-exit --exit-code-from local-tests
else
unset GLOBAL
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🏁 Test \"$test\" failed for local tests ❌"
echo "🛡️ Showing BunkerWeb, BunkerWeb Scheduler and Custom API logs ..."
docker compose logs bw bw-scheduler greylist-api
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler greylist-api
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🏁 Test \"$test\" succeeded for local tests ✅"

11
tests/core/whitelist/api/main.py
View file

@ -1,3 +1,4 @@
from os import getenv
from fastapi import FastAPI
from fastapi.responses import PlainTextResponse
@ -7,7 +8,7 @@ app = FastAPI()
@app.get("/ip")
async def ip():
return PlainTextResponse("192.168.0.3\n10.0.0.0/8\n127.0.0.1/32")
return PlainTextResponse("192.168.0.3\n10.0.0.0/8\n127.0.0.0/24")
@app.get("/rdns")
@ -17,7 +18,7 @@ async def rdns():
@app.get("/asn")
async def asn():
return PlainTextResponse("1234\n13335\n5678")
return PlainTextResponse(f"1234\n{getenv('AS_NUMBER', '13335')}\n5678")
@app.get("/user_agent")
@ -28,3 +29,9 @@ async def user_agent():
@app.get("/uri")
async def uri():
return PlainTextResponse("/admin\n/login")
if __name__ == "__main__":
import uvicorn
uvicorn.run(app, host="127.0.0.1", port=8080)

15
tests/core/whitelist/init/main.py
View file

@ -1,8 +1,9 @@
from datetime import date
from gzip import GzipFile
from io import BytesIO
from pathlib import Path
from os import getenv, sep
from maxminddb import MODE_FD, open_database
from pathlib import Path
from requests import get
# Compute the mmdb URL
@ -18,7 +19,13 @@ with get(mmdb_url, stream=True) as resp:
file_content.write(chunk)
file_content.seek(0)
with open_database(GzipFile(fileobj=file_content, mode="rb"), mode=MODE_FD) as reader:
output_path = (
Path(sep, "output", "ip_asn.txt")
if getenv("TEST_TYPE", "docker") == "docker"
else Path(".", "ip_asn.txt")
)
with open_database(GzipFile(fileobj=file_content, mode="rb"), mode=MODE_FD) as reader: # type: ignore
dbip_asn = reader.get("1.0.0.3")
if not dbip_asn:
@ -26,8 +33,8 @@ with open_database(GzipFile(fileobj=file_content, mode="rb"), mode=MODE_FD) as r
exit(1)
print(
f"✅ ASN for IP 1.0.0.3 is {dbip_asn['autonomous_system_number']}, saving it to /output/ip_asn.txt",
f"✅ ASN for IP 1.0.0.3 is {dbip_asn['autonomous_system_number']}, saving it to {output_path}", # type: ignore
flush=True,
)
Path("/output/ip_asn.txt").write_text(str(dbip_asn["autonomous_system_number"]))
output_path.write_text(str(dbip_asn["autonomous_system_number"])) # type: ignore

8
tests/core/whitelist/main.py
View file

@ -47,7 +47,13 @@ try:
print(" Sending a request to http://www.example.com ...", flush=True)
status_code = get(
"http://www.example.com", headers={"Host": "www.example.com"}
"http://www.example.com",
headers={"Host": "www.example.com"}
| (
{"X-Forwarded-For": "1.0.0.3"}
if getenv("TEST_TYPE", "docker") == "linux" and _global
else {}
),
).status_code
print(f" Status code: {status_code}", flush=True)

419
tests/core/whitelist/test.sh
View file

@ -1,47 +1,109 @@
#!/bin/bash
echo "🏳️ Building whitelist stack ..."
integration=$1
if [ -z "$integration" ] ; then
echo "🏳️ Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🏳️ Integration \"$integration\" is not supported ❌"
exit 1
fi
echo "🏳️ Building whitelist stack for integration \"$integration\" ..."
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🏳️ Pull failed ❌"
exit 1
fi
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🏳️ Pull failed ❌"
exit 1
fi
echo "🏳️ Building custom api image ..."
docker compose build whitelist-api
if [ $? -ne 0 ] ; then
echo "🏳️ Build failed ❌"
exit 1
fi
echo "🏳️ Building custom api image ..."
docker compose build whitelist-api
if [ $? -ne 0 ] ; then
echo "🏳️ Build failed ❌"
exit 1
fi
echo "🏳️ Building tests images ..."
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🏳️ Build failed ❌"
exit 1
echo "🏳️ Building tests images ..."
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🏳️ Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "USE_REAL_IP=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "REAL_IP_FROM=127.0.0.0/24" | sudo tee -a /etc/bunkerweb/variables.env
sudo sed -i 's@USE_BLACKLIST=.*$@USE_BLACKLIST=yes@' /etc/bunkerweb/variables.env
echo "BLACKLIST_IP=0.0.0.0/0" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_IP_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_WHITELIST=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_IP=" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_IP_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_RDNS_GLOBAL=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_RDNS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_RDNS_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_ASN=" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_ASN_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_USER_AGENT=" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_USER_AGENT_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_URI=" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_URI_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
export TEST_TYPE="linux"
fi
manual=0
end=0
as_number=0
AS_NUMBER=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
rm -rf init/output
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_WHITELIST: "yes"@USE_WHITELIST: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP: "192.168.0.0/24"@WHITELIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP_URLS: "http://whitelist-api:8080/ip"@WHITELIST_IP_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS_GLOBAL: "no"@WHITELIST_RDNS_GLOBAL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS: ".bw-services"@WHITELIST_RDNS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS_URLS: "http://whitelist-api:8080/rdns"@WHITELIST_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN: "[0-9]*"@WHITELIST_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN_URLS: "http://whitelist-api:8080/asn"@WHITELIST_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT: "BunkerBot"@WHITELIST_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT_URLS: "http://whitelist-api:8080/user_agent"@WHITELIST_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_URI: "/admin"@WHITELIST_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_URI_URLS: "http://whitelist-api:8080/uri"@WHITELIST_URI_URLS: ""@' {} \;
if [ "$integration" = "docker" ] ; then
rm -rf init/output
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_WHITELIST: "yes"@USE_WHITELIST: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP: "192.168.0.0/24"@WHITELIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP_URLS: "http://whitelist-api:8080/ip"@WHITELIST_IP_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS_GLOBAL: "no"@WHITELIST_RDNS_GLOBAL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS: ".bw-services"@WHITELIST_RDNS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS_URLS: "http://whitelist-api:8080/rdns"@WHITELIST_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN: "[0-9]*"@WHITELIST_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN_URLS: "http://whitelist-api:8080/asn"@WHITELIST_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT: "BunkerBot"@WHITELIST_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT_URLS: "http://whitelist-api:8080/user_agent"@WHITELIST_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_URI: "/admin"@WHITELIST_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_URI_URLS: "http://whitelist-api:8080/uri"@WHITELIST_URI_URLS: ""@' {} \;
else
sudo sed -i 's@USE_WHITELIST=.*$@USE_WHITELIST=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_IP=.*$@WHITELIST_IP=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_IP_URLS=.*$@WHITELIST_IP_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_RDNS_GLOBAL=.*$@WHITELIST_RDNS_GLOBAL=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_RDNS=.*$@WHITELIST_RDNS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_RDNS_URLS=.*$@WHITELIST_RDNS_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_ASN=.*$@WHITELIST_ASN=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_ASN_URLS=.*$@WHITELIST_ASN_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_USER_AGENT=.*$@WHITELIST_USER_AGENT=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_USER_AGENT_URLS=.*$@WHITELIST_USER_AGENT_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_URI=.*$@WHITELIST_URI=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_URI_URLS=.*$@WHITELIST_URI_URLS=@' /etc/bunkerweb/variables.env
unset USE_WHITELIST
unset WHITELIST_IP
unset WHITELIST_IP_URLS
unset WHITELIST_RDNS_GLOBAL
unset WHITELIST_RDNS
unset WHITELIST_RDNS_URLS
unset WHITELIST_ASN
unset WHITELIST_ASN_URLS
unset WHITELIST_USER_AGENT
unset WHITELIST_USER_AGENT_URLS
unset WHITELIST_URI
unset WHITELIST_URI_URLS
sudo killall python3
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -49,10 +111,15 @@ cleanup_stack () {
echo "🏳️ Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🏳️ Down failed ❌"
echo "🏳️ Cleanup failed ❌"
exit 1
fi
@ -63,89 +130,186 @@ cleanup_stack () {
trap cleanup_stack EXIT
echo "🏳️ Initializing workspace ..."
rm -rf init/output
mkdir -p init/output
docker compose -f docker-compose.init.yml up --build
if [ $? -ne 0 ] ; then
echo "🏳️ Build failed ❌"
exit 1
elif ! [[ -f "init/output/ip_asn.txt" ]]; then
echo "🏳️ ip_asn.txt not found ❌"
exit 1
if [ "$integration" == "docker" ] ; then
rm -rf init/output
mkdir -p init/output
docker compose -f docker-compose.init.yml up --build
if [ $? -ne 0 ] ; then
echo "🏳️ Init failed ❌"
exit 1
elif ! [[ -f "init/output/ip_asn.txt" ]]; then
echo "🏳️ ip_asn.txt not found ❌"
exit 1
fi
AS_NUMBER=$(cat init/output/ip_asn.txt)
rm -rf init/output
else
echo "🏳️ Starting init ..."
python3 init/main.py
if [ $? -ne 0 ] ; then
echo "🏳️ Init failed ❌"
exit 1
elif ! [[ -f "ip_asn.txt" ]]; then
echo "🏳️ ip_asn.txt not found ❌"
exit 1
fi
AS_NUMBER=$(cat ip_asn.txt)
fi
as_number=$(cat init/output/ip_asn.txt)
if [[ $as_number = "" ]]; then
if [[ $AS_NUMBER = "" ]]; then
echo "🏳️ AS number not found ❌"
exit 1
fi
rm -rf init/output
export AS_NUMBER
for test in "deactivated" "ip" "ip_urls" "rdns" "rdns_global" "rdns_urls" "asn" "asn_urls" "user_agent" "user_agent_urls" "uri" "uri_urls"
if [ "$integration" == "docker" ] ; then
sudo sed -i 's@AS_NUMBER: ".*"$@AS_NUMBER: "'"$AS_NUMBER"'"@' docker-compose.yml
else
echo "🏳️ Starting api ..."
python3 api/main.py &
fi
tests="deactivated ip ip_urls asn asn_urls user_agent user_agent_urls uri uri_urls"
if [ "$integration" == "docker" ] ; then
tests="deactivated ip ip_urls rdns rdns_global rdns_urls asn asn_urls user_agent user_agent_urls uri uri_urls"
fi
for test in $tests
do
if [ "$test" = "deactivated" ] ; then
echo "🏳️ Running tests when the whitelist is deactivated ..."
echo "🏳️ Running tests when the whitelist is deactivated ..."
echo " Activating the blacklist and banning 0.0.0.0/0 network for all the future tests ..."
elif [ "$test" = "ip" ] ; then
echo "🏳️ Running tests with the network 192.168.0.0/24 in the white list ..."
echo " Activating the whitelist for all the future tests ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_WHITELIST: "no"@USE_WHITELIST: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP: ""@WHITELIST_IP: "192.168.0.0/24"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏳️ Running tests with the network 192.168.0.0/24 in the white list ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_WHITELIST: "no"@USE_WHITELIST: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP: ""@WHITELIST_IP: "192.168.0.0/24"@' {} \;
else
echo "🏳️ Running tests with the network 127.0.0.0/24 in the white list ..."
sudo sed -i 's@USE_WHITELIST=.*$@USE_WHITELIST=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_IP=.*$@WHITELIST_IP=127.0.0.0/24@' /etc/bunkerweb/variables.env
export USE_WHITELIST="yes"
export WHITELIST_IP="127.0.0.0/24"
fi
elif [ "$test" = "ip_urls" ] ; then
echo "🏳️ Running tests with whitelist's ip url set to http://whitelist-api:8080/ip ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP: "192.168.0.0/24"@WHITELIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP_URLS: ""@WHITELIST_IP_URLS: "http://whitelist-api:8080/ip"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏳️ Running tests with whitelist's ip url set to http://whitelist-api:8080/ip ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP: "192.168.0.0/24"@WHITELIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP_URLS: ""@WHITELIST_IP_URLS: "http://whitelist-api:8080/ip"@' {} \;
else
echo "🏳️ Running tests with whitelist's ip url set to http://127.0.0.1:8080/ip ..."
sudo sed -i 's@WHITELIST_IP=.*$@WHITELIST_IP=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_IP_URLS=.*$@WHITELIST_IP_URLS=http://127.0.0.1:8080/ip@' /etc/bunkerweb/variables.env
unset WHITELIST_IP
export WHITELIST_IP_URLS="http://127.0.0.1:8080/ip"
fi
elif [ "$test" = "rdns" ] ; then
echo "🏳️ Running tests with whitelist's rdns set to .bw-services ..."
echo "🏳️ Running tests with whitelist's rdns set to .bw-services ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP_URLS: "http://whitelist-api:8080/ip"@WHITELIST_IP_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS: ""@WHITELIST_RDNS: ".bw-services"@' {} \;
elif [ "$test" = "rdns_global" ] ; then
echo "🏳️ Running tests when whitelist's rdns also scans local ip addresses ..."
echo "🏳️ Running tests when whitelist's rdns also scans local ip addresses ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS_GLOBAL: "yes"@WHITELIST_RDNS_GLOBAL: "no"@' {} \;
elif [ "$test" = "rdns_urls" ] ; then
echo "🏳️ Running tests with whitelist's rdns url set to http://whitelist-api:8080/rdns ..."
echo "🏳️ Running tests with whitelist's rdns url set to http://whitelist-api:8080/rdns ..."
echo " Keeping the rdns also scanning local ip addresses ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS: ".bw-services"@WHITELIST_RDNS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS_URLS: ""@WHITELIST_RDNS_URLS: "http://whitelist-api:8080/rdns"@' {} \;
elif [ "$test" = "asn" ] ; then
echo "🏳️ Running tests with whitelist's asn set to $as_number ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS_GLOBAL: "no"@WHITELIST_RDNS_GLOBAL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS_URLS: "http://whitelist-api:8080/rdns"@WHITELIST_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN: ""@WHITELIST_ASN: "'"$as_number"'"@' {} \;
echo "🏳️ Running tests with whitelist's asn set to $AS_NUMBER ..."
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS_GLOBAL: "no"@WHITELIST_RDNS_GLOBAL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS_URLS: "http://whitelist-api:8080/rdns"@WHITELIST_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN: ""@WHITELIST_ASN: "'"$AS_NUMBER"'"@' {} \;
else
sudo sed -i 's@WHITELIST_IP_URLS=.*$@WHITELIST_IP_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_ASN=.*$@WHITELIST_ASN='"$AS_NUMBER"'@' /etc/bunkerweb/variables.env
unset WHITELIST_IP_URLS
export WHITELIST_ASN="$AS_NUMBER"
fi
elif [ "$test" = "asn_urls" ] ; then
echo "🏳️ Running tests with whitelist's asn url set to http://whitelist-api:8080/asn ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN: "'"$as_number"'"@WHITELIST_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN_URLS: ""@WHITELIST_ASN_URLS: "http://whitelist-api:8080/asn"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏳️ Running tests with whitelist's asn url set to http://whitelist-api:8080/asn ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN: "'"$AS_NUMBER"'"@WHITELIST_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN_URLS: ""@WHITELIST_ASN_URLS: "http://whitelist-api:8080/asn"@' {} \;
else
echo "🏳️ Running tests with whitelist's asn url set to http://127.0.0.1:8080/asn ..."
sudo sed -i 's@WHITELIST_ASN=.*$@WHITELIST_ASN=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_ASN_URLS=.*$@WHITELIST_ASN_URLS=http://127.0.0.1:8080/asn@' /etc/bunkerweb/variables.env
unset WHITELIST_ASN
export WHITELIST_ASN_URLS="http://127.0.0.1:8080/asn"
fi
elif [ "$test" = "user_agent" ] ; then
echo "🏳️ Running tests with whitelist's user_agent set to BunkerBot ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN_URLS: "http://whitelist-api:8080/asn"@WHITELIST_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT: ""@WHITELIST_USER_AGENT: "BunkerBot"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN_URLS: "http://whitelist-api:8080/asn"@WHITELIST_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT: ""@WHITELIST_USER_AGENT: "BunkerBot"@' {} \;
else
sudo sed -i 's@WHITELIST_ASN_URLS=.*$@WHITELIST_ASN_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_USER_AGENT=.*$@WHITELIST_USER_AGENT=BunkerBot@' /etc/bunkerweb/variables.env
unset WHITELIST_ASN_URLS
export WHITELIST_USER_AGENT="BunkerBot"
fi
elif [ "$test" = "user_agent_urls" ] ; then
echo "🏳️ Running tests with whitelist's user_agent url set to http://whitelist-api:8080/user_agent ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT: "BunkerBot"@WHITELIST_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT_URLS: ""@WHITELIST_USER_AGENT_URLS: "http://whitelist-api:8080/user_agent"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏳️ Running tests with whitelist's user_agent url set to http://whitelist-api:8080/user_agent ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT: "BunkerBot"@WHITELIST_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT_URLS: ""@WHITELIST_USER_AGENT_URLS: "http://whitelist-api:8080/user_agent"@' {} \;
else
echo "🏳️ Running tests with whitelist's user_agent url set to http://127.0.0.1:8080/user_agent ..."
sudo sed -i 's@WHITELIST_USER_AGENT=.*$@WHITELIST_USER_AGENT=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_USER_AGENT_URLS=.*$@WHITELIST_USER_AGENT_URLS=http://127.0.0.1:8080/user_agent@' /etc/bunkerweb/variables.env
unset WHITELIST_USER_AGENT
export WHITELIST_USER_AGENT_URLS="http://127.0.0.1:8080/user_agent"
fi
elif [ "$test" = "uri" ] ; then
echo "🏳️ Running tests with whitelist's uri set to /admin ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT_URLS: "http://whitelist-api:8080/user_agent"@WHITELIST_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_URI: ""@WHITELIST_URI: "/admin"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT_URLS: "http://whitelist-api:8080/user_agent"@WHITELIST_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_URI: ""@WHITELIST_URI: "/admin"@' {} \;
else
sudo sed -i 's@WHITELIST_USER_AGENT_URLS=.*$@WHITELIST_USER_AGENT_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_URI=.*$@WHITELIST_URI=/admin@' /etc/bunkerweb/variables.env
unset WHITELIST_USER_AGENT_URLS
export WHITELIST_URI="/admin"
fi
elif [ "$test" = "uri_urls" ] ; then
echo "🏳️ Running tests with whitelist's uri url set to http://whitelist-api:8080/uri ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_URI: "/admin"@WHITELIST_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_URI_URLS: ""@WHITELIST_URI_URLS: "http://whitelist-api:8080/uri"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏳️ Running tests with whitelist's uri url set to http://whitelist-api:8080/uri ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_URI: "/admin"@WHITELIST_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_URI_URLS: ""@WHITELIST_URI_URLS: "http://whitelist-api:8080/uri"@' {} \;
else
echo "🏳️ Running tests with whitelist's uri url set to http://127.0.0.1:8080/uri ..."
sudo sed -i 's@WHITELIST_URI=.*$@WHITELIST_URI=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_URI_URLS=.*$@WHITELIST_URI_URLS=http://127.0.0.1:8080/uri@' /etc/bunkerweb/variables.env
unset WHITELIST_URI
export WHITELIST_URI_URLS="http://127.0.0.1:8080/uri"
fi
fi
echo "🏳️ Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🏳️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🏳️ Up failed ❌"
echo "🏳️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🏳️ Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🏳️ Start failed ❌"
exit 1
fi
fi
@ -153,27 +317,48 @@ do
# Check if stack is healthy
echo "🏳️ Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("whitelist-bw-1" "whitelist-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("whitelist-bw-1" "whitelist-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🏳️ Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🏳️ Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🏳️ Docker stack is not healthy ❌"
exit 1
fi
else
while [ $i -lt 120 ] ; do
check="$(sudo cat /var/log/bunkerweb/error.log | grep "BunkerWeb is ready")"
if ! [ -z "$check" ] ; then
echo "🏳️ Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🏳️ Linux stack is not healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🏳️ Docker stack is not healthy ❌"
exit 1
fi
# Start tests
@ -181,26 +366,56 @@ do
if ! [[ "$test" = "user_agent" || "$test" = "user_agent_urls" || "$test" = "uri" || "$test" = "uri_urls" ]] ; then
echo "🏳️ Running global container tests ..."
docker compose -f docker-compose.test.yml up global-tests --abort-on-container-exit --exit-code-from global-tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up global-tests --abort-on-container-exit --exit-code-from global-tests
else
export GLOBAL="1"
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🏳️ Test \"$test\" failed for global tests ❌"
echo "🛡️ Showing BunkerWeb, BunkerWeb Scheduler and Custom API logs ..."
docker compose logs bw bw-scheduler whitelist-api
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler whitelist-api
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🏳️ Test \"$test\" succeeded for global tests ✅"
fi
if [ "$integration" == "linux" ] ; then
sleep 1
fi
fi
echo "🏳️ Running local container tests ..."
docker compose -f docker-compose.test.yml up local-tests --abort-on-container-exit --exit-code-from local-tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up local-tests --abort-on-container-exit --exit-code-from local-tests
else
unset GLOBAL
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🏳️ Test \"$test\" failed for local tests ❌"
echo "🛡️ Showing BunkerWeb, BunkerWeb Scheduler and Custom API logs ..."
docker compose logs bw bw-scheduler whitelist-api
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler whitelist-api
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🏳️ Test \"$test\" succeeded for local tests ✅"