Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #655 from bunkerity/dev

Browse source 
Merge branch "dev" into branch "staging"
This commit is contained in:
Théophile Diot 2023-09-23 18:12:12 +02:00 committed by GitHub
commit e71b711466
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
103 changed files with 6724 additions and 2090 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

104
.github/workflows/dev.yml vendored
View file

@ -27,14 +27,42 @@ jobs:
uses: ./.github/workflows/container-build.yml
with:
RELEASE: dev
CACHE: true
ARCH: linux/amd64
CACHE: true
IMAGE: ${{ matrix.image }}
DOCKERFILE: ${{ matrix.dockerfile }}
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
# Build Linux packages
build-packages:
permissions:
contents: read
packages: write
strategy:
matrix:
linux: [ubuntu, debian, fedora, rhel]
include:
- linux: ubuntu
package: deb
- linux: debian
package: deb
- linux: fedora
package: rpm
- linux: rhel
package: rpm
uses: ./.github/workflows/linux-build.yml
with:
RELEASE: dev
LINUX: ${{ matrix.linux }}
PACKAGE: ${{ matrix.package }}
TEST: true
PLATFORMS: linux/amd64
secrets:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
# Python code security
code-security:
runs-on: ubuntu-latest
@ -65,10 +93,15 @@ jobs:
uses: ./.github/workflows/tests-ui.yml
with:
RELEASE: dev
tests-ui-linux:
needs: [code-security, build-packages]
uses: ./.github/workflows/tests-ui-linux.yml
with:
RELEASE: dev
# Core tests
prepare-tests-core:
needs: [code-security, build-containers]
needs: [code-security, build-containers, build-packages]
runs-on: ubuntu-latest
steps:
- name: Checkout repository
@ -89,6 +122,17 @@ jobs:
with:
TEST: ${{ matrix.test }}
RELEASE: dev
tests-core-linux:
needs: prepare-tests-core
strategy:
fail-fast: false
matrix:
test: ${{ fromJson(needs.prepare-tests-core.outputs.tests) }}
uses: ./.github/workflows/test-core-linux.yml
with:
TEST: ${{ matrix.test }}
RELEASE: dev
secrets: inherit
# Push with dev tag
push-dev:
@ -129,3 +173,59 @@ jobs:
env:
FROM: "autoconf"
TO: "bunkerweb-autoconf"
# Push Linux packages
push-packages:
needs: [tests-ui-linux, tests-core-linux]
strategy:
matrix:
linux: [ubuntu, debian, fedora, el]
arch: [amd64]
include:
- release: dev
repo: bunkerweb
- linux: ubuntu
separator: _
suffix: ""
version: jammy
package: deb
- linux: debian
separator: _
suffix: ""
version: bullseye
package: deb
- linux: fedora
separator: "-"
suffix: "1."
version: 38
package: rpm
- linux: el
separator: "-"
suffix: "1."
version: 8
package: rpm
- linux: ubuntu
arch: amd64
package_arch: amd64
- linux: debian
arch: amd64
package_arch: amd64
- linux: fedora
arch: amd64
package_arch: x86_64
- linux: el
arch: amd64
package_arch: x86_64
uses: ./.github/workflows/push-packagecloud.yml
with:
SEPARATOR: ${{ matrix.separator }}
SUFFIX: ${{ matrix.suffix }}
REPO: ${{ matrix.repo }}
LINUX: ${{ matrix.linux }}
VERSION: ${{ matrix.version }}
PACKAGE: ${{ matrix.package }}
BW_VERSION: ${{ matrix.release }}
PACKAGE_ARCH: ${{ matrix.package_arch }}
ARCH: ${{ matrix.arch }}
secrets:
PACKAGECLOUD_TOKEN: ${{ secrets.PACKAGECLOUD_TOKEN }}

12
.github/workflows/linux-build.yml vendored
View file

@ -39,8 +39,8 @@ jobs:
- name: Checkout source code
uses: actions/checkout@v4
- name: Replace VERSION
if: inputs.RELEASE == 'testing'
run: ./misc/update-version.sh testing
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev'
run: ./misc/update-version.sh ${{ inputs.RELEASE }}
- name: Extract arch
run: |
echo "ARCH=${{ env.PLATFORMS }}" | sed 's/linux//g' | sed 's@/@@g' >> "$GITHUB_ENV"
@ -91,7 +91,7 @@ jobs:
password: ${{ secrets.GITHUB_TOKEN }}
# Build testing package image
- name: Build package image
if: inputs.RELEASE == 'testing'
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev'
uses: docker/build-push-action@v5
with:
context: .
@ -99,11 +99,11 @@ jobs:
file: src/linux/Dockerfile-${{ inputs.LINUX }}
platforms: ${{ inputs.PLATFORMS }}
tags: local/bunkerweb-${{ inputs.LINUX }}:latest
cache-from: type=gha,scope=${{ inputs.LINUX }}-testing
cache-to: type=gha,scope=${{ inputs.LINUX }}-testing,mode=min
cache-from: type=gha,scope=${{ inputs.LINUX }}-${{ inputs.RELEASE }}
cache-to: type=gha,scope=${{ inputs.LINUX }}-${{ inputs.RELEASE }},mode=min
# Build non-testing package image
- name: Build package image
if: inputs.RELEASE != 'testing'
if: inputs.RELEASE != 'testing' && inputs.RELEASE != 'dev'
uses: docker/build-push-action@v5
with:
context: .

56
.github/workflows/staging.yml vendored
View file

@ -64,7 +64,7 @@ jobs:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
# Code security
# Python code security
code-security:
runs-on: ubuntu-latest
permissions:
@ -88,7 +88,7 @@ jobs:
with:
category: "/language:${{matrix.language}}"
# Create infrastructures
# Create infrastructures and prepare tests
create-infras:
needs: [code-security, build-containers, build-packages]
strategy:
@ -101,8 +101,30 @@ jobs:
CICD_SECRETS: ${{ secrets.CICD_SECRETS }}
SECRET_KEY: ${{ secrets.SECRET_KEY }}
K8S_IP: ${{ secrets.K8S_IP }}
prepare-tests-core:
needs: [code-security, build-containers, build-packages]
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- id: set-matrix
run: |
tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
echo "::set-output name=tests::$tests"
outputs:
tests: ${{ steps.set-matrix.outputs.tests }}
# Perform tests
tests-ui:
needs: [code-security, build-containers]
uses: ./.github/workflows/tests-ui.yml
with:
RELEASE: testing
tests-ui-linux:
needs: [code-security, build-packages]
uses: ./.github/workflows/tests-ui-linux.yml
with:
RELEASE: testing
staging-tests:
needs: [create-infras]
strategy:
@ -124,23 +146,6 @@ jobs:
TYPE: ${{ matrix.type }}
RUNS_ON: ${{ matrix.runs_on }}
secrets: inherit
tests-ui:
needs: [create-infras]
uses: ./.github/workflows/tests-ui.yml
with:
RELEASE: testing
prepare-tests-core:
needs: [create-infras]
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- id: set-matrix
run: |
tests=$(find ./tests/core/ -maxdepth 1 -mindepth 1 -type d -printf "%f\n" | jq -c --raw-input --slurp 'split("\n")| .[0:-1]')
echo "::set-output name=tests::$tests"
outputs:
tests: ${{ steps.set-matrix.outputs.tests }}
tests-core:
needs: prepare-tests-core
strategy:
@ -151,6 +156,17 @@ jobs:
with:
TEST: ${{ matrix.test }}
RELEASE: testing
tests-core-linux:
needs: prepare-tests-core
strategy:
fail-fast: false
matrix:
test: ${{ fromJson(needs.prepare-tests-core.outputs.tests) }}
uses: ./.github/workflows/test-core-linux.yml
with:
TEST: ${{ matrix.test }}
RELEASE: testing
secrets: inherit
# Delete infrastructures
delete-infras:
@ -196,7 +212,7 @@ jobs:
# Push Linux packages
push-packages:
needs: [staging-tests, tests-ui, tests-core]
needs: [staging-tests, tests-ui-linux, tests-core-linux]
strategy:
matrix:
linux: [ubuntu, debian, fedora, el]

95
.github/workflows/test-core-linux.yml vendored Normal file
View file

@ -0,0 +1,95 @@
name: Core test Linux (REUSABLE)
on:
workflow_call:
inputs:
TEST:
required: true
type: string
RELEASE:
required: true
type: string
jobs:
tests:
runs-on: ubuntu-latest
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v4
- name: Set up Python 3.11
uses: actions/setup-python@v4
with:
python-version: "3.11"
cache: "pip"
- name: Install Firefox manually and dependencies
run: |
sudo apt purge -y firefox
sudo apt update
sudo apt install --no-install-recommends -y openssl git nodejs tar bzip2 wget curl grep libx11-xcb1 libappindicator3-1 libasound2 libdbus-glib-1-2 libxtst6 libxt6 php-fpm unzip
wget -O firefox-setup.tar.bz2 "https://download.mozilla.org/?product=firefox-latest-ssl&os=linux64"
tar -xjf firefox-setup.tar.bz2 -C /opt/
sudo ln -s /opt/firefox/firefox /usr/bin/firefox
sudo chmod 755 /opt/firefox
sudo chmod 755 /opt/firefox/firefox
rm -f firefox-setup.tar.bz2
- name: Download geckodriver
uses: nick-fields/retry@v2
with:
max_attempts: 3
timeout_minutes: 20
command: |
GECKODRIVER_VERSION=`curl -i https://github.com/mozilla/geckodriver/releases/latest | grep -Po 'v[0-9]+\.[0-9]+\.[0-9]+'` && \
wget -O geckodriver.tar.gz -w 5 https://github.com/mozilla/geckodriver/releases/download/$GECKODRIVER_VERSION/geckodriver-$GECKODRIVER_VERSION-linux64.tar.gz
sudo tar -xzf geckodriver.tar.gz -C /usr/local/bin
sudo chmod +x /usr/local/bin/geckodriver
rm -f geckodriver.tar.gz
- name: Login to ghcr
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Pull BW linux ubuntu test image
run: docker pull ghcr.io/bunkerity/ubuntu-tests:${{ inputs.RELEASE }}
- name: Copy deb file to host
run: |
container_id=$(docker create "ghcr.io/bunkerity/ubuntu-tests:${{ inputs.RELEASE }}")
docker cp "$container_id:/opt/bunkerweb_dev-1_amd64.deb" "/tmp/bunkerweb.deb"
docker rm "$container_id"
- name: Install BunkerWeb
run: |
sudo apt install -y gnupg2 ca-certificates lsb-release ubuntu-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
sudo apt update
sudo apt install -y nginx=1.24.0-1~jammy
- name: Fix version without a starting number
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev'
run: echo "force-bad-version" | sudo tee -a /etc/dpkg/dpkg.cfg
- name: Install BunkerWeb
run: sudo apt install -fy /tmp/bunkerweb.deb
- name: Edit configuration files
run: |
# Misc
echo "127.0.0.1 www.example.com" | sudo tee -a /etc/hosts
echo "127.0.0.1 app1.example.com" | sudo tee -a /etc/hosts
echo "127.0.0.1 bwadm.example.com" | sudo tee -a /etc/hosts
sudo cp ./tests/www-deb.conf /etc/php/8.1/fpm/pool.d/www.conf
sudo systemctl stop php8.1-fpm
sudo systemctl start php8.1-fpm
# BunkerWeb
echo "SERVER_NAME=www.example.com" | sudo tee /etc/bunkerweb/variables.env
echo "HTTP_PORT=80" | sudo tee -a /etc/bunkerweb/variables.env
echo "HTTPS_PORT=443" | sudo tee -a /etc/bunkerweb/variables.env
echo 'DNS_RESOLVERS=9.9.9.9 8.8.8.8 8.8.4.4' | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_BUNKERNET=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_BLACKLIST=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "LOG_LEVEL=info" | sudo tee -a /etc/bunkerweb/variables.env
sudo chown nginx:nginx /etc/bunkerweb/variables.env
sudo chmod 777 /etc/bunkerweb/variables.env
- name: Run tests
run: |
cd ./tests/core/${{ inputs.TEST }}
MAKEFLAGS="-j $(nproc)" find . -name "requirements.txt" -exec pip install -r {} \;
./test.sh "linux"

8
.github/workflows/test-core.yml vendored
View file

@ -9,6 +9,7 @@ on:
RELEASE:
required: true
type: string
jobs:
test:
runs-on: ubuntu-latest
@ -26,15 +27,10 @@ jobs:
run: docker pull ghcr.io/bunkerity/bunkerweb-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/bunkerweb-tests:${{ inputs.RELEASE }} bunkerweb-tests
- name: Pull Scheduler image
run: docker pull ghcr.io/bunkerity/scheduler-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/scheduler-tests:${{ inputs.RELEASE }} scheduler-tests
# # Temp fix "is not connected to the network" until compose v2.19.1 is available
# - name: Downgrade compose
# run: |
# sudo apt update
# sudo apt install -y --allow-downgrades moby-compose=2.18.1+azure-ubuntu22.04u2
# Run test
- name: Run test
run: |
cd ./tests/core/${{ inputs.TEST }}
find . -type f -name 'docker-compose.*' -exec sed -i "s@bunkerity/bunkerweb:.*@bunkerweb-tests@" {} \;
find . -type f -name 'docker-compose.*' -exec sed -i "s@bunkerity/bunkerweb-scheduler:.*@scheduler-tests@" {} \;
./test.sh
./test.sh "docker"

118
.github/workflows/tests-ui-linux.yml vendored Normal file
View file

@ -0,0 +1,118 @@
name: Core test Linux (REUSABLE)
on:
workflow_call:
inputs:
RELEASE:
required: true
type: string
jobs:
tests:
runs-on: ubuntu-latest
steps:
# Prepare
- name: Checkout source code
uses: actions/checkout@v4
- name: Set up Python 3.11
uses: actions/setup-python@v4
with:
python-version: "3.11"
cache: "pip"
- name: Install Firefox manually and dependencies
run: |
sudo apt purge -y firefox
sudo apt update
sudo apt install --no-install-recommends -y zip nodejs tar bzip2 wget curl grep libx11-xcb1 libappindicator3-1 libasound2 libdbus-glib-1-2 libxtst6 libxt6
wget -O firefox-setup.tar.bz2 "https://download.mozilla.org/?product=firefox-latest-ssl&os=linux64"
tar -xjf firefox-setup.tar.bz2 -C /opt/
sudo ln -s /opt/firefox/firefox /usr/bin/firefox
sudo chmod 755 /opt/firefox
sudo chmod 755 /opt/firefox/firefox
rm -f firefox-setup.tar.bz2
- name: Download geckodriver
uses: nick-fields/retry@v2
with:
max_attempts: 3
timeout_minutes: 20
command: |
GECKODRIVER_VERSION=`curl -i https://github.com/mozilla/geckodriver/releases/latest | grep -Po 'v[0-9]+\.[0-9]+\.[0-9]+'` && \
wget -O geckodriver.tar.gz -w 5 https://github.com/mozilla/geckodriver/releases/download/$GECKODRIVER_VERSION/geckodriver-$GECKODRIVER_VERSION-linux64.tar.gz
sudo tar -xzf geckodriver.tar.gz -C /usr/local/bin
sudo chmod +x /usr/local/bin/geckodriver
rm -f geckodriver.tar.gz
- name: Login to ghcr
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Pull BW linux ubuntu test image
run: docker pull ghcr.io/bunkerity/ubuntu-tests:${{ inputs.RELEASE }}
- name: Copy deb file to host
run: |
container_id=$(docker create "ghcr.io/bunkerity/ubuntu-tests:${{ inputs.RELEASE }}")
docker cp "$container_id:/opt/bunkerweb_dev-1_amd64.deb" "/tmp/bunkerweb.deb"
docker rm "$container_id"
- name: Install BunkerWeb
run: |
sudo apt install -y gnupg2 ca-certificates lsb-release ubuntu-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
sudo apt update
sudo apt install -y nginx=1.24.0-1~jammy
- name: Fix version without a starting number
if: inputs.RELEASE == 'testing' || inputs.RELEASE == 'dev'
run: echo "force-bad-version" | sudo tee -a /etc/dpkg/dpkg.cfg
- name: Install BunkerWeb
run: sudo apt install -fy /tmp/bunkerweb.deb
- name: Edit configuration files
run: |
# Misc
echo "127.0.0.1 www.example.com" | sudo tee -a /etc/hosts
echo "127.0.0.1 app1.example.com" | sudo tee -a /etc/hosts
# BunkerWeb
echo "SERVER_NAME=www.example.com" | sudo tee /etc/bunkerweb/variables.env
echo "HTTP_PORT=80" | sudo tee -a /etc/bunkerweb/variables.env
echo "HTTPS_PORT=443" | sudo tee -a /etc/bunkerweb/variables.env
echo 'DNS_RESOLVERS=9.9.9.9 8.8.8.8 8.8.4.4' | sudo tee -a /etc/bunkerweb/variables.env
echo "MULTISITE=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "LOG_LEVEL=info" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_BUNKERNET=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_BLACKLIST=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "DISABLE_DEFAULT_SERVER=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_CLIENT_CACHE=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_GZIP=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "DATASTORE_MEMORY_SIZE=384m" | sudo tee -a /etc/bunkerweb/variables.env
echo "www.example.com_USE_UI=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "www.example.com_SERVE_FILES=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "www.example.com_USE_REVERSE_PROXY=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "www.example.com_REVERSE_PROXY_URL=/admin" | sudo tee -a /etc/bunkerweb/variables.env
echo "www.example.com_REVERSE_PROXY_HOST=http://127.0.0.1:7000" | sudo tee -a /etc/bunkerweb/variables.env
echo "www.example.com_INTERCEPTED_ERROR_CODES=400 405 413 429 500 501 502 503 504" | sudo tee -a /etc/bunkerweb/variables.env
echo "ADMIN_USERNAME=admin" | sudo tee /etc/bunkerweb/ui.env
echo "ADMIN_PASSWORD=S\$cr3tP@ssw0rd" | sudo tee -a /etc/bunkerweb/ui.env
sudo chown nginx:nginx /etc/bunkerweb/variables.env /etc/bunkerweb/ui.env
sudo chmod 777 /etc/bunkerweb/variables.env /etc/bunkerweb/ui.env
- name: Run tests
run: |
cd ./tests/ui
MAKEFLAGS="-j $(nproc)" find . -name "requirements.txt" -exec pip install -r {} \;
touch test.txt
zip test.zip test.txt
rm test.txt
echo '{
"id": "discord",
"name": "Discord",
"description": "Send alerts to a Discord channel (using webhooks).",
"version": "0.1",
"stream": "no",
"settings": {}
}' | tee plugin.json
zip discord.zip plugin.json
rm plugin.json
./tests.sh "linux"
env:
MODE: ${{ inputs.RELEASE }}

4
.github/workflows/tests-ui.yml vendored
View file

@ -27,6 +27,8 @@ jobs:
run: docker pull ghcr.io/bunkerity/ui-tests:${{ inputs.RELEASE }} && docker tag ghcr.io/bunkerity/ui-tests:${{ inputs.RELEASE }} ui-tests
# Do tests
- name: Run tests
run: ./tests/ui/tests.sh
run: |
cd ./tests/ui
./tests.sh "docker"
env:
MODE: ${{ inputs.RELEASE }}

5
CHANGELOG.md
View file

@ -4,7 +4,12 @@
- [BUGFIX] Fix BunkerWeb not loading his own settings after a docker restart
- [BUGFIX] Fix Custom configs not following the service name after an update on the UI
- [BUGFIX] Fix UI clearing configs folder at startup
- [BUGFIX] Fix Database not clearing old services when not using multisite
- [BUGFIX] Fix UI using the wrong database when generating the new config when using an external database
- [MISC] Updated core dependencies
- [MISC] Updated self-signed job to regenerate the cert if the subject or the expiration date has changed
- [MISC] Jobs that download files from urls will now remove old cached files if urls are empty
## v1.5.2 - 2023/10/10

4
docs/requirements.txt
View file

@ -1,5 +1,5 @@
mkdocs==1.5.2
mkdocs-material==9.3.1
mkdocs==1.5.3
mkdocs-material==9.3.2
pytablewriter==1.0.0
mike==1.1.2
mkdocs-print-site-plugin==2.3.6

2
src/bw/Dockerfile
View file

@ -73,7 +73,7 @@ RUN apk add --no-cache pcre bash python3 yajl && \
ln -s /proc/1/fd/1 /var/log/bunkerweb/access.log
# Fix CVEs
RUN apk add --no-cache "libwebp>=1.2.4-r3"
RUN apk add --no-cache "libwebp>=1.2.4-r3" "curl>=8.3.0-r0" "libcurl>=8.3.0-r0"
VOLUME /data /etc/nginx

45
src/common/core/blacklist/jobs/blacklist-download.py
View file

@ -21,7 +21,7 @@ from requests import get
from Database import Database # type: ignore
from logger import setup_logger # type: ignore
from jobs import cache_file, cache_hash, is_cached_file, file_hash
from jobs import cache_file, cache_hash, del_file_in_db, is_cached_file, file_hash
rdns_rx = re_compile(rb"^[^ ]+$", IGNORECASE)
asn_rx = re_compile(rb"^\d+$")
@ -85,8 +85,23 @@ try:
tmp_blacklist_path = Path(sep, "var", "tmp", "bunkerweb", "blacklist")
tmp_blacklist_path.mkdir(parents=True, exist_ok=True)
# Our urls data
urls = {"IP": [], "RDNS": [], "ASN": [], "USER_AGENT": [], "URI": []}
# Get URLs
urls = {
"IP": [],
"RDNS": [],
"ASN": [],
"USER_AGENT": [],
"URI": [],
"IGNORE_IP": [],
"IGNORE_RDNS": [],
"IGNORE_ASN": [],
"IGNORE_USER_AGENT": [],
"IGNORE_URI": [],
}
for kind in urls:
for url in getenv(f"BLACKLIST_{kind}_URLS", "").split(" "):
if url and url not in urls[kind]:
urls[kind].append(url)
# Don't go further if the cache is fresh
kinds_fresh = {
@ -113,27 +128,15 @@ try:
logger.info(
f"Blacklist for {kind} is already in cache, skipping downloads...",
)
if not urls[kind]:
blacklist_path.joinpath(f"{kind}.list").unlink(missing_ok=True)
deleted, err = del_file_in_db(f"{kind}.list", db)
if not deleted:
logger.warning(f"Coudn't delete {kind}.list from cache : {err}")
if all_fresh:
_exit(0)
# Get URLs
urls = {
"IP": [],
"RDNS": [],
"ASN": [],
"USER_AGENT": [],
"URI": [],
"IGNORE_IP": [],
"IGNORE_RDNS": [],
"IGNORE_ASN": [],
"IGNORE_USER_AGENT": [],
"IGNORE_URI": [],
}
for kind in urls:
for url in getenv(f"BLACKLIST_{kind}_URLS", "").split(" "):
if url and url not in urls[kind]:
urls[kind].append(url)
# Loop on kinds
for kind, urls_list in urls.items():
if kinds_fresh[kind]:

2
src/common/core/dnsbl/plugin.json
View file

@ -20,7 +20,7 @@
"help": "List of DNSBL servers.",
"id": "dnsbl-list",
"label": "DNSBL list",
"regex": "^(?! )( ?((?!\\.)[\\w.]+)(?!.*\\2(?!.)))+$",
"regex": "^(?! )( ?((?!\\.)[\\w.]+)(?!.*\\2(?!.)))*$",
"type": "text"
}
}

21
src/common/core/greylist/jobs/greylist-download.py
View file

@ -21,7 +21,7 @@ from requests import get
from Database import Database # type: ignore
from logger import setup_logger # type: ignore
from jobs import cache_file, cache_hash, is_cached_file, file_hash
from jobs import cache_file, cache_hash, del_file_in_db, is_cached_file, file_hash
rdns_rx = re_compile(rb"^[^ ]+$", IGNORECASE)
asn_rx = re_compile(rb"^\d+$")
@ -85,8 +85,12 @@ try:
tmp_greylist_path = Path(sep, "var", "tmp", "bunkerweb", "greylist")
tmp_greylist_path.mkdir(parents=True, exist_ok=True)
# Our urls data
# Get URLs
urls = {"IP": [], "RDNS": [], "ASN": [], "USER_AGENT": [], "URI": []}
for kind in urls:
for url in getenv(f"GREYLIST_{kind}_URLS", "").split(" "):
if url and url not in urls[kind]:
urls[kind].append(url)
# Don't go further if the cache is fresh
kinds_fresh = {
@ -108,16 +112,15 @@ try:
logger.info(
f"Greylist for {kind} is already in cache, skipping downloads...",
)
if not urls[kind]:
greylist_path.joinpath(f"{kind}.list").unlink(missing_ok=True)
deleted, err = del_file_in_db(f"{kind}.list", db)
if not deleted:
logger.warning(f"Coudn't delete {kind}.list from cache : {err}")
if all_fresh:
_exit(0)
# Get URLs
urls = {"IP": [], "RDNS": [], "ASN": [], "USER_AGENT": [], "URI": []}
for kind in urls:
for url in getenv(f"GREYLIST_{kind}_URLS", "").split(" "):
if url and url not in urls[kind]:
urls[kind].append(url)
# Loop on kinds
for kind, urls_list in urls.items():
if kinds_fresh[kind]:

7
src/common/core/jobs/jobs/download-plugins.py
View file

@ -76,7 +76,12 @@ try:
content = Path(normpath(plugin_urls[7:])).read_bytes()
else:
content = b""
resp = get(plugin_url, stream=True, timeout=10)
resp = get(
plugin_url,
headers={"User-Agent": "BunkerWeb"},
stream=True,
timeout=30,
)
if resp.status_code != 200:
logger.warning(f"Got status code {resp.status_code}, skipping...")

3
src/common/core/misc/jobs/update-check.py
View file

@ -29,8 +29,9 @@ try:
response = get(
"https://github.com/bunkerity/bunkerweb/releases/latest",
headers={"User-Agent": "BunkerWeb"},
allow_redirects=True,
timeout=5,
timeout=10,
)
response.raise_for_status()

17
src/common/core/realip/jobs/realip-download.py
View file

@ -23,7 +23,7 @@ from requests import get
from Database import Database # type: ignore
from logger import setup_logger # type: ignore
from jobs import cache_file, cache_hash, file_hash, is_cached_file
from jobs import cache_file, cache_hash, del_file_in_db, file_hash, is_cached_file
def check_line(line):
@ -75,14 +75,19 @@ try:
db = Database(logger, sqlalchemy_string=getenv("DATABASE_URI", None), pool=False)
# Don't go further if the cache is fresh
if is_cached_file(realip_path.joinpath("combined.list"), "hour", db):
logger.info("RealIP list is already in cache, skipping download...")
_exit(0)
# Get URLs
urls = [url for url in getenv("REAL_IP_FROM_URLS", "").split(" ") if url]
# Don't go further if the cache is fresh
if is_cached_file(realip_path.joinpath("combined.list"), "hour", db):
if not urls:
tmp_realip_path.joinpath("combined.list").unlink(missing_ok=True)
deleted, err = del_file_in_db("combined.list", db)
if not deleted:
logger.warning(f"Coudn't delete combined.list from cache : {err}")
logger.info("RealIP list is already in cache, skipping download...")
_exit(0)
# Download and write data to temp file
i = 0
content = b""

25
src/common/core/selfsigned/jobs/self-signed.py
View file

@ -1,5 +1,6 @@
#!/usr/bin/python3
from datetime import timedelta
from os import getenv, sep
from os.path import join
from pathlib import Path
@ -20,6 +21,9 @@ for deps_path in [
if deps_path not in sys_path:
sys_path.append(deps_path)
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from Database import Database # type: ignore
from logger import setup_logger # type: ignore
from jobs import set_file_in_db
@ -52,7 +56,26 @@ def generate_cert(
== 0
):
logger.info(f"Self-signed certificate already present for {first_server}")
return True, 0
certificate = x509.load_pem_x509_certificate(
self_signed_path.joinpath(f"{first_server}.pem").read_bytes(),
default_backend(),
)
if sorted(
attribute.rfc4514_string() for attribute in certificate.subject
) != sorted(v for v in subj.split("/") if v):
logger.warning(
f"Subject of self-signed certificate for {first_server} is different from the one in the configuration, regenerating ..."
)
elif (
certificate.not_valid_after - certificate.not_valid_before
!= timedelta(days=int(days))
):
logger.warning(
f"Expiration date of self-signed certificate for {first_server} is different from the one in the configuration, regenerating ..."
)
else:
return True, 0
logger.info(f"Generating self-signed certificate for {first_server}")
if (

21
src/common/core/whitelist/jobs/whitelist-download.py
View file

@ -21,7 +21,7 @@ from requests import get
from Database import Database # type: ignore
from logger import setup_logger # type: ignore
from jobs import cache_file, cache_hash, is_cached_file, file_hash
from jobs import cache_file, cache_hash, del_file_in_db, is_cached_file, file_hash
rdns_rx = re_compile(rb"^[^ ]+$", IGNORECASE)
asn_rx = re_compile(rb"^\d+$")
@ -85,8 +85,12 @@ try:
tmp_whitelist_path = Path(sep, "var", "tmp", "bunkerweb", "whitelist")
tmp_whitelist_path.mkdir(parents=True, exist_ok=True)
# Our urls data
# Get URLs
urls = {"IP": [], "RDNS": [], "ASN": [], "USER_AGENT": [], "URI": []}
for kind in urls:
for url in getenv(f"WHITELIST_{kind}_URLS", "").split(" "):
if url and url not in urls[kind]:
urls[kind].append(url)
# Don't go further if the cache is fresh
kinds_fresh = {
@ -108,16 +112,15 @@ try:
logger.info(
f"Whitelist for {kind} is already in cache, skipping downloads...",
)
if not urls[kind]:
whitelist_path.joinpath(f"{kind}.list").unlink(missing_ok=True)
deleted, err = del_file_in_db(f"{kind}.list", db)
if not deleted:
logger.warning(f"Coudn't delete {kind}.list from cache : {err}")
if all_fresh:
_exit(0)
# Get URLs
urls = {"IP": [], "RDNS": [], "ASN": [], "USER_AGENT": [], "URI": []}
for kind in urls:
for url in getenv(f"WHITELIST_{kind}_URLS", "").split(" "):
if url and url not in urls[kind]:
urls[kind].append(url)
# Loop on kinds
for kind, urls_list in urls.items():
if kinds_fresh[kind]:

61
src/common/db/Database.py
View file

@ -491,33 +491,32 @@ class Database:
if config:
config.pop("DATABASE_URI", None)
db_services = (
session.query(Services)
.with_entities(Services.id, Services.method)
.all()
)
db_ids = [service.id for service in db_services]
services = config.get("SERVER_NAME", [])
if isinstance(services, str):
services = services.split(" ")
if db_services:
missing_ids = [
service.id
for service in db_services
if (service.method == method) and service.id not in services
]
if missing_ids:
# Remove services that are no longer in the list
session.query(Services).filter(
Services.id.in_(missing_ids)
).delete()
if config.get("MULTISITE", "no") == "yes":
global_values = []
db_services = (
session.query(Services)
.with_entities(Services.id, Services.method)
.all()
)
db_ids = [service.id for service in db_services]
services = config.pop("SERVER_NAME", [])
if isinstance(services, str):
services = services.split(" ")
if db_services:
missing_ids = [
service.id
for service in db_services
if (service.method == method) and service.id not in services
]
if missing_ids:
# Remove services that are no longer in the list
session.query(Services).filter(
Services.id.in_(missing_ids)
).delete()
for key, value in deepcopy(config).items():
suffix = 0
original_key = deepcopy(key)
@ -658,15 +657,11 @@ class Database:
}
)
else:
if (
"SERVER_NAME" in config
and config["SERVER_NAME"] != ""
and not (
session.query(Services)
.with_entities(Services.id)
.filter_by(id=config["SERVER_NAME"].split(" ")[0])
.first()
)
if config.get("SERVER_NAME", "") != "" and not (
session.query(Services)
.with_entities(Services.id)
.filter_by(id=config["SERVER_NAME"].split(" ")[0])
.first()
):
to_put.append(
Services(

4
src/common/db/requirements.in
View file

@ -1,4 +1,4 @@
cryptography==41.0.3
cryptography==41.0.4
psycopg2-binary==2.9.7
PyMySQL==1.1.0
sqlalchemy==2.0.20
sqlalchemy==2.0.21

138
src/common/db/requirements.txt
View file

@ -70,30 +70,30 @@ cffi==1.15.1 \
--hash=sha256:fa6693661a4c91757f4412306191b6dc88c1703f780c8234035eac011922bc01 \
--hash=sha256:fcd131dd944808b5bdb38e6f5b53013c5aa4f334c5cad0c72742f6eba4b73db0
# via cryptography
cryptography==41.0.3 \
--hash=sha256:0d09fb5356f975974dbcb595ad2d178305e5050656affb7890a1583f5e02a306 \
--hash=sha256:23c2d778cf829f7d0ae180600b17e9fceea3c2ef8b31a99e3c694cbbf3a24b84 \
--hash=sha256:3fb248989b6363906827284cd20cca63bb1a757e0a2864d4c1682a985e3dca47 \
--hash=sha256:41d7aa7cdfded09b3d73a47f429c298e80796c8e825ddfadc84c8a7f12df212d \
--hash=sha256:42cb413e01a5d36da9929baa9d70ca90d90b969269e5a12d39c1e0d475010116 \
--hash=sha256:4c2f0d35703d61002a2bbdcf15548ebb701cfdd83cdc12471d2bae80878a4207 \
--hash=sha256:4fd871184321100fb400d759ad0cddddf284c4b696568204d281c902fc7b0d81 \
--hash=sha256:5259cb659aa43005eb55a0e4ff2c825ca111a0da1814202c64d28a985d33b087 \
--hash=sha256:57a51b89f954f216a81c9d057bf1a24e2f36e764a1ca9a501a6964eb4a6800dd \
--hash=sha256:652627a055cb52a84f8c448185922241dd5217443ca194d5739b44612c5e6507 \
--hash=sha256:67e120e9a577c64fe1f611e53b30b3e69744e5910ff3b6e97e935aeb96005858 \
--hash=sha256:6af1c6387c531cd364b72c28daa29232162010d952ceb7e5ca8e2827526aceae \
--hash=sha256:6d192741113ef5e30d89dcb5b956ef4e1578f304708701b8b73d38e3e1461f34 \
--hash=sha256:7efe8041897fe7a50863e51b77789b657a133c75c3b094e51b5e4b5cec7bf906 \
--hash=sha256:84537453d57f55a50a5b6835622ee405816999a7113267739a1b4581f83535bd \
--hash=sha256:8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922 \
--hash=sha256:95dd7f261bb76948b52a5330ba5202b91a26fbac13ad0e9fc8a3ac04752058c7 \
--hash=sha256:a74fbcdb2a0d46fe00504f571a2a540532f4c188e6ccf26f1f178480117b33c4 \
--hash=sha256:a983e441a00a9d57a4d7c91b3116a37ae602907a7618b882c8013b5762e80574 \
--hash=sha256:ab8de0d091acbf778f74286f4989cf3d1528336af1b59f3e5d2ebca8b5fe49e1 \
--hash=sha256:aeb57c421b34af8f9fe830e1955bf493a86a7996cc1338fe41b30047d16e962c \
--hash=sha256:ce785cf81a7bdade534297ef9e490ddff800d956625020ab2ec2780a556c313e \
--hash=sha256:d0d651aa754ef58d75cec6edfbd21259d93810b73f6ec246436a21b7841908de
cryptography==41.0.4 \
--hash=sha256:004b6ccc95943f6a9ad3142cfabcc769d7ee38a3f60fb0dddbfb431f818c3a67 \
--hash=sha256:047c4603aeb4bbd8db2756e38f5b8bd7e94318c047cfe4efeb5d715e08b49311 \
--hash=sha256:0d9409894f495d465fe6fda92cb70e8323e9648af912d5b9141d616df40a87b8 \
--hash=sha256:23a25c09dfd0d9f28da2352503b23e086f8e78096b9fd585d1d14eca01613e13 \
--hash=sha256:2ed09183922d66c4ec5fdaa59b4d14e105c084dd0febd27452de8f6f74704143 \
--hash=sha256:35c00f637cd0b9d5b6c6bd11b6c3359194a8eba9c46d4e875a3660e3b400005f \
--hash=sha256:37480760ae08065437e6573d14be973112c9e6dcaf5f11d00147ee74f37a3829 \
--hash=sha256:3b224890962a2d7b57cf5eeb16ccaafba6083f7b811829f00476309bce2fe0fd \
--hash=sha256:5a0f09cefded00e648a127048119f77bc2b2ec61e736660b5789e638f43cc397 \
--hash=sha256:5b72205a360f3b6176485a333256b9bcd48700fc755fef51c8e7e67c4b63e3ac \
--hash=sha256:7e53db173370dea832190870e975a1e09c86a879b613948f09eb49324218c14d \
--hash=sha256:7febc3094125fc126a7f6fb1f420d0da639f3f32cb15c8ff0dc3997c4549f51a \
--hash=sha256:80907d3faa55dc5434a16579952ac6da800935cd98d14dbd62f6f042c7f5e839 \
--hash=sha256:86defa8d248c3fa029da68ce61fe735432b047e32179883bdb1e79ed9bb8195e \
--hash=sha256:8ac4f9ead4bbd0bc8ab2d318f97d85147167a488be0e08814a37eb2f439d5cf6 \
--hash=sha256:93530900d14c37a46ce3d6c9e6fd35dbe5f5601bf6b3a5c325c7bffc030344d9 \
--hash=sha256:9eeb77214afae972a00dee47382d2591abe77bdae166bda672fb1e24702a3860 \
--hash=sha256:b5f4dfe950ff0479f1f00eda09c18798d4f49b98f4e2006d644b3301682ebdca \
--hash=sha256:c3391bd8e6de35f6f1140e50aaeb3e2b3d6a9012536ca23ab0d9c35ec18c8a91 \
--hash=sha256:c880eba5175f4307129784eca96f4e70b88e57aa3f680aeba3bab0e980b0f37d \
--hash=sha256:cecfefa17042941f94ab54f769c8ce0fe14beff2694e9ac684176a2535bf9714 \
--hash=sha256:e40211b4923ba5a6dc9769eab704bdb3fbb58d56c5b336d30996c24fcf12aadb \
--hash=sha256:efc8ad4e6fc4f1752ebfb58aefece8b4e3c4cae940b0994d43649bdfce8d0d4f
# via -r requirements.in
greenlet==2.0.2 \
--hash=sha256:03a8f4f3430c3b3ff8d10a2a86028c660355ab637cee9333d63d66b56f09d52a \
@ -231,50 +231,50 @@ pymysql==1.1.0 \
--hash=sha256:4f13a7df8bf36a51e81dd9f3605fede45a4878fe02f9236349fd82a3f0612f96 \
--hash=sha256:8969ec6d763c856f7073c4c64662882675702efcb114b4bcbb955aea3a069fa7
# via -r requirements.in
sqlalchemy==2.0.20 \
--hash=sha256:1506e988ebeaaf316f183da601f24eedd7452e163010ea63dbe52dc91c7fc70e \
--hash=sha256:1a58052b5a93425f656675673ef1f7e005a3b72e3f2c91b8acca1b27ccadf5f4 \
--hash=sha256:1b74eeafaa11372627ce94e4dc88a6751b2b4d263015b3523e2b1e57291102f0 \
--hash=sha256:1be86ccea0c965a1e8cd6ccf6884b924c319fcc85765f16c69f1ae7148eba64b \
--hash=sha256:1d35d49a972649b5080557c603110620a86aa11db350d7a7cb0f0a3f611948a0 \
--hash=sha256:243d0fb261f80a26774829bc2cee71df3222587ac789b7eaf6555c5b15651eed \
--hash=sha256:26a3399eaf65e9ab2690c07bd5cf898b639e76903e0abad096cd609233ce5208 \
--hash=sha256:27d554ef5d12501898d88d255c54eef8414576f34672e02fe96d75908993cf53 \
--hash=sha256:3364b7066b3c7f4437dd345d47271f1251e0cfb0aba67e785343cdbdb0fff08c \
--hash=sha256:3423dc2a3b94125094897118b52bdf4d37daf142cbcf26d48af284b763ab90e9 \
--hash=sha256:3c6aceebbc47db04f2d779db03afeaa2c73ea3f8dcd3987eb9efdb987ffa09a3 \
--hash=sha256:3ce5e81b800a8afc870bb8e0a275d81957e16f8c4b62415a7b386f29a0cb9763 \
--hash=sha256:411e7f140200c02c4b953b3dbd08351c9f9818d2bd591b56d0fa0716bd014f1e \
--hash=sha256:4cde2e1096cbb3e62002efdb7050113aa5f01718035ba9f29f9d89c3758e7e4e \
--hash=sha256:5768c268df78bacbde166b48be788b83dddaa2a5974b8810af422ddfe68a9bc8 \
--hash=sha256:599ccd23a7146e126be1c7632d1d47847fa9f333104d03325c4e15440fc7d927 \
--hash=sha256:5ed61e3463021763b853628aef8bc5d469fe12d95f82c74ef605049d810f3267 \
--hash=sha256:63a368231c53c93e2b67d0c5556a9836fdcd383f7e3026a39602aad775b14acf \
--hash=sha256:63e73da7fb030ae0a46a9ffbeef7e892f5def4baf8064786d040d45c1d6d1dc5 \
--hash=sha256:6eb6d77c31e1bf4268b4d61b549c341cbff9842f8e115ba6904249c20cb78a61 \
--hash=sha256:6f8a934f9dfdf762c844e5164046a9cea25fabbc9ec865c023fe7f300f11ca4a \
--hash=sha256:6fe7d61dc71119e21ddb0094ee994418c12f68c61b3d263ebaae50ea8399c4d4 \
--hash=sha256:759b51346aa388c2e606ee206c0bc6f15a5299f6174d1e10cadbe4530d3c7a98 \
--hash=sha256:76fdfc0f6f5341987474ff48e7a66c3cd2b8a71ddda01fa82fedb180b961630a \
--hash=sha256:77d37c1b4e64c926fa3de23e8244b964aab92963d0f74d98cbc0783a9e04f501 \
--hash=sha256:79543f945be7a5ada9943d555cf9b1531cfea49241809dd1183701f94a748624 \
--hash=sha256:79fde625a0a55220d3624e64101ed68a059c1c1f126c74f08a42097a72ff66a9 \
--hash=sha256:7d3f175410a6db0ad96b10bfbb0a5530ecd4fcf1e2b5d83d968dd64791f810ed \
--hash=sha256:8dd77fd6648b677d7742d2c3cc105a66e2681cc5e5fb247b88c7a7b78351cf74 \
--hash=sha256:a3f0dd6d15b6dc8b28a838a5c48ced7455c3e1fb47b89da9c79cc2090b072a50 \
--hash=sha256:bcb04441f370cbe6e37c2b8d79e4af9e4789f626c595899d94abebe8b38f9a4d \
--hash=sha256:c3d99ba99007dab8233f635c32b5cd24fb1df8d64e17bc7df136cedbea427897 \
--hash=sha256:ca8a5ff2aa7f3ade6c498aaafce25b1eaeabe4e42b73e25519183e4566a16fc6 \
--hash=sha256:cb0d3e94c2a84215532d9bcf10229476ffd3b08f481c53754113b794afb62d14 \
--hash=sha256:d1b09ba72e4e6d341bb5bdd3564f1cea6095d4c3632e45dc69375a1dbe4e26ec \
--hash=sha256:d32b5ffef6c5bcb452723a496bad2d4c52b346240c59b3e6dba279f6dcc06c14 \
--hash=sha256:d3793dcf5bc4d74ae1e9db15121250c2da476e1af8e45a1d9a52b1513a393459 \
--hash=sha256:dd81466bdbc82b060c3c110b2937ab65ace41dfa7b18681fdfad2f37f27acdd7 \
--hash=sha256:e4e571af672e1bb710b3cc1a9794b55bce1eae5aed41a608c0401885e3491179 \
--hash=sha256:ea8186be85da6587456c9ddc7bf480ebad1a0e6dcbad3967c4821233a4d4df57 \
--hash=sha256:eefebcc5c555803065128401a1e224a64607259b5eb907021bf9b175f315d2a6
sqlalchemy==2.0.21 \
--hash=sha256:014794b60d2021cc8ae0f91d4d0331fe92691ae5467a00841f7130fe877b678e \
--hash=sha256:0268256a34806e5d1c8f7ee93277d7ea8cc8ae391f487213139018b6805aeaf6 \
--hash=sha256:05b971ab1ac2994a14c56b35eaaa91f86ba080e9ad481b20d99d77f381bb6258 \
--hash=sha256:141675dae56522126986fa4ca713739d00ed3a6f08f3c2eb92c39c6dfec463ce \
--hash=sha256:1e7dc99b23e33c71d720c4ae37ebb095bebebbd31a24b7d99dfc4753d2803ede \
--hash=sha256:2e617727fe4091cedb3e4409b39368f424934c7faa78171749f704b49b4bb4ce \
--hash=sha256:3cf229704074bce31f7f47d12883afee3b0a02bb233a0ba45ddbfe542939cca4 \
--hash=sha256:3eb7c03fe1cd3255811cd4e74db1ab8dca22074d50cd8937edf4ef62d758cdf4 \
--hash=sha256:3f7d57a7e140efe69ce2d7b057c3f9a595f98d0bbdfc23fd055efdfbaa46e3a5 \
--hash=sha256:419b1276b55925b5ac9b4c7044e999f1787c69761a3c9756dec6e5c225ceca01 \
--hash=sha256:44ac5c89b6896f4740e7091f4a0ff2e62881da80c239dd9408f84f75a293dae9 \
--hash=sha256:4615623a490e46be85fbaa6335f35cf80e61df0783240afe7d4f544778c315a9 \
--hash=sha256:50a69067af86ec7f11a8e50ba85544657b1477aabf64fa447fd3736b5a0a4f67 \
--hash=sha256:513fd5b6513d37e985eb5b7ed89da5fd9e72354e3523980ef00d439bc549c9e9 \
--hash=sha256:6ff3dc2f60dbf82c9e599c2915db1526d65415be323464f84de8db3e361ba5b9 \
--hash=sha256:73c079e21d10ff2be54a4699f55865d4b275fd6c8bd5d90c5b1ef78ae0197301 \
--hash=sha256:7614f1eab4336df7dd6bee05bc974f2b02c38d3d0c78060c5faa4cd1ca2af3b8 \
--hash=sha256:785e2f2c1cb50d0a44e2cdeea5fd36b5bf2d79c481c10f3a88a8be4cfa2c4615 \
--hash=sha256:7ca38746eac23dd7c20bec9278d2058c7ad662b2f1576e4c3dbfcd7c00cc48fa \
--hash=sha256:7f0c4ee579acfe6c994637527c386d1c22eb60bc1c1d36d940d8477e482095d4 \
--hash=sha256:87bf91ebf15258c4701d71dcdd9c4ba39521fb6a37379ea68088ce8cd869b446 \
--hash=sha256:89e274604abb1a7fd5c14867a412c9d49c08ccf6ce3e1e04fffc068b5b6499d4 \
--hash=sha256:8c323813963b2503e54d0944813cd479c10c636e3ee223bcbd7bd478bf53c178 \
--hash=sha256:a95aa0672e3065d43c8aa80080cdd5cc40fe92dc873749e6c1cf23914c4b83af \
--hash=sha256:af520a730d523eab77d754f5cf44cc7dd7ad2d54907adeb3233177eeb22f271b \
--hash=sha256:b19ae41ef26c01a987e49e37c77b9ad060c59f94d3b3efdfdbf4f3daaca7b5fe \
--hash=sha256:b4eae01faee9f2b17f08885e3f047153ae0416648f8e8c8bd9bc677c5ce64be9 \
--hash=sha256:b69f1f754d92eb1cc6b50938359dead36b96a1dcf11a8670bff65fd9b21a4b09 \
--hash=sha256:b977bfce15afa53d9cf6a632482d7968477625f030d86a109f7bdfe8ce3c064a \
--hash=sha256:bf8eebccc66829010f06fbd2b80095d7872991bfe8415098b9fe47deaaa58063 \
--hash=sha256:c111cd40910ffcb615b33605fc8f8e22146aeb7933d06569ac90f219818345ef \
--hash=sha256:c2d494b6a2a2d05fb99f01b84cc9af9f5f93bf3e1e5dbdafe4bed0c2823584c1 \
--hash=sha256:c9cba4e7369de663611ce7460a34be48e999e0bbb1feb9130070f0685e9a6b66 \
--hash=sha256:cca720d05389ab1a5877ff05af96551e58ba65e8dc65582d849ac83ddde3e231 \
--hash=sha256:ccb99c3138c9bde118b51a289d90096a3791658da9aea1754667302ed6564f6e \
--hash=sha256:d59cb9e20d79686aa473e0302e4a82882d7118744d30bb1dfb62d3c47141b3ec \
--hash=sha256:e36339a68126ffb708dc6d1948161cea2a9e85d7d7b0c54f6999853d70d44430 \
--hash=sha256:ea7da25ee458d8f404b93eb073116156fd7d8c2a776d8311534851f28277b4ce \
--hash=sha256:f9fefd6298433b6e9188252f3bff53b9ff0443c8fde27298b8a2b19f6617eeb9 \
--hash=sha256:fb87f763b5d04a82ae84ccff25554ffd903baafba6698e18ebaf32561f2fe4aa \
--hash=sha256:fc6b15465fabccc94bf7e38777d665b6a4f95efd1725049d6184b3a39fd54880
# via -r requirements.in
typing-extensions==4.7.1 \
--hash=sha256:440d5dd3af93b060174bf433bccd69b0babc3b15b1a8dca43789fd7f61514b36 \
--hash=sha256:b75ddc264f0ba5615db7ba217daeb99701ad295353c45f9e95963337ceeeffb2
typing-extensions==4.8.0 \
--hash=sha256:8f92fc8806f9a6b641eaa5318da32b44d401efaac0f6678c9bc448ba3605faa0 \
--hash=sha256:df8e4339e9cb77357558cbdbceca33c303714cf861d1eef15e1070055ae8b7ef
# via sqlalchemy

3
src/common/gen/requirements.in
View file

@ -1,7 +1,6 @@
docker==6.1.3
jinja2==3.1.2
kubernetes==27.2.0
kubernetes==28.1.0
python-dotenv==1.0.0
redis==5.0.0
requests==2.31.0
urllib3==2.0.4

21
src/common/gen/requirements.txt
View file

@ -99,9 +99,9 @@ docker==6.1.3 \
--hash=sha256:aa6d17830045ba5ef0168d5eaa34d37beeb113948c413affe1d5991fc11f9a20 \
--hash=sha256:aecd2277b8bf8e506e484f6ab7aec39abe0038e29fa4a6d3ba86c3fe01844ed9
# via -r requirements.in
google-auth==2.17.3 \
--hash=sha256:ce311e2bc58b130fddf316df57c9b3943c2a7b4f6ec31de9663a9333e4064efc \
--hash=sha256:f586b274d3eb7bd932ea424b1c702a30e0393a2e2bc4ca3eae8263ffd8be229f
google-auth==2.23.0 \
--hash=sha256:2cec41407bd1e207f5b802638e32bb837df968bb5c05f413d0fa526fac4cf7a7 \
--hash=sha256:753a26312e6f1eaeec20bc6f2644a10926697da93446e1f8e24d6d32d45a922a
# via kubernetes
idna==3.4 \
--hash=sha256:814f528e8dead7d329833b91c5faa87d60bf71824cd12a7530b5526063d02cb4 \
@ -111,9 +111,9 @@ jinja2==3.1.2 \
--hash=sha256:31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852 \
--hash=sha256:6088930bfe239f0e6710546ab9c19c9ef35e29792895fed6e6e31a023a182a61
# via -r requirements.in
kubernetes==27.2.0 \
--hash=sha256:0f9376329c85cf07615ed6886bf9bf21eb1cbfc05e14ec7b0f74ed8153cd2815 \
--hash=sha256:d479931c6f37561dbfdf28fc5f46384b1cb8b28f9db344ed4a232ce91990825a
kubernetes==28.1.0 \
--hash=sha256:10f56f8160dcb73647f15fafda268e7f60cf7dbc9f8e46d52fcd46d3beb0c18d \
--hash=sha256:1468069a573430fb1cb5ad22876868f57977930f80a6749405da31cd6086a7e9
# via -r requirements.in
markupsafe==2.1.3 \
--hash=sha256:05fb21170423db021895e1ea1e1f3ab3adb85d1c2333cbc2310f2a26bc77272e \
@ -281,15 +281,14 @@ six==1.16.0 \
--hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \
--hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254
# via
# google-auth
# kubernetes
# python-dateutil
urllib3==2.0.4 \
--hash=sha256:8d22f86aae8ef5e410d4f539fde9ce6b2113a001bb4d189e0aed70642d602b11 \
--hash=sha256:de7df1803967d2c2a98e4b11bb7d6bd9210474c46e8a0401514e3a42a75ebde4
urllib3==1.26.16 \
--hash=sha256:8d36afa7616d8ab714608411b4a3b13e58f463aee519024578e062e141dce20f \
--hash=sha256:8f135f6502756bde6b2a9b28989df5fbe87c9970cecaa69041edcce7f0589b14
# via
# -r requirements.in
# docker
# google-auth
# kubernetes
# requests
websocket-client==1.6.3 \

1
src/linux/Dockerfile-centos
View file

@ -66,6 +66,7 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
mkdir -p /var/www/html && \
mkdir -p /var/lib/bunkerweb && \
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
mkdir -p /etc/bunkerweb/plugins && \
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
#It's a find command that will find all files in the bunkerweb directory, excluding the ui/deps directory, and then chmod them to 0740.
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type f -exec chmod 0740 {} \; && \

1
src/linux/Dockerfile-debian
View file

@ -71,6 +71,7 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
mkdir -p /var/lib/bunkerweb && \
mkdir /var/www/html && \
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
mkdir -p /etc/bunkerweb/plugins && \
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
#It's a find command that will find all files in the bunkerweb directory, excluding the ui/deps directory, and then chmod them to 0740.
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type f -exec chmod 0740 {} \; && \

1
src/linux/Dockerfile-fedora
View file

@ -67,6 +67,7 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
mkdir -p /var/www/html && \
mkdir -p /var/lib/bunkerweb && \
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
mkdir -p /etc/bunkerweb/plugins && \
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type f -exec chmod 0740 {} \; && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type d -exec chmod 0750 {} \; && \

1
src/linux/Dockerfile-rhel
View file

@ -81,6 +81,7 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
mkdir -p /var/www/html && \
mkdir -p /var/lib/bunkerweb && \
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
mkdir -p /etc/bunkerweb/plugins && \
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type f -exec chmod 0740 {} \; && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type d -exec chmod 0750 {} \; && \

1
src/linux/Dockerfile-ubuntu
View file

@ -71,6 +71,7 @@ RUN cp /usr/share/bunkerweb/helpers/bwcli /usr/bin/ && \
mkdir -p /var/www/html && \
mkdir -p /var/lib/bunkerweb && \
echo "Linux" > /usr/share/bunkerweb/INTEGRATION && \
mkdir -p /etc/bunkerweb/plugins && \
for dir in $(echo "configs/http configs/stream configs/server-http configs/server-stream configs/default-server-http configs/default-server-stream configs/modsec configs/modsec-crs") ; do mkdir -p "/etc/bunkerweb/${dir}" ; done && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type f -exec chmod 0740 {} \; && \
find /usr/share/bunkerweb -path /usr/share/bunkerweb/ui/deps -prune -o -type d -exec chmod 0750 {} \; && \

2
src/scheduler/requirements.in
View file

@ -1,4 +1,6 @@
certbot==2.6.0
cryptography==41.0.4
maxminddb==2.4.0
python-magic==0.4.27
schedule==1.2.0
urllib3==1.26.16

59
src/scheduler/requirements.txt
View file

@ -167,31 +167,32 @@ configobj==5.0.8 \
--hash=sha256:6f704434a07dc4f4dc7c9a745172c1cad449feb548febd9f7fe362629c627a97 \
--hash=sha256:a7a8c6ab7daade85c3f329931a807c8aee750a2494363934f8ea84d8a54c87ea
# via certbot
cryptography==41.0.3 \
--hash=sha256:0d09fb5356f975974dbcb595ad2d178305e5050656affb7890a1583f5e02a306 \
--hash=sha256:23c2d778cf829f7d0ae180600b17e9fceea3c2ef8b31a99e3c694cbbf3a24b84 \
--hash=sha256:3fb248989b6363906827284cd20cca63bb1a757e0a2864d4c1682a985e3dca47 \
--hash=sha256:41d7aa7cdfded09b3d73a47f429c298e80796c8e825ddfadc84c8a7f12df212d \
--hash=sha256:42cb413e01a5d36da9929baa9d70ca90d90b969269e5a12d39c1e0d475010116 \
--hash=sha256:4c2f0d35703d61002a2bbdcf15548ebb701cfdd83cdc12471d2bae80878a4207 \
--hash=sha256:4fd871184321100fb400d759ad0cddddf284c4b696568204d281c902fc7b0d81 \
--hash=sha256:5259cb659aa43005eb55a0e4ff2c825ca111a0da1814202c64d28a985d33b087 \
--hash=sha256:57a51b89f954f216a81c9d057bf1a24e2f36e764a1ca9a501a6964eb4a6800dd \
--hash=sha256:652627a055cb52a84f8c448185922241dd5217443ca194d5739b44612c5e6507 \
--hash=sha256:67e120e9a577c64fe1f611e53b30b3e69744e5910ff3b6e97e935aeb96005858 \
--hash=sha256:6af1c6387c531cd364b72c28daa29232162010d952ceb7e5ca8e2827526aceae \
--hash=sha256:6d192741113ef5e30d89dcb5b956ef4e1578f304708701b8b73d38e3e1461f34 \
--hash=sha256:7efe8041897fe7a50863e51b77789b657a133c75c3b094e51b5e4b5cec7bf906 \
--hash=sha256:84537453d57f55a50a5b6835622ee405816999a7113267739a1b4581f83535bd \
--hash=sha256:8f09daa483aedea50d249ef98ed500569841d6498aa9c9f4b0531b9964658922 \
--hash=sha256:95dd7f261bb76948b52a5330ba5202b91a26fbac13ad0e9fc8a3ac04752058c7 \
--hash=sha256:a74fbcdb2a0d46fe00504f571a2a540532f4c188e6ccf26f1f178480117b33c4 \
--hash=sha256:a983e441a00a9d57a4d7c91b3116a37ae602907a7618b882c8013b5762e80574 \
--hash=sha256:ab8de0d091acbf778f74286f4989cf3d1528336af1b59f3e5d2ebca8b5fe49e1 \
--hash=sha256:aeb57c421b34af8f9fe830e1955bf493a86a7996cc1338fe41b30047d16e962c \
--hash=sha256:ce785cf81a7bdade534297ef9e490ddff800d956625020ab2ec2780a556c313e \
--hash=sha256:d0d651aa754ef58d75cec6edfbd21259d93810b73f6ec246436a21b7841908de
cryptography==41.0.4 \
--hash=sha256:004b6ccc95943f6a9ad3142cfabcc769d7ee38a3f60fb0dddbfb431f818c3a67 \
--hash=sha256:047c4603aeb4bbd8db2756e38f5b8bd7e94318c047cfe4efeb5d715e08b49311 \
--hash=sha256:0d9409894f495d465fe6fda92cb70e8323e9648af912d5b9141d616df40a87b8 \
--hash=sha256:23a25c09dfd0d9f28da2352503b23e086f8e78096b9fd585d1d14eca01613e13 \
--hash=sha256:2ed09183922d66c4ec5fdaa59b4d14e105c084dd0febd27452de8f6f74704143 \
--hash=sha256:35c00f637cd0b9d5b6c6bd11b6c3359194a8eba9c46d4e875a3660e3b400005f \
--hash=sha256:37480760ae08065437e6573d14be973112c9e6dcaf5f11d00147ee74f37a3829 \
--hash=sha256:3b224890962a2d7b57cf5eeb16ccaafba6083f7b811829f00476309bce2fe0fd \
--hash=sha256:5a0f09cefded00e648a127048119f77bc2b2ec61e736660b5789e638f43cc397 \
--hash=sha256:5b72205a360f3b6176485a333256b9bcd48700fc755fef51c8e7e67c4b63e3ac \
--hash=sha256:7e53db173370dea832190870e975a1e09c86a879b613948f09eb49324218c14d \
--hash=sha256:7febc3094125fc126a7f6fb1f420d0da639f3f32cb15c8ff0dc3997c4549f51a \
--hash=sha256:80907d3faa55dc5434a16579952ac6da800935cd98d14dbd62f6f042c7f5e839 \
--hash=sha256:86defa8d248c3fa029da68ce61fe735432b047e32179883bdb1e79ed9bb8195e \
--hash=sha256:8ac4f9ead4bbd0bc8ab2d318f97d85147167a488be0e08814a37eb2f439d5cf6 \
--hash=sha256:93530900d14c37a46ce3d6c9e6fd35dbe5f5601bf6b3a5c325c7bffc030344d9 \
--hash=sha256:9eeb77214afae972a00dee47382d2591abe77bdae166bda672fb1e24702a3860 \
--hash=sha256:b5f4dfe950ff0479f1f00eda09c18798d4f49b98f4e2006d644b3301682ebdca \
--hash=sha256:c3391bd8e6de35f6f1140e50aaeb3e2b3d6a9012536ca23ab0d9c35ec18c8a91 \
--hash=sha256:c880eba5175f4307129784eca96f4e70b88e57aa3f680aeba3bab0e980b0f37d \
--hash=sha256:cecfefa17042941f94ab54f769c8ce0fe14beff2694e9ac684176a2535bf9714 \
--hash=sha256:e40211b4923ba5a6dc9769eab704bdb3fbb58d56c5b336d30996c24fcf12aadb \
--hash=sha256:efc8ad4e6fc4f1752ebfb58aefece8b4e3c4cae940b0994d43649bdfce8d0d4f
# via
# -r requirements.in
# acme
# certbot
# josepy
@ -256,10 +257,12 @@ six==1.16.0 \
--hash=sha256:1e61c37477a1626458e36f7b1d82aa5c9b094fa4802892072e49de9c60c4c926 \
--hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254
# via configobj
urllib3==2.0.4 \
--hash=sha256:8d22f86aae8ef5e410d4f539fde9ce6b2113a001bb4d189e0aed70642d602b11 \
--hash=sha256:de7df1803967d2c2a98e4b11bb7d6bd9210474c46e8a0401514e3a42a75ebde4
# via requests
urllib3==1.26.16 \
--hash=sha256:8d36afa7616d8ab714608411b4a3b13e58f463aee519024578e062e141dce20f \
--hash=sha256:8f135f6502756bde6b2a9b28989df5fbe87c9970cecaa69041edcce7f0589b14
# via
# -r requirements.in
# requests
# The following packages are considered to be unsafe in a requirements file:
setuptools==68.2.2 \

3
src/ui/requirements.in
View file

@ -5,5 +5,6 @@ Flask_Login==0.6.2
Flask_WTF==1.1.1
gevent==23.9.0
gunicorn==21.2.0
importlib-metadata==6.8.0
python_dateutil==2.8.2
regex==2023.8.8
regex==2023.8.8

10
src/ui/requirements.txt
View file

@ -1,5 +1,5 @@
#
# This file is autogenerated by pip-compile with Python 3.9
# This file is autogenerated by pip-compile with Python 3.11
# by the following command:
#
# pip-compile --allow-unsafe --generate-hashes
@ -158,7 +158,7 @@ gunicorn==21.2.0 \
importlib-metadata==6.8.0 \
--hash=sha256:3ebb78df84a805d7698245025b975d9d67053cd94c79245ba4b3eb694abe68bb \
--hash=sha256:dbace7892d8c0c4ac1ad096662232f831d4e64f4c4545bd53016a3e9d4654743
# via flask
# via -r requirements.in
itsdangerous==2.1.2 \
--hash=sha256:2c2349112351b88699d8d4b6b075022c0808887cb7ad10069318a8b0bc88db44 \
--hash=sha256:5dbbc68b317e5e42f327f9021763545dc3fc3bfe22e6deb96aaf1fc38874156a
@ -350,9 +350,9 @@ wtforms==3.0.1 \
--hash=sha256:6b351bbb12dd58af57ffef05bc78425d08d1914e0fd68ee14143b7ade023c5bc \
--hash=sha256:837f2f0e0ca79481b92884962b914eba4e72b7a2daaf1f939c890ed0124b834b
# via flask-wtf
zipp==3.16.2 \
--hash=sha256:679e51dd4403591b2d6838a48de3d283f3d188412a9782faadf845f298736ba0 \
--hash=sha256:ebc15946aa78bd63458992fc81ec3b6f7b1e92d51c35e6de1c3804e73b799147
zipp==3.17.0 \
--hash=sha256:0e923e726174922dce09c53c59ad483ff7bbb8e572e00c7f7c46b88556409f31 \
--hash=sha256:84e64a1c28cf7e91ed2078bb8cc8c259cb19b76942096c8d7b84947690cabaf0
# via importlib-metadata
zope-event==5.0 \
--hash=sha256:2832e95014f4db26c47a13fdaef84cef2f4df37e66b59d8f1f4a8f319a632c26 \

1
src/ui/src/Config.py
View file

@ -55,6 +55,7 @@ class Config:
servers.append(server_name)
conf["SERVER_NAME"] = " ".join(servers)
conf["DATABASE_URI"] = self.__db.database_uri
env_file = Path(sep, "tmp", f"{uuid4()}.env")
env_file.write_text(
"\n".join(f"{k}={conf[k]}" for k in sorted(conf)),

2
src/ui/src/ConfigFiles.py
View file

@ -45,7 +45,7 @@ class ConfigFiles:
if custom_configs:
self.__logger.info("Refreshing custom configs ...")
# Remove old custom configs files
for file in glob(join(sep, "etc", "bunkerweb", "configs", "*")):
for file in glob(join(sep, "etc", "bunkerweb", "configs", "*", "*")):
file = Path(file)
if file.is_symlink() or file.is_file():
file.unlink()

10
src/ui/src/Instances.py
View file

@ -94,9 +94,17 @@ class Instance:
def restart(self) -> bool:
if self._type == "local":
proc = run(
["sudo", join(sep, "usr", "sbin", "nginx"), "-s", "stop"],
stdin=DEVNULL,
stderr=STDOUT,
check=False,
)
if proc.returncode != 0:
return False
return (
run(
["sudo", join(sep, "usr", "sbin", "nginx"), "-s", "restart"],
["sudo", join(sep, "usr", "sbin", "nginx")],
stdin=DEVNULL,
stderr=STDOUT,
check=False,

184
tests/core/antibot/test.sh
View file

@ -1,17 +1,34 @@
#!/bin/bash
echo "🤖 Building antibot stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker app1
if [ $? -ne 0 ] ; then
echo "🤖 Pull failed ❌"
if [ -z "$integration" ] ; then
echo "🤖 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🤖 Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🤖 Build failed ❌"
exit 1
echo "🤖 Building antibot stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker app1
if [ $? -ne 0 ] ; then
echo "🤖 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🤖 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "USE_ANTIBOT=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "ANTIBOT_URI=/challenge" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
fi
manual=0
@ -19,8 +36,15 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@ANTIBOT_URI: "/custom"@ANTIBOT_URI: "/challenge"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_ANTIBOT: ".*"$@USE_ANTIBOT: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_ANTIBOT: ".*"$@USE_ANTIBOT: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@ANTIBOT_URI: ".*"$@ANTIBOT_URI: "/challenge"@' {} \;
else
sudo sed -i 's@USE_ANTIBOT=.*$@USE_ANTIBOT=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@ANTIBOT_URI=.*$@ANTIBOT_URI=/challenge@' /etc/bunkerweb/variables.env
unset USE_ANTIBOT
unset ANTIBOT_URI
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -28,10 +52,15 @@ cleanup_stack () {
echo "🤖 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🤖 Down failed ❌"
echo "🤖 Cleanup failed ❌"
exit 1
fi
@ -47,22 +76,40 @@ do
echo "🤖 Running tests without antibot ..."
elif [ "$test" = "endpoint" ] ; then
echo "🤖 Running tests where antibot is on a different endpoint ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@ANTIBOT_URI: "/challenge"@ANTIBOT_URI: "/custom"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@ANTIBOT_URI: ".*"$@ANTIBOT_URI: "/custom"@' {} \;
else
sudo sed -i 's@ANTIBOT_URI=.*$@ANTIBOT_URI=/custom@' /etc/bunkerweb/variables.env
export ANTIBOT_URI="/custom"
fi
elif [ "$test" != "deactivated" ] ; then
echo "🤖 Running tests with antibot \"$test\" ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_ANTIBOT: ".*"$@USE_ANTIBOT: "'"${test}"'"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_ANTIBOT: ".*"$@USE_ANTIBOT: "'"${test}"'"@' {} \;
else
sudo sed -i 's@USE_ANTIBOT=.*$@USE_ANTIBOT='"${test}"'@' /etc/bunkerweb/variables.env
export USE_ANTIBOT="${test}"
fi
fi
echo "🤖 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🤖 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🤖 Up failed ❌"
echo "🤖 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🤖 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🤖 Start failed ❌"
exit 1
fi
fi
@ -70,37 +117,92 @@ do
# Check if stack is healthy
echo "🤖 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("antibot-bw-1" "antibot-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("antibot-bw-1" "antibot-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🤖 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🤖 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🤖 Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "🤖 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🤖 Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "🤖 ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "🤖 Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🤖 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🤖 Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛡️ Showing Geckodriver logs ..."
sudo cat geckodriver.log
fi
exit 1
else
echo "🤖 Test \"$test\" succeeded ✅"

212
tests/core/authbasic/test.sh
View file

@ -1,17 +1,36 @@
#!/bin/bash
echo "🔐 Building authbasic stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker app1
if [ $? -ne 0 ] ; then
echo "🔐 Pull failed ❌"
if [ -z "$integration" ] ; then
echo "🔐 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🔐 Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🔐 Build failed ❌"
exit 1
echo "🔐 Building authbasic stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker app1
if [ $? -ne 0 ] ; then
echo "🔐 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🔐 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "USE_AUTH_BASIC=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "AUTH_BASIC_LOCATION=sitewide" | sudo tee -a /etc/bunkerweb/variables.env
echo "AUTH_BASIC_USER=bunkerity" | sudo tee -a /etc/bunkerweb/variables.env
echo "AUTH_BASIC_PASSWORD=Secr3tP@ssw0rd" | sudo tee -a /etc/bunkerweb/variables.env
sudo wget -O /var/www/html/index.html https://github.com/nginxinc/NGINX-Demos/raw/master/nginx-hello-nonroot/html-version/index.html
fi
manual=0
@ -19,10 +38,21 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_AUTH_BASIC: "yes"@USE_AUTH_BASIC: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@AUTH_BASIC_LOCATION: "/auth"@AUTH_BASIC_LOCATION: "sitewide"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@AUTH_BASIC_USER: "admin"@AUTH_BASIC_USER: "bunkerity"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@AUTH_BASIC_PASSWORD: "password"@AUTH_BASIC_PASSWORD: "Secr3tP\@ssw0rd"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_AUTH_BASIC: "yes"@USE_AUTH_BASIC: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@AUTH_BASIC_LOCATION: "/auth"@AUTH_BASIC_LOCATION: "sitewide"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@AUTH_BASIC_USER: "admin"@AUTH_BASIC_USER: "bunkerity"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@AUTH_BASIC_PASSWORD: "password"@AUTH_BASIC_PASSWORD: "Secr3tP\@ssw0rd"@' {} \;
else
sudo sed -i 's@USE_AUTH_BASIC=.*$@USE_AUTH_BASIC=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@AUTH_BASIC_LOCATION=.*$@AUTH_BASIC_LOCATION=sitewide@' /etc/bunkerweb/variables.env
sudo sed -i 's@AUTH_BASIC_USER=.*$@AUTH_BASIC_USER=bunkerity@' /etc/bunkerweb/variables.env
sudo sed -i 's@AUTH_BASIC_PASSWORD=.*$@AUTH_BASIC_PASSWORD=Secr3tP\@ssw0rd@' /etc/bunkerweb/variables.env
unset USE_AUTH_BASIC
unset AUTH_BASIC_LOCATION
unset AUTH_BASIC_USER
unset AUTH_BASIC_PASSWORD
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -30,10 +60,15 @@ cleanup_stack () {
echo "🔐 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🔐 Down failed ❌"
echo "🔐 Cleanup failed ❌"
exit 1
fi
@ -49,29 +84,59 @@ do
echo "🔐 Running tests without authbasic ..."
elif [ "$test" = "sitewide" ] ; then
echo "🔐 Running tests with sitewide authbasic ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_AUTH_BASIC: "no"@USE_AUTH_BASIC: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_AUTH_BASIC: "no"@USE_AUTH_BASIC: "yes"@' {} \;
else
sudo sed -i 's@USE_AUTH_BASIC=.*$@USE_AUTH_BASIC=yes@' /etc/bunkerweb/variables.env
export USE_AUTH_BASIC="yes"
fi
elif [ "$test" = "location" ] ; then
echo "🔐 Running tests with the location changed ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@AUTH_BASIC_LOCATION: "sitewide"@AUTH_BASIC_LOCATION: "/auth"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@AUTH_BASIC_LOCATION: "sitewide"@AUTH_BASIC_LOCATION: "/auth"@' {} \;
else
sudo sed -i 's@AUTH_BASIC_LOCATION=.*$@AUTH_BASIC_LOCATION=/auth@' /etc/bunkerweb/variables.env
export AUTH_BASIC_LOCATION="/auth"
fi
elif [ "$test" = "user" ] ; then
echo "🔐 Running tests with the user changed ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@AUTH_BASIC_LOCATION: "/auth"@AUTH_BASIC_LOCATION: "sitewide"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@AUTH_BASIC_USER: "bunkerity"@AUTH_BASIC_USER: "admin"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@AUTH_BASIC_LOCATION: "/auth"@AUTH_BASIC_LOCATION: "sitewide"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@AUTH_BASIC_USER: "bunkerity"@AUTH_BASIC_USER: "admin"@' {} \;
else
sudo sed -i 's@AUTH_BASIC_LOCATION=.*$@AUTH_BASIC_LOCATION=sitewide@' /etc/bunkerweb/variables.env
sudo sed -i 's@AUTH_BASIC_USER=.*$@AUTH_BASIC_USER=admin@' /etc/bunkerweb/variables.env
export AUTH_BASIC_LOCATION="sitewide"
export AUTH_BASIC_USER="admin"
fi
elif [ "$test" = "password" ] ; then
echo "🔐 Running tests with the password changed ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@AUTH_BASIC_PASSWORD: "Secr3tP\@ssw0rd"@AUTH_BASIC_PASSWORD: "password"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@AUTH_BASIC_PASSWORD: "Secr3tP\@ssw0rd"@AUTH_BASIC_PASSWORD: "password"@' {} \;
else
sudo sed -i 's@AUTH_BASIC_PASSWORD=.*$@AUTH_BASIC_PASSWORD=password@' /etc/bunkerweb/variables.env
export AUTH_BASIC_PASSWORD="password"
fi
fi
echo "🔐 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🔐 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🔐 Up failed ❌"
echo "🔐 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🔐 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🔐 Start failed ❌"
exit 1
fi
fi
@ -79,37 +144,92 @@ do
# Check if stack is healthy
echo "🔐 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("authbasic-bw-1" "authbasic-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("authbasic-bw-1" "authbasic-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🔐 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🔐 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🔐 Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "🔐 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🔐 Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "🔐 ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "🔐 Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🔐 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🔐 Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛡️ Showing Geckodriver logs ..."
sudo cat geckodriver.log
fi
exit 1
else
echo "🔐 Test \"$test\" succeeded ✅"

51
tests/core/badbehavior/main.py
View file

@ -1,5 +1,6 @@
from contextlib import suppress
from datetime import datetime
from re import search
from docker import DockerClient
from os import getenv
from requests import get
@ -32,7 +33,7 @@ try:
)
sleep(5)
use_bad_behavior = getenv("USE_BAD_BEHAVIOR", "yes")
use_bad_behavior = getenv("USE_BAD_BEHAVIOR", "yes") == "yes"
bad_behavior_status_codes = getenv(
"BAD_BEHAVIOR_STATUS_CODES", "400 401 403 404 405 429 444"
)
@ -60,7 +61,7 @@ try:
).status_code
if status_code == 403:
if use_bad_behavior == "no":
if not use_bad_behavior:
print("❌ Bad Behavior is enabled, it shouldn't be ...", flush=True)
exit(1)
elif bad_behavior_status_codes != "400 401 403 404 405 429 444":
@ -97,30 +98,40 @@ try:
flush=True,
)
docker_host = getenv("DOCKER_HOST", "unix:///var/run/docker.sock")
docker_client = DockerClient(base_url=docker_host)
bw_instances = docker_client.containers.list(
filters={"label": "bunkerweb.INSTANCE"}
)
if not bw_instances:
print("❌ BunkerWeb instance not found ...", flush=True)
exit(1)
bw_instance = bw_instances[0]
found = False
for log in bw_instance.logs(since=current_time).split(b"\n"):
if b"decreased counter for IP 192.168.0.3 (0/10)" in log:
found = True
break
if getenv("TEST_TYPE", "docker") == "docker":
docker_host = getenv("DOCKER_HOST", "unix:///var/run/docker.sock")
docker_client = DockerClient(base_url=docker_host)
bw_instances = docker_client.containers.list(
filters={"label": "bunkerweb.INSTANCE"}
)
if not bw_instances:
print("❌ BunkerWeb instance not found ...", flush=True)
exit(1)
bw_instance = bw_instances[0]
for log in bw_instance.logs(since=current_time).split(b"\n"):
if b"decreased counter for IP 192.168.0.3 (0/10)" in log:
found = True
break
else:
with open("/var/log/bunkerweb/error.log", "r") as f:
for line in f.readlines():
if search(
r"decreased counter for IP \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} \(0/10\)",
line,
):
found = True
break
if not found:
print("❌ Bad Behavior's count time didn't changed ...", flush=True)
exit(1)
elif (
use_bad_behavior == "yes"
use_bad_behavior
and bad_behavior_status_codes == "400 401 403 404 405 429 444"
and bad_behavior_threshold == "10"
):

236
tests/core/badbehavior/test.sh
View file

@ -1,17 +1,39 @@
#!/bin/bash
echo "📟 Building badbehavior stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "📟 Pull failed ❌"
if [ -z "$integration" ] ; then
echo "📟 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "📟 Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "📟 Build failed ❌"
exit 1
echo "📟 Building badbehavior stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "📟 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "📟 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
sudo pip install -r requirements.txt
echo "USE_BAD_BEHAVIOR=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "BAD_BEHAVIOR_STATUS_CODES=400 401 403 404 405 429 444" | sudo tee -a /etc/bunkerweb/variables.env
echo "BAD_BEHAVIOR_BAN_TIME=86400" | sudo tee -a /etc/bunkerweb/variables.env
echo "BAD_BEHAVIOR_THRESHOLD=10" | sudo tee -a /etc/bunkerweb/variables.env
echo "BAD_BEHAVIOR_COUNT_TIME=60" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
export TEST_TYPE="linux"
fi
manual=0
@ -19,11 +41,24 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_BAD_BEHAVIOR: "no"@USE_BAD_BEHAVIOR: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_STATUS_CODES: "400 401 404 405 429 444"@BAD_BEHAVIOR_STATUS_CODES: "400 401 403 404 405 429 444"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_BAN_TIME: "60"@BAD_BEHAVIOR_BAN_TIME: "86400"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_THRESHOLD: "20"@BAD_BEHAVIOR_THRESHOLD: "10"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_COUNT_TIME: "30"@BAD_BEHAVIOR_COUNT_TIME: "60"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_BAD_BEHAVIOR: "no"@USE_BAD_BEHAVIOR: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_STATUS_CODES: "400 401 404 405 429 444"@BAD_BEHAVIOR_STATUS_CODES: "400 401 403 404 405 429 444"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_BAN_TIME: "60"@BAD_BEHAVIOR_BAN_TIME: "86400"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_THRESHOLD: "20"@BAD_BEHAVIOR_THRESHOLD: "10"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_COUNT_TIME: "30"@BAD_BEHAVIOR_COUNT_TIME: "60"@' {} \;
else
sudo sed -i 's@USE_BAD_BEHAVIOR=.*$@USE_BAD_BEHAVIOR=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@BAD_BEHAVIOR_STATUS_CODES=.*$@BAD_BEHAVIOR_STATUS_CODES=400 401 403 404 405 429 444@' /etc/bunkerweb/variables.env
sudo sed -i 's@BAD_BEHAVIOR_BAN_TIME=.*$@BAD_BEHAVIOR_BAN_TIME=86400@' /etc/bunkerweb/variables.env
sudo sed -i 's@BAD_BEHAVIOR_THRESHOLD=.*$@BAD_BEHAVIOR_THRESHOLD=10@' /etc/bunkerweb/variables.env
sudo sed -i 's@BAD_BEHAVIOR_COUNT_TIME=.*$@BAD_BEHAVIOR_COUNT_TIME=60@' /etc/bunkerweb/variables.env
unset USE_BAD_BEHAVIOR
unset BAD_BEHAVIOR_STATUS_CODES
unset BAD_BEHAVIOR_BAN_TIME
unset BAD_BEHAVIOR_THRESHOLD
unset BAD_BEHAVIOR_COUNT_TIME
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -31,10 +66,15 @@ cleanup_stack () {
echo "📟 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "📟 Down failed ❌"
echo "📟 Cleanup failed ❌"
exit 1
fi
@ -50,35 +90,76 @@ do
echo "📟 Running tests with badbehavior activated ..."
elif [ "$test" = "deactivated" ] ; then
echo "📟 Running tests without badbehavior ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_BAD_BEHAVIOR: "yes"@USE_BAD_BEHAVIOR: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_BAD_BEHAVIOR: "yes"@USE_BAD_BEHAVIOR: "no"@' {} \;
else
sudo sed -i 's@USE_BAD_BEHAVIOR=.*$@USE_BAD_BEHAVIOR=no@' /etc/bunkerweb/variables.env
export USE_BAD_BEHAVIOR="no"
fi
elif [ "$test" = "status_codes" ] ; then
echo "📟 Running tests with badbehavior's 403 status code removed from the list ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_BAD_BEHAVIOR: "no"@USE_BAD_BEHAVIOR: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_STATUS_CODES: "400 401 403 404 405 429 444"@BAD_BEHAVIOR_STATUS_CODES: "400 401 404 405 429 444"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_BAD_BEHAVIOR: "no"@USE_BAD_BEHAVIOR: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_STATUS_CODES: "400 401 403 404 405 429 444"@BAD_BEHAVIOR_STATUS_CODES: "400 401 404 405 429 444"@' {} \;
else
sudo sed -i 's@USE_BAD_BEHAVIOR=.*$@USE_BAD_BEHAVIOR=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@BAD_BEHAVIOR_STATUS_CODES=.*$@BAD_BEHAVIOR_STATUS_CODES=400 401 404 405 429 444@' /etc/bunkerweb/variables.env
export USE_BAD_BEHAVIOR="yes"
export BAD_BEHAVIOR_STATUS_CODES="400 401 404 405 429 444"
fi
elif [ "$test" = "ban_time" ] ; then
echo "📟 Running tests with badbehavior's ban time changed to 60 seconds ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_STATUS_CODES: "400 401 404 405 429 444"@BAD_BEHAVIOR_STATUS_CODES: "400 401 403 404 405 429 444"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_BAN_TIME: "86400"@BAD_BEHAVIOR_BAN_TIME: "60"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_STATUS_CODES: "400 401 404 405 429 444"@BAD_BEHAVIOR_STATUS_CODES: "400 401 403 404 405 429 444"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_BAN_TIME: "86400"@BAD_BEHAVIOR_BAN_TIME: "60"@' {} \;
else
sudo sed -i 's@BAD_BEHAVIOR_STATUS_CODES=.*$@BAD_BEHAVIOR_STATUS_CODES=400 401 403 404 405 429 444@' /etc/bunkerweb/variables.env
sudo sed -i 's@BAD_BEHAVIOR_BAN_TIME=.*$@BAD_BEHAVIOR_BAN_TIME=60@' /etc/bunkerweb/variables.env
export BAD_BEHAVIOR_STATUS_CODES="400 401 403 404 405 429 444"
export BAD_BEHAVIOR_BAN_TIME="60"
fi
elif [ "$test" = "threshold" ] ; then
echo "📟 Running tests with badbehavior's threshold set to 20 ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_BAN_TIME: "60"@BAD_BEHAVIOR_BAN_TIME: "86400"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_THRESHOLD: "10"@BAD_BEHAVIOR_THRESHOLD: "20"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_BAN_TIME: "60"@BAD_BEHAVIOR_BAN_TIME: "86400"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_THRESHOLD: "10"@BAD_BEHAVIOR_THRESHOLD: "20"@' {} \;
else
sudo sed -i 's@BAD_BEHAVIOR_BAN_TIME=.*$@BAD_BEHAVIOR_BAN_TIME=86400@' /etc/bunkerweb/variables.env
sudo sed -i 's@BAD_BEHAVIOR_THRESHOLD=.*$@BAD_BEHAVIOR_THRESHOLD=20@' /etc/bunkerweb/variables.env
export BAD_BEHAVIOR_BAN_TIME="86400"
export BAD_BEHAVIOR_THRESHOLD="20"
fi
elif [ "$test" = "count_time" ] ; then
echo "📟 Running tests with badbehavior's count time set to 30 seconds ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_THRESHOLD: "20"@BAD_BEHAVIOR_THRESHOLD: "10"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_COUNT_TIME: "60"@BAD_BEHAVIOR_COUNT_TIME: "30"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_THRESHOLD: "20"@BAD_BEHAVIOR_THRESHOLD: "10"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BAD_BEHAVIOR_COUNT_TIME: "60"@BAD_BEHAVIOR_COUNT_TIME: "30"@' {} \;
else
sudo sed -i 's@BAD_BEHAVIOR_THRESHOLD=.*$@BAD_BEHAVIOR_THRESHOLD=10@' /etc/bunkerweb/variables.env
sudo sed -i 's@BAD_BEHAVIOR_COUNT_TIME=.*$@BAD_BEHAVIOR_COUNT_TIME=30@' /etc/bunkerweb/variables.env
export BAD_BEHAVIOR_THRESHOLD="10"
export BAD_BEHAVIOR_COUNT_TIME="30"
fi
fi
echo "📟 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "📟 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "📟 Up failed ❌"
echo "📟 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "📟 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "📟 Start failed ❌"
exit 1
fi
fi
@ -86,37 +167,90 @@ do
# Check if stack is healthy
echo "📟 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("badbehavior-bw-1" "badbehavior-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("badbehavior-bw-1" "badbehavior-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "📟 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "📟 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "📟 Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "📟 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "📟 Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "📟 ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "📟 Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "📟 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
sudo -E python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "📟 Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "📟 Test \"$test\" succeeded ✅"

11
tests/core/blacklist/api/main.py
View file

@ -1,3 +1,4 @@
from os import getenv
from fastapi import FastAPI
from fastapi.responses import PlainTextResponse
@ -7,7 +8,7 @@ app = FastAPI()
@app.get("/ip")
async def ip():
return PlainTextResponse("192.168.0.3\n10.0.0.0/8\n127.0.0.1/32")
return PlainTextResponse("192.168.0.3\n10.0.0.0/8\n127.0.0.0/24")
@app.get("/rdns")
@ -17,7 +18,7 @@ async def rdns():
@app.get("/asn")
async def asn():
return PlainTextResponse("1234\n13335\n5678")
return PlainTextResponse(f"1234\n{getenv('AS_NUMBER', '13335')}\n5678")
@app.get("/user_agent")
@ -28,3 +29,9 @@ async def user_agent():
@app.get("/uri")
async def uri():
return PlainTextResponse("/admin\n/login")
if __name__ == "__main__":
import uvicorn
uvicorn.run(app, host="127.0.0.1", port=8080)

3
tests/core/blacklist/docker-compose.yml
View file

@ -70,6 +70,8 @@ services:
blacklist-api:
build: api
environment:
AS_NUMBER: ""
networks:
bw-docker:
bw-services:
@ -78,6 +80,7 @@ services:
volumes:
bw-data:
networks:
bw-universe:
name: bw-universe

15
tests/core/blacklist/init/main.py
View file

@ -1,8 +1,9 @@
from datetime import date
from gzip import GzipFile
from io import BytesIO
from pathlib import Path
from os import getenv, sep
from maxminddb import MODE_FD, open_database
from pathlib import Path
from requests import get
# Compute the mmdb URL
@ -18,7 +19,13 @@ with get(mmdb_url, stream=True) as resp:
file_content.write(chunk)
file_content.seek(0)
with open_database(GzipFile(fileobj=file_content, mode="rb"), mode=MODE_FD) as reader:
output_path = (
Path(sep, "output", "ip_asn.txt")
if getenv("TEST_TYPE", "docker") == "docker"
else Path(".", "ip_asn.txt")
)
with open_database(GzipFile(fileobj=file_content, mode="rb"), mode=MODE_FD) as reader: # type: ignore
dbip_asn = reader.get("1.0.0.3")
if not dbip_asn:
@ -26,8 +33,8 @@ with open_database(GzipFile(fileobj=file_content, mode="rb"), mode=MODE_FD) as r
exit(1)
print(
f"✅ ASN for IP 1.0.0.3 is {dbip_asn['autonomous_system_number']}, saving it to /output/ip_asn.txt",
f"✅ ASN for IP 1.0.0.3 is {dbip_asn['autonomous_system_number']}, saving it to {output_path}", # type: ignore
flush=True,
)
Path("/output/ip_asn.txt").write_text(str(dbip_asn["autonomous_system_number"]))
output_path.write_text(str(dbip_asn["autonomous_system_number"])) # type: ignore

6
tests/core/blacklist/main.py
View file

@ -30,6 +30,7 @@ try:
)
sleep(5)
GLOBAL = getenv("GLOBAL", "no") == "yes"
use_blacklist = getenv("USE_BLACKLIST", "yes") == "yes"
blacklist_ip = getenv("BLACKLIST_IP", "")
@ -61,8 +62,9 @@ try:
)
status_code = get(
f"http://www.example.com/admin",
headers={"Host": "www.example.com", "User-Agent": "BunkerBot"},
"http://www.example.com/admin",
headers={"Host": "www.example.com", "User-Agent": "BunkerBot"}
| ({"X-Forwarded-For": "1.0.0.3"} if GLOBAL else {}),
).status_code
if status_code == 403:

582
tests/core/blacklist/test.sh
View file

@ -1,57 +1,148 @@
#!/bin/bash
echo "🏴 Building blacklist stack ..."
integration=$1
if [ -z "$integration" ] ; then
echo "🏴 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🏴 Integration \"$integration\" is not supported ❌"
exit 1
fi
echo "🏴 Building blacklist stack for integration \"$integration\" ..."
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🏴 Pull failed ❌"
exit 1
fi
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🏴 Pull failed ❌"
exit 1
fi
echo "🏴 Building custom api image ..."
docker compose build blacklist-api
if [ $? -ne 0 ] ; then
echo "🏴 Build failed ❌"
exit 1
fi
echo "🏴 Building custom api image ..."
docker compose build blacklist-api
if [ $? -ne 0 ] ; then
echo "🏴 Build failed ❌"
exit 1
fi
echo "🏴 Building tests images ..."
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🏴 Build failed ❌"
exit 1
echo "🏴 Building tests images ..."
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🏴 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "USE_REAL_IP=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "REAL_IP_FROM=127.0.0.0/24" | sudo tee -a /etc/bunkerweb/variables.env
sudo sed -i 's@USE_BLACKLIST=.*$@USE_BLACKLIST=yes@' /etc/bunkerweb/variables.env
echo "BLACKLIST_IP=" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_IP_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_RDNS_GLOBAL=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_RDNS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_RDNS_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_ASN=" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_ASN_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_USER_AGENT=" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_USER_AGENT_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_URI=" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_URI_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_IGNORE_IP=" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_IGNORE_IP_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_IGNORE_RDNS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_IGNORE_RDNS_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_IGNORE_ASN=" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_IGNORE_ASN_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_IGNORE_USER_AGENT=" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_IGNORE_USER_AGENT_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_IGNORE_URI=" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_IGNORE_URI_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
export TEST_TYPE="linux"
fi
manual=0
end=0
as_number=0
AS_NUMBER=""
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
rm -rf init/output
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_BLACKLIST: "no"@USE_BLACKLIST: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IP: "0.0.0.0/0"@BLACKLIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_IP: "192.168.0.3"@BLACKLIST_IGNORE_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IP_URLS: "http://blacklist-api:8080/ip"@BLACKLIST_IP_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_IP_URLS: "http://blacklist-api:8080/ip"@BLACKLIST_IGNORE_IP_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_RDNS_GLOBAL: "no"@BLACKLIST_RDNS_GLOBAL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_RDNS: ".bw-services"@BLACKLIST_RDNS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_RDNS: ".bw-services"@BLACKLIST_IGNORE_RDNS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_RDNS_URLS: "http://blacklist-api:8080/rdns"@BLACKLIST_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_RDNS_URLS: "http://blacklist-api:8080/rdns"@BLACKLIST_IGNORE_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_ASN: "[0-9]*"@BLACKLIST_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_ASN: "[0-9]*"@BLACKLIST_IGNORE_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_ASN_URLS: "http://blacklist-api:8080/asn"@BLACKLIST_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_ASN_URLS: "http://blacklist-api:8080/asn"@BLACKLIST_IGNORE_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_USER_AGENT: "BunkerBot"@BLACKLIST_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_USER_AGENT: "BunkerBot"@BLACKLIST_IGNORE_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_USER_AGENT_URLS: "http://blacklist-api:8080/user_agent"@BLACKLIST_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_USER_AGENT_URLS: "http://blacklist-api:8080/user_agent"@BLACKLIST_IGNORE_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_URI: "/admin"@BLACKLIST_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_URI: "/admin"@BLACKLIST_IGNORE_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_URI_URLS: "http://blacklist-api:8080/uri"@BLACKLIST_URI_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_URI_URLS: "http://blacklist-api:8080/uri"@BLACKLIST_IGNORE_URI_URLS: ""@' {} \;
if [ "$integration" == "docker" ] ; then
rm -rf init/output
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_BLACKLIST: "no"@USE_BLACKLIST: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IP: "0.0.0.0/0"@BLACKLIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_IP: "192.168.0.3"@BLACKLIST_IGNORE_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IP_URLS: "http://blacklist-api:8080/ip"@BLACKLIST_IP_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_IP_URLS: "http://blacklist-api:8080/ip"@BLACKLIST_IGNORE_IP_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_RDNS_GLOBAL: "no"@BLACKLIST_RDNS_GLOBAL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_RDNS: ".bw-services"@BLACKLIST_RDNS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_RDNS: ".bw-services"@BLACKLIST_IGNORE_RDNS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_RDNS_URLS: "http://blacklist-api:8080/rdns"@BLACKLIST_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_RDNS_URLS: "http://blacklist-api:8080/rdns"@BLACKLIST_IGNORE_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_ASN: "[0-9]*"@BLACKLIST_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_ASN: "[0-9]*"@BLACKLIST_IGNORE_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_ASN_URLS: "http://blacklist-api:8080/asn"@BLACKLIST_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_ASN_URLS: "http://blacklist-api:8080/asn"@BLACKLIST_IGNORE_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_USER_AGENT: "BunkerBot"@BLACKLIST_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_USER_AGENT: "BunkerBot"@BLACKLIST_IGNORE_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_USER_AGENT_URLS: "http://blacklist-api:8080/user_agent"@BLACKLIST_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_USER_AGENT_URLS: "http://blacklist-api:8080/user_agent"@BLACKLIST_IGNORE_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_URI: "/admin"@BLACKLIST_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_URI: "/admin"@BLACKLIST_IGNORE_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_URI_URLS: "http://blacklist-api:8080/uri"@BLACKLIST_URI_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_URI_URLS: "http://blacklist-api:8080/uri"@BLACKLIST_IGNORE_URI_URLS: ""@' {} \;
else
rm -f ip_asn.txt
sudo sed -i 's@USE_BLACKLIST=.*$@USE_BLACKLIST=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_IP=.*$@BLACKLIST_IP=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_IP_URLS=.*$@BLACKLIST_IP_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_RDNS_GLOBAL=.*$@BLACKLIST_RDNS_GLOBAL=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_RDNS=.*$@BLACKLIST_RDNS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_RDNS_URLS=.*$@BLACKLIST_RDNS_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_ASN=.*$@BLACKLIST_ASN=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_ASN_URLS=.*$@BLACKLIST_ASN_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_USER_AGENT=.*$@BLACKLIST_USER_AGENT=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_USER_AGENT_URLS=.*$@BLACKLIST_USER_AGENT_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_URI=.*$@BLACKLIST_URI=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_URI_URLS=.*$@BLACKLIST_URI_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_IGNORE_IP=.*$@BLACKLIST_IGNORE_IP=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_IGNORE_IP_URLS=.*$@BLACKLIST_IGNORE_IP_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_IGNORE_RDNS=.*$@BLACKLIST_IGNORE_RDNS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_IGNORE_RDNS_URLS=.*$@BLACKLIST_IGNORE_RDNS_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_IGNORE_ASN=.*$@BLACKLIST_IGNORE_ASN=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_IGNORE_ASN_URLS=.*$@BLACKLIST_IGNORE_ASN_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_IGNORE_USER_AGENT=.*$@BLACKLIST_IGNORE_USER_AGENT=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_IGNORE_USER_AGENT_URLS=.*$@BLACKLIST_IGNORE_USER_AGENT_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_IGNORE_URI=.*$@BLACKLIST_IGNORE_URI=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_IGNORE_URI_URLS=.*$@BLACKLIST_IGNORE_URI_URLS=@' /etc/bunkerweb/variables.env
unset USE_BLACKLIST
unset BLACKLIST_IP
unset BLACKLIST_IP_URLS
unset BLACKLIST_RDNS_GLOBAL
unset BLACKLIST_RDNS
unset BLACKLIST_RDNS_URLS
unset BLACKLIST_ASN
unset BLACKLIST_ASN_URLS
unset BLACKLIST_USER_AGENT
unset BLACKLIST_USER_AGENT_URLS
unset BLACKLIST_URI
unset BLACKLIST_URI_URLS
unset BLACKLIST_IGNORE_IP
unset BLACKLIST_IGNORE_IP_URLS
unset BLACKLIST_IGNORE_RDNS
unset BLACKLIST_IGNORE_RDNS_URLS
unset BLACKLIST_IGNORE_ASN
unset BLACKLIST_IGNORE_ASN_URLS
unset BLACKLIST_IGNORE_USER_AGENT
unset BLACKLIST_IGNORE_USER_AGENT_URLS
unset BLACKLIST_IGNORE_URI
unset BLACKLIST_IGNORE_URI_URLS
unset AS_NUMBER
sudo killall python3
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -59,10 +150,15 @@ cleanup_stack () {
echo "🏴 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🏴 Down failed ❌"
echo "🏴 Cleanup failed ❌"
exit 1
fi
@ -73,49 +169,114 @@ cleanup_stack () {
trap cleanup_stack EXIT
echo "🏴 Initializing workspace ..."
rm -rf init/output
mkdir -p init/output
docker compose -f docker-compose.init.yml up --build
if [ $? -ne 0 ] ; then
echo "🏴 Build failed ❌"
exit 1
elif ! [[ -f "init/output/ip_asn.txt" ]]; then
echo "🏴 ip_asn.txt not found ❌"
exit 1
if [ "$integration" == "docker" ] ; then
rm -rf init/output
mkdir -p init/output
docker compose -f docker-compose.init.yml up --build
if [ $? -ne 0 ] ; then
echo "🏴 Init failed ❌"
exit 1
elif ! [[ -f "init/output/ip_asn.txt" ]]; then
echo "🏴 ip_asn.txt not found ❌"
exit 1
fi
AS_NUMBER=$(cat init/output/ip_asn.txt)
rm -rf init/output
else
echo "🏴 Starting init ..."
python3 init/main.py
if [ $? -ne 0 ] ; then
echo "🏴 Init failed ❌"
exit 1
elif ! [[ -f "ip_asn.txt" ]]; then
echo "🏴 ip_asn.txt not found ❌"
exit 1
fi
AS_NUMBER=$(cat ip_asn.txt)
fi
as_number=$(cat init/output/ip_asn.txt)
if [[ $as_number = "" ]]; then
if [[ $AS_NUMBER = "" ]]; then
echo "🏴 AS number not found ❌"
exit 1
fi
rm -rf init/output
export AS_NUMBER
for test in "ip" "deactivated" "ignore_ip" "ignore_ip_urls" "ip_urls" "rdns" "rdns_global" "ignore_rdns" "ignore_rdns_urls" "rdns_urls" "asn" "ignore_asn" "ignore_asn_urls" "asn_urls" "user_agent" "ignore_user_agent" "ignore_user_agent_urls" "user_agent_urls" "uri" "ignore_uri" "ignore_uri_urls" "uri_urls"
if [ "$integration" == "docker" ] ; then
sudo sed -i 's@AS_NUMBER: ".*"$@AS_NUMBER: "'"$AS_NUMBER"'"@' docker-compose.yml
else
echo "🏴 Starting api ..."
python3 api/main.py &
fi
tests="ip deactivated ignore_ip ignore_ip_urls ip_urls asn ignore_asn ignore_asn_urls asn_urls user_agent ignore_user_agent ignore_user_agent_urls user_agent_urls uri ignore_uri ignore_uri_urls uri_urls"
if [ "$integration" == "docker" ] ; then
tests="ip deactivated ignore_ip ignore_ip_urls ip_urls rdns rdns_global ignore_rdns ignore_rdns_urls rdns_urls asn ignore_asn ignore_asn_urls asn_urls user_agent ignore_user_agent ignore_user_agent_urls user_agent_urls uri ignore_uri ignore_uri_urls uri_urls"
fi
for test in $tests
do
if [ "$test" = "ip" ] ; then
echo "🏴 Running tests with the network 0.0.0.0/0 in the ban list ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IP: ""@BLACKLIST_IP: "0.0.0.0/0"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IP: ""@BLACKLIST_IP: "0.0.0.0/0"@' {} \;
else
sudo sed -i 's@BLACKLIST_IP=.*$@BLACKLIST_IP=0.0.0.0/0@' /etc/bunkerweb/variables.env
export BLACKLIST_IP="0.0.0.0/0"
fi
elif [ "$test" = "deactivated" ] ; then
echo "🏴 Running tests when deactivating the blacklist ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_BLACKLIST: "yes"@USE_BLACKLIST: "no"@' {} \;
echo " Keeping the network 0.0.0.0/0 in the ban list ..."
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_BLACKLIST: "yes"@USE_BLACKLIST: "no"@' {} \;
else
sudo sed -i 's@USE_BLACKLIST=.*$@USE_BLACKLIST=no@' /etc/bunkerweb/variables.env
export USE_BLACKLIST="no"
fi
elif [ "$test" = "ignore_ip" ] ; then
echo "🏴 Running tests with blacklist's ignore_ip set to 192.168.0.3 ..."
echo " Keeping the network 0.0.0.0/0 in the ban list ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_BLACKLIST: "no"@USE_BLACKLIST: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_IP: ""@BLACKLIST_IGNORE_IP: "192.168.0.3"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏴 Running tests with blacklist's ignore_ip set to 192.168.0.3 ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_BLACKLIST: "no"@USE_BLACKLIST: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_IP: ""@BLACKLIST_IGNORE_IP: "192.168.0.3"@' {} \;
else
echo "🏴 Running tests with blacklist's ignore_ip set to 127.0.0.1 ..."
sudo sed -i 's@USE_BLACKLIST=.*$@USE_BLACKLIST=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_IGNORE_IP=.*$@BLACKLIST_IGNORE_IP=127.0.0.1@' /etc/bunkerweb/variables.env
unset USE_BLACKLIST
export BLACKLIST_IGNORE_IP="127.0.0.1"
fi
elif [ "$test" = "ignore_ip_urls" ] ; then
echo "🏴 Running tests with blacklist's ignore_ip_urls set to http://blacklist-api:8080/ip ..."
echo " Keeping the network 0.0.0.0/0 in the ban list ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_IP: "192.168.0.3"@BLACKLIST_IGNORE_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_IP_URLS: ""@BLACKLIST_IGNORE_IP_URLS: "http://blacklist-api:8080/ip"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏴 Running tests with blacklist's ignore_ip_urls set to http://blacklist-api:8080/ip ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_IP: "192.168.0.3"@BLACKLIST_IGNORE_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_IP_URLS: ""@BLACKLIST_IGNORE_IP_URLS: "http://blacklist-api:8080/ip"@' {} \;
else
echo "🏴 Running tests with blacklist's ignore_ip_urls set to http://127.0.0.1:8080/ip ..."
sudo sed -i 's@BLACKLIST_IGNORE_IP=.*$@BLACKLIST_IGNORE_IP=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_IGNORE_IP_URLS=.*$@BLACKLIST_IGNORE_IP_URLS=http://127.0.0.1:8080/ip@' /etc/bunkerweb/variables.env
unset BLACKLIST_IGNORE_IP
export BLACKLIST_IGNORE_IP_URLS="http://127.0.0.1:8080/ip"
fi
elif [ "$test" = "ip_urls" ] ; then
echo "🏴 Running tests with blacklist's ip url set to http://blacklist-api:8080/ip ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_IP_URLS: "http://blacklist-api:8080/ip"@BLACKLIST_IGNORE_IP_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IP: "0.0.0.0/0"@BLACKLIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IP_URLS: ""@BLACKLIST_IP_URLS: "http://blacklist-api:8080/ip"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏴 Running tests with blacklist's ip url set to http://blacklist-api:8080/ip ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_IP_URLS: "http://blacklist-api:8080/ip"@BLACKLIST_IGNORE_IP_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IP: "0.0.0.0/0"@BLACKLIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IP_URLS: ""@BLACKLIST_IP_URLS: "http://blacklist-api:8080/ip"@' {} \;
else
echo "🏴 Running tests with blacklist's ip url set to http://127.0.0.1:8080/ip ..."
sudo sed -i 's@BLACKLIST_IGNORE_IP_URLS=.*$@BLACKLIST_IGNORE_IP_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_IP=.*$@BLACKLIST_IP=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_IP_URLS=.*$@BLACKLIST_IP_URLS=http://127.0.0.1:8080/ip@' /etc/bunkerweb/variables.env
unset BLACKLIST_IGNORE_IP_URLS
unset BLACKLIST_IP
export BLACKLIST_IP_URLS="http://127.0.0.1:8080/ip"
fi
elif [ "$test" = "rdns" ] ; then
echo "🏴 Running tests with blacklist's rdns set to .bw-services ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IP_URLS: "http://blacklist-api:8080/ip"@BLACKLIST_IP_URLS: ""@' {} \;
@ -141,72 +302,170 @@ do
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_RDNS: ".bw-services"@BLACKLIST_RDNS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_RDNS_URLS: ""@BLACKLIST_RDNS_URLS: "http://blacklist-api:8080/rdns"@' {} \;
elif [ "$test" = "asn" ] ; then
echo "🏴 Running tests with blacklist's asn set to $as_number ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_RDNS_GLOBAL: "no"@BLACKLIST_RDNS_GLOBAL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_RDNS_URLS: "http://blacklist-api:8080/rdns"@BLACKLIST_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_ASN: ""@BLACKLIST_ASN: "'"$as_number"'"@' {} \;
echo "🏴 Running tests with blacklist's asn set to $AS_NUMBER ..."
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_RDNS_GLOBAL: "no"@BLACKLIST_RDNS_GLOBAL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_RDNS_URLS: "http://blacklist-api:8080/rdns"@BLACKLIST_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_ASN: ""@BLACKLIST_ASN: "'"$AS_NUMBER"'"@' {} \;
else
sudo sed -i 's@BLACKLIST_IP_URLS=.*$@BLACKLIST_IP_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_ASN=.*$@BLACKLIST_ASN='"$AS_NUMBER"'@' /etc/bunkerweb/variables.env
unset BLACKLIST_IP_URLS
export BLACKLIST_ASN="$AS_NUMBER"
fi
elif [ "$test" = "ignore_asn" ] ; then
echo "🏴 Running tests with blacklist's ignore_asn set to $as_number ..."
echo " Keeping the asn $as_number in the ban list ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_ASN: ""@BLACKLIST_IGNORE_ASN: "'"$as_number"'"@' {} \;
echo "🏴 Running tests with blacklist's ignore_asn set to $AS_NUMBER ..."
echo " Keeping the asn $AS_NUMBER in the ban list ..."
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_ASN: ""@BLACKLIST_IGNORE_ASN: "'"$AS_NUMBER"'"@' {} \;
else
sudo sed -i 's@BLACKLIST_IGNORE_ASN=.*$@BLACKLIST_IGNORE_ASN='"$AS_NUMBER"'@' /etc/bunkerweb/variables.env
export BLACKLIST_IGNORE_ASN="$AS_NUMBER"
fi
elif [ "$test" = "ignore_asn_urls" ] ; then
echo "🏴 Running tests with blacklist's ignore_asn_urls set to http://blacklist-api:8080/asn ..."
echo " Keeping the asn $as_number in the ban list ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_ASN: "'"$as_number"'"@BLACKLIST_IGNORE_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_ASN_URLS: ""@BLACKLIST_IGNORE_ASN_URLS: "http://blacklist-api:8080/asn"@' {} \;
echo " Keeping the asn $AS_NUMBER in the ban list ..."
if [ "$integration" == "docker" ] ; then
echo "🏴 Running tests with blacklist's ignore_asn_urls set to http://blacklist-api:8080/asn ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_ASN: "'"$AS_NUMBER"'"@BLACKLIST_IGNORE_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_ASN_URLS: ""@BLACKLIST_IGNORE_ASN_URLS: "http://blacklist-api:8080/asn"@' {} \;
else
echo "🏴 Running tests with blacklist's ignore_asn_urls set to http://127.0.0.1:8080/asn ..."
sudo sed -i 's@BLACKLIST_IGNORE_ASN=.*$@BLACKLIST_IGNORE_ASN=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_IGNORE_ASN_URLS=.*$@BLACKLIST_IGNORE_ASN_URLS=http://127.0.0.1:8080/asn@' /etc/bunkerweb/variables.env
unset BLACKLIST_IGNORE_ASN
export BLACKLIST_IGNORE_ASN_URLS="http://127.0.0.1:8080/asn"
fi
elif [ "$test" = "asn_urls" ] ; then
echo "🏴 Running tests with blacklist's asn url set to http://blacklist-api:8080/asn ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_ASN_URLS: "http://blacklist-api:8080/asn"@BLACKLIST_IGNORE_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_ASN: "'"$as_number"'"@BLACKLIST_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_ASN_URLS: ""@BLACKLIST_ASN_URLS: "http://blacklist-api:8080/asn"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏴 Running tests with blacklist's asn url set to http://blacklist-api:8080/asn ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_ASN_URLS: "http://blacklist-api:8080/asn"@BLACKLIST_IGNORE_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_ASN: "'"$AS_NUMBER"'"@BLACKLIST_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_ASN_URLS: ""@BLACKLIST_ASN_URLS: "http://blacklist-api:8080/asn"@' {} \;
else
echo "🏴 Running tests with blacklist's asn url set to http://127.0.0.1:8080/asn ..."
sudo sed -i 's@BLACKLIST_IGNORE_ASN_URLS=.*$@BLACKLIST_IGNORE_ASN_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_ASN=.*$@BLACKLIST_ASN=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_ASN_URLS=.*$@BLACKLIST_ASN_URLS=http://127.0.0.1:8080/asn@' /etc/bunkerweb/variables.env
unset BLACKLIST_IGNORE_ASN_URLS
unset BLACKLIST_ASN
export BLACKLIST_ASN_URLS="http://127.0.0.1:8080/asn"
fi
elif [ "$test" = "user_agent" ] ; then
echo "🏴 Running tests with blacklist's user_agent set to BunkerBot ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_ASN_URLS: "http://blacklist-api:8080/asn"@BLACKLIST_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_USER_AGENT: ""@BLACKLIST_USER_AGENT: "BunkerBot"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_ASN_URLS: "http://blacklist-api:8080/asn"@BLACKLIST_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_USER_AGENT: ""@BLACKLIST_USER_AGENT: "BunkerBot"@' {} \;
else
sudo sed -i 's@BLACKLIST_ASN_URLS=.*$@BLACKLIST_ASN_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_USER_AGENT=.*$@BLACKLIST_USER_AGENT=BunkerBot@' /etc/bunkerweb/variables.env
unset BLACKLIST_ASN_URLS
export BLACKLIST_USER_AGENT="BunkerBot"
fi
elif [ "$test" = "ignore_user_agent" ] ; then
echo "🏴 Running tests with blacklist's ignore_user_agent set to BunkerBot ..."
echo " Keeping the user_agent BunkerBot in the ban list ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_USER_AGENT: ""@BLACKLIST_IGNORE_USER_AGENT: "BunkerBot"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_USER_AGENT: ""@BLACKLIST_IGNORE_USER_AGENT: "BunkerBot"@' {} \;
else
sudo sed -i 's@BLACKLIST_IGNORE_USER_AGENT=.*$@BLACKLIST_IGNORE_USER_AGENT=BunkerBot@' /etc/bunkerweb/variables.env
export BLACKLIST_IGNORE_USER_AGENT="BunkerBot"
fi
elif [ "$test" = "ignore_user_agent_urls" ] ; then
echo "🏴 Running tests with blacklist's ignore_user_agent_urls set to http://blacklist-api:8080/user_agent ..."
echo " Keeping the user_agent BunkerBot in the ban list ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_USER_AGENT: "BunkerBot"@BLACKLIST_IGNORE_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_USER_AGENT_URLS: ""@BLACKLIST_IGNORE_USER_AGENT_URLS: "http://blacklist-api:8080/user_agent"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏴 Running tests with blacklist's ignore_user_agent_urls set to http://blacklist-api:8080/user_agent ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_USER_AGENT: "BunkerBot"@BLACKLIST_IGNORE_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_USER_AGENT_URLS: ""@BLACKLIST_IGNORE_USER_AGENT_URLS: "http://blacklist-api:8080/user_agent"@' {} \;
else
echo "🏴 Running tests with blacklist's ignore_user_agent_urls set to http://127.0.0.1:8080/user_agent ..."
sudo sed -i 's@BLACKLIST_IGNORE_USER_AGENT=.*$@BLACKLIST_IGNORE_USER_AGENT=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_IGNORE_USER_AGENT_URLS=.*$@BLACKLIST_IGNORE_USER_AGENT_URLS=http://127.0.0.1:8080/user_agent@' /etc/bunkerweb/variables.env
unset BLACKLIST_IGNORE_USER_AGENT
export BLACKLIST_IGNORE_USER_AGENT_URLS="http://127.0.0.1:8080/user_agent"
fi
elif [ "$test" = "user_agent_urls" ] ; then
echo "🏴 Running tests with blacklist's user_agent url set to http://blacklist-api:8080/user_agent ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_USER_AGENT_URLS: "http://blacklist-api:8080/user_agent"@BLACKLIST_IGNORE_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_USER_AGENT: "BunkerBot"@BLACKLIST_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_USER_AGENT_URLS: ""@BLACKLIST_USER_AGENT_URLS: "http://blacklist-api:8080/user_agent"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏴 Running tests with blacklist's user_agent url set to http://blacklist-api:8080/user_agent ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_USER_AGENT_URLS: "http://blacklist-api:8080/user_agent"@BLACKLIST_IGNORE_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_USER_AGENT: "BunkerBot"@BLACKLIST_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_USER_AGENT_URLS: ""@BLACKLIST_USER_AGENT_URLS: "http://blacklist-api:8080/user_agent"@' {} \;
else
echo "🏴 Running tests with blacklist's user_agent url set to http://127.0.0.1:8080/user_agent ..."
sudo sed -i 's@BLACKLIST_IGNORE_USER_AGENT_URLS=.*$@BLACKLIST_IGNORE_USER_AGENT_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_USER_AGENT=.*$@BLACKLIST_USER_AGENT=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_USER_AGENT_URLS=.*$@BLACKLIST_USER_AGENT_URLS=http://127.0.0.1:8080/user_agent@' /etc/bunkerweb/variables.env
unset BLACKLIST_IGNORE_USER_AGENT_URLS
unset BLACKLIST_USER_AGENT
export BLACKLIST_USER_AGENT_URLS="http://127.0.0.1:8080/user_agent"
fi
elif [ "$test" = "uri" ] ; then
echo "🏴 Running tests with blacklist's uri set to /admin ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_USER_AGENT_URLS: "http://blacklist-api:8080/user_agent"@BLACKLIST_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_URI: ""@BLACKLIST_URI: "/admin"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_USER_AGENT_URLS: "http://blacklist-api:8080/user_agent"@BLACKLIST_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_URI: ""@BLACKLIST_URI: "/admin"@' {} \;
else
sudo sed -i 's@BLACKLIST_USER_AGENT_URLS=.*$@BLACKLIST_USER_AGENT_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_URI=.*$@BLACKLIST_URI=/admin@' /etc/bunkerweb/variables.env
unset BLACKLIST_USER_AGENT_URLS
export BLACKLIST_URI="/admin"
fi
elif [ "$test" = "ignore_uri" ] ; then
echo "🏴 Running tests with blacklist's ignore_uri set to /admin ..."
echo " Keeping the uri /admin in the ban list ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_URI: ""@BLACKLIST_IGNORE_URI: "/admin"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_URI: ""@BLACKLIST_IGNORE_URI: "/admin"@' {} \;
else
sudo sed -i 's@BLACKLIST_IGNORE_URI=.*$@BLACKLIST_IGNORE_URI=/admin@' /etc/bunkerweb/variables.env
export BLACKLIST_IGNORE_URI="/admin"
fi
elif [ "$test" = "ignore_uri_urls" ] ; then
echo "🏴 Running tests with blacklist's ignore_ip_urls set to http://blacklist-api:8080/uri ..."
echo " Keeping the uri /admin in the ban list ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_URI: "/admin"@BLACKLIST_IGNORE_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_URI_URLS: ""@BLACKLIST_IGNORE_URI_URLS: "http://blacklist-api:8080/uri"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏴 Running tests with blacklist's ignore_ip_urls set to http://blacklist-api:8080/uri ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_URI: "/admin"@BLACKLIST_IGNORE_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_URI_URLS: ""@BLACKLIST_IGNORE_URI_URLS: "http://blacklist-api:8080/uri"@' {} \;
else
echo "🏴 Running tests with blacklist's ignore_ip_urls set to http://127.0.0.1:8080/uri ..."
sudo sed -i 's@BLACKLIST_IGNORE_URI=.*$@BLACKLIST_IGNORE_URI=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_IGNORE_URI_URLS=.*$@BLACKLIST_IGNORE_URI_URLS=http://127.0.0.1:8080/uri@' /etc/bunkerweb/variables.env
unset BLACKLIST_IGNORE_URI
export BLACKLIST_IGNORE_URI_URLS="http://127.0.0.1:8080/uri"
fi
elif [ "$test" = "uri_urls" ] ; then
echo "🏴 Running tests with blacklist's uri url set to http://blacklist-api:8080/uri ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_URI_URLS: "http://blacklist-api:8080/uri"@BLACKLIST_IGNORE_URI_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_URI: "/admin"@BLACKLIST_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_URI_URLS: ""@BLACKLIST_URI_URLS: "http://blacklist-api:8080/uri"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏴 Running tests with blacklist's uri url set to http://blacklist-api:8080/uri ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IGNORE_URI_URLS: "http://blacklist-api:8080/uri"@BLACKLIST_IGNORE_URI_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_URI: "/admin"@BLACKLIST_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_URI_URLS: ""@BLACKLIST_URI_URLS: "http://blacklist-api:8080/uri"@' {} \;
else
echo "🏴 Running tests with blacklist's uri url set to http://127.0.0.1:8080/uri ..."
sudo sed -i 's@BLACKLIST_IGNORE_URI_URLS=.*$@BLACKLIST_IGNORE_URI_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_URI=.*$@BLACKLIST_URI=@' /etc/bunkerweb/variables.env
sudo sed -i 's@BLACKLIST_URI_URLS=.*$@BLACKLIST_URI_URLS=http://127.0.0.1:8080/uri@' /etc/bunkerweb/variables.env
unset BLACKLIST_IGNORE_URI_URLS
unset BLACKLIST_URI
export BLACKLIST_URI_URLS="http://127.0.0.1:8080/uri"
fi
fi
echo "🏴 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🏴 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🏴 Up failed ❌"
echo "🏴 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🏴 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🏴 Start failed ❌"
exit 1
fi
fi
@ -214,41 +473,100 @@ do
# Check if stack is healthy
echo "🏴 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("blacklist-bw-1" "blacklist-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("blacklist-bw-1" "blacklist-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🏴 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🏴 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🏴 Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "🏴 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🏴 Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "🏴 ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "🏴 Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🏴 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
if [[ "$test" = "asn" || "$test" = "ignore_asn" || "$test" = "ignore_asn_urls" || "$test" = "asn_urls" ]] ; then
docker compose -f docker-compose.test.yml up global-tests --abort-on-container-exit --exit-code-from global-tests
if [ "$integration" == "docker" ] ; then
if [[ "$test" = "asn" || "$test" = "ignore_asn" || "$test" = "ignore_asn_urls" || "$test" = "asn_urls" ]] ; then
docker compose -f docker-compose.test.yml up global-tests --abort-on-container-exit --exit-code-from global-tests
else
docker compose -f docker-compose.test.yml up tests --abort-on-container-exit --exit-code-from tests
fi
else
docker compose -f docker-compose.test.yml up tests --abort-on-container-exit --exit-code-from tests
if [[ "$test" = "asn" || "$test" = "ignore_asn" || "$test" = "ignore_asn_urls" || "$test" = "asn_urls" ]] ; then
export GLOBAL="yes"
else
unset GLOBAL
fi
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🏴 Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb, BunkerWeb Scheduler and Custom API logs ..."
docker compose logs bw bw-scheduler blacklist-api
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler blacklist-api
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🏴 Test \"$test\" succeeded ✅"

170
tests/core/brotli/test.sh
View file

@ -1,17 +1,33 @@
#!/bin/bash
echo "📦 Building brotli stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker app1
if [ $? -ne 0 ] ; then
echo "📦 Pull failed ❌"
if [ -z "$integration" ] ; then
echo "📦 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "📦 Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "📦 Build failed ❌"
exit 1
echo "📦 Building brotli stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker app1
if [ $? -ne 0 ] ; then
echo "📦 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "📦 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "USE_BROTLI=no" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
fi
manual=0
@ -19,7 +35,12 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_BROTLI: "yes"@USE_BROTLI: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_BROTLI: "yes"@USE_BROTLI: "no"@' {} \;
else
sudo sed -i 's@USE_BROTLI=.*$@USE_BROTLI=no@' /etc/bunkerweb/variables.env
unset USE_BROTLI
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -27,10 +48,15 @@ cleanup_stack () {
echo "📦 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "📦 Down failed ❌"
echo "📦 Cleanup failed ❌"
exit 1
fi
@ -46,19 +72,32 @@ do
echo "📦 Running tests without brotli ..."
elif [ "$test" = "activated" ] ; then
echo "📦 Running tests with brotli ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_BROTLI: "no"@USE_BROTLI: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_BROTLI: "no"@USE_BROTLI: "yes"@' {} \;
else
sudo sed -i 's@USE_BROTLI=.*$@USE_BROTLI=yes@' /etc/bunkerweb/variables.env
export USE_BROTLI="yes"
fi
fi
echo "📦 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "📦 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "📦 Up failed ❌"
echo "📦 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "📦 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "📦 Start failed ❌"
exit 1
fi
fi
@ -66,37 +105,90 @@ do
# Check if stack is healthy
echo "📦 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("brotli-bw-1" "brotli-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("brotli-bw-1" "brotli-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "📦 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "📦 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "📦 Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "📦 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "📦 Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "📦 ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "📦 Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "📦 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "📦 Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "📦 Test \"$test\" succeeded ✅"

16
tests/core/bunkernet/api/main.py
View file

@ -44,3 +44,19 @@ async def get_instance_id(_: Request):
async def get_report_num(_: Request):
global report_num
return JSONResponse(status_code=200, content={"result": "ok", "data": report_num})
@app.get("/reset")
async def reset(_: Request):
global instance_id, report_num
instance_id = None
report_num = 0
return JSONResponse(
status_code=200, content={"result": "ok", "data": "Reset done."}
)
if __name__ == "__main__":
import uvicorn
uvicorn.run(app, host="127.0.0.1", port=8080)

2
tests/core/bunkernet/main.py
View file

@ -55,7 +55,7 @@ try:
status_code = get(
f"http://www.example.com/?id=/etc/passwd",
headers={"Host": "www.example.com"},
headers={"Host": "www.example.com", "X-Forwarded-For": "1.0.0.3"},
).status_code
print(f" Status code: {status_code}", flush=True)

196
tests/core/bunkernet/test.sh
View file

@ -1,26 +1,48 @@
#!/bin/bash
echo "🕸️ Building bunkernet stack ..."
integration=$1
if [ -z "$integration" ] ; then
echo "🕸️ Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🕸️ Integration \"$integration\" is not supported ❌"
exit 1
fi
echo "🕸️ Building bunkernet stack for integration \"$integration\" ..."
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🕸️ Pull failed ❌"
exit 1
fi
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🕸️ Pull failed ❌"
exit 1
fi
echo "🕸️ Building custom api image ..."
docker compose build bunkernet-api
if [ $? -ne 0 ] ; then
echo "🕸️ Build failed ❌"
exit 1
fi
echo "🕸️ Building custom api image ..."
docker compose build bunkernet-api
if [ $? -ne 0 ] ; then
echo "🕸️ Build failed ❌"
exit 1
fi
echo "🕸️ Building tests images ..."
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🕸️ Build failed ❌"
exit 1
echo "🕸️ Building tests images ..."
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🕸️ Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "USE_REAL_IP=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "REAL_IP_FROM=127.0.0.0/24" | sudo tee -a /etc/bunkerweb/variables.env
sudo sed -i 's@USE_BUNKERNET=.*$@USE_BUNKERNET=yes@' /etc/bunkerweb/variables.env
echo "BUNKERNET_SERVER=http://127.0.0.1:8080" | sudo tee -a /etc/bunkerweb/variables.env
export BUNKERNET_SERVER="http://127.0.0.1:8080"
sudo touch /var/www/html/index.html
python3 api/main.py &
fi
manual=0
@ -28,7 +50,13 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_BUNKERNET: "no"@USE_BUNKERNET: "yes"@' {} \;
if [ "$integration" = "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_BUNKERNET: "no"@USE_BUNKERNET: "yes"@' {} \;
else
sudo sed -i 's@USE_BUNKERNET=.*$@USE_BUNKERNET=yes@' /etc/bunkerweb/variables.env
unset USE_BUNKERNET
sudo killall python3
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -36,10 +64,16 @@ cleanup_stack () {
echo "🕸️ Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
curl http://127.0.0.1:8080/reset
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🕸️ Down failed ❌"
echo "🕸️ Cleanup failed ❌"
exit 1
fi
@ -55,19 +89,32 @@ do
echo "🕸️ Running tests with bunkernet activated ..."
elif [ "$test" = "deactivated" ] ; then
echo "🕸️ Running tests without bunkernet ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_BUNKERNET: "yes"@USE_BUNKERNET: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_BUNKERNET: "yes"@USE_BUNKERNET: "no"@' {} \;
else
sudo sed -i 's@USE_BUNKERNET=.*$@USE_BUNKERNET=no@' /etc/bunkerweb/variables.env
export USE_BUNKERNET="no"
fi
fi
echo "🕸️ Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🕸️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🕸️ Up failed ❌"
echo "🕸️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🕸️ Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🕸️ Start failed ❌"
exit 1
fi
fi
@ -75,37 +122,92 @@ do
# Check if stack is healthy
echo "🕸️ Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("bunkernet-bw-1" "bunkernet-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("bunkernet-bw-1" "bunkernet-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🕸️ Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🕸️ Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🕸️ Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "🕸️ Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🕸️ Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "🕸️ ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "🕸️ Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🕸️ Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🕸️ Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb, BunkerWeb Scheduler and Custom API logs ..."
docker compose logs bw bw-scheduler bunkernet-api
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler bunkernet-api
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛡️ Showing Geckodriver logs ..."
sudo cat geckodriver.log
fi
exit 1
else
echo "🕸️ Test \"$test\" succeeded ✅"

100
tests/core/bwcli/linux.py Normal file
View file

@ -0,0 +1,100 @@
from subprocess import PIPE, Popen
from traceback import format_exc
try:
print(
' Executing the command "bwcli ban 127.0.0.1 -exp 3600" ...',
flush=True,
)
result = Popen(
["bwcli", "ban", "127.0.0.1", "-exp", "3600"],
stderr=PIPE,
stdout=PIPE,
)
_, err = result.communicate()
if result.returncode != 0:
print(
f'❌ Command "ban" failed, exiting ...\noutput: {err.decode()}\nexit_code: {result.returncode}'
)
exit(1)
print(err.decode(), flush=True)
print(
' Executing the command "bwcli bans" and checking the result ...',
flush=True,
)
result = Popen(["bwcli", "bans"], stderr=PIPE, stdout=PIPE)
_, err = result.communicate()
if result.returncode != 0:
print(
f'❌ Command "bans" failed, exiting ...\noutput: {err.decode()}\nexit_code: {result.returncode}'
)
exit(1)
if b"- 127.0.0.1" not in err:
print(
f'❌ IP 127.0.0.1 not found in the output of "bans", exiting ...\noutput: {err.decode()}'
)
exit(1)
elif b"List of bans for redis:" not in err:
print(
f'❌ Redis ban list not found in the output of "bans", exiting ...\noutput: {err.decode()}'
)
exit(1)
elif b"1 hour" not in err and b"59 minutes" not in err:
print(f"❌ Ban duration isn't 1 hour, exiting ...\noutput: {err.decode()}")
exit(1)
print(
' Executing the command "bwcli unban 127.0.0.1" ...',
flush=True,
)
result = Popen(["bwcli", "unban", "127.0.0.1"], stderr=PIPE, stdout=PIPE)
_, err = result.communicate()
if result.returncode != 0:
print(
f'❌ Command "unban" failed, exiting ...\noutput: {err.decode()}\nexit_code: {result.returncode}'
)
exit(1)
print(err.decode(), flush=True)
print(
' Executing the command "bwcli bans" to check if the IP was unbanned ...',
flush=True,
)
result = Popen(["bwcli", "bans"], stderr=PIPE, stdout=PIPE)
_, err = result.communicate()
if result.returncode != 0:
print(
f'❌ Command "bans" failed, exiting ...\noutput: {err.decode()}\nexit_code: {result.returncode}'
)
exit(1)
found = 0
for line in err.splitlines():
if b"No ban found" in line:
found += 1
if found < 2:
print(
f"❌ IP 127.0.0.1 was not unbanned from both redis and the local ban list, exiting ...\noutput: {err.decode()}",
flush=True,
)
exit(1)
print(err.decode(), flush=True)
except SystemExit:
exit(1)
except:
print(f"❌ Something went wrong, exiting ...\n{format_exc()}", flush=True)
exit(1)

170
tests/core/bwcli/test.sh
View file

@ -1,26 +1,61 @@
#!/bin/bash
echo "⌨️ Building bunkernet stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "⌨️ Pull failed ❌"
if [ -z "$integration" ] ; then
echo "⌨️ Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "⌨️ Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "⌨️ Build failed ❌"
exit 1
echo "⌨️ Building bwcli stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "⌨️ Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "⌨️ Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
sudo pip install -r requirements.txt
echo "⌨️ Installing Redis ..."
sudo apt install --no-install-recommends -y redis
redis-server --daemonize yes
if [ $? -ne 0 ] ; then
echo "⌨️ Redis start failed ❌"
exit 1
fi
echo "⌨️ Redis installed ✅"
echo "USE_REDIS=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "REDIS_HOST=127.0.0.1" | sudo tee -a /etc/bunkerweb/variables.env
export USE_REDIS="yes"
export REDIS_HOST="127.0.0.1"
sudo touch /var/www/html/index.html
fi
cleanup_stack () {
echo "⌨️ Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "⌨️ Down failed ❌"
echo "⌨️ Cleanup failed ❌"
exit 1
fi
@ -33,15 +68,23 @@ trap cleanup_stack EXIT
echo "⌨️ Running bwcli tests ..."
echo "⌨️ Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "⌨️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "⌨️ Up failed ❌"
echo "⌨️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "⌨️ Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "⌨️ Start failed ❌"
exit 1
fi
fi
@ -49,37 +92,90 @@ fi
# Check if stack is healthy
echo "⌨️ Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("bwcli-bw-1" "bwcli-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("bwcli-bw-1" "bwcli-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "⌨️ Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "⌨️ Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "⌨️ Docker stack is not healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "⌨️ Docker stack is not healthy ❌"
exit 1
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "⌨️ Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "⌨️ Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "⌨️ ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "⌨️ Linux stack could not be healthy ❌"
exit 1
fi
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
sudo python3 linux.py
fi
if [ $? -ne 0 ] ; then
echo "⌨️ Test bwcli failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "⌨️ Test bwcli succeeded ✅"

215
tests/core/clientcache/test.sh
View file

@ -1,17 +1,37 @@
#!/bin/bash
echo "📝 Building clientcache stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "📝 Pull failed ❌"
if [ -z "$integration" ] ; then
echo "📝 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "📝 Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "📝 Build failed ❌"
exit 1
echo "📝 Building clientcache stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "📝 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "📝 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "USE_CLIENT_CACHE=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "CLIENT_CACHE_EXTENSIONS=jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2" | sudo tee -a /etc/bunkerweb/variables.env
echo "CLIENT_CACHE_ETAG=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "CLIENT_CACHE_CONTROL=public, max-age=15552000" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
sudo cp image.png /var/www/html/image.png
fi
manual=0
@ -19,10 +39,21 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_CLIENT_CACHE: "yes"@USE_CLIENT_CACHE: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CLIENT_CACHE_EXTENSIONS: "jpg|jpeg|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2"@CLIENT_CACHE_EXTENSIONS: "jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CLIENT_CACHE_ETAG: "no"@CLIENT_CACHE_ETAG: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CLIENT_CACHE_CONTROL: "public, max-age=3600"@CLIENT_CACHE_CONTROL: "public, max-age=15552000"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_CLIENT_CACHE: "yes"@USE_CLIENT_CACHE: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CLIENT_CACHE_EXTENSIONS: "jpg|jpeg|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2"@CLIENT_CACHE_EXTENSIONS: "jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CLIENT_CACHE_ETAG: "no"@CLIENT_CACHE_ETAG: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CLIENT_CACHE_CONTROL: "public, max-age=3600"@CLIENT_CACHE_CONTROL: "public, max-age=15552000"@' {} \;
else
sudo sed -i 's@USE_CLIENT_CACHE=.*$@USE_CLIENT_CACHE=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@CLIENT_CACHE_EXTENSIONS=.*$@CLIENT_CACHE_EXTENSIONS=jpg|jpeg|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2@' /etc/bunkerweb/variables.env
sudo sed -i 's@CLIENT_CACHE_ETAG=.*$@CLIENT_CACHE_ETAG=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@CLIENT_CACHE_CONTROL=.*$@CLIENT_CACHE_CONTROL=public, max-age=15552000@' /etc/bunkerweb/variables.env
unset USE_CLIENT_CACHE
unset CLIENT_CACHE_EXTENSIONS
unset CLIENT_CACHE_ETAG
unset CLIENT_CACHE_CONTROL
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -30,10 +61,15 @@ cleanup_stack () {
echo "📝 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "📝 Down failed ❌"
echo "📝 Cleanup failed ❌"
exit 1
fi
@ -49,30 +85,62 @@ do
echo "📝 Running tests without clientcache ..."
elif [ "$test" = "activated" ] ; then
echo "📝 Running tests with clientcache ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_CLIENT_CACHE: "no"@USE_CLIENT_CACHE: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_CLIENT_CACHE: "no"@USE_CLIENT_CACHE: "yes"@' {} \;
else
sudo sed -i 's@USE_CLIENT_CACHE=.*$@USE_CLIENT_CACHE=yes@' /etc/bunkerweb/variables.env
export USE_CLIENT_CACHE="yes"
fi
elif [ "$test" = "cache_extensions" ] ; then
echo "📝 Running tests when removing png from the cache extensions ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@CLIENT_CACHE_EXTENSIONS: "jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2"@CLIENT_CACHE_EXTENSIONS: "jpg|jpeg|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@CLIENT_CACHE_EXTENSIONS: "jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2"@CLIENT_CACHE_EXTENSIONS: "jpg|jpeg|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2"@' {} \;
else
sudo sed -i 's@CLIENT_CACHE_EXTENSIONS=.*$@CLIENT_CACHE_EXTENSIONS=jpg|jpeg|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2@' /etc/bunkerweb/variables.env
export CLIENT_CACHE_EXTENSIONS="jpg|jpeg|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2"
fi
elif [ "$test" = "cache_etag" ] ; then
echo "📝 Running tests when deactivating the etag ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@CLIENT_CACHE_EXTENSIONS: "jpg|jpeg|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2"@CLIENT_CACHE_EXTENSIONS: "jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CLIENT_CACHE_ETAG: "yes"@CLIENT_CACHE_ETAG: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@CLIENT_CACHE_EXTENSIONS: "jpg|jpeg|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2"@CLIENT_CACHE_EXTENSIONS: "jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CLIENT_CACHE_ETAG: "yes"@CLIENT_CACHE_ETAG: "no"@' {} \;
else
sudo sed -i 's@CLIENT_CACHE_EXTENSIONS=.*$@CLIENT_CACHE_EXTENSIONS=jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2@' /etc/bunkerweb/variables.env
sudo sed -i 's@CLIENT_CACHE_ETAG=.*$@CLIENT_CACHE_ETAG=no@' /etc/bunkerweb/variables.env
export CLIENT_CACHE_EXTENSIONS="jpg|jpeg|png|bmp|ico|svg|tif|css|js|otf|ttf|eot|woff|woff2"
export CLIENT_CACHE_ETAG="no"
fi
elif [ "$test" = "cache_control" ] ; then
echo "📝 Running tests whith clientcache control set to public, max-age=3600 ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@CLIENT_CACHE_ETAG: "no"@CLIENT_CACHE_ETAG: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CLIENT_CACHE_CONTROL: "public, max-age=15552000"@CLIENT_CACHE_CONTROL: "public, max-age=3600"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@CLIENT_CACHE_ETAG: "no"@CLIENT_CACHE_ETAG: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CLIENT_CACHE_CONTROL: "public, max-age=15552000"@CLIENT_CACHE_CONTROL: "public, max-age=3600"@' {} \;
else
sudo sed -i 's@CLIENT_CACHE_ETAG=.*$@CLIENT_CACHE_ETAG=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@CLIENT_CACHE_CONTROL=.*$@CLIENT_CACHE_CONTROL=public, max-age=3600@' /etc/bunkerweb/variables.env
export CLIENT_CACHE_ETAG="yes"
export CLIENT_CACHE_CONTROL="public, max-age=3600"
fi
fi
echo "📝 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "📝 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "📝 Up failed ❌"
echo "📝 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "📝 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "📝 Start failed ❌"
exit 1
fi
fi
@ -80,37 +148,90 @@ do
# Check if stack is healthy
echo "📝 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("clientcache-bw-1" "clientcache-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("clientcache-bw-1" "clientcache-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "📝 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "📝 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "📝 Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "📝 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "📝 Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "📝 ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "📝 Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "📝 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "📝 Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "📝 Test \"$test\" succeeded ✅"

269
tests/core/cors/test.sh
View file

@ -1,17 +1,46 @@
#!/bin/bash
echo "🛰️ Building cors stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker app1
if [ $? -ne 0 ] ; then
echo "🛰️ Pull failed ❌"
if [ -z "$integration" ] ; then
echo "🛰️ Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🛰️ Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🛰️ Build failed ❌"
exit 1
echo "🛰️ Building cors stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker app1
if [ $? -ne 0 ] ; then
echo "🛰️ Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🛰️ Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
sudo cp -r www/* /var/www/html/
sudo chown -R www-data:nginx /var/www/html
sudo find /var/www/html -type f -exec chmod 0640 {} \;
sudo find /var/www/html -type d -exec chmod 0750 {} \;
echo "LOCAL_PHP=/run/php/php-fpm.sock" | sudo tee -a /etc/bunkerweb/variables.env
echo "LOCAL_PHP_PATH=/var/www/html" | sudo tee -a /etc/bunkerweb/variables.env
echo "ALLOWED_METHODS=GET|POST|HEAD|OPTIONS" | sudo tee -a /etc/bunkerweb/variables.env
echo "GENERATE_SELF_SIGNED_SSL=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_CORS=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "CORS_ALLOW_ORIGIN=*" | sudo tee -a /etc/bunkerweb/variables.env
echo "CORS_EXPOSE_HEADERS=Content-Length,Content-Range" | sudo tee -a /etc/bunkerweb/variables.env
echo "CORS_MAX_AGE=86400" | sudo tee -a /etc/bunkerweb/variables.env
echo "CORS_ALLOW_CREDENTIALS=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "CORS_ALLOW_METHODS=GET, POST, OPTIONS" | sudo tee -a /etc/bunkerweb/variables.env
echo "CORS_ALLOW_HEADERS=DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" | sudo tee -a /etc/bunkerweb/variables.env
fi
manual=0
@ -19,14 +48,33 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_CORS: "yes"@USE_CORS: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "yes"@GENERATE_SELF_SIGNED_SSL: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_ORIGIN: ".*"$@CORS_ALLOW_ORIGIN: "\*"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_EXPOSE_HEADERS: "X-Test"@CORS_EXPOSE_HEADERS: "Content-Length,Content-Range"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_MAX_AGE: "3600"@CORS_MAX_AGE: "86400"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_CREDENTIALS: "yes"@CORS_ALLOW_CREDENTIALS: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_METHODS: "GET, HEAD, POST, OPTIONS"@CORS_ALLOW_METHODS: "GET, POST, OPTIONS"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_HEADERS: "X-Test"@CORS_ALLOW_HEADERS: "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_CORS: "yes"@USE_CORS: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "yes"@GENERATE_SELF_SIGNED_SSL: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_ORIGIN: ".*"$@CORS_ALLOW_ORIGIN: "\*"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_EXPOSE_HEADERS: "X-Test"@CORS_EXPOSE_HEADERS: "Content-Length,Content-Range"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_MAX_AGE: "3600"@CORS_MAX_AGE: "86400"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_CREDENTIALS: "yes"@CORS_ALLOW_CREDENTIALS: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_METHODS: "GET, HEAD, POST, OPTIONS"@CORS_ALLOW_METHODS: "GET, POST, OPTIONS"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_HEADERS: "X-Test"@CORS_ALLOW_HEADERS: "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"@' {} \;
else
sudo sed -i 's@USE_CORS=.*$@USE_CORS=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@GENERATE_SELF_SIGNED_SSL=.*$@GENERATE_SELF_SIGNED_SSL=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@CORS_ALLOW_ORIGIN=.*$@CORS_ALLOW_ORIGIN=*@' /etc/bunkerweb/variables.env
sudo sed -i 's@CORS_EXPOSE_HEADERS=.*$@CORS_EXPOSE_HEADERS=Content-Length,Content-Range@' /etc/bunkerweb/variables.env
sudo sed -i 's@CORS_MAX_AGE=.*$@CORS_MAX_AGE=86400@' /etc/bunkerweb/variables.env
sudo sed -i 's@CORS_ALLOW_CREDENTIALS=.*$@CORS_ALLOW_CREDENTIALS=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@CORS_ALLOW_METHODS=.*$@CORS_ALLOW_METHODS=GET, POST, OPTIONS@' /etc/bunkerweb/variables.env
sudo sed -i 's@CORS_ALLOW_HEADERS=.*$@CORS_ALLOW_HEADERS=DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range@' /etc/bunkerweb/variables.env
unset USE_CORS
unset GENERATE_SELF_SIGNED_SSL
unset CORS_ALLOW_ORIGIN
unset CORS_EXPOSE_HEADERS
unset CORS_MAX_AGE
unset CORS_ALLOW_CREDENTIALS
unset CORS_ALLOW_METHODS
unset CORS_ALLOW_HEADERS
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -34,10 +82,15 @@ cleanup_stack () {
echo "🛰️ Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🛰️ Down failed ❌"
echo "🛰️ Cleanup failed ❌"
exit 1
fi
@ -47,14 +100,16 @@ cleanup_stack () {
# Cleanup stack on exit
trap cleanup_stack EXIT
echo "🛰️ Initializing workspace ..."
docker compose -f docker-compose.init.yml up --build
if [ $? -ne 0 ] ; then
echo "🛰️ Build failed ❌"
exit 1
elif [[ $(stat -L -c "%a %g %u" www/app1.example.com/index.php) != "655 101 33" ]] ; then
echo "🛰️ Init failed, permissions are not correct ❌"
exit 1
if [ "$integration" == "docker" ] ; then
echo "🛰️ Initializing workspace ..."
docker compose -f docker-compose.init.yml up --build
if [ $? -ne 0 ] ; then
echo "🛰️ Build failed ❌"
exit 1
elif [[ $(stat -L -c "%a %g %u" www/app1.example.com/index.php) != "655 101 33" ]] ; then
echo "🛰️ Init failed, permissions are not correct ❌"
exit 1
fi
fi
for test in "deactivated" "activated" "allow_origin" "tweaked_settings"
@ -63,31 +118,66 @@ do
echo "🛰️ Running tests without cors ..."
elif [ "$test" = "activated" ] ; then
echo "🛰️ Running tests with cors ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_CORS: "no"@USE_CORS: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_CORS: "no"@USE_CORS: "yes"@' {} \;
else
sudo sed -i 's@USE_CORS=.*$@USE_CORS=yes@' /etc/bunkerweb/variables.env
export USE_CORS="yes"
fi
elif [ "$test" = "allow_origin" ] ; then
echo "🛰️ Running tests with a specific origin allowed only ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_ORIGIN: "\*"@CORS_ALLOW_ORIGIN: "^http://app1\\\\.example\\\\.com$$"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_ORIGIN: "\*"@CORS_ALLOW_ORIGIN: "^http://app1\\\\.example\\\\.com$$"@' {} \;
else
sudo sed -i 's@CORS_ALLOW_ORIGIN=.*$@CORS_ALLOW_ORIGIN=^http://app1\\.example\\.com$$@' /etc/bunkerweb/variables.env
export CORS_ALLOW_ORIGIN="^http://app1\\.example\\.com\$"
fi
elif [ "$test" = "tweaked_settings" ] ; then
echo "🛰️ Running tests with tweaked cors settings ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "no"@GENERATE_SELF_SIGNED_SSL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_ORIGIN: ".*"$@CORS_ALLOW_ORIGIN: "^https://app1\\\\.example\\\\.com$$"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_EXPOSE_HEADERS: "Content-Length,Content-Range"@CORS_EXPOSE_HEADERS: "X-Test"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_MAX_AGE: "86400"@CORS_MAX_AGE: "3600"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_CREDENTIALS: "no"@CORS_ALLOW_CREDENTIALS: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_METHODS: "GET, POST, OPTIONS"@CORS_ALLOW_METHODS: "GET, HEAD, POST, OPTIONS"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_HEADERS: "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"@CORS_ALLOW_HEADERS: "X-Test"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "no"@GENERATE_SELF_SIGNED_SSL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_ORIGIN: ".*"$@CORS_ALLOW_ORIGIN: "^https://app1\\\\.example\\\\.com$$"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_EXPOSE_HEADERS: "Content-Length,Content-Range"@CORS_EXPOSE_HEADERS: "X-Test"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_MAX_AGE: "86400"@CORS_MAX_AGE: "3600"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_CREDENTIALS: "no"@CORS_ALLOW_CREDENTIALS: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_METHODS: "GET, POST, OPTIONS"@CORS_ALLOW_METHODS: "GET, HEAD, POST, OPTIONS"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CORS_ALLOW_HEADERS: "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range"@CORS_ALLOW_HEADERS: "X-Test"@' {} \;
else
sudo sed -i 's@GENERATE_SELF_SIGNED_SSL=.*$@GENERATE_SELF_SIGNED_SSL=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@CORS_ALLOW_ORIGIN=.*$@CORS_ALLOW_ORIGIN=^https://app1\\.example\\.com\$@' /etc/bunkerweb/variables.env
sudo sed -i 's@CORS_EXPOSE_HEADERS=.*$@CORS_EXPOSE_HEADERS=X-Test@' /etc/bunkerweb/variables.env
sudo sed -i 's@CORS_MAX_AGE=.*$@CORS_MAX_AGE=3600@' /etc/bunkerweb/variables.env
sudo sed -i 's@CORS_ALLOW_CREDENTIALS=.*$@CORS_ALLOW_CREDENTIALS=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@CORS_ALLOW_METHODS=.*$@CORS_ALLOW_METHODS=GET, HEAD, POST, OPTIONS@' /etc/bunkerweb/variables.env
sudo sed -i 's@CORS_ALLOW_HEADERS=.*$@CORS_ALLOW_HEADERS=X-Test@' /etc/bunkerweb/variables.env
export GENERATE_SELF_SIGNED_SSL="yes"
export CORS_ALLOW_ORIGIN="^https://app1\\.example\\.com\$"
export CORS_EXPOSE_HEADERS="X-Test"
export CORS_MAX_AGE="3600"
export CORS_ALLOW_CREDENTIALS="yes"
export CORS_ALLOW_METHODS="GET, HEAD, POST, OPTIONS"
export CORS_ALLOW_HEADERS="X-Test"
fi
fi
echo "🛰️ Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🛰️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🛰️ Up failed ❌"
echo "🛰️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🛰️ Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🛰️ Start failed ❌"
exit 1
fi
fi
@ -95,37 +185,92 @@ do
# Check if stack is healthy
echo "🛰️ Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("cors-bw-1" "cors-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("cors-bw-1" "cors-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🛰️ Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🛰️ Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🛰️ Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "🛰️ Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛰️ Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "🛰️ ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "🛰️ Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🛰️ Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🛰️ Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛡️ Showing Geckodriver logs ..."
sudo cat geckodriver.log
fi
exit 1
else
echo "🛰️ Test \"$test\" succeeded ✅"

9
tests/core/country/main.py
View file

@ -41,7 +41,14 @@ try:
status_code = get(
f"http://www.example.com",
headers={"Host": "www.example.com"},
headers={
"Host": "www.example.com",
}
| (
{"X-Forwarded-For": "2.0.0.3" if country == "FR" else "8.0.0.3"}
if getenv("TEST_TYPE", "docker") == "linux"
else {}
),
).status_code
if status_code == 403:

235
tests/core/country/test.sh
View file

@ -1,17 +1,39 @@
#!/bin/bash
echo "🌍 Building country stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🌍 Pull failed ❌"
if [ -z "$integration" ] ; then
echo "🌍 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🌍 Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🌍 Build failed ❌"
exit 1
echo "🌍 Building country stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🌍 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🌍 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "USE_REAL_IP=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "REAL_IP_FROM=127.0.0.0/24" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_COUNTRY=" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_COUNTRY=" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
export COUNTRY=""
export TEST_TYPE="linux"
fi
manual=0
@ -19,8 +41,15 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_COUNTRY: "US"@BLACKLIST_COUNTRY: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_COUNTRY: "FR"@WHITELIST_COUNTRY: ""@' {} \;
if [ "$integration" = "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_COUNTRY: "US"@BLACKLIST_COUNTRY: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_COUNTRY: "FR"@WHITELIST_COUNTRY: ""@' {} \;
else
sudo sed -i 's@BLACKLIST_COUNTRY=.*$@BLACKLIST_COUNTRY=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_COUNTRY=.*$@WHITELIST_COUNTRY=@' /etc/bunkerweb/variables.env
unset BLACKLIST_COUNTRY
unset WHITELIST_COUNTRY
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -28,10 +57,15 @@ cleanup_stack () {
echo "🌍 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🌍 Down failed ❌"
echo "🌍 Cleanup failed ❌"
exit 1
fi
@ -47,23 +81,43 @@ do
echo "🌍 Running tests without the country plugin ..."
elif [ "$test" = "blacklist" ] ; then
echo "🌍 Running tests when blacklisting United States ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_COUNTRY: ""@BLACKLIST_COUNTRY: "US"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_COUNTRY: ""@BLACKLIST_COUNTRY: "US"@' {} \;
else
sudo sed -i 's@BLACKLIST_COUNTRY=.*$@BLACKLIST_COUNTRY=US@' /etc/bunkerweb/variables.env
export BLACKLIST_COUNTRY="US"
fi
elif [ "$test" = "whitelist" ] ; then
echo "🌍 Running tests when whitelisting France ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_COUNTRY: "US"@BLACKLIST_COUNTRY: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_COUNTRY: ""@WHITELIST_COUNTRY: "FR"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_COUNTRY: "US"@BLACKLIST_COUNTRY: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_COUNTRY: ""@WHITELIST_COUNTRY: "FR"@' {} \;
else
sudo sed -i 's@BLACKLIST_COUNTRY=.*$@BLACKLIST_COUNTRY=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_COUNTRY=.*$@WHITELIST_COUNTRY=FR@' /etc/bunkerweb/variables.env
unset BLACKLIST_COUNTRY
export WHITELIST_COUNTRY="FR"
fi
fi
echo "🌍 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🌍 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🌍 Up failed ❌"
echo "🌍 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🌍 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🌍 Start failed ❌"
exit 1
fi
fi
@ -71,53 +125,124 @@ do
# Check if stack is healthy
echo "🌍 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("country-bw-1" "country-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("country-bw-1" "country-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🌍 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🌍 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🌍 Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "🌍 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🌍 Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "🌍 ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "🌍 Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🌍 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
echo "🌍 Starting the FR container"
docker compose -f docker-compose.test.yml up tests-fr --abort-on-container-exit --exit-code-from tests-fr
if [ $? -ne 0 ] ; then
echo "🌍 Test \"$test\" failed for the FR container ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
exit 1
echo "🌍 Starting the FR country"
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up tests-fr --abort-on-container-exit --exit-code-from tests-fr
else
echo "🌍 Test \"$test\" succeeded for the FR container ✅"
export COUNTRY="FR"
python3 main.py
fi
echo "🌍 Starting the US container"
docker compose -f docker-compose.test.yml up tests-us --abort-on-container-exit --exit-code-from tests-us
if [ $? -ne 0 ] ; then
echo "🌍 Test \"$test\" failed for the US container ❌"
echo "🌍 Test \"$test\" failed for the FR country ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛡️ Showing Geckodriver logs ..."
sudo cat geckodriver.log
fi
exit 1
else
echo "🌍 Test \"$test\" succeeded for the US container ✅"
echo "🌍 Test \"$test\" succeeded for the FR country ✅"
fi
echo "🌍 Starting the US country"
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up tests-us --abort-on-container-exit --exit-code-from tests-us
else
export COUNTRY="US"
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🌍 Test \"$test\" failed for the US country ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛡️ Showing Geckodriver logs ..."
sudo cat geckodriver.log
fi
exit 1
else
echo "🌍 Test \"$test\" succeeded for the US country ✅"
fi
manual=1

213
tests/core/customcert/test.sh
View file

@ -1,17 +1,35 @@
#!/bin/bash
echo "🔏 Building customcert stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🔏 Pull failed ❌"
if [ -z "$integration" ] ; then
echo "🔏 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🔏 Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🔏 Build failed ❌"
exit 1
echo "🔏 Building customcert stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🔏 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🔏 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "USE_CUSTOM_SSL=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "CUSTOM_SSL_CERT=/tmp/certificate.pem" | sudo tee -a /etc/bunkerweb/variables.env
echo "CUSTOM_SSL_KEY=/tmp/privatekey.key" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
fi
manual=0
@ -19,8 +37,16 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
rm -rf init/certs
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_CUSTOM_SSL: "yes"@USE_CUSTOM_SSL: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
rm -rf init/certs
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_CUSTOM_SSL: "yes"@USE_CUSTOM_SSL: "no"@' {} \;
else
sudo rm -f /tmp/certificate.pem /tmp/privatekey.key
sudo sed -i 's@USE_CUSTOM_SSL=.*$@USE_CUSTOM_SSL=no@' /etc/bunkerweb/variables.env
unset USE_CUSTOM_SSL
unset CUSTOM_SSL_CERT
unset CUSTOM_SSL_KEY
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -28,10 +54,15 @@ cleanup_stack () {
echo "🔏 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🔏 Down failed ❌"
echo "🔏 Cleanup failed ❌"
exit 1
fi
@ -41,19 +72,29 @@ cleanup_stack () {
# Cleanup stack on exit
trap cleanup_stack EXIT
echo "🔏 Initializing workspace ..."
rm -rf init/certs
mkdir -p init/certs
docker compose -f docker-compose.init.yml up --build
if [ $? -ne 0 ] ; then
echo "🔏 Build failed ❌"
exit 1
elif ! [[ -f "init/certs/certificate.pem" ]]; then
echo "🔏 certificate.pem not found ❌"
exit 1
elif ! [[ -f "init/certs/privatekey.key" ]]; then
echo "🔏 privatekey.key not found ❌"
exit 1
if [ "$integration" == "docker" ] ; then
echo "🔏 Initializing workspace ..."
rm -rf init/certs
mkdir -p init/certs
docker compose -f docker-compose.init.yml up --build
if [ $? -ne 0 ] ; then
echo "🔏 Build failed ❌"
exit 1
elif ! [[ -f "init/certs/certificate.pem" ]]; then
echo "🔏 certificate.pem not found ❌"
exit 1
elif ! [[ -f "init/certs/privatekey.key" ]]; then
echo "🔏 privatekey.key not found ❌"
exit 1
fi
else
echo "🔏 Generating certificate for www.example.com ..."
openssl req -nodes -x509 -newkey rsa:4096 -keyout /tmp/privatekey.key -out /tmp/certificate.pem -days 365 -subj /CN=www.example.com/
if [ $? -ne 0 ] ; then
echo "🔏 Certificate generation failed ❌"
exit 1
fi
sudo chmod 777 /tmp/privatekey.key /tmp/certificate.pem
fi
for test in "deactivated" "activated"
@ -62,19 +103,32 @@ do
echo "🔏 Running tests without the custom cert ..."
elif [ "$test" = "activated" ] ; then
echo "🔏 Running tests with the custom cert activated ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_CUSTOM_SSL: "no"@USE_CUSTOM_SSL: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_CUSTOM_SSL: "no"@USE_CUSTOM_SSL: "yes"@' {} \;
else
sudo sed -i 's@USE_CUSTOM_SSL=.*$@USE_CUSTOM_SSL=yes@' /etc/bunkerweb/variables.env
export USE_CUSTOM_SSL="yes"
fi
fi
echo "🔏 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🔏 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🔏 Up failed ❌"
echo "🔏 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🔏 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🔏 Start failed ❌"
exit 1
fi
fi
@ -82,37 +136,90 @@ do
# Check if stack is healthy
echo "🔏 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("customcert-bw-1" "customcert-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("customcert-bw-1" "customcert-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🔏 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🔏 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🔏 Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "🔏 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🔏 Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "🔏 ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "🔏 Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🔏 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🔏 Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🔏 Test \"$test\" succeeded ✅"

2
tests/core/db/docker-compose.test.yml
View file

@ -17,7 +17,7 @@ services:
GLOBAL_REVERSE_PROXY_HOST: "http://app1:8080"
GLOBAL_REVERSE_PROXY_URL: "/"
GLOBAL_LOG_LEVEL: "info"
CUSTOM_CONF_MODSEC_test_custom_conf: 'SecRule REQUEST_FILENAME "@rx ^/db" "id:1,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog"'
CUSTOM_CONF_MODSEC_test_custom_conf: 'SecRule REQUEST_FILENAME "@rx ^/db" "id:10000,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog"'
GLOBAL_SERVER_NAME: "bwadm.example.com"
extra_hosts:
- "bwadm.example.com:192.168.0.2"

2
tests/core/db/docker-compose.yml
View file

@ -17,7 +17,7 @@ services:
REVERSE_PROXY_HOST: "http://app1:8080"
REVERSE_PROXY_URL: "/"
LOG_LEVEL: "info"
CUSTOM_CONF_MODSEC_test_custom_conf: 'SecRule REQUEST_FILENAME "@rx ^/db" "id:1,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog"'
CUSTOM_CONF_MODSEC_test_custom_conf: 'SecRule REQUEST_FILENAME "@rx ^/db" "id:10000,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog"'
networks:
bw-universe:
bw-services:

8
tests/core/db/init/entrypoint.sh
View file

@ -4,15 +4,9 @@ echo " Cloning BunkerWeb Plugins ..."
git clone https://github.com/bunkerity/bunkerweb-plugins.git
echo " Checking out to dev branch ..."
cd bunkerweb-plugins
echo " Extracting ClamAV plugin ..."
cp -r clamav /plugins/
cd ..
cp -r bunkerweb-plugins/clamav /plugins/
echo " Extracting settings.json file, db and core directory ..."

20
tests/core/db/main.py
View file

@ -32,7 +32,10 @@ from bunkerweb.db.model import (
try:
database_uri = getenv("DATABASE_URI", "sqlite:////var/lib/bunkerweb/db.sqlite3")
if database_uri == "sqlite:////var/lib/bunkerweb/db.sqlite3":
if (
getenv("TEST_TYPE", "docker") == "docker"
and database_uri == "sqlite:////var/lib/bunkerweb/db.sqlite3"
):
database_uri = "sqlite:////data/lib/db.sqlite3"
error = False
@ -40,10 +43,7 @@ try:
print(f" Connecting to database: {database_uri}", flush=True)
try:
sql_engine = create_engine(
database_uri,
future=True,
)
sql_engine = create_engine(database_uri, future=True)
except ArgumentError:
print(f"❌ Invalid database URI: {database_uri}", flush=True)
error = True
@ -584,7 +584,9 @@ try:
service_custom_configs[custom_conf[3]] = {
"value": environ[env].encode(),
"type": custom_conf[2].lower(),
"method": "scheduler",
"method": "manual"
if getenv("TEST_TYPE", "docker") == "linux"
else "scheduler",
"checked": False,
}
continue
@ -592,7 +594,9 @@ try:
global_custom_configs[custom_conf[3]] = {
"value": environ[env].encode(),
"type": custom_conf[2].lower(),
"method": "scheduler",
"method": "manual"
if getenv("TEST_TYPE", "docker") == "linux"
else "scheduler",
"checked": False,
}
@ -651,6 +655,8 @@ try:
elif (
custom_config.data.replace(b"# CREATED BY ENV\n", b"")
!= current_custom_configs[custom_config.name]["value"]
and custom_config.data.replace(b"# CREATED BY ENV\n", b"")
!= current_custom_configs[custom_config.name]["value"] + b"\n"
):
print(
f"❌ The custom config {custom_config.name} is in the database but the value differ, exiting ...\n{custom_config.data} (database) != {current_custom_configs[custom_config.name]['value']} (env)",

4
tests/core/db/requirements.txt
View file

@ -1,4 +1,4 @@
sqlalchemy==2.0.20
sqlalchemy==2.0.21
psycopg2-binary==2.9.7
PyMySQL==1.1.0
cryptography==41.0.3
cryptography==41.0.4

468
tests/core/db/test.sh
View file

@ -1,30 +1,65 @@
#!/bin/bash
echo "💾 Building db stack ..."
integration=$1
if [ -z "$integration" ] ; then
echo "💾 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "💾 Integration \"$integration\" is not supported ❌"
exit 1
fi
echo "💾 Building db stack for integration \"$integration\" ..."
# Starting stack
docker compose pull bw-docker app1
if [ $? -ne 0 ] ; then
echo "💾 Pull failed ❌"
exit 1
fi
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker app1
if [ $? -ne 0 ] ; then
echo "💾 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.mariadb.yml pull bw-db
if [ $? -ne 0 ] ; then
echo "💾 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.mysql.yml pull bw-db
if [ $? -ne 0 ] ; then
echo "💾 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.postgres.yml pull bw-db
if [ $? -ne 0 ] ; then
echo "💾 Pull failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
sudo pip install -r requirements.txt
sudo sed -i 's@SERVER_NAME=.*$@SERVER_NAME=bwadm.example.com@' /etc/bunkerweb/variables.env
echo "MULTISITE=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_REVERSE_PROXY=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "REVERSE_PROXY_HOST=http://app1:8080" | sudo tee -a /etc/bunkerweb/variables.env
echo "REVERSE_PROXY_URL=/" | sudo tee -a /etc/bunkerweb/variables.env
echo "DATABASE_URI=sqlite:////var/lib/bunkerweb/db.sqlite3" | sudo tee -a /etc/bunkerweb/variables.env
echo 'SecRule REQUEST_FILENAME "@rx ^/db" "id:10000,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog"' | sudo tee /etc/bunkerweb/configs/modsec/test_custom_conf.conf
sudo chown -R nginx:nginx /etc/bunkerweb
sudo chmod 777 /etc/bunkerweb/configs/modsec/test_custom_conf.conf
sudo touch /var/www/html/index.html
docker compose -f docker-compose.mariadb.yml pull bw-db
if [ $? -ne 0 ] ; then
echo "💾 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.mysql.yml pull bw-db
if [ $? -ne 0 ] ; then
echo "💾 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.postgres.yml pull bw-db
if [ $? -ne 0 ] ; then
echo "💾 Pull failed ❌"
exit 1
export TEST_TYPE="linux"
export GLOBAL_SERVER_NAME="bwadm.example.com"
export GLOBAL_HTTP_PORT="80"
export GLOBAL_HTTPS_PORT="443"
export GLOBAL_DNS_RESOLVERS="9.9.9.9 8.8.8.8 8.8.4.4"
export GLOBAL_LOG_LEVEL="info"
export GLOBAL_USE_BUNKERNET="no"
export GLOBAL_USE_BLACKLIST="no"
export GLOBAL_USE_REVERSE_PROXY="yes"
export GLOBAL_REVERSE_PROXY_HOST="http://app1:8080"
export GLOBAL_REVERSE_PROXY_URL="/"
export CUSTOM_CONF_MODSEC_test_custom_conf='SecRule REQUEST_FILENAME "@rx ^/db" "id:10000,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog"'
fi
manual=0
@ -32,33 +67,53 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
rm -rf init/plugins
rm -rf init/bunkerweb
find . -type f -name 'docker-compose.*' -exec sed -i 's@DATABASE_URI: ".*"$@DATABASE_URI: "sqlite:////var/lib/bunkerweb/db.sqlite3"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@MULTISITE: "yes"$@MULTISITE: "no"@' {} \;
sed -i 's@bwadm.example.com_USE_REVERSE_PROXY@USE_REVERSE_PROXY@' docker-compose.yml
sed -i 's@bwadm.example.com_REVERSE_PROXY_HOST@REVERSE_PROXY_HOST@' docker-compose.yml
sed -i 's@bwadm.example.com_REVERSE_PROXY_URL@REVERSE_PROXY_URL@' docker-compose.yml
sed -i 's@SERVICE_USE_REVERSE_PROXY@GLOBAL_USE_REVERSE_PROXY@' docker-compose.test.yml
sed -i 's@SERVICE_REVERSE_PROXY_HOST@GLOBAL_REVERSE_PROXY_HOST@' docker-compose.test.yml
sed -i 's@SERVICE_REVERSE_PROXY_URL@GLOBAL_REVERSE_PROXY_URL@' docker-compose.test.yml
if [ "$integration" == "docker" ] ; then
rm -rf init/plugins
rm -rf init/bunkerweb
find . -type f -name 'docker-compose.*' -exec sed -i 's@DATABASE_URI: ".*"$@DATABASE_URI: "sqlite:////var/lib/bunkerweb/db.sqlite3"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@MULTISITE: "yes"$@MULTISITE: "no"@' {} \;
sed -i 's@bwadm.example.com_USE_REVERSE_PROXY@USE_REVERSE_PROXY@' docker-compose.yml
sed -i 's@bwadm.example.com_REVERSE_PROXY_HOST@REVERSE_PROXY_HOST@' docker-compose.yml
sed -i 's@bwadm.example.com_REVERSE_PROXY_URL@REVERSE_PROXY_URL@' docker-compose.yml
sed -i 's@SERVICE_USE_REVERSE_PROXY@GLOBAL_USE_REVERSE_PROXY@' docker-compose.test.yml
sed -i 's@SERVICE_REVERSE_PROXY_HOST@GLOBAL_REVERSE_PROXY_HOST@' docker-compose.test.yml
sed -i 's@SERVICE_REVERSE_PROXY_URL@GLOBAL_REVERSE_PROXY_URL@' docker-compose.test.yml
if [[ $(sed '16!d' docker-compose.yml) = ' bwadm.example.com_SERVER_NAME: "bwadm.example.com"' ]] ; then
sed -i '16d' docker-compose.yml
if [[ $(sed '16!d' docker-compose.yml) = ' bwadm.example.com_SERVER_NAME: "bwadm.example.com"' ]] ; then
sed -i '16d' docker-compose.yml
fi
if [[ $(sed '20!d' docker-compose.yml) = " bwadm.example.com_CUSTOM_CONF_MODSEC_CRS_test_service_conf: 'SecRule REQUEST_FILENAME \"@rx ^/test\" \"id:10001,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog\"'" ]] ; then
sed -i '20d' docker-compose.yml
fi
if [[ $(sed '16!d' docker-compose.test.yml) = ' SERVICE_SERVER_NAME: "bwadm.example.com"' ]] ; then
sed -i '16d' docker-compose.test.yml
fi
if [[ $(sed '20!d' docker-compose.test.yml) = " CUSTOM_CONF_SERVICE_MODSEC_CRS_test_service_conf: 'SecRule REQUEST_FILENAME \"@rx ^/test\" \"id:10001,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog\"'" ]] ; then
sed -i '20d' docker-compose.test.yml
fi
else
sudo rm -rf /etc/bunkerweb/plugins/*
sudo sed -i 's@MULTISITE=.*$@MULTISITE=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@DATABASE_URI=.*$@DATABASE_URI=sqlite:////var/lib/bunkerweb/db.sqlite3@' /etc/bunkerweb/variables.env
sudo sed -i 's@bwadm.example.com_@@g' /etc/bunkerweb/variables.env
if [[ $(sudo tail -n 1 /etc/bunkerweb/variables.env) = "SERVER_NAME=bwadm.example.com" ]] ; then
sudo sed -i '$ d' /etc/bunkerweb/variables.env
fi
unset GLOBAL_MULTISITE
unset SERVICE_USE_REVERSE_PROXY
unset SERVICE_REVERSE_PROXY_HOST
unset SERVICE_REVERSE_PROXY_URL
unset CUSTOM_CONF_SERVICE_MODSEC_CRS_test_service_conf
export GLOBAL_USE_REVERSE_PROXY="yes"
export GLOBAL_REVERSE_PROXY_HOST="http://app1:8080"
export GLOBAL_REVERSE_PROXY_URL="/"
sudo rm -f /etc/bunkerweb/configs/modsec-crs/bwadm.example.com/test_service_conf.conf
fi
if [[ $(sed '20!d' docker-compose.yml) = " bwadm.example.com_CUSTOM_CONF_MODSEC_CRS_test_service_conf: 'SecRule REQUEST_FILENAME \"@rx ^/test\" \"id:2,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog\"'" ]] ; then
sed -i '20d' docker-compose.yml
fi
if [[ $(sed '16!d' docker-compose.test.yml) = ' SERVICE_SERVER_NAME: "bwadm.example.com"' ]] ; then
sed -i '16d' docker-compose.test.yml
fi
if [[ $(sed '20!d' docker-compose.test.yml) = " CUSTOM_CONF_SERVICE_MODSEC_CRS_test_service_conf: 'SecRule REQUEST_FILENAME \"@rx ^/test\" \"id:2,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog\"'" ]] ; then
sed -i '20d' docker-compose.test.yml
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -66,10 +121,15 @@ cleanup_stack () {
echo "💾 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "💾 Down failed ❌"
echo "💾 Cleanup failed ❌"
exit 1
fi
@ -79,74 +139,125 @@ cleanup_stack () {
# Cleanup stack on exit
trap cleanup_stack EXIT
echo "💾 Creating the bw-docker network ..."
docker network create bw-docker
echo "💾 Initializing workspace ..."
if [ "$integration" == "docker" ] ; then
echo "💾 Creating the bw-docker network ..."
docker network create bw-docker
echo "💾 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "💾 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "💾 Up failed ❌"
exit 1
fi
fi
rm -rf init/plugins init/bunkerweb
mkdir -p init/plugins init/bunkerweb
docker compose -f docker-compose.init.yml up --build
if [ $? -ne 0 ] ; then
echo "💾 Build failed ❌"
exit 1
elif ! [[ -d "init/plugins/clamav" ]]; then
echo "💾 ClamAV plugin not found ❌"
exit 1
elif ! [[ -d "init/bunkerweb/core" ]]; then
echo "💾 BunkerWeb's core plugins directory not found ❌"
exit 1
elif ! [[ -d "init/bunkerweb/db" ]]; then
echo "💾 BunkerWeb's database directory not found ❌"
exit 1
elif ! [[ -f "init/bunkerweb/settings.json" ]]; then
echo "💾 BunkerWeb's settings file not found ❌"
exit 1
fi
echo "💾 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "💾 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "💾 Up failed ❌"
echo "💾 Build failed ❌"
exit 1
fi
else
sudo rm -rf external bunkerweb bunkerweb-plugins
echo "💾 Cloning BunkerWeb Plugins ..."
git clone https://github.com/bunkerity/bunkerweb-plugins.git
echo "💾 Extracting ClamAV plugin ..."
mkdir external
sudo cp -r bunkerweb-plugins/clamav external/clamav
sudo cp -r external/clamav /etc/bunkerweb/plugins/clamav
rm -rf bunkerweb-plugins
echo "💾 Extracting settings.json file, db and core directory ..."
mkdir bunkerweb
sudo cp /usr/share/bunkerweb/settings.json bunkerweb/
sudo cp -r /usr/share/bunkerweb/core bunkerweb/
sudo cp -r /usr/share/bunkerweb/db bunkerweb/
sudo chown -R nginx:nginx /etc/bunkerweb
sudo chmod -R 777 /etc/bunkerweb/plugins external bunkerweb
fi
echo "💾 Initializing workspace ..."
rm -rf init/plugins init/bunkerweb
mkdir -p init/plugins init/bunkerweb
docker compose -f docker-compose.init.yml up --build
if [ $? -ne 0 ] ; then
echo "💾 Build failed ❌"
exit 1
elif ! [[ -d "init/plugins/clamav" ]]; then
echo "💾 ClamAV plugin not found ❌"
exit 1
elif ! [[ -d "init/bunkerweb/core" ]]; then
echo "💾 BunkerWeb's core plugins directory not found ❌"
exit 1
elif ! [[ -d "init/bunkerweb/db" ]]; then
echo "💾 BunkerWeb's database directory not found ❌"
exit 1
elif ! [[ -f "init/bunkerweb/settings.json" ]]; then
echo "💾 BunkerWeb's settings file not found ❌"
exit 1
tests="local multisite"
if [ "$integration" == "docker" ] ; then
tests="$tests mariadb mysql postgres"
fi
manual=1
cleanup_stack
manual=0
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "💾 Build failed ❌"
exit 1
fi
for test in "local" "multisite" "mariadb" "mysql" "postgres"
for test in $tests
do
echo "💾 Creating the bw-docker network ..."
docker network create bw-docker
if [ "$integration" == "docker" ] ; then
echo "💾 Creating the bw-docker network ..."
docker network create bw-docker
fi
if [ "$test" = "local" ] ; then
echo "💾 Running tests with a local database ..."
elif [ "$test" = "multisite" ] ; then
echo "💾 Running tests with MULTISITE set to yes and with multisite settings ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@MULTISITE: "no"$@MULTISITE: "yes"@' {} \;
sed -i '16i \ bwadm.example.com_SERVER_NAME: "bwadm.example.com"' docker-compose.yml
sed -i "21i \ bwadm.example.com_CUSTOM_CONF_MODSEC_CRS_test_service_conf: 'SecRule REQUEST_FILENAME \"@rx ^/test\" \"id:2,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog\"'" docker-compose.yml
sed -i 's@USE_REVERSE_PROXY@bwadm.example.com_USE_REVERSE_PROXY@' docker-compose.yml
sed -i 's@REVERSE_PROXY_HOST@bwadm.example.com_REVERSE_PROXY_HOST@' docker-compose.yml
sed -i 's@REVERSE_PROXY_URL@bwadm.example.com_REVERSE_PROXY_URL@' docker-compose.yml
sed -i "21i \ CUSTOM_CONF_SERVICE_MODSEC_CRS_test_service_conf: 'SecRule REQUEST_FILENAME \"@rx ^/test\" \"id:2,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog\"'" docker-compose.test.yml
sed -i 's@GLOBAL_USE_REVERSE_PROXY@SERVICE_USE_REVERSE_PROXY@' docker-compose.test.yml
sed -i 's@GLOBAL_REVERSE_PROXY_HOST@SERVICE_REVERSE_PROXY_HOST@' docker-compose.test.yml
sed -i 's@GLOBAL_REVERSE_PROXY_URL@SERVICE_REVERSE_PROXY_URL@' docker-compose.test.yml
sed -i 's@GLOBAL_SERVER_NAME@SERVICE_SERVER_NAME@' docker-compose.test.yml
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@MULTISITE: "no"$@MULTISITE: "yes"@' {} \;
sed -i '16i \ bwadm.example.com_SERVER_NAME: "bwadm.example.com"' docker-compose.yml
sed -i "21i \ bwadm.example.com_CUSTOM_CONF_MODSEC_CRS_test_service_conf: 'SecRule REQUEST_FILENAME \"@rx ^/test\" \"id:10001,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog\"'" docker-compose.yml
sed -i 's@USE_REVERSE_PROXY@bwadm.example.com_USE_REVERSE_PROXY@' docker-compose.yml
sed -i 's@REVERSE_PROXY_HOST@bwadm.example.com_REVERSE_PROXY_HOST@' docker-compose.yml
sed -i 's@REVERSE_PROXY_URL@bwadm.example.com_REVERSE_PROXY_URL@' docker-compose.yml
sed -i '16i \ SERVICE_SERVER_NAME: "bwadm.example.com"' docker-compose.test.yml
sed -i "21i \ CUSTOM_CONF_SERVICE_MODSEC_CRS_test_service_conf: 'SecRule REQUEST_FILENAME \"@rx ^/test\" \"id:10001,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog\"'" docker-compose.test.yml
sed -i 's@GLOBAL_USE_REVERSE_PROXY@SERVICE_USE_REVERSE_PROXY@' docker-compose.test.yml
sed -i 's@GLOBAL_REVERSE_PROXY_HOST@SERVICE_REVERSE_PROXY_HOST@' docker-compose.test.yml
sed -i 's@GLOBAL_REVERSE_PROXY_URL@SERVICE_REVERSE_PROXY_URL@' docker-compose.test.yml
else
sudo sed -i 's@MULTISITE=.*$@MULTISITE=yes@' /etc/bunkerweb/variables.env
echo "bwadm.example.com_SERVER_NAME=bwadm.example.com" | sudo tee -a /etc/bunkerweb/variables.env
sudo mkdir -p /etc/bunkerweb/configs/modsec-crs/bwadm.example.com
echo 'SecRule REQUEST_FILENAME "@rx ^/test" "id:10001,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog"' | sudo tee /etc/bunkerweb/configs/modsec-crs/bwadm.example.com/test_service_conf.conf
sudo chown -R nginx:nginx /etc/bunkerweb
sudo chmod 777 /etc/bunkerweb/configs/modsec-crs/bwadm.example.com/test_service_conf.conf
sudo sed -i 's@USE_REVERSE_PROXY@bwadm.example.com_USE_REVERSE_PROXY@' /etc/bunkerweb/variables.env
sudo sed -i 's@REVERSE_PROXY_HOST@bwadm.example.com_REVERSE_PROXY_HOST@' /etc/bunkerweb/variables.env
sudo sed -i 's@REVERSE_PROXY_URL@bwadm.example.com_REVERSE_PROXY_URL@' /etc/bunkerweb/variables.env
export GLOBAL_MULTISITE="yes"
export CUSTOM_CONF_SERVICE_MODSEC_CRS_test_service_conf='SecRule REQUEST_FILENAME "@rx ^/test" "id:10001,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog"'
export SERVICE_USE_REVERSE_PROXY=$GLOBAL_USE_REVERSE_PROXY
export SERVICE_REVERSE_PROXY_HOST=$GLOBAL_REVERSE_PROXY_HOST
export SERVICE_REVERSE_PROXY_URL=$GLOBAL_REVERSE_PROXY_URL
export SERVICE_SERVER_NAME=$GLOBAL_SERVER_NAME
unset GLOBAL_USE_REVERSE_PROXY
unset GLOBAL_REVERSE_PROXY_HOST
unset GLOBAL_REVERSE_PROXY_URL
fi
elif [ "$test" = "mariadb" ] ; then
echo "💾 Running tests with MariaDB database ..."
echo " Keeping the MULTISITE variable to yes and multisite settings ..."
@ -204,34 +315,42 @@ do
fi
echo "💾 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "💾 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
if [ "$test" = "mariadb" ] ; then
docker compose -f docker-compose.mariadb.yml up -d
if [ $? -ne 0 ] ; then
echo "💾 Up failed ❌"
exit 1
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "💾 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
if [ "$test" = "mariadb" ] ; then
docker compose -f docker-compose.mariadb.yml up -d
if [ $? -ne 0 ] ; then
echo "💾 Up failed ❌"
exit 1
fi
elif [ "$test" = "mysql" ] ; then
docker compose -f docker-compose.mysql.yml up -d
if [ $? -ne 0 ] ; then
echo "💾 Up failed ❌"
exit 1
fi
elif [ "$test" = "postgres" ] ; then
docker compose -f docker-compose.postgres.yml up -d
if [ $? -ne 0 ] ; then
echo "💾 Up failed ❌"
exit 1
fi
fi
elif [ "$test" = "mysql" ] ; then
docker compose -f docker-compose.mysql.yml up -d
if [ $? -ne 0 ] ; then
echo "💾 Up failed ❌"
exit 1
fi
elif [ "$test" = "postgres" ] ; then
docker compose -f docker-compose.postgres.yml up -d
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "💾 Up failed ❌"
exit 1
fi
fi
manual=0
docker compose up -d
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "💾 Up failed ❌"
echo "💾 Start failed ❌"
exit 1
fi
fi
@ -239,39 +358,92 @@ do
# Check if stack is healthy
echo "💾 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("db-bw-1" "db-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("db-bw-1" "db-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "💾 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "💾 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "💾 Docker stack is not healthy ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "💾 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "💾 Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "💾 ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "💾 Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "💾 Docker stack is not healthy ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
sudo -E python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "💾 Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "💾 Test \"$test\" succeeded ✅"
@ -283,13 +455,15 @@ do
echo " "
echo "💾 Removing bw-docker network ..."
if [ "$integration" == "docker" ] ; then
echo "💾 Removing bw-docker network ..."
docker network rm bw-docker
docker network rm bw-docker
if [ $? -ne 0 ] ; then
echo "💾 Network removal failed ❌"
exit 1
if [ $? -ne 0 ] ; then
echo "💾 Network removal failed ❌"
exit 1
fi
fi
done

2
tests/core/dnsbl/docker-compose.test.yml
View file

@ -6,7 +6,7 @@ services:
environment:
PYTHONUNBUFFERED: "1"
USE_DNSBL: "yes"
DNSBL_LIST: "bl.blocklist.de problems.dnsbl.sorbs.net"
DNSBL_LIST: ""
extra_hosts:
- "www.example.com:192.168.0.2"
networks:

2
tests/core/dnsbl/docker-compose.yml
View file

@ -17,7 +17,7 @@ services:
# ? DNSBL settings
USE_DNSBL: "yes"
DNSBL_LIST: "bl.blocklist.de problems.dnsbl.sorbs.net"
DNSBL_LIST: ""
networks:
bw-universe:
bw-services:

11
tests/core/dnsbl/init/main.py
View file

@ -1,5 +1,6 @@
from contextlib import suppress
from ipaddress import IPv4Address
from os import getenv, sep
from pathlib import Path
from traceback import format_exc
from selenium import webdriver
@ -40,6 +41,12 @@ try:
print(" Checking the DNSBL servers for a banned IP ...", flush=True)
output_path = (
Path(sep, "output", "dnsbl_ip.txt")
if getenv("TEST_TYPE", "docker") == "docker"
else Path(".", "dnsbl_ip.txt")
)
for ip_address in [IPv4Address(f"{x}.0.0.3") for x in range(1, 256)]:
for dnsbl_server in dnsbl_servers:
with suppress(gaierror):
@ -47,10 +54,10 @@ try:
f"{ip_address.reverse_pointer.replace('.in-addr.arpa', '')}.{dnsbl_server}"
)
print(
f"{ip_address} is banned on {dnsbl_server}, saving it to /output/dnsbl_ip.txt",
f"{ip_address} is banned on {dnsbl_server}, saving it to {output_path}",
flush=True,
)
Path("/output/dnsbl_ip.txt").write_text(f"{ip_address} {dnsbl_server}")
output_path.write_text(f"{ip_address} {dnsbl_server}")
exit(0)
except SystemExit as e:
exit(e.code)

62
tests/core/dnsbl/main.py
View file

@ -1,5 +1,6 @@
from contextlib import suppress
from os import getenv
from os import getenv, sep
from os.path import join
from requests import get
from requests.exceptions import RequestException
from time import sleep
@ -31,31 +32,60 @@ try:
sleep(5)
use_dnsbl = getenv("USE_DNSBL", "yes") == "yes"
dnsbl_list = getenv("DNSBL_LIST", "bl.blocklist.de problems.dnsbl.sorbs.net")
dnsbl_list = getenv("DNSBL_LIST", "")
TEST_TYPE = getenv("TEST_TYPE", "docker")
print(
" Sending a request to http://www.example.com ...",
flush=True,
)
passed = False
retries = 0
status_code = get(
f"http://www.example.com", headers={"Host": "www.example.com"}
).status_code
while not passed and retries < 10:
status_code = get(
f"http://www.example.com",
headers={"Host": "www.example.com"}
| (
{"X-Forwarded-For": getenv("IP_ADDRESS", "")}
if TEST_TYPE == "linux"
else {}
),
).status_code
if status_code == 403:
if not use_dnsbl:
print("❌ The request was rejected, but DNSBL is disabled, exiting ...")
exit(1)
elif not dnsbl_list:
print(
"❌ The request was rejected, but DNSBL list is empty, exiting ..."
)
exit(1)
elif use_dnsbl and dnsbl_list:
if retries <= 10:
found = False
with open(join(sep, "var", "log", "bunkerweb", "error.log"), "r") as f:
for line in f.readlines():
if "error while doing A DNS query for" in line:
print(
f"⚠ Found the following error in the logs: {line}, retrying in 5s ...",
flush=True,
)
found = True
break
if found:
retries += 1
sleep(5)
continue
if status_code == 403:
if not use_dnsbl:
print("❌ The request was rejected, but DNSBL is disabled, exiting ...")
exit(1)
elif dnsbl_list == "bl.blocklist.de problems.dnsbl.sorbs.net":
print(
'❌ The request was rejected, but DNSBL list is equal to "bl.blocklist.de problems.dnsbl.sorbs.net", exiting ...'
f'❌ The request was not rejected, but DNSBL list is equal to "{dnsbl_list}", exiting ...'
)
exit(1)
elif use_dnsbl and dnsbl_list != "bl.blocklist.de problems.dnsbl.sorbs.net":
print(
f'❌ The request was not rejected, but DNSBL list is equal to "{dnsbl_list}", exiting ...'
)
exit(1)
passed = True
print("✅ DNSBL is working as expected ...", flush=True)
except SystemExit:

255
tests/core/dnsbl/test.sh
View file

@ -1,17 +1,39 @@
#!/bin/bash
echo "🚫 Building dnsbl stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🚫 Pull failed ❌"
if [ -z "$integration" ] ; then
echo "🚫 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🚫 Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🚫 Build failed ❌"
exit 1
echo "🚫 Building dnsbl stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🚫 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🚫 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
sudo pip install -r requirements.txt
echo "USE_REAL_IP=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "REAL_IP_FROM=127.0.0.0/24" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_DNSBL=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "DNSBL_LIST=" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
export TEST_TYPE="linux"
fi
manual=0
@ -19,12 +41,19 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
rm -rf init/output
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_DNSBL: "no"@USE_DNSBL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@DNSBL_LIST: ".*"@DNSBL_LIST: "bl.blocklist.de problems.dnsbl.sorbs.net"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@ipv4_address: [0-9][0-9]*\.0@ipv4_address: 192.168@' {} \;
sed -i 's@subnet: [0-9][0-9]*\.0@subnet: 192.168@' docker-compose.yml
sed -i 's@www.example.com:[0-9][0-9]*\.0@www.example.com:192.168@' docker-compose.test.yml
if [ "$integration" == "docker" ] ; then
rm -rf init/output
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_DNSBL: "no"@USE_DNSBL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@DNSBL_LIST: ".*"@DNSBL_LIST: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@ipv4_address: [0-9][0-9]*\.0@ipv4_address: 192.168@' {} \;
sed -i 's@subnet: [0-9][0-9]*\.0@subnet: 192.168@' docker-compose.yml
sed -i 's@www.example.com:[0-9][0-9]*\.0@www.example.com:192.168@' docker-compose.test.yml
else
sudo sed -i 's@USE_DNSBL=.*$@USE_DNSBL=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@DNSBL_LIST=.*$@DNSBL_LIST=@' /etc/bunkerweb/variables.env
unset USE_DNSBL
unset DNSBL_LIST
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -32,10 +61,15 @@ cleanup_stack () {
echo "🚫 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🚫 Down failed ❌"
echo "🚫 Cleanup failed ❌"
exit 1
fi
@ -46,18 +80,32 @@ cleanup_stack () {
trap cleanup_stack EXIT
echo "🚫 Initializing workspace ..."
rm -rf init/output
mkdir -p init/output
docker compose -f docker-compose.init.yml up --build
if [ $? -ne 0 ] ; then
echo "🚫 Build failed ❌"
exit 1
elif ! [[ -f "init/output/dnsbl_ip.txt" ]] ; then
echo "🚫 Initialization failed, dnsbl_ip.txt not found ❌"
exit 1
if [ "$integration" = "docker" ] ; then
rm -rf init/output
mkdir -p init/output
docker compose -f docker-compose.init.yml up --build
if [ $? -ne 0 ] ; then
echo "🚫 Build failed ❌"
exit 1
elif ! [[ -f "init/output/dnsbl_ip.txt" ]] ; then
echo "🚫 Initialization failed, dnsbl_ip.txt not found ❌"
exit 1
fi
content=($(cat init/output/dnsbl_ip.txt))
else
python3 init/main.py
if [ $? -ne 0 ] ; then
echo "🚫 Initialization failed ❌"
exit 1
elif ! [[ -f "dnsbl_ip.txt" ]] ; then
echo "🚫 Initialization failed, dnsbl_ip.txt not found ❌"
exit 1
fi
content=($(cat dnsbl_ip.txt))
fi
content=($(cat init/output/dnsbl_ip.txt))
ip=${content[0]}
server=${content[1]}
@ -68,29 +116,55 @@ for test in "activated" "deactivated" "list"
do
if [ "$test" = "activated" ] ; then
echo "🚫 Running tests with DNSBL activated and the server $server added to the list ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@DNSBL_LIST: ".*"@DNSBL_LIST: "bl.blocklist.de problems.dnsbl.sorbs.net '"$server"'"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@ipv4_address: 192.168@ipv4_address: '"${ip%%.*}"'.0@' {} \;
sed -i 's@subnet: 192.168@subnet: '"${ip%%.*}"'.0@' docker-compose.yml
sed -i 's@www.example.com:192.168@www.example.com:'"${ip%%.*}"'.0@' docker-compose.test.yml
if [ "$integration" = "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@DNSBL_LIST: ".*"@DNSBL_LIST: "'"$server"'"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@ipv4_address: 192.168@ipv4_address: '"${ip%%.*}"'.0@' {} \;
sed -i 's@subnet: 192.168@subnet: '"${ip%%.*}"'.0@' docker-compose.yml
sed -i 's@www.example.com:192.168@www.example.com:'"${ip%%.*}"'.0@' docker-compose.test.yml
else
sudo sed -i 's@DNSBL_LIST=.*$@DNSBL_LIST='"$server"'@' /etc/bunkerweb/variables.env
export DNSBL_LIST="$server"
export IP_ADDRESS="$ip"
fi
elif [ "$test" = "deactivated" ] ; then
echo "🚫 Running tests without DNSBL ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_DNSBL: "yes"@USE_DNSBL: "no"@' {} \;
if [ "$integration" = "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_DNSBL: "yes"@USE_DNSBL: "no"@' {} \;
else
sudo sed -i 's@USE_DNSBL=.*$@USE_DNSBL=no@' /etc/bunkerweb/variables.env
export USE_DNSBL="no"
fi
elif [ "$test" = "list" ] ; then
echo "🚫 Running tests with DNSBL activated and without the server $server added to the list ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_DNSBL: "no"@USE_DNSBL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@DNSBL_LIST: ".*"@DNSBL_LIST: "bl.blocklist.de problems.dnsbl.sorbs.net"@' {} \;
if [ "$integration" = "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_DNSBL: "no"@USE_DNSBL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@DNSBL_LIST: ".*"@DNSBL_LIST: ""@' {} \;
else
sudo sed -i 's@USE_DNSBL=.*$@USE_DNSBL=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@DNSBL_LIST=.*$@DNSBL_LIST=@' /etc/bunkerweb/variables.env
unset USE_DNSBL
unset DNSBL_LIST
fi
fi
echo "🚫 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🚫 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🚫 Up failed ❌"
echo "🚫 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🚫 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🚫 Start failed ❌"
exit 1
fi
fi
@ -98,37 +172,98 @@ do
# Check if stack is healthy
echo "🚫 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("dnsbl-bw-1" "dnsbl-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("dnsbl-bw-1" "dnsbl-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🚫 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🚫 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🚫 Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "🚫 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🚫 Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "🚫 ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
elif sudo grep -q "dnsbl check for $server failed" "/var/log/bunkerweb/error.log" ; then
echo "🚫 ⚠ Couldn't check DNSBL server $server, restarting ..."
manual=1
cleanup_stack
manual=0
sleep 10
sudo systemctl start bunkerweb
retries=$((retries+0.2))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "🚫 Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🚫 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
sudo -E python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🚫 Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🚫 Test \"$test\" succeeded ✅"

190
tests/core/errors/test.sh
View file

@ -1,17 +1,36 @@
#!/bin/bash
echo "⭕ Building errors stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "⭕ Pull failed ❌"
if [ -z "$integration" ] ; then
echo "⭕ Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "⭕ Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "⭕ Build failed ❌"
exit 1
echo "⭕ Building errors stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "⭕ Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "⭕ Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "ERRORS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "INTERCEPTED_ERROR_CODES=400 401 403 404 405 413 429 500 501 502 503 504" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
sudo mkdir -p /var/www/html/errors
sudo cp "403.html" "/var/www/html/errors/403.html"
fi
manual=0
@ -19,8 +38,15 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@ERRORS: "403=/errors/403.html"@ERRORS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@INTERCEPTED_ERROR_CODES: "400 401 404 405 413 429 500 501 502 503 504"@INTERCEPTED_ERROR_CODES: "400 401 403 404 405 413 429 500 501 502 503 504"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@ERRORS: "403=/errors/403.html"@ERRORS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@INTERCEPTED_ERROR_CODES: "400 401 403 404 405 413 429 500 501 502 503 504"@INTERCEPTED_ERROR_CODES: "400 401 403 404 405 413 429 500 501 502 503 504"@' {} \;
else
sudo sed -i 's@ERRORS=.*$@ERRORS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@INTERCEPTED_ERROR_CODES=.*$@INTERCEPTED_ERROR_CODES=400 401 403 404 405 413 429 500 501 502 503 504@' /etc/bunkerweb/variables.env
unset ERRORS
unset INTERCEPTED_ERROR_CODES
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -28,10 +54,15 @@ cleanup_stack () {
echo "⭕ Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "⭕ Down failed ❌"
echo "⭕ Cleanup failed ❌"
exit 1
fi
@ -47,23 +78,43 @@ do
echo "⭕ Running tests with default configuration ..."
elif [ "$test" = "custom_403" ] ; then
echo "⭕ Running tests with a custom 403 page ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@ERRORS: ""@ERRORS: "403=/errors/403.html"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@ERRORS: ""@ERRORS: "403=/errors/403.html"@' {} \;
else
sudo sed -i 's@ERRORS=@ERRORS=403=/errors/403.html@' /etc/bunkerweb/variables.env
export ERRORS="403=/errors/403.html"
fi
elif [ "$test" = "without_403" ] ; then
echo "⭕ Running tests without a 403 being intercepted ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@ERRORS: "403=/errors/403.html"@ERRORS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@INTERCEPTED_ERROR_CODES: "400 401 403 404 405 413 429 500 501 502 503 504"@INTERCEPTED_ERROR_CODES: "400 401 404 405 413 429 500 501 502 503 504"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@ERRORS: "403=/errors/403.html"@ERRORS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@INTERCEPTED_ERROR_CODES: "400 401 403 404 405 413 429 500 501 502 503 504"@INTERCEPTED_ERROR_CODES: "400 401 404 405 413 429 500 501 502 503 504"@' {} \;
else
sudo sed -i 's@ERRORS=.*$@ERRORS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@INTERCEPTED_ERROR_CODES=.*$@INTERCEPTED_ERROR_CODES=400 401 404 405 413 429 500 501 502 503 504@' /etc/bunkerweb/variables.env
unset ERRORS
export INTERCEPTED_ERROR_CODES="400 401 404 405 413 429 500 501 502 503 504"
fi
fi
echo "⭕ Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "⭕ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "⭕ Up failed ❌"
echo "⭕ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "⭕ Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "⭕ Start failed ❌"
exit 1
fi
fi
@ -71,37 +122,92 @@ do
# Check if stack is healthy
echo "⭕ Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("errors-bw-1" "errors-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("errors-bw-1" "errors-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "⭕ Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "⭕ Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "⭕ Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "⭕ Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "⭕ Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "⭕ ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "⭕ Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "⭕ Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "⭕ Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛡️ Showing Geckodriver logs ..."
sudo cat geckodriver.log
fi
exit 1
else
echo "⭕ Test \"$test\" succeeded ✅"

11
tests/core/greylist/api/main.py
View file

@ -1,3 +1,4 @@
from os import getenv
from fastapi import FastAPI
from fastapi.responses import PlainTextResponse
@ -7,7 +8,7 @@ app = FastAPI()
@app.get("/ip")
async def ip():
return PlainTextResponse("192.168.0.3\n10.0.0.0/8\n127.0.0.1/32")
return PlainTextResponse("192.168.0.3\n10.0.0.0/8\n127.0.0.0/24")
@app.get("/rdns")
@ -17,7 +18,7 @@ async def rdns():
@app.get("/asn")
async def asn():
return PlainTextResponse("1234\n13335\n5678")
return PlainTextResponse(f"1234\n{getenv('AS_NUMBER', '13335')}\n5678")
@app.get("/user_agent")
@ -28,3 +29,9 @@ async def user_agent():
@app.get("/uri")
async def uri():
return PlainTextResponse("/admin\n/login")
if __name__ == "__main__":
import uvicorn
uvicorn.run(app, host="127.0.0.1", port=8080)

3
tests/core/greylist/docker-compose.yml
View file

@ -60,6 +60,8 @@ services:
greylist-api:
build: api
environment:
AS_NUMBER: ""
networks:
bw-docker:
bw-services:
@ -68,6 +70,7 @@ services:
volumes:
bw-data:
networks:
bw-universe:
name: bw-universe

15
tests/core/greylist/init/main.py
View file

@ -1,8 +1,9 @@
from datetime import date
from gzip import GzipFile
from io import BytesIO
from pathlib import Path
from os import getenv, sep
from maxminddb import MODE_FD, open_database
from pathlib import Path
from requests import get
# Compute the mmdb URL
@ -18,7 +19,13 @@ with get(mmdb_url, stream=True) as resp:
file_content.write(chunk)
file_content.seek(0)
with open_database(GzipFile(fileobj=file_content, mode="rb"), mode=MODE_FD) as reader:
output_path = (
Path(sep, "output", "ip_asn.txt")
if getenv("TEST_TYPE", "docker") == "docker"
else Path(".", "ip_asn.txt")
)
with open_database(GzipFile(fileobj=file_content, mode="rb"), mode=MODE_FD) as reader: # type: ignore
dbip_asn = reader.get("1.0.0.3")
if not dbip_asn:
@ -26,8 +33,8 @@ with open_database(GzipFile(fileobj=file_content, mode="rb"), mode=MODE_FD) as r
exit(1)
print(
f"✅ ASN for IP 1.0.0.3 is {dbip_asn['autonomous_system_number']}, saving it to /output/ip_asn.txt",
f"✅ ASN for IP 1.0.0.3 is {dbip_asn['autonomous_system_number']}, saving it to {output_path}", # type: ignore
flush=True,
)
Path("/output/ip_asn.txt").write_text(str(dbip_asn["autonomous_system_number"]))
output_path.write_text(str(dbip_asn["autonomous_system_number"])) # type: ignore

8
tests/core/greylist/main.py
View file

@ -47,7 +47,13 @@ try:
print(" Sending a request to http://www.example.com ...", flush=True)
status_code = get(
"http://www.example.com", headers={"Host": "www.example.com"}
"http://www.example.com",
headers={"Host": "www.example.com"}
| (
{"X-Forwarded-For": "1.0.0.3"}
if getenv("TEST_TYPE", "docker") == "linux" and _global
else {}
),
).status_code
print(f" Status code: {status_code}", flush=True)

428
tests/core/greylist/test.sh
View file

@ -1,47 +1,106 @@
#!/bin/bash
echo "🏁 Building greylist stack ..."
integration=$1
if [ -z "$integration" ] ; then
echo "🏁 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🏁 Integration \"$integration\" is not supported ❌"
exit 1
fi
echo "🏁 Building greylist stack for integration \"$integration\" ..."
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🏁 Pull failed ❌"
exit 1
fi
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🏁 Pull failed ❌"
exit 1
fi
echo "🏁 Building custom api image ..."
docker compose build greylist-api
if [ $? -ne 0 ] ; then
echo "🏁 Build failed ❌"
exit 1
fi
echo "🏁 Building custom api image ..."
docker compose build greylist-api
if [ $? -ne 0 ] ; then
echo "🏁 Build failed ❌"
exit 1
fi
echo "🏁 Building tests images ..."
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🏁 Build failed ❌"
exit 1
echo "🏁 Building tests images ..."
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🏁 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "USE_REAL_IP=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "REAL_IP_FROM=127.0.0.0/24" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_GREYLIST=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_IP=" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_IP_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_RDNS_GLOBAL=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_RDNS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_RDNS_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_ASN=" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_ASN_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_USER_AGENT=" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_USER_AGENT_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_URI=" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_URI_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
export TEST_TYPE="linux"
fi
manual=0
end=0
as_number=0
AS_NUMBER=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
rm -rf init/output
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_GREYLIST: "yes"@USE_GREYLIST: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP: "192.168.0.0/24"@GREYLIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP_URLS: "http://greylist-api:8080/ip"@GREYLIST_IP_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS_GLOBAL: "no"@GREYLIST_RDNS_GLOBAL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS: ".bw-services"@GREYLIST_RDNS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS_URLS: "http://greylist-api:8080/rdns"@GREYLIST_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN: "[0-9]*"@GREYLIST_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN_URLS: "http://greylist-api:8080/asn"@GREYLIST_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT: "BunkerBot"@GREYLIST_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT_URLS: "http://greylist-api:8080/user_agent"@GREYLIST_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_URI: "/admin"@GREYLIST_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_URI_URLS: "http://greylist-api:8080/uri"@GREYLIST_URI_URLS: ""@' {} \;
if [ "$integration" = "docker" ] ; then
rm -rf init/output
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_GREYLIST: "yes"@USE_GREYLIST: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP: "192.168.0.0/24"@GREYLIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP_URLS: "http://greylist-api:8080/ip"@GREYLIST_IP_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS_GLOBAL: "no"@GREYLIST_RDNS_GLOBAL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS: ".bw-services"@GREYLIST_RDNS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS_URLS: "http://greylist-api:8080/rdns"@GREYLIST_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN: "[0-9]*"@GREYLIST_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN_URLS: "http://greylist-api:8080/asn"@GREYLIST_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT: "BunkerBot"@GREYLIST_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT_URLS: "http://greylist-api:8080/user_agent"@GREYLIST_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_URI: "/admin"@GREYLIST_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_URI_URLS: "http://greylist-api:8080/uri"@GREYLIST_URI_URLS: ""@' {} \;
else
sudo sed -i 's@USE_GREYLIST=.*$@USE_GREYLIST=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_IP=.*$@GREYLIST_IP=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_IP_URLS=.*$@GREYLIST_IP_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_RDNS_GLOBAL=.*$@GREYLIST_RDNS_GLOBAL=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_RDNS=.*$@GREYLIST_RDNS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_RDNS_URLS=.*$@GREYLIST_RDNS_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_ASN=.*$@GREYLIST_ASN=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_ASN_URLS=.*$@GREYLIST_ASN_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_USER_AGENT=.*$@GREYLIST_USER_AGENT=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_USER_AGENT_URLS=.*$@GREYLIST_USER_AGENT_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_URI=.*$@GREYLIST_URI=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_URI_URLS=.*$@GREYLIST_URI_URLS=@' /etc/bunkerweb/variables.env
unset USE_GREYLIST
unset GREYLIST_IP
unset GREYLIST_IP_URLS
unset GREYLIST_RDNS_GLOBAL
unset GREYLIST_RDNS
unset GREYLIST_RDNS_URLS
unset GREYLIST_ASN
unset GREYLIST_ASN_URLS
unset GREYLIST_USER_AGENT
unset GREYLIST_USER_AGENT_URLS
unset GREYLIST_URI
unset GREYLIST_URI_URLS
sudo killall python3
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -49,10 +108,15 @@ cleanup_stack () {
echo "🏁 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🏁 Down failed ❌"
echo "🏁 Cleanup failed ❌"
exit 1
fi
@ -63,39 +127,83 @@ cleanup_stack () {
trap cleanup_stack EXIT
echo "🏁 Initializing workspace ..."
rm -rf init/output
mkdir -p init/output
docker compose -f docker-compose.init.yml up --build
if [ $? -ne 0 ] ; then
echo "🏁 Build failed ❌"
exit 1
elif ! [[ -f "init/output/ip_asn.txt" ]]; then
echo "🏁 ip_asn.txt not found ❌"
exit 1
if [ "$integration" == "docker" ] ; then
rm -rf init/output
mkdir -p init/output
docker compose -f docker-compose.init.yml up --build
if [ $? -ne 0 ] ; then
echo "🏁 Init failed ❌"
exit 1
elif ! [[ -f "init/output/ip_asn.txt" ]]; then
echo "🏁 ip_asn.txt not found ❌"
exit 1
fi
AS_NUMBER=$(cat init/output/ip_asn.txt)
rm -rf init/output
else
echo "🏁 Starting init ..."
python3 init/main.py
if [ $? -ne 0 ] ; then
echo "🏁 Init failed ❌"
exit 1
elif ! [[ -f "ip_asn.txt" ]]; then
echo "🏁 ip_asn.txt not found ❌"
exit 1
fi
AS_NUMBER=$(cat ip_asn.txt)
fi
as_number=$(cat init/output/ip_asn.txt)
if [[ $as_number = "" ]]; then
if [[ $AS_NUMBER = "" ]]; then
echo "🏁 AS number not found ❌"
exit 1
fi
rm -rf init/output
export AS_NUMBER
for test in "deactivated" "ip" "ip_urls" "rdns" "rdns_global" "rdns_urls" "asn" "asn_urls" "user_agent" "user_agent_urls" "uri" "uri_urls"
if [ "$integration" == "docker" ] ; then
sudo sed -i 's@AS_NUMBER: ".*"$@AS_NUMBER: "'"$AS_NUMBER"'"@' docker-compose.yml
else
echo "🏁 Starting api ..."
python3 api/main.py &
fi
tests="deactivated ip ip_urls asn asn_urls user_agent user_agent_urls uri uri_urls"
if [ "$integration" == "docker" ] ; then
tests="deactivated ip ip_urls rdns rdns_global rdns_urls asn asn_urls user_agent user_agent_urls uri uri_urls"
fi
for test in $tests
do
if [ "$test" = "deactivated" ] ; then
echo "🏁 Running tests when the greylist is deactivated ..."
elif [ "$test" = "ip" ] ; then
echo "🏁 Running tests with the network 192.168.0.0/24 in the grey list ..."
echo " Activating the greylist for all the future tests ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_GREYLIST: "no"@USE_GREYLIST: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP: ""@GREYLIST_IP: "192.168.0.0/24"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏁 Running tests with the network 192.168.0.0/24 in the grey list ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_GREYLIST: "no"@USE_GREYLIST: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP: ""@GREYLIST_IP: "192.168.0.0/24"@' {} \;
else
echo "🏁 Running tests with the network 127.0.0.0/24 in the grey list ..."
sudo sed -i 's@USE_GREYLIST=.*$@USE_GREYLIST=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_IP=.*$@GREYLIST_IP=127.0.0.0/24@' /etc/bunkerweb/variables.env
export USE_GREYLIST="yes"
export GREYLIST_IP="127.0.0.0/24"
fi
elif [ "$test" = "ip_urls" ] ; then
echo "🏁 Running tests with greylist's ip url set to http://greylist-api:8080/ip ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP: "192.168.0.0/24"@GREYLIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP_URLS: ""@GREYLIST_IP_URLS: "http://greylist-api:8080/ip"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏁 Running tests with greylist's ip url set to http://greylist-api:8080/ip ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP: "192.168.0.0/24"@GREYLIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP_URLS: ""@GREYLIST_IP_URLS: "http://greylist-api:8080/ip"@' {} \;
else
echo "🏁 Running tests with greylist's ip url set to http://127.0.0.1:8080/ip ..."
sudo sed -i 's@GREYLIST_IP=.*$@GREYLIST_IP=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_IP_URLS=.*$@GREYLIST_IP_URLS=http://127.0.0.1:8080/ip@' /etc/bunkerweb/variables.env
unset GREYLIST_IP
export GREYLIST_IP_URLS="http://127.0.0.1:8080/ip"
fi
elif [ "$test" = "rdns" ] ; then
echo "🏁 Running tests with greylist's rdns set to .bw-services ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_IP_URLS: "http://greylist-api:8080/ip"@GREYLIST_IP_URLS: ""@' {} \;
@ -109,42 +217,95 @@ do
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS: ".bw-services"@GREYLIST_RDNS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS_URLS: ""@GREYLIST_RDNS_URLS: "http://greylist-api:8080/rdns"@' {} \;
elif [ "$test" = "asn" ] ; then
echo "🏁 Running tests with greylist's asn set to $as_number ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS_GLOBAL: "no"@GREYLIST_RDNS_GLOBAL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS_URLS: "http://greylist-api:8080/rdns"@GREYLIST_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN: ""@GREYLIST_ASN: "'"$as_number"'"@' {} \;
echo "🏁 Running tests with greylist's asn set to $AS_NUMBER ..."
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS_GLOBAL: "no"@GREYLIST_RDNS_GLOBAL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_RDNS_URLS: "http://greylist-api:8080/rdns"@GREYLIST_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN: ""@GREYLIST_ASN: "'"$AS_NUMBER"'"@' {} \;
else
sudo sed -i 's@GREYLIST_IP_URLS=.*$@GREYLIST_IP_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_ASN=.*$@GREYLIST_ASN='"$AS_NUMBER"'@' /etc/bunkerweb/variables.env
unset GREYLIST_IP_URLS
export GREYLIST_ASN="$AS_NUMBER"
fi
elif [ "$test" = "asn_urls" ] ; then
echo "🏁 Running tests with greylist's asn url set to http://greylist-api:8080/asn ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN: "'"$as_number"'"@GREYLIST_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN_URLS: ""@GREYLIST_ASN_URLS: "http://greylist-api:8080/asn"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏁 Running tests with greylist's asn url set to http://greylist-api:8080/asn ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN: "'"$AS_NUMBER"'"@GREYLIST_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN_URLS: ""@GREYLIST_ASN_URLS: "http://greylist-api:8080/asn"@' {} \;
else
echo "🏁 Running tests with greylist's asn url set to http://127.0.0.1:8080/asn ..."
sudo sed -i 's@GREYLIST_ASN=.*$@GREYLIST_ASN=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_ASN_URLS=.*$@GREYLIST_ASN_URLS=http://127.0.0.1:8080/asn@' /etc/bunkerweb/variables.env
unset GREYLIST_ASN
export GREYLIST_ASN_URLS="http://127.0.0.1:8080/asn"
fi
elif [ "$test" = "user_agent" ] ; then
echo "🏁 Running tests with greylist's user_agent set to BunkerBot ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN_URLS: "http://greylist-api:8080/asn"@GREYLIST_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT: ""@GREYLIST_USER_AGENT: "BunkerBot"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_ASN_URLS: "http://greylist-api:8080/asn"@GREYLIST_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT: ""@GREYLIST_USER_AGENT: "BunkerBot"@' {} \;
else
sudo sed -i 's@GREYLIST_ASN_URLS=.*$@GREYLIST_ASN_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_USER_AGENT=.*$@GREYLIST_USER_AGENT=BunkerBot@' /etc/bunkerweb/variables.env
unset GREYLIST_ASN_URLS
export GREYLIST_USER_AGENT="BunkerBot"
fi
elif [ "$test" = "user_agent_urls" ] ; then
echo "🏁 Running tests with greylist's user_agent url set to http://greylist-api:8080/user_agent ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT: "BunkerBot"@GREYLIST_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT_URLS: ""@GREYLIST_USER_AGENT_URLS: "http://greylist-api:8080/user_agent"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏁 Running tests with greylist's user_agent url set to http://greylist-api:8080/user_agent ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT: "BunkerBot"@GREYLIST_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT_URLS: ""@GREYLIST_USER_AGENT_URLS: "http://greylist-api:8080/user_agent"@' {} \;
else
echo "🏁 Running tests with greylist's user_agent url set to http://127.0.0.1:8080/user_agent ..."
sudo sed -i 's@GREYLIST_USER_AGENT=.*$@GREYLIST_USER_AGENT=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_USER_AGENT_URLS=.*$@GREYLIST_USER_AGENT_URLS=http://127.0.0.1:8080/user_agent@' /etc/bunkerweb/variables.env
unset GREYLIST_USER_AGENT
export GREYLIST_USER_AGENT_URLS="http://127.0.0.1:8080/user_agent"
fi
elif [ "$test" = "uri" ] ; then
echo "🏁 Running tests with greylist's uri set to /admin ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT_URLS: "http://greylist-api:8080/user_agent"@GREYLIST_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_URI: ""@GREYLIST_URI: "/admin"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_USER_AGENT_URLS: "http://greylist-api:8080/user_agent"@GREYLIST_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_URI: ""@GREYLIST_URI: "/admin"@' {} \;
else
sudo sed -i 's@GREYLIST_USER_AGENT_URLS=.*$@GREYLIST_USER_AGENT_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_URI=.*$@GREYLIST_URI=/admin@' /etc/bunkerweb/variables.env
unset GREYLIST_USER_AGENT_URLS
export GREYLIST_URI="/admin"
fi
elif [ "$test" = "uri_urls" ] ; then
echo "🏁 Running tests with greylist's uri url set to http://greylist-api:8080/uri ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_URI: "/admin"@GREYLIST_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_URI_URLS: ""@GREYLIST_URI_URLS: "http://greylist-api:8080/uri"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏁 Running tests with greylist's uri url set to http://greylist-api:8080/uri ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_URI: "/admin"@GREYLIST_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GREYLIST_URI_URLS: ""@GREYLIST_URI_URLS: "http://greylist-api:8080/uri"@' {} \;
else
echo "🏁 Running tests with greylist's uri url set to http://127.0.0.1:8080/uri ..."
sudo sed -i 's@GREYLIST_URI=.*$@GREYLIST_URI=@' /etc/bunkerweb/variables.env
sudo sed -i 's@GREYLIST_URI_URLS=.*$@GREYLIST_URI_URLS=http://127.0.0.1:8080/uri@' /etc/bunkerweb/variables.env
unset GREYLIST_URI
export GREYLIST_URI_URLS="http://127.0.0.1:8080/uri"
fi
fi
echo "🏁 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🏁 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🏁 Up failed ❌"
echo "🏁 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🏁 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🏁 Start failed ❌"
exit 1
fi
fi
@ -152,27 +313,68 @@ do
# Check if stack is healthy
echo "🏁 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("greylist-bw-1" "greylist-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("greylist-bw-1" "greylist-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🏁 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🏁 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🏁 Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "🏁 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🏁 Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "🏁 ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "🏁 Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🏁 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
@ -180,26 +382,56 @@ do
if ! [[ "$test" = "user_agent" || "$test" = "user_agent_urls" || "$test" = "uri" || "$test" = "uri_urls" ]] ; then
echo "🏁 Running global container tests ..."
docker compose -f docker-compose.test.yml up global-tests --abort-on-container-exit --exit-code-from global-tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up global-tests --abort-on-container-exit --exit-code-from global-tests
else
export GLOBAL="1"
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🏁 Test \"$test\" failed for global tests ❌"
echo "🛡️ Showing BunkerWeb, BunkerWeb Scheduler and Custom API logs ..."
docker compose logs bw bw-scheduler greylist-api
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler greylist-api
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🏁 Test \"$test\" succeeded for global tests ✅"
fi
if [ "$integration" == "linux" ] ; then
sleep 1
fi
fi
echo "🏁 Running local container tests ..."
docker compose -f docker-compose.test.yml up local-tests --abort-on-container-exit --exit-code-from local-tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up local-tests --abort-on-container-exit --exit-code-from local-tests
else
unset GLOBAL
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🏁 Test \"$test\" failed for local tests ❌"
echo "🛡️ Showing BunkerWeb, BunkerWeb Scheduler and Custom API logs ..."
docker compose logs bw bw-scheduler greylist-api
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler greylist-api
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🏁 Test \"$test\" succeeded for local tests ✅"

170
tests/core/gzip/test.sh
View file

@ -1,17 +1,33 @@
#!/bin/bash
echo "🗜️ Building gzip stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker app1
if [ $? -ne 0 ] ; then
echo "🗜️ Pull failed ❌"
if [ -z "$integration" ] ; then
echo "🗜️ Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🗜️ Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🗜️ Build failed ❌"
exit 1
echo "🗜️ Building gzip stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker app1
if [ $? -ne 0 ] ; then
echo "🗜️ Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🗜️ Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "USE_GZIP=no" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
fi
manual=0
@ -19,7 +35,12 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_GZIP: "yes"@USE_GZIP: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_GZIP: "yes"@USE_GZIP: "no"@' {} \;
else
sudo sed -i 's@USE_GZIP=.*$@USE_GZIP=no@' /etc/bunkerweb/variables.env
unset USE_GZIP
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -27,10 +48,15 @@ cleanup_stack () {
echo "🗜️ Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🗜️ Down failed ❌"
echo "🗜️ Cleanup failed ❌"
exit 1
fi
@ -46,19 +72,32 @@ do
echo "🗜️ Running tests without gzip ..."
elif [ "$test" = "activated" ] ; then
echo "🗜️ Running tests with gzip ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_GZIP: "no"@USE_GZIP: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_GZIP: "no"@USE_GZIP: "yes"@' {} \;
else
sudo sed -i 's@USE_GZIP=.*$@USE_GZIP=yes@' /etc/bunkerweb/variables.env
export USE_GZIP="yes"
fi
fi
echo "🗜️ Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🗜️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🗜️ Up failed ❌"
echo "🗜️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🗜️ Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🗜️ Start failed ❌"
exit 1
fi
fi
@ -66,37 +105,90 @@ do
# Check if stack is healthy
echo "🗜️ Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("gzip-bw-1" "gzip-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("gzip-bw-1" "gzip-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🗜️ Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🗜️ Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🗜️ Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "🗜️ Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🗜️ Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "🗜️ ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "🗜️ Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🗜️ Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🗜️ Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🗜️ Test \"$test\" succeeded ✅"

372
tests/core/headers/test.sh
View file

@ -1,17 +1,51 @@
#!/bin/bash
echo "🎛️ Building headers stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker bw-php
if [ $? -ne 0 ] ; then
echo "🎛️ Pull failed ❌"
if [ -z "$integration" ] ; then
echo "🎛️ Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🎛️ Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🎛️ Build failed ❌"
exit 1
echo "🎛️ Building headers stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker bw-php
if [ $? -ne 0 ] ; then
echo "🎛️ Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🎛️ Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
sudo cp -r www/* /var/www/html/
sudo chown -R www-data:nginx /var/www/html
sudo find /var/www/html -type f -exec chmod 0640 {} \;
sudo find /var/www/html -type d -exec chmod 0750 {} \;
echo "LOCAL_PHP=/run/php/php-fpm.sock" | sudo tee -a /etc/bunkerweb/variables.env
echo "LOCAL_PHP_PATH=/var/www/html" | sudo tee -a /etc/bunkerweb/variables.env
echo "GENERATE_SELF_SIGNED_SSL=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "CUSTOM_HEADER=" | sudo tee -a /etc/bunkerweb/variables.env
echo "REMOVE_HEADERS=Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version" | sudo tee -a /etc/bunkerweb/variables.env
echo "STRICT_TRANSPORT_SECURITY=max-age=31536000" | sudo tee -a /etc/bunkerweb/variables.env
echo "COOKIE_FLAGS=* HttpOnly SameSite=Lax" | sudo tee -a /etc/bunkerweb/variables.env
echo "COOKIE_AUTO_SECURE_FLAG=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "CONTENT_SECURITY_POLICY=object-src 'none'; form-action 'self'; frame-ancestors 'self';" | sudo tee -a /etc/bunkerweb/variables.env
echo "REFERRER_POLICY=strict-origin-when-cross-origin" | sudo tee -a /etc/bunkerweb/variables.env
echo "PERMISSIONS_POLICY=accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()" | sudo tee -a /etc/bunkerweb/variables.env
echo "FEATURE_POLICY=accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; layout-animation 'none'; legacy-image-formats 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; speaker-selection 'none'; sync-xhr 'none'; unoptimized-images 'none'; unsized-media 'none'; usb 'none'; screen-wake-lock 'none'; web-share 'none'; xr-spatial-tracking 'none';" | sudo tee -a /etc/bunkerweb/variables.env
echo "X_FRAME_OPTIONS=SAMEORIGIN" | sudo tee -a /etc/bunkerweb/variables.env
echo "X_CONTENT_TYPE_OPTIONS=nosniff" | sudo tee -a /etc/bunkerweb/variables.env
echo "X_XSS_PROTECTION=1; mode=block" | sudo tee -a /etc/bunkerweb/variables.env
fi
manual=0
@ -19,28 +53,61 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@CUSTOM_HEADER: "X-Test: test"@CUSTOM_HEADER: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REMOVE_HEADERS: ".*"$@REMOVE_HEADERS: "Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@STRICT_TRANSPORT_SECURITY: "max-age=86400"@STRICT_TRANSPORT_SECURITY: "max-age=31536000"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@COOKIE_FLAGS: ".*"$@COOKIE_FLAGS: "* HttpOnly SameSite=Lax"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "yes"@GENERATE_SELF_SIGNED_SSL: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@COOKIE_AUTO_SECURE_FLAG: "no"@COOKIE_AUTO_SECURE_FLAG: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CONTENT_SECURITY_POLICY: ".*"$@CONTENT_SECURITY_POLICY: "object-src '"'"'none'"'"'; form-action '"'"'self'"'"'; frame-ancestors '"'"'self'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REFERRER_POLICY: "no-referrer"@REFERRER_POLICY: "strict-origin-when-cross-origin"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@PERMISSIONS_POLICY: ".*"$@PERMISSIONS_POLICY: "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@FEATURE_POLICY: ".*"$@FEATURE_POLICY: "accelerometer '"'"'none'"'"'; ambient-light-sensor '"'"'none'"'"'; autoplay '"'"'none'"'"'; battery '"'"'none'"'"'; camera '"'"'none'"'"'; display-capture '"'"'none'"'"'; document-domain '"'"'none'"'"'; encrypted-media '"'"'none'"'"'; execution-while-not-rendered '"'"'none'"'"'; execution-while-out-of-viewport '"'"'none'"'"'; fullscreen '"'"'none'"'"'; geolocation '"'"'none'"'"'; gyroscope '"'"'none'"'"'; layout-animation '"'"'none'"'"'; legacy-image-formats '"'"'none'"'"'; magnetometer '"'"'none'"'"'; microphone '"'"'none'"'"'; midi '"'"'none'"'"'; navigation-override '"'"'none'"'"'; payment '"'"'none'"'"'; picture-in-picture '"'"'none'"'"'; publickey-credentials-get '"'"'none'"'"'; speaker-selection '"'"'none'"'"'; sync-xhr '"'"'none'"'"'; unoptimized-images '"'"'none'"'"'; unsized-media '"'"'none'"'"'; usb '"'"'none'"'"'; screen-wake-lock '"'"'none'"'"'; web-share '"'"'none'"'"'; xr-spatial-tracking '"'"'none'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_FRAME_OPTIONS: "DENY"@X_FRAME_OPTIONS: "SAMEORIGIN"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_CONTENT_TYPE_OPTIONS: ""@X_CONTENT_TYPE_OPTIONS: "nosniff"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_XSS_PROTECTION: "0"@X_XSS_PROTECTION: "1; mode=block"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@CUSTOM_HEADER: "X-Test: test"@CUSTOM_HEADER: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REMOVE_HEADERS: ".*"$@REMOVE_HEADERS: "Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@STRICT_TRANSPORT_SECURITY: "max-age=86400"@STRICT_TRANSPORT_SECURITY: "max-age=31536000"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@COOKIE_FLAGS: ".*"$@COOKIE_FLAGS: "* HttpOnly SameSite=Lax"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "yes"@GENERATE_SELF_SIGNED_SSL: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@COOKIE_AUTO_SECURE_FLAG: "no"@COOKIE_AUTO_SECURE_FLAG: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CONTENT_SECURITY_POLICY: ".*"$@CONTENT_SECURITY_POLICY: "object-src '"'"'none'"'"'; form-action '"'"'self'"'"'; frame-ancestors '"'"'self'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REFERRER_POLICY: "no-referrer"@REFERRER_POLICY: "strict-origin-when-cross-origin"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@PERMISSIONS_POLICY: ".*"$@PERMISSIONS_POLICY: "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@FEATURE_POLICY: ".*"$@FEATURE_POLICY: "accelerometer '"'"'none'"'"'; ambient-light-sensor '"'"'none'"'"'; autoplay '"'"'none'"'"'; battery '"'"'none'"'"'; camera '"'"'none'"'"'; display-capture '"'"'none'"'"'; document-domain '"'"'none'"'"'; encrypted-media '"'"'none'"'"'; execution-while-not-rendered '"'"'none'"'"'; execution-while-out-of-viewport '"'"'none'"'"'; fullscreen '"'"'none'"'"'; geolocation '"'"'none'"'"'; gyroscope '"'"'none'"'"'; layout-animation '"'"'none'"'"'; legacy-image-formats '"'"'none'"'"'; magnetometer '"'"'none'"'"'; microphone '"'"'none'"'"'; midi '"'"'none'"'"'; navigation-override '"'"'none'"'"'; payment '"'"'none'"'"'; picture-in-picture '"'"'none'"'"'; publickey-credentials-get '"'"'none'"'"'; speaker-selection '"'"'none'"'"'; sync-xhr '"'"'none'"'"'; unoptimized-images '"'"'none'"'"'; unsized-media '"'"'none'"'"'; usb '"'"'none'"'"'; screen-wake-lock '"'"'none'"'"'; web-share '"'"'none'"'"'; xr-spatial-tracking '"'"'none'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_FRAME_OPTIONS: "DENY"@X_FRAME_OPTIONS: "SAMEORIGIN"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_CONTENT_TYPE_OPTIONS: ""@X_CONTENT_TYPE_OPTIONS: "nosniff"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_XSS_PROTECTION: "0"@X_XSS_PROTECTION: "1; mode=block"@' {} \;
if [[ $(sed '27!d' docker-compose.yml) = ' COOKIE_FLAGS_1: "bw_cookie SameSite=Lax"' ]] ; then
sed -i '27d' docker-compose.yml
if [[ $(sed '27!d' docker-compose.yml) = ' COOKIE_FLAGS_1: "bw_cookie SameSite=Lax"' ]] ; then
sed -i '27d' docker-compose.yml
fi
if [[ $(sed '13!d' docker-compose.test.yml) = ' COOKIE_FLAGS_1: "bw_cookie SameSite=Lax"' ]] ; then
sed -i '13d' docker-compose.test.yml
fi
else
sudo sed -i 's@GENERATE_SELF_SIGNED_SSL=.*$@GENERATE_SELF_SIGNED_SSL=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@CUSTOM_HEADER=.*$@CUSTOM_HEADER=@' /etc/bunkerweb/variables.env
sudo sed -i 's@REMOVE_HEADERS=.*$@REMOVE_HEADERS=Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version@' /etc/bunkerweb/variables.env
sudo sed -i 's@STRICT_TRANSPORT_SECURITY=.*$@STRICT_TRANSPORT_SECURITY=max-age=31536000@' /etc/bunkerweb/variables.env
sudo sed -i 's@COOKIE_FLAGS=.*$@COOKIE_FLAGS=* HttpOnly SameSite=Lax@' /etc/bunkerweb/variables.env
sudo sed -i 's@COOKIE_AUTO_SECURE_FLAG=.*$@COOKIE_AUTO_SECURE_FLAG=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@CONTENT_SECURITY_POLICY=.*$@CONTENT_SECURITY_POLICY=object-src '"'"'none'"'"'; form-action '"'"'self'"'"'; frame-ancestors '"'"'self'"'"';@' /etc/bunkerweb/variables.env
sudo sed -i 's@REFERRER_POLICY=.*$@REFERRER_POLICY=strict-origin-when-cross-origin@' /etc/bunkerweb/variables.env
sudo sed -i 's@PERMISSIONS_POLICY=.*$@PERMISSIONS_POLICY=accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()@' /etc/bunkerweb/variables.env
sudo sed -i 's@FEATURE_POLICY=.*$@FEATURE_POLICY=accelerometer '"'"'none'"'"'; ambient-light-sensor '"'"'none'"'"'; autoplay '"'"'none'"'"'; battery '"'"'none'"'"'; camera '"'"'none'"'"'; display-capture '"'"'none'"'"'; document-domain '"'"'none'"'"'; encrypted-media '"'"'none'"'"'; execution-while-not-rendered '"'"'none'"'"'; execution-while-out-of-viewport '"'"'none'"'"'; fullscreen '"'"'none'"'"'; geolocation '"'"'none'"'"'; gyroscope '"'"'none'"'"'; layout-animation '"'"'none'"'"'; legacy-image-formats '"'"'none'"'"'; magnetometer '"'"'none'"'"'; microphone '"'"'none'"'"'; midi '"'"'none'"'"'; navigation-override '"'"'none'"'"'; payment '"'"'none'"'"'; picture-in-picture '"'"'none'"'"'; publickey-credentials-get '"'"'none'"'"'; speaker-selection '"'"'none'"'"'; sync-xhr '"'"'none'"'"'; unoptimized-images '"'"'none'"'"'; unsized-media '"'"'none'"'"'; usb '"'"'none'"'"'; screen-wake-lock '"'"'none'"'"'; web-share '"'"'none'"'"'; xr-spatial-tracking '"'"'none'"'"';@' /etc/bunkerweb/variables.env
sudo sed -i 's@X_FRAME_OPTIONS=.*$@X_FRAME_OPTIONS=SAMEORIGIN@' /etc/bunkerweb/variables.env
sudo sed -i 's@X_CONTENT_TYPE_OPTIONS=.*$@X_CONTENT_TYPE_OPTIONS=nosniff@' /etc/bunkerweb/variables.env
sudo sed -i 's@X_XSS_PROTECTION=.*$@X_XSS_PROTECTION=1; mode=block@' /etc/bunkerweb/variables.env
unset GENERATE_SELF_SIGNED_SSL
unset CUSTOM_HEADER
unset REMOVE_HEADERS
unset STRICT_TRANSPORT_SECURITY
unset COOKIE_FLAGS
unset COOKIE_AUTO_SECURE_FLAG
unset CONTENT_SECURITY_POLICY
unset REFERRER_POLICY
unset PERMISSIONS_POLICY
unset FEATURE_POLICY
unset X_FRAME_OPTIONS
unset X_CONTENT_TYPE_OPTIONS
unset X_XSS_PROTECTION
if [[ $(sudo tail -n 1 /etc/bunkerweb/variables.env) = 'COOKIE_FLAGS_1=bw_cookie SameSite=Lax' ]] ; then
sudo sed -i '$ d' /etc/bunkerweb/variables.env
fi
unset COOKIE_FLAGS_1
fi
if [[ $(sed '13!d' docker-compose.test.yml) = ' COOKIE_FLAGS_1: "bw_cookie SameSite=Lax"' ]] ; then
sed -i '13d' docker-compose.test.yml
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -48,10 +115,15 @@ cleanup_stack () {
echo "🎛️ Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🎛️ Down failed ❌"
echo "🎛️ Cleanup failed ❌"
exit 1
fi
@ -65,56 +137,131 @@ for test in "without_ssl" "no_httponly_flag" "multiple_no_httponly_flag" "with_s
do
if [ "$test" = "without_ssl" ] ; then
echo "🎛️ Running tests without ssl and with tweaked settings ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@CUSTOM_HEADER: ""@CUSTOM_HEADER: "X-Test: test"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REMOVE_HEADERS: ".*"$@REMOVE_HEADERS: "X-Powered-By X-AspNet-Version X-AspNetMvc-Version"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@STRICT_TRANSPORT_SECURITY: "max-age=31536000"@STRICT_TRANSPORT_SECURITY: "max-age=86400"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CONTENT_SECURITY_POLICY: ".*"$@CONTENT_SECURITY_POLICY: "object-src '"'"'none'"'"'; frame-ancestors '"'"'self'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REFERRER_POLICY: "strict-origin-when-cross-origin"@REFERRER_POLICY: "no-referrer"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@PERMISSIONS_POLICY: ".*"$@PERMISSIONS_POLICY: "geolocation=(self), microphone=()"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@FEATURE_POLICY: ".*"$@FEATURE_POLICY: "geolocation '"'"'self'"'"'; microphone '"'"'none'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_FRAME_OPTIONS: "SAMEORIGIN"@X_FRAME_OPTIONS: "DENY"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_CONTENT_TYPE_OPTIONS: "nosniff"@X_CONTENT_TYPE_OPTIONS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_XSS_PROTECTION: "1; mode=block"@X_XSS_PROTECTION: "0"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@CUSTOM_HEADER: ""@CUSTOM_HEADER: "X-Test: test"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REMOVE_HEADERS: ".*"$@REMOVE_HEADERS: "X-Powered-By X-AspNet-Version X-AspNetMvc-Version"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@STRICT_TRANSPORT_SECURITY: "max-age=31536000"@STRICT_TRANSPORT_SECURITY: "max-age=86400"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CONTENT_SECURITY_POLICY: ".*"$@CONTENT_SECURITY_POLICY: "object-src '"'"'none'"'"'; frame-ancestors '"'"'self'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REFERRER_POLICY: "strict-origin-when-cross-origin"@REFERRER_POLICY: "no-referrer"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@PERMISSIONS_POLICY: ".*"$@PERMISSIONS_POLICY: "geolocation=(self), microphone=()"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@FEATURE_POLICY: ".*"$@FEATURE_POLICY: "geolocation '"'"'self'"'"'; microphone '"'"'none'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_FRAME_OPTIONS: "SAMEORIGIN"@X_FRAME_OPTIONS: "DENY"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_CONTENT_TYPE_OPTIONS: "nosniff"@X_CONTENT_TYPE_OPTIONS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_XSS_PROTECTION: "1; mode=block"@X_XSS_PROTECTION: "0"@' {} \;
else
sudo sed -i 's@CUSTOM_HEADER=.*$@CUSTOM_HEADER=X-Test: test@' /etc/bunkerweb/variables.env
sudo sed -i 's@REMOVE_HEADERS=.*$@REMOVE_HEADERS=X-Powered-By X-AspNet-Version X-AspNetMvc-Version@' /etc/bunkerweb/variables.env
sudo sed -i 's@STRICT_TRANSPORT_SECURITY=.*$@STRICT_TRANSPORT_SECURITY=max-age=86400@' /etc/bunkerweb/variables.env
sudo sed -i 's@CONTENT_SECURITY_POLICY=.*$@CONTENT_SECURITY_POLICY=object-src '"'"'none'"'"'; frame-ancestors '"'"'self'"'"';@' /etc/bunkerweb/variables.env
sudo sed -i 's@REFERRER_POLICY=.*$@REFERRER_POLICY=no-referrer@' /etc/bunkerweb/variables.env
sudo sed -i 's@PERMISSIONS_POLICY=.*$@PERMISSIONS_POLICY=geolocation=(self), microphone=()@' /etc/bunkerweb/variables.env
sudo sed -i 's@FEATURE_POLICY=.*$@FEATURE_POLICY=geolocation '"'"'self'"'"'; microphone '"'"'none'"'"';@' /etc/bunkerweb/variables.env
sudo sed -i 's@X_FRAME_OPTIONS=.*$@X_FRAME_OPTIONS=DENY@' /etc/bunkerweb/variables.env
sudo sed -i 's@X_CONTENT_TYPE_OPTIONS=.*$@X_CONTENT_TYPE_OPTIONS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@X_XSS_PROTECTION=.*$@X_XSS_PROTECTION=0@' /etc/bunkerweb/variables.env
export CUSTOM_HEADER="X-Test: test"
export REMOVE_HEADERS="X-Powered-By X-AspNet-Version X-AspNetMvc-Version"
export STRICT_TRANSPORT_SECURITY="max-age=86400"
export CONTENT_SECURITY_POLICY="object-src 'none'; frame-ancestors 'self';"
export REFERRER_POLICY="no-referrer"
export PERMISSIONS_POLICY="geolocation=(self), microphone=()"
export FEATURE_POLICY="geolocation 'self'; microphone 'none';"
export X_FRAME_OPTIONS="DENY"
export X_CONTENT_TYPE_OPTIONS=""
export X_XSS_PROTECTION="0"
fi
elif [ "$test" = "no_httponly_flag" ] ; then
echo "🎛️ Running tests without HttpOnly flag for cookies and with default values ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@COOKIE_FLAGS: ".*"$@COOKIE_FLAGS: "* SameSite=Lax"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CUSTOM_HEADER: "X-Test: test"@CUSTOM_HEADER: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REMOVE_HEADERS: ".*"$@REMOVE_HEADERS: "Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@STRICT_TRANSPORT_SECURITY: "max-age=86400"@STRICT_TRANSPORT_SECURITY: "max-age=31536000"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "yes"@GENERATE_SELF_SIGNED_SSL: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CONTENT_SECURITY_POLICY: ".*"$@CONTENT_SECURITY_POLICY: "object-src '"'"'none'"'"'; form-action '"'"'self'"'"'; frame-ancestors '"'"'self'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REFERRER_POLICY: "no-referrer"@REFERRER_POLICY: "strict-origin-when-cross-origin"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@PERMISSIONS_POLICY: ".*"$@PERMISSIONS_POLICY: "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@FEATURE_POLICY: ".*"$@FEATURE_POLICY: "accelerometer '"'"'none'"'"'; ambient-light-sensor '"'"'none'"'"'; autoplay '"'"'none'"'"'; battery '"'"'none'"'"'; camera '"'"'none'"'"'; display-capture '"'"'none'"'"'; document-domain '"'"'none'"'"'; encrypted-media '"'"'none'"'"'; execution-while-not-rendered '"'"'none'"'"'; execution-while-out-of-viewport '"'"'none'"'"'; fullscreen '"'"'none'"'"'; geolocation '"'"'none'"'"'; gyroscope '"'"'none'"'"'; layout-animation '"'"'none'"'"'; legacy-image-formats '"'"'none'"'"'; magnetometer '"'"'none'"'"'; microphone '"'"'none'"'"'; midi '"'"'none'"'"'; navigation-override '"'"'none'"'"'; payment '"'"'none'"'"'; picture-in-picture '"'"'none'"'"'; publickey-credentials-get '"'"'none'"'"'; speaker-selection '"'"'none'"'"'; sync-xhr '"'"'none'"'"'; unoptimized-images '"'"'none'"'"'; unsized-media '"'"'none'"'"'; usb '"'"'none'"'"'; screen-wake-lock '"'"'none'"'"'; web-share '"'"'none'"'"'; xr-spatial-tracking '"'"'none'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_FRAME_OPTIONS: "DENY"@X_FRAME_OPTIONS: "SAMEORIGIN"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_CONTENT_TYPE_OPTIONS: ""@X_CONTENT_TYPE_OPTIONS: "nosniff"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_XSS_PROTECTION: "0"@X_XSS_PROTECTION: "1; mode=block"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@COOKIE_FLAGS: ".*"$@COOKIE_FLAGS: "* SameSite=Lax"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CUSTOM_HEADER: "X-Test: test"@CUSTOM_HEADER: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REMOVE_HEADERS: ".*"$@REMOVE_HEADERS: "Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@STRICT_TRANSPORT_SECURITY: "max-age=86400"@STRICT_TRANSPORT_SECURITY: "max-age=31536000"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "yes"@GENERATE_SELF_SIGNED_SSL: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@CONTENT_SECURITY_POLICY: ".*"$@CONTENT_SECURITY_POLICY: "object-src '"'"'none'"'"'; form-action '"'"'self'"'"'; frame-ancestors '"'"'self'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REFERRER_POLICY: "no-referrer"@REFERRER_POLICY: "strict-origin-when-cross-origin"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@PERMISSIONS_POLICY: ".*"$@PERMISSIONS_POLICY: "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@FEATURE_POLICY: ".*"$@FEATURE_POLICY: "accelerometer '"'"'none'"'"'; ambient-light-sensor '"'"'none'"'"'; autoplay '"'"'none'"'"'; battery '"'"'none'"'"'; camera '"'"'none'"'"'; display-capture '"'"'none'"'"'; document-domain '"'"'none'"'"'; encrypted-media '"'"'none'"'"'; execution-while-not-rendered '"'"'none'"'"'; execution-while-out-of-viewport '"'"'none'"'"'; fullscreen '"'"'none'"'"'; geolocation '"'"'none'"'"'; gyroscope '"'"'none'"'"'; layout-animation '"'"'none'"'"'; legacy-image-formats '"'"'none'"'"'; magnetometer '"'"'none'"'"'; microphone '"'"'none'"'"'; midi '"'"'none'"'"'; navigation-override '"'"'none'"'"'; payment '"'"'none'"'"'; picture-in-picture '"'"'none'"'"'; publickey-credentials-get '"'"'none'"'"'; speaker-selection '"'"'none'"'"'; sync-xhr '"'"'none'"'"'; unoptimized-images '"'"'none'"'"'; unsized-media '"'"'none'"'"'; usb '"'"'none'"'"'; screen-wake-lock '"'"'none'"'"'; web-share '"'"'none'"'"'; xr-spatial-tracking '"'"'none'"'"';"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_FRAME_OPTIONS: "DENY"@X_FRAME_OPTIONS: "SAMEORIGIN"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_CONTENT_TYPE_OPTIONS: ""@X_CONTENT_TYPE_OPTIONS: "nosniff"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@X_XSS_PROTECTION: "0"@X_XSS_PROTECTION: "1; mode=block"@' {} \;
else
sudo sed -i 's@COOKIE_FLAGS=.*$@COOKIE_FLAGS=* SameSite=Lax@' /etc/bunkerweb/variables.env
sudo sed -i 's@CUSTOM_HEADER=.*$@CUSTOM_HEADER=@' /etc/bunkerweb/variables.env
sudo sed -i 's@REMOVE_HEADERS=.*$@REMOVE_HEADERS=Server X-Powered-By X-AspNet-Version X-AspNetMvc-Version@' /etc/bunkerweb/variables.env
sudo sed -i 's@STRICT_TRANSPORT_SECURITY=.*$@STRICT_TRANSPORT_SECURITY=max-age=31536000@' /etc/bunkerweb/variables.env
sudo sed -i 's@GENERATE_SELF_SIGNED_SSL=.*$@GENERATE_SELF_SIGNED_SSL=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@CONTENT_SECURITY_POLICY=.*$@CONTENT_SECURITY_POLICY=object-src '"'"'none'"'"'; form-action '"'"'self'"'"'; frame-ancestors '"'"'self'"'"';@' /etc/bunkerweb/variables.env
sudo sed -i 's@REFERRER_POLICY=.*$@REFERRER_POLICY=strict-origin-when-cross-origin@' /etc/bunkerweb/variables.env
sudo sed -i 's@PERMISSIONS_POLICY=.*$@PERMISSIONS_POLICY=accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), web-share=(), xr-spatial-tracking=()@' /etc/bunkerweb/variables.env
sudo sed -i 's@FEATURE_POLICY=.*$@FEATURE_POLICY=accelerometer '"'"'none'"'"'; ambient-light-sensor '"'"'none'"'"'; autoplay '"'"'none'"'"'; battery '"'"'none'"'"'; camera '"'"'none'"'"'; display-capture '"'"'none'"'"'; document-domain '"'"'none'"'"'; encrypted-media '"'"'none'"'"'; execution-while-not-rendered '"'"'none'"'"'; execution-while-out-of-viewport '"'"'none'"'"'; fullscreen '"'"'none'"'"'; geolocation '"'"'none'"'"'; gyroscope '"'"'none'"'"'; layout-animation '"'"'none'"'"'; legacy-image-formats '"'"'none'"'"'; magnetometer '"'"'none'"'"'; microphone '"'"'none'"'"'; midi '"'"'none'"'"'; navigation-override '"'"'none'"'"'; payment '"'"'none'"'"'; picture-in-picture '"'"'none'"'"'; publickey-credentials-get '"'"'none'"'"'; speaker-selection '"'"'none'"'"'; sync-xhr '"'"'none'"'"'; unoptimized-images '"'"'none'"'"'; unsized-media '"'"'none'"'"'; usb '"'"'none'"'"'; screen-wake-lock '"'"'none'"'"'; web-share '"'"'none'"'"'; xr-spatial-tracking '"'"'none'"'"';@' /etc/bunkerweb/variables.env
sudo sed -i 's@X_FRAME_OPTIONS=.*$@X_FRAME_OPTIONS=SAMEORIGIN@' /etc/bunkerweb/variables.env
sudo sed -i 's@X_CONTENT_TYPE_OPTIONS=.*$@X_CONTENT_TYPE_OPTIONS=nosniff@' /etc/bunkerweb/variables.env
sudo sed -i 's@X_XSS_PROTECTION=.*$@X_XSS_PROTECTION=1; mode=block@' /etc/bunkerweb/variables.env
export COOKIE_FLAGS="* SameSite=Lax"
unset CUSTOM_HEADER
unset REMOVE_HEADERS
unset STRICT_TRANSPORT_SECURITY
unset CONTENT_SECURITY_POLICY
unset REFERRER_POLICY
unset PERMISSIONS_POLICY
unset FEATURE_POLICY
unset X_FRAME_OPTIONS
unset X_CONTENT_TYPE_OPTIONS
unset X_XSS_PROTECTION
fi
elif [ "$test" = "multiple_no_httponly_flag" ] ; then
echo "🎛️ Running tests with HttpOnly flag overriden for cookie \"bw_cookie\" and default cookies flags ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@COOKIE_FLAGS: ".*"$@COOKIE_FLAGS: "* HttpOnly SameSite=Lax"@' {} \;
sed -i '27i \ COOKIE_FLAGS_1: "bw_cookie SameSite=Lax"' docker-compose.yml
sed -i '13i \ COOKIE_FLAGS_1: "bw_cookie SameSite=Lax"' docker-compose.test.yml
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@COOKIE_FLAGS: ".*"$@COOKIE_FLAGS: "* HttpOnly SameSite=Lax"@' {} \;
sed -i '27i \ COOKIE_FLAGS_1: "bw_cookie SameSite=Lax"' docker-compose.yml
sed -i '13i \ COOKIE_FLAGS_1: "bw_cookie SameSite=Lax"' docker-compose.test.yml
else
sudo sed -i 's@COOKIE_FLAGS=.*$@COOKIE_FLAGS=* HttpOnly SameSite=Lax@' /etc/bunkerweb/variables.env
echo "COOKIE_FLAGS_1=bw_cookie SameSite=Lax" | sudo tee -a /etc/bunkerweb/variables.env
export COOKIE_FLAGS="* HttpOnly SameSite=Lax"
export COOKIE_FLAGS_1="bw_cookie SameSite=Lax"
fi
elif [ "$test" = "with_ssl" ] ; then
echo "🎛️ Running tests with ssl ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "no"@GENERATE_SELF_SIGNED_SSL: "yes"@' {} \;
sed -i '27d' docker-compose.yml
sed -i '13d' docker-compose.test.yml
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "no"@GENERATE_SELF_SIGNED_SSL: "yes"@' {} \;
sed -i '27d' docker-compose.yml
sed -i '13d' docker-compose.test.yml
else
sudo sed -i 's@GENERATE_SELF_SIGNED_SSL=.*$@GENERATE_SELF_SIGNED_SSL=yes@' /etc/bunkerweb/variables.env
sudo sed -i '$ d' /etc/bunkerweb/variables.env
export GENERATE_SELF_SIGNED_SSL="yes"
fi
elif [ "$test" = "no_cookie_auto_secure_flag" ] ; then
echo "🎛️ Running tests without cookie_auto_secure_flag ..."
echo " Keeping the generated self-signed SSL certificate"
find . -type f -name 'docker-compose.*' -exec sed -i 's@COOKIE_AUTO_SECURE_FLAG: "yes"@COOKIE_AUTO_SECURE_FLAG: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@COOKIE_AUTO_SECURE_FLAG: "yes"@COOKIE_AUTO_SECURE_FLAG: "no"@' {} \;
else
sudo sed -i 's@COOKIE_AUTO_SECURE_FLAG=.*$@COOKIE_AUTO_SECURE_FLAG=no@' /etc/bunkerweb/variables.env
export COOKIE_AUTO_SECURE_FLAG="no"
fi
fi
echo "🎛️ Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🎛️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🎛️ Up failed ❌"
echo "🎛️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🎛️ Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🎛️ Start failed ❌"
exit 1
fi
fi
@ -122,37 +269,90 @@ do
# Check if stack is healthy
echo "🎛️ Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("headers-bw-1" "headers-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("headers-bw-1" "headers-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🎛️ Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🎛️ Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🎛️ Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "🎛️ Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🎛️ Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "🎛️ ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "🎛️ Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🎛️ Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🎛️ Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🎛️ Test \"$test\" succeeded ✅"

156
tests/core/inject/test.sh
View file

@ -1,26 +1,47 @@
#!/bin/bash
echo "💉 Building inject stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "💉 Pull failed ❌"
if [ -z "$integration" ] ; then
echo "💉 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "💉 Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "💉 Build failed ❌"
exit 1
echo "💉 Building inject stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "💉 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "💉 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "INJECT_BODY=TEST" | sudo tee -a /etc/bunkerweb/variables.env
sudo cp index.html /var/www/html/index.html
fi
cleanup_stack () {
echo "💉 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "💉 Down failed ❌"
echo "💉 Cleanup failed ❌"
exit 1
fi
@ -33,15 +54,23 @@ trap cleanup_stack EXIT
echo "💉 Running tests while injecting TEST into the HTML page ..."
echo "💉 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "💉 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "💉 Up failed ❌"
echo "💉 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "💉 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "💉 Start failed ❌"
exit 1
fi
fi
@ -49,37 +78,90 @@ fi
# Check if stack is healthy
echo "💉 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("inject-bw-1" "inject-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("inject-bw-1" "inject-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "💉 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "💉 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "💉 Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "💉 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "💉 Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "💉 ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "💉 Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "💉 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "💉 Test \"inject\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "💉 Test \"inject\" succeeded ✅"

260
tests/core/limit/test.sh
View file

@ -1,17 +1,38 @@
#!/bin/bash
echo "🎚️ Building limit stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🎚️ Pull failed ❌"
if [ -z "$integration" ] ; then
echo "🎚️ Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🎚️ Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🎚️ Build failed ❌"
exit 1
echo "🎚️ Building limit stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🎚️ Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🎚️ Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "BAD_BEHAVIOR_STATUS_CODES=400 401 403 405 429 444" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_LIMIT_REQ=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "LIMIT_REQ_URL=/" | sudo tee -a /etc/bunkerweb/variables.env
echo "LIMIT_REQ_RATE=2r/s" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_LIMIT_CONN=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "LIMIT_CONN_MAX_HTTP1=1" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
fi
manual=0
@ -19,27 +40,48 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_LIMIT_REQ: "yes"@USE_LIMIT_REQ: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@LIMIT_REQ_URL: ".*"$@LIMIT_REQ_URL: "/"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@LIMIT_REQ_RATE: ".*"$@LIMIT_REQ_RATE: "2r/s"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_LIMIT_CONN: "no"@USE_LIMIT_CONN: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_LIMIT_REQ: "yes"@USE_LIMIT_REQ: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@LIMIT_REQ_URL: ".*"$@LIMIT_REQ_URL: "/"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@LIMIT_REQ_RATE: ".*"$@LIMIT_REQ_RATE: "2r/s"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_LIMIT_CONN: "no"@USE_LIMIT_CONN: "yes"@' {} \;
if [[ $(sed '22!d' docker-compose.yml) = ' LIMIT_REQ_URL_1: "/custom"' ]] ; then
sed -i '22d' docker-compose.yml
if [[ $(sed '22!d' docker-compose.yml) = ' LIMIT_REQ_URL_1: "/custom"' ]] ; then
sed -i '22d' docker-compose.yml
fi
if [[ $(sed '22!d' docker-compose.yml) = ' LIMIT_REQ_RATE_1: "4r/s"' ]] ; then
sed -i '22d' docker-compose.yml
fi
if [[ $(sed '11!d' docker-compose.test.yml) = ' LIMIT_REQ_URL_1: "/custom"' ]] ; then
sed -i '11d' docker-compose.test.yml
fi
if [[ $(sed '11!d' docker-compose.test.yml) = ' LIMIT_REQ_RATE_1: "4r/s"' ]] ; then
sed -i '11d' docker-compose.test.yml
fi
else
sudo sed -i 's@USE_LIMIT_REQ=.*$@USE_LIMIT_REQ=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@LIMIT_REQ_URL=.*$@LIMIT_REQ_URL=/@' /etc/bunkerweb/variables.env
sudo sed -i 's@LIMIT_REQ_RATE=.*$@LIMIT_REQ_RATE=2r/s@' /etc/bunkerweb/variables.env
sudo sed -i 's@USE_LIMIT_CONN=.*$@USE_LIMIT_CONN=yes@' /etc/bunkerweb/variables.env
unset USE_LIMIT_REQ
unset LIMIT_REQ_URL
unset LIMIT_REQ_RATE
unset USE_LIMIT_CONN
if [[ $(sudo tail -n 1 /etc/bunkerweb/variables.env) = 'LIMIT_REQ_URL_1=/custom' ]] ; then
sudo truncate -s -1 /etc/bunkerweb/variables.env
fi
if [[ $(sudo tail -n 1 /etc/bunkerweb/variables.env) = 'LIMIT_REQ_RATE_1=4r/s' ]] ; then
sudo truncate -s -1 /etc/bunkerweb/variables.env
fi
unset LIMIT_REQ_URL_1
unset LIMIT_REQ_RATE_1
fi
if [[ $(sed '22!d' docker-compose.yml) = ' LIMIT_REQ_RATE_1: "4r/s"' ]] ; then
sed -i '22d' docker-compose.yml
fi
if [[ $(sed '11!d' docker-compose.test.yml) = ' LIMIT_REQ_URL_1: "/custom"' ]] ; then
sed -i '11d' docker-compose.test.yml
fi
if [[ $(sed '11!d' docker-compose.test.yml) = ' LIMIT_REQ_RATE_1: "4r/s"' ]] ; then
sed -i '11d' docker-compose.test.yml
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -47,10 +89,15 @@ cleanup_stack () {
echo "🎚️ Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🎚️ Down failed ❌"
echo "🎚️ Cleanup failed ❌"
exit 1
fi
@ -67,32 +114,64 @@ do
elif [ "$test" = "limit_req" ] ; then
echo "🎚️ Running tests with limit req activated ..."
echo " Deactivating limit conn ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_LIMIT_CONN: "yes"@USE_LIMIT_CONN: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_LIMIT_REQ: "no"@USE_LIMIT_REQ: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_LIMIT_CONN: "yes"@USE_LIMIT_CONN: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_LIMIT_REQ: "no"@USE_LIMIT_REQ: "yes"@' {} \;
else
sudo sed -i 's@USE_LIMIT_CONN=.*$@USE_LIMIT_CONN=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@USE_LIMIT_REQ=.*$@USE_LIMIT_REQ=yes@' /etc/bunkerweb/variables.env
export USE_LIMIT_CONN="no"
export USE_LIMIT_REQ="yes"
fi
elif [ "$test" = "augmented" ] ; then
echo "🎚️ Running tests with limit req rate set to 10r/s ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@LIMIT_REQ_RATE: ".*"$@LIMIT_REQ_RATE: "10r/s"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@LIMIT_REQ_RATE: ".*"$@LIMIT_REQ_RATE: "10r/s"@' {} \;
else
sudo sed -i 's@LIMIT_REQ_RATE=.*$@LIMIT_REQ_RATE=10r/s@' /etc/bunkerweb/variables.env
export LIMIT_REQ_RATE="10r/s"
fi
elif [ "$test" = "custom_endpoint_rate" ] ; then
echo "🎚️ Running tests with a custom endpoint rate ..."
sed -i '22i \ LIMIT_REQ_URL_1: "/custom"' docker-compose.yml
sed -i '23i \ LIMIT_REQ_RATE_1: "4r/s"' docker-compose.yml
sed -i '11i \ LIMIT_REQ_URL_1: "/custom"' docker-compose.test.yml
sed -i '12i \ LIMIT_REQ_RATE_1: "4r/s"' docker-compose.test.yml
if [ "$integration" == "docker" ] ; then
sed -i '22i \ LIMIT_REQ_URL_1: "/custom"' docker-compose.yml
sed -i '23i \ LIMIT_REQ_RATE_1: "4r/s"' docker-compose.yml
sed -i '11i \ LIMIT_REQ_URL_1: "/custom"' docker-compose.test.yml
sed -i '12i \ LIMIT_REQ_RATE_1: "4r/s"' docker-compose.test.yml
else
echo "LIMIT_REQ_URL_1=/custom" | sudo tee -a /etc/bunkerweb/variables.env
echo "LIMIT_REQ_RATE_1=4r/s" | sudo tee -a /etc/bunkerweb/variables.env
export LIMIT_REQ_URL_1="/custom"
export LIMIT_REQ_RATE_1="4r/s"
fi
elif [ "$test" = "deactivated_req" ] ; then
echo "🎚️ Running tests without limit req ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_LIMIT_REQ: "yes"@USE_LIMIT_REQ: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_LIMIT_REQ: "yes"@USE_LIMIT_REQ: "no"@' {} \;
else
sudo sed -i 's@USE_LIMIT_REQ=.*$@USE_LIMIT_REQ=no@' /etc/bunkerweb/variables.env
export USE_LIMIT_REQ="no"
fi
fi
echo "🎚️ Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🎚️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🎚️ Up failed ❌"
echo "🎚️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🎚️ Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🎚️ Start failed ❌"
exit 1
fi
fi
@ -100,37 +179,90 @@ do
# Check if stack is healthy
echo "🎚️ Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("limit-bw-1" "limit-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("limit-bw-1" "limit-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🎚️ Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🎚️ Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🎚️ Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "🎚️ Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🎚️ Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "🎚️ ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "🎚️ Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🎚️ Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🎚️ Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🎚️ Test \"$test\" succeeded ✅"

17
tests/core/misc/main.py
View file

@ -10,17 +10,24 @@ try:
ssl_generated = getenv("GENERATE_SELF_SIGNED_SSL", "no") == "yes"
disabled_default_server = getenv("DISABLE_DEFAULT_SERVER", "no") == "yes"
deny_http_status = getenv("DENY_HTTP_STATUS", "403")
listen_http = getenv("LISTEN_HTTP", "no") == "yes"
listen_http = getenv("LISTEN_HTTP", "yes") == "yes"
error = False
print(
" Sending a HEAD request to http://192.168.0.2 (default server) to test DISABLE_DEFAULT_SERVER",
f" Sending a HEAD request to http://{'192.168.0.2' if getenv('TEST_TYPE', 'docker') == 'docker' else '127.0.0.1'} (default server) to test DISABLE_DEFAULT_SERVER",
flush=True,
)
try:
response = head("http://192.168.0.2")
response = head(
"http://"
+ (
"192.168.0.2"
if getenv("TEST_TYPE", "docker") == "docker"
else "127.0.0.1"
)
)
if response.status_code != 403 and disabled_default_server:
print(
@ -213,7 +220,7 @@ try:
sleep(1)
serve_files = getenv("SERVE_FILES", "no") == "yes"
serve_files = getenv("SERVE_FILES", "yes") == "yes"
print(
f" Sending a HEAD request to http{'s' if ssl_generated else ''}://www.example.com/index.html to test the serve_files option",
@ -247,7 +254,7 @@ try:
sleep(1)
http2 = getenv("HTTP2", "no") == "yes"
http2 = getenv("HTTP2", "yes") == "yes"
print(
f" Sending a GET request to http{'s' if ssl_generated else ''}://www.example.com with HTTP/2 to test HTTP2",

260
tests/core/misc/test.sh
View file

@ -1,17 +1,46 @@
#!/bin/bash
echo "🗃️ Building misc stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🗃️ Pull failed ❌"
if [ -z "$integration" ] ; then
echo "🗃️ Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🗃️ Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🗃️ Build failed ❌"
exit 1
echo "🗃️ Building misc stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🗃️ Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🗃️ Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "GENERATE_SELF_SIGNED_SSL=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_MODSECURITY=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "DISABLE_DEFAULT_SERVER=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "REDIRECT_HTTP_TO_HTTPS=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "AUTO_REDIRECT_HTTP_TO_HTTPS=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "ALLOWED_METHODS=GET|POST|HEAD" | sudo tee -a /etc/bunkerweb/variables.env
echo "MAX_CLIENT_SIZE=5m" | sudo tee -a /etc/bunkerweb/variables.env
echo "SERVE_FILES=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "SSL_PROTOCOLS=TLSv1.2 TLSv1.3" | sudo tee -a /etc/bunkerweb/variables.env
echo "HTTP2=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "LISTEN_HTTP=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "DENY_HTTP_STATUS=403" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
export TEST_TYPE="linux"
fi
manual=0
@ -19,15 +48,36 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "yes"@GENERATE_SELF_SIGNED_SSL: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@DISABLE_DEFAULT_SERVER: "yes"@DISABLE_DEFAULT_SERVER: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@ALLOWED_METHODS: ".*"$@ALLOWED_METHODS: "GET|POST|HEAD"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@MAX_CLIENT_SIZE: "10m"@MAX_CLIENT_SIZE: "5m"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SERVE_FILES: "no"@SERVE_FILES: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SSL_PROTOCOLS: "TLSv1.2"@SSL_PROTOCOLS: "TLSv1.2 TLSv1.3"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@HTTP2: "no"@HTTP2: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@LISTEN_HTTP: "no"@LISTEN_HTTP: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@DENY_HTTP_STATUS: "444"@DENY_HTTP_STATUS: "403"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "yes"@GENERATE_SELF_SIGNED_SSL: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@DISABLE_DEFAULT_SERVER: "yes"@DISABLE_DEFAULT_SERVER: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@ALLOWED_METHODS: ".*"$@ALLOWED_METHODS: "GET|POST|HEAD"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@MAX_CLIENT_SIZE: "10m"@MAX_CLIENT_SIZE: "5m"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SERVE_FILES: "no"@SERVE_FILES: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SSL_PROTOCOLS: "TLSv1.2"@SSL_PROTOCOLS: "TLSv1.2 TLSv1.3"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@HTTP2: "no"@HTTP2: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@LISTEN_HTTP: "no"@LISTEN_HTTP: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@DENY_HTTP_STATUS: "444"@DENY_HTTP_STATUS: "403"@' {} \;
else
sudo sed -i 's@GENERATE_SELF_SIGNED_SSL=.*$@GENERATE_SELF_SIGNED_SSL=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@DISABLE_DEFAULT_SERVER=.*$@DISABLE_DEFAULT_SERVER=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@ALLOWED_METHODS=.*$@ALLOWED_METHODS=GET|POST|HEAD@' /etc/bunkerweb/variables.env
sudo sed -i 's@MAX_CLIENT_SIZE=.*$@MAX_CLIENT_SIZE=5m@' /etc/bunkerweb/variables.env
sudo sed -i 's@SERVE_FILES=.*$@SERVE_FILES=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@SSL_PROTOCOLS=.*$@SSL_PROTOCOLS=TLSv1.2 TLSv1.3@' /etc/bunkerweb/variables.env
sudo sed -i 's@HTTP2=.*$@HTTP2=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@LISTEN_HTTP=.*$@LISTEN_HTTP=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@DENY_HTTP_STATUS=.*$@DENY_HTTP_STATUS=403@' /etc/bunkerweb/variables.env
unset GENERATE_SELF_SIGNED_SSL
unset DISABLE_DEFAULT_SERVER
unset ALLOWED_METHODS
unset MAX_CLIENT_SIZE
unset SERVE_FILES
unset SSL_PROTOCOLS
unset HTTP2
unset LISTEN_HTTP
unset DENY_HTTP_STATUS
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -35,10 +85,15 @@ cleanup_stack () {
echo "🗃️ Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🗃️ Down failed ❌"
echo "🗃️ Cleanup failed ❌"
exit 1
fi
@ -54,37 +109,77 @@ do
echo "🗃️ Running tests when misc settings have default values except MAX_CLIENT_SIZE which have the value \"5m\" ..."
elif [ "$test" = "ssl_generated" ] ; then
echo "🗃️ Running tests when misc settings have default values and the ssl is generated in self signed ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "no"@GENERATE_SELF_SIGNED_SSL: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "no"@GENERATE_SELF_SIGNED_SSL: "yes"@' {} \;
else
sudo sed -i 's@GENERATE_SELF_SIGNED_SSL=.*$@GENERATE_SELF_SIGNED_SSL=yes@' /etc/bunkerweb/variables.env
export GENERATE_SELF_SIGNED_SSL="yes"
fi
elif [ "$test" = "tweaked" ] ; then
echo "🗃️ Running tests when misc settings have tweaked values ..."
echo " Keeping the ssl generated in self signed ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@DISABLE_DEFAULT_SERVER: "no"@DISABLE_DEFAULT_SERVER: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@ALLOWED_METHODS: ".*"$@ALLOWED_METHODS: "POST|HEAD"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@MAX_CLIENT_SIZE: "5m"@MAX_CLIENT_SIZE: "10m"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SERVE_FILES: "yes"@SERVE_FILES: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@HTTP2: "yes"@HTTP2: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@DISABLE_DEFAULT_SERVER: "no"@DISABLE_DEFAULT_SERVER: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@ALLOWED_METHODS: ".*"$@ALLOWED_METHODS: "POST|HEAD"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@MAX_CLIENT_SIZE: "5m"@MAX_CLIENT_SIZE: "10m"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SERVE_FILES: "yes"@SERVE_FILES: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@HTTP2: "yes"@HTTP2: "no"@' {} \;
else
sudo sed -i 's@DISABLE_DEFAULT_SERVER=.*$@DISABLE_DEFAULT_SERVER=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@ALLOWED_METHODS=.*$@ALLOWED_METHODS=POST|HEAD@' /etc/bunkerweb/variables.env
sudo sed -i 's@MAX_CLIENT_SIZE=.*$@MAX_CLIENT_SIZE=10m@' /etc/bunkerweb/variables.env
sudo sed -i 's@SERVE_FILES=.*$@SERVE_FILES=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@HTTP2=.*$@HTTP2=no@' /etc/bunkerweb/variables.env
export DISABLE_DEFAULT_SERVER="yes"
export ALLOWED_METHODS="POST|HEAD"
export MAX_CLIENT_SIZE="10m"
export SERVE_FILES="no"
export HTTP2="no"
fi
elif [ "$test" = "deny_status_444" ] ; then
echo "🗃️ Running tests when the server's deny status is set to 444 ..."
echo " Keeping the ssl generated in self signed ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@DENY_HTTP_STATUS: "403"@DENY_HTTP_STATUS: "444"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@DENY_HTTP_STATUS: "403"@DENY_HTTP_STATUS: "444"@' {} \;
else
sudo sed -i 's@DENY_HTTP_STATUS=.*$@DENY_HTTP_STATUS=444@' /etc/bunkerweb/variables.env
export DENY_HTTP_STATUS="444"
fi
elif [ "$test" = "TLSv1.2" ] ; then
echo "🗃️ Running tests with only TLSv1.2 enabled and when the server is not listening on http ..."
echo " Keeping the ssl generated in self signed ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@DISABLE_DEFAULT_SERVER: "yes"@DISABLE_DEFAULT_SERVER: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SSL_PROTOCOLS: "TLSv1.2 TLSv1.3"@SSL_PROTOCOLS: "TLSv1.2"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@LISTEN_HTTP: "yes"@LISTEN_HTTP: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@DISABLE_DEFAULT_SERVER: "yes"@DISABLE_DEFAULT_SERVER: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SSL_PROTOCOLS: "TLSv1.2 TLSv1.3"@SSL_PROTOCOLS: "TLSv1.2"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@LISTEN_HTTP: "yes"@LISTEN_HTTP: "no"@' {} \;
else
sudo sed -i 's@DISABLE_DEFAULT_SERVER=.*$@DISABLE_DEFAULT_SERVER=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@SSL_PROTOCOLS=.*$@SSL_PROTOCOLS=TLSv1.2@' /etc/bunkerweb/variables.env
sudo sed -i 's@LISTEN_HTTP=.*$@LISTEN_HTTP=no@' /etc/bunkerweb/variables.env
export DISABLE_DEFAULT_SERVER="no"
export SSL_PROTOCOLS="TLSv1.2"
export LISTEN_HTTP="no"
fi
fi
echo "🗃️ Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🗃️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🗃️ Up failed ❌"
echo "🗃️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🗃️ Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🗃️ Start failed ❌"
exit 1
fi
fi
@ -92,37 +187,90 @@ do
# Check if stack is healthy
echo "🗃️ Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("misc-bw-1" "misc-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("misc-bw-1" "misc-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🗃️ Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🗃️ Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🗃️ Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "🗃️ Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🗃️ Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "🗃️ ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "🗃️ Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🗃️ Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🗃️ Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🗃️ Test \"$test\" succeeded ✅"

189
tests/core/modsecurity/test.sh
View file

@ -1,17 +1,37 @@
#!/bin/bash
echo "👮 Building modsecurity stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "👮 Pull failed ❌"
if [ -z "$integration" ] ; then
echo "👮 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "👮 Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "👮 Build failed ❌"
exit 1
echo "👮 Building modsecurity stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "👮 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "👮 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "USE_MODSECURITY=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_MODSECURITY_CRS=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "MODSECURITY_SEC_AUDIT_ENGINE=RelevantOnly" | sudo tee -a /etc/bunkerweb/variables.env
echo "MODSECURITY_SEC_RULE_ENGINE=On" | sudo tee -a /etc/bunkerweb/variables.env
echo "MODSECURITY_SEC_AUDIT_LOG_PARTS=ABCFHZ" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
fi
manual=0
@ -19,8 +39,15 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_MODSECURITY: "no"@USE_MODSECURITY: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_MODSECURITY_CRS: "no"@USE_MODSECURITY_CRS: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_MODSECURITY: "no"@USE_MODSECURITY: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_MODSECURITY_CRS: "no"@USE_MODSECURITY_CRS: "yes"@' {} \;
else
sudo sed -i 's@USE_MODSECURITY=.*$@USE_MODSECURITY=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@USE_MODSECURITY_CRS=.*$@USE_MODSECURITY_CRS=yes@' /etc/bunkerweb/variables.env
unset USE_MODSECURITY
unset USE_MODSECURITY_CRS
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -28,10 +55,15 @@ cleanup_stack () {
echo "👮 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "👮 Down failed ❌"
echo "👮 Cleanup failed ❌"
exit 1
fi
@ -47,23 +79,43 @@ do
echo "👮 Running tests with modsecurity activated ..."
elif [ "$test" = "crs_deactivated" ] ; then
echo "👮 Running tests without the CRS ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_MODSECURITY_CRS: "yes"@USE_MODSECURITY_CRS: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_MODSECURITY_CRS: "yes"@USE_MODSECURITY_CRS: "no"@' {} \;
else
sudo sed -i 's@USE_MODSECURITY_CRS=.*$@USE_MODSECURITY_CRS=no@' /etc/bunkerweb/variables.env
export USE_MODSECURITY_CRS="no"
fi
elif [ "$test" = "deactivated" ] ; then
echo "👮 Running tests without modsecurity ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_MODSECURITY_CRS: "no"@USE_MODSECURITY_CRS: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_MODSECURITY: "yes"@USE_MODSECURITY: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_MODSECURITY_CRS: "no"@USE_MODSECURITY_CRS: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_MODSECURITY: "yes"@USE_MODSECURITY: "no"@' {} \;
else
sudo sed -i 's@USE_MODSECURITY_CRS=.*$@USE_MODSECURITY_CRS=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@USE_MODSECURITY=.*$@USE_MODSECURITY=no@' /etc/bunkerweb/variables.env
unset USE_MODSECURITY_CRS
export USE_MODSECURITY="no"
fi
fi
echo "👮 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "👮 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "👮 Up failed ❌"
echo "👮 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "👮 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "👮 Start failed ❌"
exit 1
fi
fi
@ -71,37 +123,90 @@ do
# Check if stack is healthy
echo "👮 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("modsecurity-bw-1" "modsecurity-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("modsecurity-bw-1" "modsecurity-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "👮 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "👮 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "👮 Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "👮 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "👮 Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "👮 ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "👮 Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "👮 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "👮 Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "👮 Test \"$test\" succeeded ✅"

184
tests/core/redirect/test.sh
View file

@ -1,17 +1,34 @@
#!/bin/bash
echo "↩️ Building redirect stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker app1
if [ $? -ne 0 ] ; then
echo "↩️ Pull failed ❌"
if [ -z "$integration" ] ; then
echo "↩️ Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "↩️ Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "↩️ Build failed ❌"
exit 1
echo "↩️ Building redirect stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker app1
if [ $? -ne 0 ] ; then
echo "↩️ Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "↩️ Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "REDIRECT_TO=" | sudo tee -a /etc/bunkerweb/variables.env
echo "REDIRECT_TO_REQUEST_URI=no" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
fi
manual=0
@ -19,8 +36,15 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIRECT_TO: "http://brightlushsilveryawn\.neverssl\.com/online/"@REDIRECT_TO: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIRECT_TO_REQUEST_URI: "yes"@REDIRECT_TO_REQUEST_URI: "no"@' {} \;
if [ "$integration" = "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIRECT_TO: "http://brightlushsilveryawn\.neverssl\.com/online/"@REDIRECT_TO: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIRECT_TO_REQUEST_URI: "yes"@REDIRECT_TO_REQUEST_URI: "no"@' {} \;
else
sudo sed -i 's@REDIRECT_TO=.*$@REDIRECT_TO=@' /etc/bunkerweb/variables.env
sudo sed -i 's@REDIRECT_TO_REQUEST_URI=.*$@REDIRECT_TO_REQUEST_URI=no@' /etc/bunkerweb/variables.env
unset REDIRECT_TO
unset REDIRECT_TO_REQUEST_URI
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -28,10 +52,15 @@ cleanup_stack () {
echo "↩️ Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "↩️ Down failed ❌"
echo "↩️ Cleanup failed ❌"
exit 1
fi
@ -45,22 +74,40 @@ for test in "redirect" "redirect_uri"
do
if [ "$test" = "redirect" ] ; then
echo "↩️ Running tests when redirecting to http://brightlushsilveryawn.neverssl.com/online/ ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIRECT_TO: ""@REDIRECT_TO: "http://brightlushsilveryawn.neverssl.com/online/"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIRECT_TO: ""@REDIRECT_TO: "http://brightlushsilveryawn.neverssl.com/online/"@' {} \;
else
echo "REDIRECT_TO=http://brightlushsilveryawn.neverssl.com/online/" | sudo tee -a /etc/bunkerweb/variables.env
export REDIRECT_TO="http://brightlushsilveryawn.neverssl.com/online/"
fi
elif [ "$test" = "redirect_uri" ] ; then
echo "↩️ Running tests when redirecting to uri test ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIRECT_TO_REQUEST_URI: "no"@REDIRECT_TO_REQUEST_URI: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIRECT_TO_REQUEST_URI: "no"@REDIRECT_TO_REQUEST_URI: "yes"@' {} \;
else
echo "REDIRECT_TO_REQUEST_URI=yes" | sudo tee -a /etc/bunkerweb/variables.env
export REDIRECT_TO_REQUEST_URI="yes"
fi
fi
echo "↩️ Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "↩️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "↩️ Up failed ❌"
echo "↩️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "↩️ Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "↩️ Start failed ❌"
exit 1
fi
fi
@ -68,37 +115,92 @@ do
# Check if stack is healthy
echo "↩️ Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("redirect-bw-1" "redirect-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("redirect-bw-1" "redirect-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "↩️ Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "↩️ Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "↩️ Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "↩️ Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "↩️ Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "↩️ ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "↩️ Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "↩️ Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "↩️ Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛡️ Showing Geckodriver logs ..."
sudo cat geckodriver.log
fi
exit 1
else
echo "↩️ Test \"$test\" succeeded ✅"

1
tests/core/redis/docker-compose.test.yml
View file

@ -7,7 +7,6 @@ services:
PYTHONUNBUFFERED: "1"
USE_REVERSE_SCAN: "no"
USE_ANTIBOT: "no"
BLACKLIST_IP: ""
REDIS_HOST: "bw-redis"
REDIS_PORT: "6379"

104
tests/core/redis/main.py
View file

@ -14,14 +14,16 @@ from uvicorn import run
fastapi_proc = None
ip_to_check = "1.0.0.3" if getenv("TEST_TYPE", "docker") == "docker" else "127.0.0.1"
try:
redis_host = getenv("REDIS_HOST")
redis_host = getenv("REDIS_HOST", "127.0.0.1")
if not redis_host:
print("❌ Redis host is not set, exiting ...", flush=True)
exit(1)
redis_port = getenv("REDIS_PORT", "")
redis_port = getenv("REDIS_PORT", "6379")
if not redis_port.isdigit():
print("❌ Redis port doesn't seem to be a number, exiting ...", flush=True)
@ -29,7 +31,7 @@ try:
redis_port = int(redis_port)
redis_db = getenv("REDIS_DATABASE", "")
redis_db = getenv("REDIS_DATABASE", "0")
if not redis_db.isdigit():
print("❌ Redis database doesn't seem to be a number, exiting ...", flush=True)
@ -60,19 +62,20 @@ try:
use_reverse_scan = getenv("USE_REVERSE_SCAN", "no") == "yes"
if use_reverse_scan:
print(" Testing Reverse Scan, starting FastAPI ...", flush=True)
app = FastAPI()
fastapi_proc = Process(
target=run, args=(app,), kwargs=dict(host="0.0.0.0", port=8080)
)
fastapi_proc.start()
if ip_to_check == "1.0.0.3":
print(" Testing Reverse Scan, starting FastAPI ...", flush=True)
app = FastAPI()
fastapi_proc = Process(
target=run, args=(app,), kwargs=dict(host="0.0.0.0", port=8080)
)
fastapi_proc.start()
sleep(2)
sleep(2)
print(
" FastAPI started, sending a request to http://www.example.com ...",
flush=True,
)
print(
" FastAPI started, sending a request to http://www.example.com ...",
flush=True,
)
response = get(
"http://www.example.com",
@ -89,17 +92,21 @@ try:
print(" The request was blocked, checking Redis ...", flush=True)
key_value = redis_client.get("plugin_reverse_scan_1.0.0.3:8080")
port_to_check = "8080" if ip_to_check == "1.0.0.3" else "80"
key_value = redis_client.get(
f"plugin_reverse_scan_{ip_to_check}:{port_to_check}"
)
if key_value is None:
print(
f'❌ The Reverse Scan key ("plugin_reverse_scan_1.0.0.3:8080") was not found, exiting ...\nkeys: {redis_client.keys()}',
f'❌ The Reverse Scan key ("plugin_reverse_scan_{ip_to_check}:{port_to_check}") was not found, exiting ...\nkeys: {redis_client.keys()}',
flush=True,
)
exit(1)
elif key_value != b"open":
print(
f'❌ The Reverse Scan key ("plugin_reverse_scan_1.0.0.3:8080") was found, but the value is not "open" ({key_value.decode()}), exiting ...\nkeys: {redis_client.keys()}',
f'❌ The Reverse Scan key ("plugin_reverse_scan_{ip_to_check}:{port_to_check}") was found, but the value is not "open" ({key_value.decode()}), exiting ...\nkeys: {redis_client.keys()}',
flush=True,
)
exit(1)
@ -176,11 +183,11 @@ try:
print(" The request was blocked, checking Redis ...", flush=True)
key_value = redis_client.get("plugin_bad_behavior_1.0.0.3")
key_value = redis_client.get(f"plugin_bad_behavior_{ip_to_check}")
if key_value is None:
print(
f'❌ The Bad Behavior key ("plugin_bad_behavior_1.0.0.3") was not found, exiting ...\nkeys: {redis_client.keys()}',
f'❌ The Bad Behavior key ("plugin_bad_behavior_{ip_to_check}") was not found, exiting ...\nkeys: {redis_client.keys()}',
flush=True,
)
exit(1)
@ -208,11 +215,11 @@ try:
sleep(0.5)
second_key_value = redis_client.get("plugin_bad_behavior_1.0.0.3")
second_key_value = redis_client.get(f"plugin_bad_behavior_{ip_to_check}")
if second_key_value <= key_value:
print(
f'❌ The Bad Behavior key ("plugin_bad_behavior_1.0.0.3") was not incremented, exiting ...\nkeys: {redis_client.keys()}',
f'❌ The Bad Behavior key ("plugin_bad_behavior_{ip_to_check}") was not incremented, exiting ...\nkeys: {redis_client.keys()}',
flush=True,
)
exit(1)
@ -241,11 +248,11 @@ try:
sleep(0.5)
key_value = redis_client.get("plugin_limit_www.example.com1.0.0.3/")
key_value = redis_client.get(f"plugin_limit_www.example.com{ip_to_check}/")
if key_value is None:
print(
f'❌ The limit key ("plugin_limit_www.example.com1.0.0.3/") was not found, exiting ...\nkeys: {redis_client.keys()}',
f'❌ The limit key ("plugin_limit_www.example.com{ip_to_check}/") was not found, exiting ...\nkeys: {redis_client.keys()}',
flush=True,
)
exit(1)
@ -260,11 +267,11 @@ try:
flush=True,
)
key_value = redis_client.get("plugin_country_www.example.com1.0.0.3")
key_value = redis_client.get(f"plugin_country_www.example.com{ip_to_check}")
if key_value is None:
print(
f'❌ The country key ("plugin_country_www.example.com1.0.0.3") was not found, exiting ...\nkeys: {redis_client.keys()}',
f'❌ The country key ("plugin_country_www.example.com{ip_to_check}") was not found, exiting ...\nkeys: {redis_client.keys()}',
flush=True,
)
exit(1)
@ -279,17 +286,17 @@ try:
flush=True,
)
key_value = redis_client.get("plugin_whitelist_www.example.comip1.0.0.3")
key_value = redis_client.get(f"plugin_whitelist_www.example.comip{ip_to_check}")
if key_value is None:
print(
f'❌ The whitelist key ("plugin_whitelist_www.example.comip1.0.0.3") was not found, exiting ...\nkeys: {redis_client.keys()}',
f'❌ The whitelist key ("plugin_whitelist_www.example.comip{ip_to_check}") was not found, exiting ...\nkeys: {redis_client.keys()}',
flush=True,
)
exit(1)
if key_value != b"ok":
print(
f'❌ The whitelist key ("plugin_whitelist_www.example.comip1.0.0.3") was found, but the value is not "ok" ({key_value.decode()}), exiting ...\nkeys: {redis_client.keys()}',
f'❌ The whitelist key ("plugin_whitelist_www.example.comip{ip_to_check}") was found, but the value is not "ok" ({key_value.decode()}), exiting ...\nkeys: {redis_client.keys()}',
)
print(
@ -302,17 +309,17 @@ try:
flush=True,
)
key_value = redis_client.get("plugin_blacklist_www.example.comip1.0.0.3")
key_value = redis_client.get(f"plugin_blacklist_www.example.comip{ip_to_check}")
if key_value is None:
print(
f'❌ The blacklist key ("plugin_blacklist_www.example.comip1.0.0.3") was not found, exiting ...\nkeys: {redis_client.keys()}',
f'❌ The blacklist key ("plugin_blacklist_www.example.comip{ip_to_check}") was not found, exiting ...\nkeys: {redis_client.keys()}',
flush=True,
)
exit(1)
if key_value != b"ok":
print(
f'❌ The blacklist key ("plugin_blacklist_www.example.comip1.0.0.3") was found, but the value is not "ok" ({key_value.decode()}), exiting ...\nkeys: {redis_client.keys()}',
f'❌ The blacklist key ("plugin_blacklist_www.example.comip{ip_to_check}") was found, but the value is not "ok" ({key_value.decode()}), exiting ...\nkeys: {redis_client.keys()}',
)
print(
@ -325,17 +332,17 @@ try:
flush=True,
)
key_value = redis_client.get("plugin_greylist_www.example.comip1.0.0.3")
key_value = redis_client.get(f"plugin_greylist_www.example.comip{ip_to_check}")
if key_value is None:
print(
f'❌ The greylist key ("plugin_greylist_www.example.comip1.0.0.3") was not found, exiting ...\nkeys: {redis_client.keys()}',
f'❌ The greylist key ("plugin_greylist_www.example.comip{ip_to_check}") was not found, exiting ...\nkeys: {redis_client.keys()}',
flush=True,
)
exit(1)
if key_value != b"ip":
print(
f'❌ The greylist key ("plugin_greylist_www.example.comip1.0.0.3") was found, but the value is not "ip" ({key_value.decode()}), exiting ...\nkeys: {redis_client.keys()}',
f'❌ The greylist key ("plugin_greylist_www.example.comip{ip_to_check}") was found, but the value is not "ip" ({key_value.decode()}), exiting ...\nkeys: {redis_client.keys()}',
)
print(
@ -343,24 +350,25 @@ try:
flush=True,
)
print(
" Checking if the dnsbl keys were created ...",
flush=True,
)
key_value = redis_client.get("plugin_dnsbl_www.example.com1.0.0.3")
if key_value is None:
if ip_to_check == "1.0.0.3":
print(
f'❌ The dnsbl key ("plugin_dnsbl_www.example.com1.0.0.3") was not found, exiting ...\nkeys: {redis_client.keys()}',
" Checking if the dnsbl keys were created ...",
flush=True,
)
exit(1)
print(
f"✅ The dnsbl key was found, the value is {key_value.decode()}",
flush=True,
)
key_value = redis_client.get(f"plugin_dnsbl_www.example.com{ip_to_check}")
if key_value is None:
print(
f'❌ The dnsbl key ("plugin_dnsbl_www.example.com{ip_to_check}") was not found, exiting ...\nkeys: {redis_client.keys()}',
flush=True,
)
exit(1)
print(
f"✅ The dnsbl key was found, the value is {key_value.decode()}",
flush=True,
)
except SystemExit as e:
exit(e.code)
except:

293
tests/core/redis/test.sh
View file

@ -1,26 +1,83 @@
#!/bin/bash
echo "🧰 Building redis stack ..."
integration=$1
if [ -z "$integration" ] ; then
echo "🧰 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🧰 Integration \"$integration\" is not supported ❌"
exit 1
fi
echo "🧰 Building redis stack for integration \"$integration\" ..."
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🧰 Pull failed ❌"
exit 1
fi
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🧰 Pull failed ❌"
exit 1
fi
echo "🧰 Building custom redis image ..."
docker compose build bw-redis
if [ $? -ne 0 ] ; then
echo "🧰 Build failed ❌"
exit 1
fi
echo "🧰 Building custom redis image ..."
docker compose build bw-redis
if [ $? -ne 0 ] ; then
echo "🧰 Build failed ❌"
exit 1
fi
echo "🧰 Building tests images ..."
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🧰 Build failed ❌"
exit 1
echo "🧰 Building tests images ..."
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🧰 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
sudo sed -i "/^USE_BLACKLIST=/d" /etc/bunkerweb/variables.env
echo "BLACKLIST_IP_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "SESSIONS_NAME=test" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_REVERSE_SCAN=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_ANTIBOT=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_GREYLIST=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "GREYLIST_IP=0.0.0.0/0" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_COUNTRY=AU" | sudo tee -a /etc/bunkerweb/variables.env
echo "🧰 Installing Redis ..."
sudo apt install --no-install-recommends -y redis
redis-server --daemonize yes
if [ $? -ne 0 ] ; then
echo "🧰 Redis start failed ❌"
exit 1
fi
echo "🧰 Redis installed ✅"
echo "🧰 Generating redis certs ..."
mkdir tls
openssl genrsa -out tls/ca.key 4096
openssl req \
-x509 -new -nodes -sha256 \
-key tls/ca.key \
-days 365 \
-subj /CN=bw-redis/ \
-out tls/ca.crt
openssl req \
-x509 -nodes -newkey rsa:4096 \
-keyout tls/redis.key \
-out tls/redis.pem \
-days 365 \
-subj /CN=bw-redis/
sudo chmod -R 777 tls
echo "🧰 Certs generated ✅"
echo "USE_REDIS=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "REDIS_HOST=127.0.0.1" | sudo tee -a /etc/bunkerweb/variables.env
echo "REDIS_PORT=6379" | sudo tee -a /etc/bunkerweb/variables.env
echo "REDIS_DATABASE=0" | sudo tee -a /etc/bunkerweb/variables.env
echo "REDIS_SSL=no" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
export TEST_TYPE="linux"
fi
manual=0
@ -28,12 +85,26 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "yes"@USE_REVERSE_SCAN: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_ANTIBOT: "cookie"@USE_ANTIBOT: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@BLACKLIST_IP: "0\.0\.0\.0/0"@BLACKLIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PORT: "[0-9]*"@REDIS_PORT: "6379"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_DATABASE: "1"@REDIS_DATABASE: "0"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SSL: "yes"@REDIS_SSL: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "yes"@USE_REVERSE_SCAN: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_ANTIBOT: "cookie"@USE_ANTIBOT: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PORT: "[0-9]*"@REDIS_PORT: "6379"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_DATABASE: "1"@REDIS_DATABASE: "0"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SSL: "yes"@REDIS_SSL: "no"@' {} \;
else
sudo rm -rf tls
sudo sed -i 's@USE_REVERSE_SCAN=.*$@USE_REVERSE_SCAN=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@USE_ANTIBOT=.*$@USE_ANTIBOT=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@REDIS_PORT=.*$@REDIS_PORT=6379@' /etc/bunkerweb/variables.env
sudo sed -i 's@REDIS_DATABASE=.*$@REDIS_DATABASE=0@' /etc/bunkerweb/variables.env
sudo sed -i 's@REDIS_SSL=.*$@REDIS_SSL=no@' /etc/bunkerweb/variables.env
unset USE_REVERSE_SCAN
unset USE_ANTIBOT
unset REDIS_PORT
unset REDIS_DATABASE
unset REDIS_SSL
sudo killall redis-server
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -41,10 +112,15 @@ cleanup_stack () {
echo "🧰 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🧰 Down failed ❌"
echo "🧰 Cleanup failed ❌"
exit 1
fi
@ -60,29 +136,75 @@ do
echo "🧰 Running tests with redis with default values ..."
elif [ "$test" = "reverse_scan" ] ; then
echo "🧰 Running tests with redis with reverse scan activated ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "no"@USE_REVERSE_SCAN: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "no"@USE_REVERSE_SCAN: "yes"@' {} \;
else
sudo sed -i 's@USE_REVERSE_SCAN=.*$@USE_REVERSE_SCAN=yes@' /etc/bunkerweb/variables.env
export USE_REVERSE_SCAN="yes"
fi
elif [ "$test" = "antibot" ] ; then
echo "🧰 Running tests with redis with antibot cookie activated ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "yes"@USE_REVERSE_SCAN: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_ANTIBOT: "no"@USE_ANTIBOT: "cookie"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "yes"@USE_REVERSE_SCAN: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_ANTIBOT: "no"@USE_ANTIBOT: "cookie"@' {} \;
else
sudo sed -i 's@USE_REVERSE_SCAN=.*$@USE_REVERSE_SCAN=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@USE_ANTIBOT=.*$@USE_ANTIBOT=cookie@' /etc/bunkerweb/variables.env
export USE_REVERSE_SCAN="no"
export USE_ANTIBOT="cookie"
fi
elif [ "$test" = "tweaked" ] ; then
echo "🧰 Running tests with redis' settings tweaked ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_ANTIBOT: "cookie"@USE_ANTIBOT: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PORT: "[0-9]*"@REDIS_PORT: "6380"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_DATABASE: "0"@REDIS_DATABASE: "1"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SSL: "no"@REDIS_SSL: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_ANTIBOT: "cookie"@USE_ANTIBOT: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_PORT: "[0-9]*"@REDIS_PORT: "6380"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_DATABASE: "0"@REDIS_DATABASE: "1"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REDIS_SSL: "no"@REDIS_SSL: "yes"@' {} \;
else
sudo sed -i 's@USE_ANTIBOT=.*$@USE_ANTIBOT=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@REDIS_PORT=.*$@REDIS_PORT=6380@' /etc/bunkerweb/variables.env
sudo sed -i 's@REDIS_DATABASE=.*$@REDIS_DATABASE=1@' /etc/bunkerweb/variables.env
sudo sed -i 's@REDIS_SSL=.*$@REDIS_SSL=yes@' /etc/bunkerweb/variables.env
unset USE_ANTIBOT
export REDIS_PORT="6380"
export REDIS_DATABASE="1"
export REDIS_SSL="yes"
echo "🧰 Stoping redis ..."
sudo killall redis-server
if [ $? -ne 0 ] ; then
echo "🧰 Redis stop failed ❌"
exit 1
fi
echo "🧰 Redis stopped ✅"
echo "🧰 Starting redis with tweaked settings ..."
redis-server --tls-port 6380 --port 0 --tls-cert-file tls/redis.pem --tls-key-file tls/redis.key --tls-ca-cert-file tls/ca.crt --tls-auth-clients no --daemonize yes
if [ $? -ne 0 ] ; then
echo "🧰 Redis start failed ❌"
exit 1
fi
echo "🧰 Redis started ✅"
fi
fi
echo "🧰 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🧰 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🧰 Up failed ❌"
echo "🧰 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🧰 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🧰 Start failed ❌"
exit 1
fi
fi
@ -90,37 +212,92 @@ do
# Check if stack is healthy
echo "🧰 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("redis-bw-1" "redis-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("redis-bw-1" "redis-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🧰 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🧰 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🧰 Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "🧰 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🧰 Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "🧰 ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "🧰 Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🧰 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🧰 Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛡️ Showing Geckodriver logs ..."
sudo cat geckodriver.log
fi
exit 1
else
echo "🧰 Test \"$test\" succeeded ✅"

2
tests/core/reversescan/docker-compose.test.yml
View file

@ -6,7 +6,7 @@ services:
environment:
PYTHONUNBUFFERED: "1"
USE_REVERSE_SCAN: "yes"
REVERSE_SCAN_PORTS: "22 80 443 3128 8000 8080"
REVERSE_SCAN_PORTS: "80"
REVERSE_SCAN_TIMEOUT: "500"
extra_hosts:
- "www.example.com:192.168.0.2"

2
tests/core/reversescan/docker-compose.yml
View file

@ -17,7 +17,7 @@ services:
# ? REVERSE_SCAN settings
USE_REVERSE_SCAN: "yes"
REVERSE_SCAN_PORTS: "22 80 443 3128 8000 8080"
REVERSE_SCAN_PORTS: "80"
REVERSE_SCAN_TIMEOUT: "500"
networks:
bw-universe:

22
tests/core/reversescan/main.py
View file

@ -1,3 +1,4 @@
from re import search
from time import sleep
from fastapi import FastAPI
from os import getenv
@ -7,15 +8,19 @@ from traceback import format_exc
from uvicorn import run
app = FastAPI()
fastapi_proc = Process(target=run, args=(app,), kwargs=dict(host="0.0.0.0", port=80))
fastapi_proc.start()
fastapi_proc = None
if getenv("TEST_TYPE", "docker") == "docker":
app = FastAPI()
fastapi_proc = Process(
target=run, args=(app,), kwargs=dict(host="0.0.0.0", port=80)
)
fastapi_proc.start()
sleep(1)
sleep(1)
try:
use_reverse_scan = getenv("USE_REVERSE_SCAN", "no") == "yes"
reverse_scan_ports = getenv("REVERSE_SCAN_PORTS", "22 80 443 3128 8000 8080")
use_reverse_scan = getenv("USE_REVERSE_SCAN", "yes") == "yes"
reverse_scan_ports = getenv("REVERSE_SCAN_PORTS", "80")
print(f" Trying to access http://www.example.com ...", flush=True)
status_code = get(
@ -26,7 +31,7 @@ try:
if status_code == 403:
pass
elif use_reverse_scan and " 80 " in reverse_scan_ports:
elif use_reverse_scan and search(r"\b80\b", reverse_scan_ports):
print(
"❌ Request didn't return 403, but reverse scan is enabled and port 80 is in the reverse scan ports list, exiting ...",
flush=True,
@ -40,4 +45,5 @@ except:
print(f"❌ Something went wrong, exiting ...\n{format_exc()}", flush=True)
exit(1)
finally:
fastapi_proc.terminate()
if fastapi_proc:
fastapi_proc.terminate()

184
tests/core/reversescan/test.sh
View file

@ -1,17 +1,36 @@
#!/bin/bash
echo "🕵️ Building reversescan stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🕵️ Pull failed ❌"
if [ -z "$integration" ] ; then
echo "🕵️ Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🕵️ Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🕵️ Build failed ❌"
exit 1
echo "🕵️ Building reversescan stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🕵️ Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🕵️ Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "USE_REVERSE_SCAN=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "REVERSE_SCAN_PORTS=80" | sudo tee -a /etc/bunkerweb/variables.env
echo "REVERSE_SCAN_TIMEOUT=500" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
export TEST_TYPE="linux"
fi
manual=0
@ -19,8 +38,15 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "no"@USE_REVERSE_SCAN: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REVERSE_SCAN_PORTS: ".*"$@REVERSE_SCAN_PORTS: "22 80 443 3128 8000 8080"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "no"@USE_REVERSE_SCAN: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@REVERSE_SCAN_PORTS: ".*"$@REVERSE_SCAN_PORTS: "80"@' {} \;
else
sudo sed -i 's@USE_REVERSE_SCAN=.*$@USE_REVERSE_SCAN=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@REVERSE_SCAN_PORTS=.*$@REVERSE_SCAN_PORTS=80@' /etc/bunkerweb/variables.env
unset USE_REVERSE_SCAN
unset REVERSE_SCAN_PORTS
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -28,10 +54,15 @@ cleanup_stack () {
echo "🕵️ Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🕵️ Down failed ❌"
echo "🕵️ Cleanup failed ❌"
exit 1
fi
@ -47,22 +78,40 @@ do
echo "🕵️ Running tests with default reverse scan ..."
elif [ "$test" = "tweaked_ports" ] ; then
echo "🕵️ Running tests while removing the 80 port being scanned ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@REVERSE_SCAN_PORTS: ".*"$@REVERSE_SCAN_PORTS: "22 443 3128 8000 8080"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@REVERSE_SCAN_PORTS: ".*"$@REVERSE_SCAN_PORTS: ""@' {} \;
else
sudo sed -i 's@REVERSE_SCAN_PORTS=.*$@REVERSE_SCAN_PORTS=@' /etc/bunkerweb/variables.env
export REVERSE_SCAN_PORTS=""
fi
elif [ "$test" = "deactivated" ] ; then
echo "🕵️ Running tests without the reverse scan ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "yes"@USE_REVERSE_SCAN: "no"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_REVERSE_SCAN: "yes"@USE_REVERSE_SCAN: "no"@' {} \;
else
sudo sed -i 's@USE_REVERSE_SCAN=.*$@USE_REVERSE_SCAN=no@' /etc/bunkerweb/variables.env
export USE_REVERSE_SCAN="no"
fi
fi
echo "🕵️ Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🕵️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🕵️ Up failed ❌"
echo "🕵️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🕵️ Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🕵️ Start failed ❌"
exit 1
fi
fi
@ -70,37 +119,90 @@ do
# Check if stack is healthy
echo "🕵️ Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("reversescan-bw-1" "reversescan-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("reversescan-bw-1" "reversescan-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🕵️ Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🕵️ Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🕵️ Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "🕵️ Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🕵️ Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "🕵️ ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "🕵️ Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🕵️ Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🕵️ Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🕵️ Test \"$test\" succeeded ✅"

7
tests/core/selfsigned/main.py
View file

@ -60,9 +60,12 @@ try:
common_name = certificate.subject.get_attributes_for_oid(
x509.oid.NameOID.COMMON_NAME
)[0].value
if common_name != self_signed_ssl_subj.replace("/", "").replace("CN=", ""):
check_self_signed_ssl_subj = self_signed_ssl_subj.replace("/", "").replace(
"CN=", ""
)
if common_name != check_self_signed_ssl_subj:
print(
f"❌ The SSL generation is enabled and the Common Name (CN) is not {self_signed_ssl_subj} but {common_name}, exiting ...",
f"❌ The SSL generation is enabled and the Common Name (CN) is not {check_self_signed_ssl_subj} but {common_name}, exiting ...",
flush=True,
)
exit(1)

2
tests/core/selfsigned/requirements.txt
View file

@ -1,2 +1,2 @@
requests==2.31.0
cryptography==41.0.3
cryptography==41.0.4

192
tests/core/selfsigned/test.sh
View file

@ -1,17 +1,35 @@
#!/bin/bash
echo "🔑 Building selfsigned stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🔑 Pull failed ❌"
if [ -z "$integration" ] ; then
echo "🔑 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🔑 Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🔑 Build failed ❌"
exit 1
echo "🔑 Building selfsigned stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🔑 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🔑 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "GENERATE_SELF_SIGNED_SSL=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "SELF_SIGNED_SSL_EXPIRY=365" | sudo tee -a /etc/bunkerweb/variables.env
echo "SELF_SIGNED_SSL_SUBJ=/CN=www.example.com/" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
fi
manual=0
@ -19,9 +37,18 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "yes"@GENERATE_SELF_SIGNED_SSL: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SELF_SIGNED_SSL_EXPIRY: "30"@SELF_SIGNED_SSL_EXPIRY: "365"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SELF_SIGNED_SSL_SUBJ: "/CN=example.com/"@SELF_SIGNED_SSL_SUBJ: "/CN=www.example.com/"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "yes"@GENERATE_SELF_SIGNED_SSL: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SELF_SIGNED_SSL_EXPIRY: "30"@SELF_SIGNED_SSL_EXPIRY: "365"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SELF_SIGNED_SSL_SUBJ: "/CN=example.com/"@SELF_SIGNED_SSL_SUBJ: "/CN=www.example.com/"@' {} \;
else
sudo sed -i 's@GENERATE_SELF_SIGNED_SSL=.*$@GENERATE_SELF_SIGNED_SSL=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@SELF_SIGNED_SSL_EXPIRY=.*$@SELF_SIGNED_SSL_EXPIRY=365@' /etc/bunkerweb/variables.env
sudo sed -i 's@SELF_SIGNED_SSL_SUBJ=.*$@SELF_SIGNED_SSL_SUBJ=/CN=www.example.com/@' /etc/bunkerweb/variables.env
unset GENERATE_SELF_SIGNED_SSL
unset SELF_SIGNED_SSL_EXPIRY
unset SELF_SIGNED_SSL_SUBJ
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -29,10 +56,15 @@ cleanup_stack () {
echo "🔑 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🔑 Down failed ❌"
echo "🔑 Cleanup failed ❌"
exit 1
fi
@ -48,23 +80,44 @@ do
echo "🔑 Running tests without selfsigned ..."
elif [ "$test" = "activated" ] ; then
echo "🔑 Running tests with selfsigned activated ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "no"@GENERATE_SELF_SIGNED_SSL: "yes"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@GENERATE_SELF_SIGNED_SSL: "no"@GENERATE_SELF_SIGNED_SSL: "yes"@' {} \;
else
sudo sed -i 's@GENERATE_SELF_SIGNED_SSL=.*$@GENERATE_SELF_SIGNED_SSL=yes@' /etc/bunkerweb/variables.env
export GENERATE_SELF_SIGNED_SSL="yes"
fi
elif [ "$test" = "tweaked_options" ] ; then
echo "🔑 Running tests with selfsigned's options tweaked ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@SELF_SIGNED_SSL_EXPIRY: "365"@SELF_SIGNED_SSL_EXPIRY: "30"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SELF_SIGNED_SSL_SUBJ: "/CN=www.example.com/"@SELF_SIGNED_SSL_SUBJ: "/CN=example.com/"@' {} \;
echo " Keeping the generated self-signed SSL certificate"
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@SELF_SIGNED_SSL_EXPIRY: "365"@SELF_SIGNED_SSL_EXPIRY: "30"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SELF_SIGNED_SSL_SUBJ: "/CN=www.example.com/"@SELF_SIGNED_SSL_SUBJ: "/CN=example.com/"@' {} \;
else
sudo sed -i 's@SELF_SIGNED_SSL_EXPIRY=.*$@SELF_SIGNED_SSL_EXPIRY=30@' /etc/bunkerweb/variables.env
sudo sed -i 's@SELF_SIGNED_SSL_SUBJ=.*$@SELF_SIGNED_SSL_SUBJ=/CN=example.com/@' /etc/bunkerweb/variables.env
export SELF_SIGNED_SSL_EXPIRY="30"
export SELF_SIGNED_SSL_SUBJ="/CN=example.com/"
fi
fi
echo "🔑 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🔑 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🔑 Up failed ❌"
echo "🔑 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🔑 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🔑 Start failed ❌"
exit 1
fi
fi
@ -72,37 +125,90 @@ do
# Check if stack is healthy
echo "🔑 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("selfsigned-bw-1" "selfsigned-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("selfsigned-bw-1" "selfsigned-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🔑 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🔑 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🔑 Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "🔑 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🔑 Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "🔑 ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "🔑 Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🔑 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🔑 Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🔑 Test \"$test\" succeeded ✅"

73
tests/core/sessions/main.py
View file

@ -1,5 +1,6 @@
from contextlib import suppress
from os import getenv
from subprocess import PIPE, run
from requests import get, post
from requests.exceptions import RequestException
from selenium import webdriver
@ -35,8 +36,9 @@ try:
firefox_options = Options()
firefox_options.add_argument("--headless")
sessions_secret = getenv("SESSIONS_SECRET", "random")
sessions_secret = getenv("SESSIONS_SECRET", "random") # TODO : also test the secret
sessions_name = getenv("SESSIONS_NAME", "random")
TEST_TYPE = getenv("TEST_TYPE", "docker")
first_cookie = None
print(" Starting Firefox ...", flush=True)
@ -58,19 +60,51 @@ try:
print(" Reloading BunkerWeb ...", flush=True)
response = post("http://192.168.0.2:5000/reload", headers={"Host": "bwapi"})
if TEST_TYPE == "docker":
response = post(
f"http://192.168.0.2:5000/reload",
headers={"Host": "bwapi"},
)
if response.status_code != 200:
print("❌ An error occurred when restarting BunkerWeb, exiting ...", flush=True)
exit(1)
if response.status_code != 200:
print(
"❌ An error occurred when restarting BunkerWeb, exiting ...", flush=True
)
exit(1)
data = response.json()
data = response.json()
if data["status"] != "success":
print("❌ An error occurred when restarting BunkerWeb, exiting ...", flush=True)
exit(1)
if data["status"] != "success":
print(
"❌ An error occurred when restarting BunkerWeb, exiting ...", flush=True
)
exit(1)
sleep(5)
sleep(5)
else:
proc = run(["sudo", "systemctl", "restart", "bunkerweb"], check=False)
if proc.returncode != 0:
print(
"❌ An error occurred when restarting BunkerWeb, exiting ...", flush=True
)
exit(1)
retries = 0
while (
not b"BunkerWeb is ready"
in run(
["sudo", "tail", "-n", "1", "/var/log/bunkerweb/error.log"],
stdout=PIPE,
check=True,
).stdout
) and retries < 10:
retries += 1
print(" Waiting for BunkerWeb to be ready, retrying in 5s ...")
sleep(5)
if retries >= 10:
print("❌ BunkerWeb took too long to be ready, exiting ...", flush=True)
exit(1)
print(" Starting Firefox again ...", flush=True)
with webdriver.Firefox(options=firefox_options) as driver:
@ -82,12 +116,19 @@ try:
cookie = driver.get_cookies()[0]
if sessions_name == "random" and first_cookie["name"] != cookie["name"]:
print(
"❌ The cookie name shouldn't have changed after a simple reload, exiting ...",
flush=True,
)
exit(1)
if sessions_name == "random":
if TEST_TYPE == "docker" and first_cookie["name"] != cookie["name"]:
print(
"❌ The cookie name should not have changed after a simple reload, exiting ...",
flush=True,
)
exit(1)
elif TEST_TYPE == "linux" and first_cookie["name"] == cookie["name"]:
print(
"❌ The cookie name should have changed after a full reload, exiting ...",
flush=True,
)
exit(1)
except SystemExit as e:
exit(e.code)
except:

190
tests/core/sessions/test.sh
View file

@ -1,17 +1,36 @@
#!/bin/bash
echo "🧳 Building sessions stack ..."
integration=$1
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🧳 Pull failed ❌"
if [ -z "$integration" ] ; then
echo "🧳 Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🧳 Integration \"$integration\" is not supported ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🧳 Build failed ❌"
exit 1
echo "🧳 Building sessions stack for integration \"$integration\" ..."
# Starting stack
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🧳 Pull failed ❌"
exit 1
fi
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🧳 Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "USE_ANTIBOT=cookie" | sudo tee -a /etc/bunkerweb/variables.env
echo "SESSIONS_SECRET=random" | sudo tee -a /etc/bunkerweb/variables.env
echo "SESSIONS_NAME=random" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
export TEST_TYPE="linux"
fi
manual=0
@ -19,8 +38,15 @@ end=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@SESSIONS_SECRET: ".*"$@SESSIONS_SECRET: "random"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SESSIONS_NAME: ".*"$@SESSIONS_NAME: "random"@' {} \;
if [ "$integration" = "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@SESSIONS_SECRET: ".*"$@SESSIONS_SECRET: "random"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SESSIONS_NAME: ".*"$@SESSIONS_NAME: "random"@' {} \;
else
sudo sed -i 's@SESSIONS_SECRET=.*$@SESSIONS_SECRET=random@' /etc/bunkerweb/variables.env
sudo sed -i 's@SESSIONS_NAME=.*$@SESSIONS_NAME=random@' /etc/bunkerweb/variables.env
unset SESSIONS_SECRET
unset SESSIONS_NAME
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -28,10 +54,15 @@ cleanup_stack () {
echo "🧳 Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🧳 Down failed ❌"
echo "🧳 Cleanup failed ❌"
exit 1
fi
@ -47,23 +78,43 @@ do
echo "🧳 Running tests with random secret and random name ..."
elif [ "$test" = "manual_name" ] ; then
echo "🧳 Running tests where session name is equal to \"test\" ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@SESSIONS_NAME: ".*"$@SESSIONS_NAME: "test"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@SESSIONS_NAME: ".*"$@SESSIONS_NAME: "test"@' {} \;
else
sudo sed -i 's@SESSIONS_NAME=.*$@SESSIONS_NAME=test@' /etc/bunkerweb/variables.env
export SESSIONS_NAME="test"
fi
elif [ "$test" = "manual_secret" ] ; then
echo "🧳 Running tests where session secret is equal to \"test\" ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@SESSIONS_NAME: ".*"$@SESSIONS_NAME: "random"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SESSIONS_SECRET: ".*"$@SESSIONS_SECRET: "test"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@SESSIONS_NAME: ".*"$@SESSIONS_NAME: "random"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@SESSIONS_SECRET: ".*"$@SESSIONS_SECRET: "test"@' {} \;
else
sudo sed -i 's@SESSIONS_NAME=.*$@SESSIONS_NAME=random@' /etc/bunkerweb/variables.env
sudo sed -i 's@SESSIONS_SECRET=.*$@SESSIONS_SECRET=test@' /etc/bunkerweb/variables.env
unset SESSIONS_NAME
export SESSIONS_SECRET="test"
fi
fi
echo "🧳 Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🧳 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🧳 Up failed ❌"
echo "🧳 Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🧳 Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🧳 Start failed ❌"
exit 1
fi
fi
@ -71,37 +122,92 @@ do
# Check if stack is healthy
echo "🧳 Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("sessions-bw-1" "sessions-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("sessions-bw-1" "sessions-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🧳 Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🧳 Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🧳 Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "🧳 Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🧳 Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "🧳 ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "🧳 Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🧳 Docker stack is not healthy ❌"
exit 1
fi
# Start tests
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up --abort-on-container-exit --exit-code-from tests
else
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🧳 Test \"$test\" failed ❌"
echo "🛡️ Showing BunkerWeb and BunkerWeb Scheduler logs ..."
docker compose logs bw bw-scheduler
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🛡️ Showing Geckodriver logs ..."
sudo cat geckodriver.log
fi
exit 1
else
echo "🧳 Test \"$test\" succeeded ✅"

11
tests/core/whitelist/api/main.py
View file

@ -1,3 +1,4 @@
from os import getenv
from fastapi import FastAPI
from fastapi.responses import PlainTextResponse
@ -7,7 +8,7 @@ app = FastAPI()
@app.get("/ip")
async def ip():
return PlainTextResponse("192.168.0.3\n10.0.0.0/8\n127.0.0.1/32")
return PlainTextResponse("192.168.0.3\n10.0.0.0/8\n127.0.0.0/24")
@app.get("/rdns")
@ -17,7 +18,7 @@ async def rdns():
@app.get("/asn")
async def asn():
return PlainTextResponse("1234\n13335\n5678")
return PlainTextResponse(f"1234\n{getenv('AS_NUMBER', '13335')}\n5678")
@app.get("/user_agent")
@ -28,3 +29,9 @@ async def user_agent():
@app.get("/uri")
async def uri():
return PlainTextResponse("/admin\n/login")
if __name__ == "__main__":
import uvicorn
uvicorn.run(app, host="127.0.0.1", port=8080)

15
tests/core/whitelist/init/main.py
View file

@ -1,8 +1,9 @@
from datetime import date
from gzip import GzipFile
from io import BytesIO
from pathlib import Path
from os import getenv, sep
from maxminddb import MODE_FD, open_database
from pathlib import Path
from requests import get
# Compute the mmdb URL
@ -18,7 +19,13 @@ with get(mmdb_url, stream=True) as resp:
file_content.write(chunk)
file_content.seek(0)
with open_database(GzipFile(fileobj=file_content, mode="rb"), mode=MODE_FD) as reader:
output_path = (
Path(sep, "output", "ip_asn.txt")
if getenv("TEST_TYPE", "docker") == "docker"
else Path(".", "ip_asn.txt")
)
with open_database(GzipFile(fileobj=file_content, mode="rb"), mode=MODE_FD) as reader: # type: ignore
dbip_asn = reader.get("1.0.0.3")
if not dbip_asn:
@ -26,8 +33,8 @@ with open_database(GzipFile(fileobj=file_content, mode="rb"), mode=MODE_FD) as r
exit(1)
print(
f"✅ ASN for IP 1.0.0.3 is {dbip_asn['autonomous_system_number']}, saving it to /output/ip_asn.txt",
f"✅ ASN for IP 1.0.0.3 is {dbip_asn['autonomous_system_number']}, saving it to {output_path}", # type: ignore
flush=True,
)
Path("/output/ip_asn.txt").write_text(str(dbip_asn["autonomous_system_number"]))
output_path.write_text(str(dbip_asn["autonomous_system_number"])) # type: ignore

8
tests/core/whitelist/main.py
View file

@ -47,7 +47,13 @@ try:
print(" Sending a request to http://www.example.com ...", flush=True)
status_code = get(
"http://www.example.com", headers={"Host": "www.example.com"}
"http://www.example.com",
headers={"Host": "www.example.com"}
| (
{"X-Forwarded-For": "1.0.0.3"}
if getenv("TEST_TYPE", "docker") == "linux" and _global
else {}
),
).status_code
print(f" Status code: {status_code}", flush=True)

439
tests/core/whitelist/test.sh
View file

@ -1,47 +1,109 @@
#!/bin/bash
echo "🏳️ Building whitelist stack ..."
integration=$1
if [ -z "$integration" ] ; then
echo "🏳️ Please provide an integration name as argument ❌"
exit 1
elif [ "$integration" != "docker" ] && [ "$integration" != "linux" ] ; then
echo "🏳️ Integration \"$integration\" is not supported ❌"
exit 1
fi
echo "🏳️ Building whitelist stack for integration \"$integration\" ..."
# Starting stack
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🏳️ Pull failed ❌"
exit 1
fi
if [ "$integration" = "docker" ] ; then
docker compose pull bw-docker
if [ $? -ne 0 ] ; then
echo "🏳️ Pull failed ❌"
exit 1
fi
echo "🏳️ Building custom api image ..."
docker compose build whitelist-api
if [ $? -ne 0 ] ; then
echo "🏳️ Build failed ❌"
exit 1
fi
echo "🏳️ Building custom api image ..."
docker compose build whitelist-api
if [ $? -ne 0 ] ; then
echo "🏳️ Build failed ❌"
exit 1
fi
echo "🏳️ Building tests images ..."
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🏳️ Build failed ❌"
exit 1
echo "🏳️ Building tests images ..."
docker compose -f docker-compose.test.yml build
if [ $? -ne 0 ] ; then
echo "🏳️ Build failed ❌"
exit 1
fi
else
sudo systemctl stop bunkerweb
echo "USE_REAL_IP=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "REAL_IP_FROM=127.0.0.0/24" | sudo tee -a /etc/bunkerweb/variables.env
sudo sed -i 's@USE_BLACKLIST=.*$@USE_BLACKLIST=yes@' /etc/bunkerweb/variables.env
echo "BLACKLIST_IP=0.0.0.0/0" | sudo tee -a /etc/bunkerweb/variables.env
echo "BLACKLIST_IP_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "USE_WHITELIST=no" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_IP=" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_IP_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_RDNS_GLOBAL=yes" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_RDNS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_RDNS_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_ASN=" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_ASN_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_USER_AGENT=" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_USER_AGENT_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_URI=" | sudo tee -a /etc/bunkerweb/variables.env
echo "WHITELIST_URI_URLS=" | sudo tee -a /etc/bunkerweb/variables.env
sudo touch /var/www/html/index.html
export TEST_TYPE="linux"
fi
manual=0
end=0
as_number=0
AS_NUMBER=0
cleanup_stack () {
exit_code=$?
if [[ $end -eq 1 || $exit_code = 1 ]] || [[ $end -eq 0 && $exit_code = 0 ]] && [ $manual = 0 ] ; then
rm -rf init/output
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_WHITELIST: "yes"@USE_WHITELIST: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP: "192.168.0.0/24"@WHITELIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP_URLS: "http://whitelist-api:8080/ip"@WHITELIST_IP_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS_GLOBAL: "no"@WHITELIST_RDNS_GLOBAL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS: ".bw-services"@WHITELIST_RDNS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS_URLS: "http://whitelist-api:8080/rdns"@WHITELIST_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN: "[0-9]*"@WHITELIST_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN_URLS: "http://whitelist-api:8080/asn"@WHITELIST_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT: "BunkerBot"@WHITELIST_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT_URLS: "http://whitelist-api:8080/user_agent"@WHITELIST_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_URI: "/admin"@WHITELIST_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_URI_URLS: "http://whitelist-api:8080/uri"@WHITELIST_URI_URLS: ""@' {} \;
if [ "$integration" = "docker" ] ; then
rm -rf init/output
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_WHITELIST: "yes"@USE_WHITELIST: "no"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP: "192.168.0.0/24"@WHITELIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP_URLS: "http://whitelist-api:8080/ip"@WHITELIST_IP_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS_GLOBAL: "no"@WHITELIST_RDNS_GLOBAL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS: ".bw-services"@WHITELIST_RDNS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS_URLS: "http://whitelist-api:8080/rdns"@WHITELIST_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN: "[0-9]*"@WHITELIST_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN_URLS: "http://whitelist-api:8080/asn"@WHITELIST_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT: "BunkerBot"@WHITELIST_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT_URLS: "http://whitelist-api:8080/user_agent"@WHITELIST_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_URI: "/admin"@WHITELIST_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_URI_URLS: "http://whitelist-api:8080/uri"@WHITELIST_URI_URLS: ""@' {} \;
else
sudo sed -i 's@USE_WHITELIST=.*$@USE_WHITELIST=no@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_IP=.*$@WHITELIST_IP=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_IP_URLS=.*$@WHITELIST_IP_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_RDNS_GLOBAL=.*$@WHITELIST_RDNS_GLOBAL=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_RDNS=.*$@WHITELIST_RDNS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_RDNS_URLS=.*$@WHITELIST_RDNS_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_ASN=.*$@WHITELIST_ASN=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_ASN_URLS=.*$@WHITELIST_ASN_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_USER_AGENT=.*$@WHITELIST_USER_AGENT=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_USER_AGENT_URLS=.*$@WHITELIST_USER_AGENT_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_URI=.*$@WHITELIST_URI=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_URI_URLS=.*$@WHITELIST_URI_URLS=@' /etc/bunkerweb/variables.env
unset USE_WHITELIST
unset WHITELIST_IP
unset WHITELIST_IP_URLS
unset WHITELIST_RDNS_GLOBAL
unset WHITELIST_RDNS
unset WHITELIST_RDNS_URLS
unset WHITELIST_ASN
unset WHITELIST_ASN_URLS
unset WHITELIST_USER_AGENT
unset WHITELIST_USER_AGENT_URLS
unset WHITELIST_URI
unset WHITELIST_URI_URLS
sudo killall python3
fi
if [[ $end -eq 1 && $exit_code = 0 ]] ; then
return
fi
@ -49,10 +111,15 @@ cleanup_stack () {
echo "🏳️ Cleaning up current stack ..."
docker compose down -v --remove-orphans
if [ "$integration" == "docker" ] ; then
docker compose down -v --remove-orphans
else
sudo systemctl stop bunkerweb
sudo truncate -s 0 /var/log/bunkerweb/error.log
fi
if [ $? -ne 0 ] ; then
echo "🏳️ Down failed ❌"
echo "🏳️ Cleanup failed ❌"
exit 1
fi
@ -63,89 +130,186 @@ cleanup_stack () {
trap cleanup_stack EXIT
echo "🏳️ Initializing workspace ..."
rm -rf init/output
mkdir -p init/output
docker compose -f docker-compose.init.yml up --build
if [ $? -ne 0 ] ; then
echo "🏳️ Build failed ❌"
exit 1
elif ! [[ -f "init/output/ip_asn.txt" ]]; then
echo "🏳️ ip_asn.txt not found ❌"
exit 1
if [ "$integration" == "docker" ] ; then
rm -rf init/output
mkdir -p init/output
docker compose -f docker-compose.init.yml up --build
if [ $? -ne 0 ] ; then
echo "🏳️ Init failed ❌"
exit 1
elif ! [[ -f "init/output/ip_asn.txt" ]]; then
echo "🏳️ ip_asn.txt not found ❌"
exit 1
fi
AS_NUMBER=$(cat init/output/ip_asn.txt)
rm -rf init/output
else
echo "🏳️ Starting init ..."
python3 init/main.py
if [ $? -ne 0 ] ; then
echo "🏳️ Init failed ❌"
exit 1
elif ! [[ -f "ip_asn.txt" ]]; then
echo "🏳️ ip_asn.txt not found ❌"
exit 1
fi
AS_NUMBER=$(cat ip_asn.txt)
fi
as_number=$(cat init/output/ip_asn.txt)
if [[ $as_number = "" ]]; then
if [[ $AS_NUMBER = "" ]]; then
echo "🏳️ AS number not found ❌"
exit 1
fi
rm -rf init/output
export AS_NUMBER
for test in "deactivated" "ip" "ip_urls" "rdns" "rdns_global" "rdns_urls" "asn" "asn_urls" "user_agent" "user_agent_urls" "uri" "uri_urls"
if [ "$integration" == "docker" ] ; then
sudo sed -i 's@AS_NUMBER: ".*"$@AS_NUMBER: "'"$AS_NUMBER"'"@' docker-compose.yml
else
echo "🏳️ Starting api ..."
python3 api/main.py &
fi
tests="deactivated ip ip_urls asn asn_urls user_agent user_agent_urls uri uri_urls"
if [ "$integration" == "docker" ] ; then
tests="deactivated ip ip_urls rdns rdns_global rdns_urls asn asn_urls user_agent user_agent_urls uri uri_urls"
fi
for test in $tests
do
if [ "$test" = "deactivated" ] ; then
echo "🏳️ Running tests when the whitelist is deactivated ..."
echo "🏳️ Running tests when the whitelist is deactivated ..."
echo " Activating the blacklist and banning 0.0.0.0/0 network for all the future tests ..."
elif [ "$test" = "ip" ] ; then
echo "🏳️ Running tests with the network 192.168.0.0/24 in the white list ..."
echo " Activating the whitelist for all the future tests ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_WHITELIST: "no"@USE_WHITELIST: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP: ""@WHITELIST_IP: "192.168.0.0/24"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏳️ Running tests with the network 192.168.0.0/24 in the white list ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@USE_WHITELIST: "no"@USE_WHITELIST: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP: ""@WHITELIST_IP: "192.168.0.0/24"@' {} \;
else
echo "🏳️ Running tests with the network 127.0.0.0/24 in the white list ..."
sudo sed -i 's@USE_WHITELIST=.*$@USE_WHITELIST=yes@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_IP=.*$@WHITELIST_IP=127.0.0.0/24@' /etc/bunkerweb/variables.env
export USE_WHITELIST="yes"
export WHITELIST_IP="127.0.0.0/24"
fi
elif [ "$test" = "ip_urls" ] ; then
echo "🏳️ Running tests with whitelist's ip url set to http://whitelist-api:8080/ip ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP: "192.168.0.0/24"@WHITELIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP_URLS: ""@WHITELIST_IP_URLS: "http://whitelist-api:8080/ip"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏳️ Running tests with whitelist's ip url set to http://whitelist-api:8080/ip ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP: "192.168.0.0/24"@WHITELIST_IP: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP_URLS: ""@WHITELIST_IP_URLS: "http://whitelist-api:8080/ip"@' {} \;
else
echo "🏳️ Running tests with whitelist's ip url set to http://127.0.0.1:8080/ip ..."
sudo sed -i 's@WHITELIST_IP=.*$@WHITELIST_IP=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_IP_URLS=.*$@WHITELIST_IP_URLS=http://127.0.0.1:8080/ip@' /etc/bunkerweb/variables.env
unset WHITELIST_IP
export WHITELIST_IP_URLS="http://127.0.0.1:8080/ip"
fi
elif [ "$test" = "rdns" ] ; then
echo "🏳️ Running tests with whitelist's rdns set to .bw-services ..."
echo "🏳️ Running tests with whitelist's rdns set to .bw-services ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_IP_URLS: "http://whitelist-api:8080/ip"@WHITELIST_IP_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS: ""@WHITELIST_RDNS: ".bw-services"@' {} \;
elif [ "$test" = "rdns_global" ] ; then
echo "🏳️ Running tests when whitelist's rdns also scans local ip addresses ..."
echo "🏳️ Running tests when whitelist's rdns also scans local ip addresses ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS_GLOBAL: "yes"@WHITELIST_RDNS_GLOBAL: "no"@' {} \;
elif [ "$test" = "rdns_urls" ] ; then
echo "🏳️ Running tests with whitelist's rdns url set to http://whitelist-api:8080/rdns ..."
echo "🏳️ Running tests with whitelist's rdns url set to http://whitelist-api:8080/rdns ..."
echo " Keeping the rdns also scanning local ip addresses ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS: ".bw-services"@WHITELIST_RDNS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS_URLS: ""@WHITELIST_RDNS_URLS: "http://whitelist-api:8080/rdns"@' {} \;
elif [ "$test" = "asn" ] ; then
echo "🏳️ Running tests with whitelist's asn set to $as_number ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS_GLOBAL: "no"@WHITELIST_RDNS_GLOBAL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS_URLS: "http://whitelist-api:8080/rdns"@WHITELIST_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN: ""@WHITELIST_ASN: "'"$as_number"'"@' {} \;
echo "🏳️ Running tests with whitelist's asn set to $AS_NUMBER ..."
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS_GLOBAL: "no"@WHITELIST_RDNS_GLOBAL: "yes"@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_RDNS_URLS: "http://whitelist-api:8080/rdns"@WHITELIST_RDNS_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN: ""@WHITELIST_ASN: "'"$AS_NUMBER"'"@' {} \;
else
sudo sed -i 's@WHITELIST_IP_URLS=.*$@WHITELIST_IP_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_ASN=.*$@WHITELIST_ASN='"$AS_NUMBER"'@' /etc/bunkerweb/variables.env
unset WHITELIST_IP_URLS
export WHITELIST_ASN="$AS_NUMBER"
fi
elif [ "$test" = "asn_urls" ] ; then
echo "🏳️ Running tests with whitelist's asn url set to http://whitelist-api:8080/asn ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN: "'"$as_number"'"@WHITELIST_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN_URLS: ""@WHITELIST_ASN_URLS: "http://whitelist-api:8080/asn"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏳️ Running tests with whitelist's asn url set to http://whitelist-api:8080/asn ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN: "'"$AS_NUMBER"'"@WHITELIST_ASN: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN_URLS: ""@WHITELIST_ASN_URLS: "http://whitelist-api:8080/asn"@' {} \;
else
echo "🏳️ Running tests with whitelist's asn url set to http://127.0.0.1:8080/asn ..."
sudo sed -i 's@WHITELIST_ASN=.*$@WHITELIST_ASN=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_ASN_URLS=.*$@WHITELIST_ASN_URLS=http://127.0.0.1:8080/asn@' /etc/bunkerweb/variables.env
unset WHITELIST_ASN
export WHITELIST_ASN_URLS="http://127.0.0.1:8080/asn"
fi
elif [ "$test" = "user_agent" ] ; then
echo "🏳️ Running tests with whitelist's user_agent set to BunkerBot ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN_URLS: "http://whitelist-api:8080/asn"@WHITELIST_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT: ""@WHITELIST_USER_AGENT: "BunkerBot"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_ASN_URLS: "http://whitelist-api:8080/asn"@WHITELIST_ASN_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT: ""@WHITELIST_USER_AGENT: "BunkerBot"@' {} \;
else
sudo sed -i 's@WHITELIST_ASN_URLS=.*$@WHITELIST_ASN_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_USER_AGENT=.*$@WHITELIST_USER_AGENT=BunkerBot@' /etc/bunkerweb/variables.env
unset WHITELIST_ASN_URLS
export WHITELIST_USER_AGENT="BunkerBot"
fi
elif [ "$test" = "user_agent_urls" ] ; then
echo "🏳️ Running tests with whitelist's user_agent url set to http://whitelist-api:8080/user_agent ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT: "BunkerBot"@WHITELIST_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT_URLS: ""@WHITELIST_USER_AGENT_URLS: "http://whitelist-api:8080/user_agent"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏳️ Running tests with whitelist's user_agent url set to http://whitelist-api:8080/user_agent ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT: "BunkerBot"@WHITELIST_USER_AGENT: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT_URLS: ""@WHITELIST_USER_AGENT_URLS: "http://whitelist-api:8080/user_agent"@' {} \;
else
echo "🏳️ Running tests with whitelist's user_agent url set to http://127.0.0.1:8080/user_agent ..."
sudo sed -i 's@WHITELIST_USER_AGENT=.*$@WHITELIST_USER_AGENT=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_USER_AGENT_URLS=.*$@WHITELIST_USER_AGENT_URLS=http://127.0.0.1:8080/user_agent@' /etc/bunkerweb/variables.env
unset WHITELIST_USER_AGENT
export WHITELIST_USER_AGENT_URLS="http://127.0.0.1:8080/user_agent"
fi
elif [ "$test" = "uri" ] ; then
echo "🏳️ Running tests with whitelist's uri set to /admin ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT_URLS: "http://whitelist-api:8080/user_agent"@WHITELIST_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_URI: ""@WHITELIST_URI: "/admin"@' {} \;
if [ "$integration" == "docker" ] ; then
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_USER_AGENT_URLS: "http://whitelist-api:8080/user_agent"@WHITELIST_USER_AGENT_URLS: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_URI: ""@WHITELIST_URI: "/admin"@' {} \;
else
sudo sed -i 's@WHITELIST_USER_AGENT_URLS=.*$@WHITELIST_USER_AGENT_URLS=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_URI=.*$@WHITELIST_URI=/admin@' /etc/bunkerweb/variables.env
unset WHITELIST_USER_AGENT_URLS
export WHITELIST_URI="/admin"
fi
elif [ "$test" = "uri_urls" ] ; then
echo "🏳️ Running tests with whitelist's uri url set to http://whitelist-api:8080/uri ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_URI: "/admin"@WHITELIST_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_URI_URLS: ""@WHITELIST_URI_URLS: "http://whitelist-api:8080/uri"@' {} \;
if [ "$integration" == "docker" ] ; then
echo "🏳️ Running tests with whitelist's uri url set to http://whitelist-api:8080/uri ..."
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_URI: "/admin"@WHITELIST_URI: ""@' {} \;
find . -type f -name 'docker-compose.*' -exec sed -i 's@WHITELIST_URI_URLS: ""@WHITELIST_URI_URLS: "http://whitelist-api:8080/uri"@' {} \;
else
echo "🏳️ Running tests with whitelist's uri url set to http://127.0.0.1:8080/uri ..."
sudo sed -i 's@WHITELIST_URI=.*$@WHITELIST_URI=@' /etc/bunkerweb/variables.env
sudo sed -i 's@WHITELIST_URI_URLS=.*$@WHITELIST_URI_URLS=http://127.0.0.1:8080/uri@' /etc/bunkerweb/variables.env
unset WHITELIST_URI
export WHITELIST_URI_URLS="http://127.0.0.1:8080/uri"
fi
fi
echo "🏳️ Starting stack ..."
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🏳️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
if [ "$integration" == "docker" ] ; then
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🏳️ Up failed ❌"
echo "🏳️ Up failed, retrying ... ⚠️"
manual=1
cleanup_stack
manual=0
docker compose up -d
if [ $? -ne 0 ] ; then
echo "🏳️ Up failed ❌"
exit 1
fi
fi
else
sudo systemctl start bunkerweb
if [ $? -ne 0 ] ; then
echo "🏳️ Start failed ❌"
exit 1
fi
fi
@ -153,27 +317,68 @@ do
# Check if stack is healthy
echo "🏳️ Waiting for stack to be healthy ..."
i=0
while [ $i -lt 120 ] ; do
containers=("whitelist-bw-1" "whitelist-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
if [ "$integration" == "docker" ] ; then
while [ $i -lt 120 ] ; do
containers=("whitelist-bw-1" "whitelist-bw-scheduler-1")
healthy="true"
for container in "${containers[@]}" ; do
check="$(docker inspect --format "{{json .State.Health }}" $container | grep "healthy")"
if [ "$check" = "" ] ; then
healthy="false"
break
fi
done
if [ "$healthy" = "true" ] ; then
echo "🏳️ Docker stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ "$healthy" = "true" ] ; then
echo "🏳️ Docker stack is healthy ✅"
break
if [ $i -ge 120 ] ; then
docker compose logs
echo "🏳️ Docker stack is not healthy ❌"
exit 1
fi
else
healthy="false"
retries=0
while [[ $healthy = "false" && $retries -lt 5 ]] ; do
while [ $i -lt 120 ] ; do
if sudo grep -q "BunkerWeb is ready" "/var/log/bunkerweb/error.log" ; then
echo "🏳️ Linux stack is healthy ✅"
break
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
echo "🏳️ Linux stack is not healthy ❌"
exit 1
fi
if ! [ -z "$(sudo journalctl -u bunkerweb --no-pager | grep "SYSTEMCTL - ❌")" ] ; then
echo "🏳️ ⚠ Linux stack got an issue, restarting ..."
sudo journalctl --rotate
sudo journalctl --vacuum-time=1s
manual=1
cleanup_stack
manual=0
sudo systemctl start bunkerweb
retries=$((retries+1))
else
healthy="true"
fi
done
if [ $retries -ge 5 ] ; then
echo "🏳️ Linux stack could not be healthy ❌"
exit 1
fi
sleep 1
i=$((i+1))
done
if [ $i -ge 120 ] ; then
docker compose logs
echo "🏳️ Docker stack is not healthy ❌"
exit 1
fi
# Start tests
@ -181,26 +386,56 @@ do
if ! [[ "$test" = "user_agent" || "$test" = "user_agent_urls" || "$test" = "uri" || "$test" = "uri_urls" ]] ; then
echo "🏳️ Running global container tests ..."
docker compose -f docker-compose.test.yml up global-tests --abort-on-container-exit --exit-code-from global-tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up global-tests --abort-on-container-exit --exit-code-from global-tests
else
export GLOBAL="1"
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🏳️ Test \"$test\" failed for global tests ❌"
echo "🛡️ Showing BunkerWeb, BunkerWeb Scheduler and Custom API logs ..."
docker compose logs bw bw-scheduler whitelist-api
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler whitelist-api
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🏳️ Test \"$test\" succeeded for global tests ✅"
fi
if [ "$integration" == "linux" ] ; then
sleep 1
fi
fi
echo "🏳️ Running local container tests ..."
docker compose -f docker-compose.test.yml up local-tests --abort-on-container-exit --exit-code-from local-tests
if [ "$integration" == "docker" ] ; then
docker compose -f docker-compose.test.yml up local-tests --abort-on-container-exit --exit-code-from local-tests
else
unset GLOBAL
python3 main.py
fi
if [ $? -ne 0 ] ; then
echo "🏳️ Test \"$test\" failed for local tests ❌"
echo "🛡️ Showing BunkerWeb, BunkerWeb Scheduler and Custom API logs ..."
docker compose logs bw bw-scheduler whitelist-api
if [ "$integration" == "docker" ] ; then
docker compose logs bw bw-scheduler whitelist-api
else
sudo journalctl -u bunkerweb --no-pager
echo "🛡️ Showing BunkerWeb error logs ..."
sudo cat /var/log/bunkerweb/error.log
echo "🛡️ Showing BunkerWeb access logs ..."
sudo cat /var/log/bunkerweb/access.log
fi
exit 1
else
echo "🏳️ Test \"$test\" succeeded for local tests ✅"

BIN
tests/ui/discord.zip
View file

Binary file not shown.

2
tests/ui/docker-compose.yml
View file

@ -12,6 +12,7 @@ services:
MULTISITE: "yes"
HTTP_PORT: "80"
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
LOG_LEVEL: "info"
USE_BUNKERNET: "no"
USE_BLACKLIST: "no"
DISABLE_DEFAULT_SERVER: "yes"
@ -79,6 +80,7 @@ services:
volumes:
bw-data:
networks:
bw-universe:
name: bw-universe

BIN
tests/ui/geckodriver
View file

Binary file not shown.

227
tests/ui/main.py
View file

@ -1,8 +1,10 @@
from contextlib import suppress
from datetime import datetime, timedelta
from os import listdir
from functools import partial
from os import getenv, listdir
from os.path import join
from pathlib import Path
from subprocess import PIPE, run
from time import sleep
from traceback import format_exc
from typing import List, Union
@ -43,6 +45,8 @@ while not ready:
print("UI is ready, starting tests ...", flush=True)
TEST_TYPE = getenv("TEST_TYPE", "docker")
firefox_options = Options()
if "geckodriver" not in listdir(Path.cwd()):
firefox_options.add_argument("--headless")
@ -161,14 +165,21 @@ def access_page(
)
with webdriver.Firefox(
service=Service(
executable_path="./geckodriver"
if "geckodriver" in listdir(Path.cwd())
else "/usr/local/bin/geckodriver"
),
options=firefox_options,
) as driver:
driver_func = partial(webdriver.Firefox, options=firefox_options)
if TEST_TYPE == "dev":
driver_func = partial(
webdriver.Firefox,
service=Service(
Service(
executable_path="./geckodriver"
if "geckodriver" in listdir(Path.cwd())
else "/usr/local/bin/geckodriver"
)
),
options=firefox_options,
)
with webdriver.Firefox(options=firefox_options) as driver:
try:
driver.delete_all_cookies()
driver.maximize_window()
@ -268,8 +279,9 @@ with webdriver.Firefox(
no_errors = True
retries = 0
action = "reload" if TEST_TYPE == "docker" else "restart"
while no_errors:
print("Trying to reload BunkerWeb instance ...", flush=True)
print(f"Trying to {action} BunkerWeb instance ...", flush=True)
try:
form = WebDriverWait(driver, 2).until(
@ -285,17 +297,17 @@ with webdriver.Firefox(
access_page(
driver,
driver_wait,
"//form[starts-with(@id, 'form-instance-')]//button[@value='reload']",
f"//form[starts-with(@id, 'form-instance-')]//button[@value='{action}']",
"instances",
False,
)
print(
"Instance was reloaded successfully, checking the message ...",
f"Instance was {action}ed successfully, checking the message ...",
flush=True,
)
assert_alert_message(driver, "has been reloaded")
assert_alert_message(driver, f"has been {action}ed")
no_errors = False
except:
@ -307,6 +319,24 @@ with webdriver.Firefox(
"WARNING: message list doesn't contain the expected message or is empty, retrying..."
)
if TEST_TYPE == "linux":
retries = 0
while (
not b"BunkerWeb is ready"
in run(
["sudo", "tail", "-n", "1", "/var/log/bunkerweb/error.log"],
stdout=PIPE,
check=True,
).stdout
) and retries < 10:
retries += 1
print("Waiting for BunkerWeb to be ready, retrying in 5s ...")
sleep(5)
if retries >= 10:
print("BunkerWeb took too long to be ready, exiting ...", flush=True)
exit(1)
print("Trying global config page ...")
access_page(
@ -409,6 +439,24 @@ with webdriver.Firefox(
False,
)
if TEST_TYPE == "linux":
retries = 0
while (
not b"BunkerWeb is ready"
in run(
["sudo", "tail", "-n", "1", "/var/log/bunkerweb/error.log"],
stdout=PIPE,
check=True,
).stdout
) and retries < 10:
retries += 1
print("Waiting for BunkerWeb to be ready, retrying in 5s ...")
sleep(5)
if retries >= 10:
print("BunkerWeb took too long to be ready, exiting ...", flush=True)
exit(1)
input_worker = safe_get_element(driver, By.ID, "WORKER_RLIMIT_NOFILE")
if input_worker.get_attribute("value") != "4096":
@ -563,6 +611,24 @@ with webdriver.Firefox(
False,
)
if TEST_TYPE == "linux":
retries = 0
while (
not b"BunkerWeb is ready"
in run(
["sudo", "tail", "-n", "1", "/var/log/bunkerweb/error.log"],
stdout=PIPE,
check=True,
).stdout
) and retries < 10:
retries += 1
print("Waiting for BunkerWeb to be ready, retrying in 5s ...")
sleep(5)
if retries >= 10:
print("BunkerWeb took too long to be ready, exiting ...", flush=True)
exit(1)
print(
"The page reloaded successfully, checking if the setting has been updated ...",
flush=True,
@ -613,24 +679,25 @@ with webdriver.Firefox(
assert_button_click(driver, "//button[@data-services-action='new']")
server_name_input: WebElement = safe_get_element(driver, By.ID, "SERVER_NAME")
server_name_input: WebElement = safe_get_element(driver, By.ID, "SERVER_NAME") # type: ignore
server_name_input.clear()
server_name_input.send_keys("app1.example.com")
assert_button_click(driver, "//button[@data-tab-handler='reverseproxy']")
if TEST_TYPE == "docker":
assert_button_click(driver, "//button[@data-tab-handler='reverseproxy']")
assert_button_click(
driver, safe_get_element(driver, By.ID, "USE_REVERSE_PROXY")
)
assert_button_click(
driver, safe_get_element(driver, By.ID, "USE_REVERSE_PROXY")
)
assert_button_click(
driver, "//button[@data-services-multiple-add='reverse-proxy']"
)
assert_button_click(
driver, "//button[@data-services-multiple-add='reverse-proxy']"
)
safe_get_element(driver, By.ID, "REVERSE_PROXY_HOST").send_keys(
"http://app1:8080"
)
safe_get_element(driver, By.ID, "REVERSE_PROXY_URL").send_keys("/")
safe_get_element(driver, By.ID, "REVERSE_PROXY_HOST").send_keys(
"http://app1:8080"
)
safe_get_element(driver, By.ID, "REVERSE_PROXY_URL").send_keys("/")
access_page(
driver,
@ -640,6 +707,24 @@ with webdriver.Firefox(
False,
)
if TEST_TYPE == "linux":
retries = 0
while (
not b"BunkerWeb is ready"
in run(
["sudo", "tail", "-n", "1", "/var/log/bunkerweb/error.log"],
stdout=PIPE,
check=True,
).stdout
) and retries < 10:
retries += 1
print("Waiting for BunkerWeb to be ready, retrying in 5s ...")
sleep(5)
if retries >= 10:
print("BunkerWeb took too long to be ready, exiting ...", flush=True)
exit(1)
try:
services = safe_get_element(
driver,
@ -741,6 +826,24 @@ with webdriver.Firefox(
False,
)
if TEST_TYPE == "linux":
retries = 0
while (
not b"BunkerWeb is ready"
in run(
["sudo", "tail", "-n", "1", "/var/log/bunkerweb/error.log"],
stdout=PIPE,
check=True,
).stdout
) and retries < 10:
retries += 1
print("Waiting for BunkerWeb to be ready, retrying in 5s ...")
sleep(5)
if retries >= 10:
print("BunkerWeb took too long to be ready, exiting ...", flush=True)
exit(1)
assert_alert_message(driver, "has been deleted.")
print(
@ -810,6 +913,24 @@ location /hello {
False,
)
if TEST_TYPE == "linux":
retries = 0
while (
not b"BunkerWeb is ready"
in run(
["sudo", "tail", "-n", "1", "/var/log/bunkerweb/error.log"],
stdout=PIPE,
check=True,
).stdout
) and retries < 10:
retries += 1
print("Waiting for BunkerWeb to be ready, retrying in 5s ...")
sleep(5)
if retries >= 10:
print("BunkerWeb took too long to be ready, exiting ...", flush=True)
exit(1)
assert_alert_message(driver, "was successfully created")
sleep(30)
@ -832,7 +953,7 @@ location /hello {
exit(1)
print(
"The config has been created and is working, trying to edit it ...",
"The config has been created and is working, trying to delete it ...",
flush=True,
)
@ -857,6 +978,24 @@ location /hello {
False,
)
if TEST_TYPE == "linux":
retries = 0
while (
not b"BunkerWeb is ready"
in run(
["sudo", "tail", "-n", "1", "/var/log/bunkerweb/error.log"],
stdout=PIPE,
check=True,
).stdout
) and retries < 10:
retries += 1
print("Waiting for BunkerWeb to be ready, retrying in 5s ...")
sleep(5)
if retries >= 10:
print("BunkerWeb took too long to be ready, exiting ...", flush=True)
exit(1)
assert_alert_message(driver, "was successfully deleted")
print("The config has been deleted, trying plugins page ...", flush=True)
@ -929,6 +1068,24 @@ location /hello {
False,
)
if TEST_TYPE == "linux":
retries = 0
while (
not b"BunkerWeb is ready"
in run(
["sudo", "tail", "-n", "1", "/var/log/bunkerweb/error.log"],
stdout=PIPE,
check=True,
).stdout
) and retries < 10:
retries += 1
print("Waiting for BunkerWeb to be ready, retrying in 5s ...")
sleep(5)
if retries >= 10:
print("BunkerWeb took too long to be ready, exiting ...", flush=True)
exit(1)
external_plugins = safe_get_element(
driver,
By.XPATH,
@ -955,6 +1112,24 @@ location /hello {
False,
)
if TEST_TYPE == "linux":
retries = 0
while (
not b"BunkerWeb is ready"
in run(
["sudo", "tail", "-n", "1", "/var/log/bunkerweb/error.log"],
stdout=PIPE,
check=True,
).stdout
) and retries < 10:
retries += 1
print("Waiting for BunkerWeb to be ready, retrying in 5s ...")
sleep(5)
if retries >= 10:
print("BunkerWeb took too long to be ready, exiting ...", flush=True)
exit(1)
with suppress(TimeoutException):
title = WebDriverWait(driver, 2).until(
EC.presence_of_element_located(

Some files were not shown because too many files have changed in this diff Show more