check_http.t 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415
  1. #! /usr/bin/perl -w -I ..
  2. #
  3. # Test check_http by having an actual HTTP server running
  4. #
  5. # To create the https server certificate:
  6. # openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes
  7. # Country Name (2 letter code) [AU]:UK
  8. # State or Province Name (full name) [Some-State]:Derbyshire
  9. # Locality Name (eg, city) []:Belper
  10. # Organization Name (eg, company) [Internet Widgits Pty Ltd]:Monitoring Plugins
  11. # Organizational Unit Name (eg, section) []:
  12. # Common Name (eg, YOUR name) []:Ton Voon
  13. # Email Address []:tonvoon@mac.com
  14. use strict;
  15. use Test::More;
  16. use NPTest;
  17. use FindBin qw($Bin);
  18. $ENV{'LC_TIME'} = "C";
  19. my $common_tests = 70;
  20. my $ssl_only_tests = 8;
  21. # Check that all dependent modules are available
  22. eval "use HTTP::Daemon 6.01;";
  23. plan skip_all => 'HTTP::Daemon >= 6.01 required' if $@;
  24. eval {
  25. require HTTP::Status;
  26. require HTTP::Response;
  27. };
  28. if ($@) {
  29. plan skip_all => "Missing required module for test: $@";
  30. } else {
  31. if (-x "./check_http") {
  32. plan tests => $common_tests * 2 + $ssl_only_tests;
  33. } else {
  34. plan skip_all => "No check_http compiled";
  35. }
  36. }
  37. my $servers = { http => 0 }; # HTTP::Daemon should always be available
  38. eval { require HTTP::Daemon::SSL };
  39. if ($@) {
  40. diag "Cannot load HTTP::Daemon::SSL: $@";
  41. } else {
  42. $servers->{https} = 0;
  43. }
  44. # set a fixed version, so the header size doesn't vary
  45. $HTTP::Daemon::VERSION = "1.00";
  46. my $port_http = 50000 + int(rand(1000));
  47. my $port_https = $port_http + 1;
  48. my $port_https_expired = $port_http + 2;
  49. # This array keeps sockets around for implementing timeouts
  50. my @persist;
  51. # Start up all servers
  52. my @pids;
  53. my $pid = fork();
  54. if ($pid) {
  55. # Parent
  56. push @pids, $pid;
  57. if (exists $servers->{https}) {
  58. # Fork a normal HTTPS server
  59. $pid = fork();
  60. if ($pid) {
  61. # Parent
  62. push @pids, $pid;
  63. # Fork an expired cert server
  64. $pid = fork();
  65. if ($pid) {
  66. push @pids, $pid;
  67. } else {
  68. my $d = HTTP::Daemon::SSL->new(
  69. LocalPort => $port_https_expired,
  70. LocalAddr => "127.0.0.1",
  71. SSL_cert_file => "$Bin/certs/expired-cert.pem",
  72. SSL_key_file => "$Bin/certs/expired-key.pem",
  73. ) || die;
  74. print "Please contact https expired at: <URL:", $d->url, ">\n";
  75. run_server( $d );
  76. exit;
  77. }
  78. } else {
  79. my $d = HTTP::Daemon::SSL->new(
  80. LocalPort => $port_https,
  81. LocalAddr => "127.0.0.1",
  82. SSL_cert_file => "$Bin/certs/server-cert.pem",
  83. SSL_key_file => "$Bin/certs/server-key.pem",
  84. ) || die;
  85. print "Please contact https at: <URL:", $d->url, ">\n";
  86. run_server( $d );
  87. exit;
  88. }
  89. }
  90. # give our webservers some time to startup
  91. sleep(1);
  92. } else {
  93. # Child
  94. #print "child\n";
  95. my $d = HTTP::Daemon->new(
  96. LocalPort => $port_http,
  97. LocalAddr => "127.0.0.1",
  98. ) || die;
  99. print "Please contact http at: <URL:", $d->url, ">\n";
  100. run_server( $d );
  101. exit;
  102. }
  103. # Run the same server on http and https
  104. sub run_server {
  105. my $d = shift;
  106. MAINLOOP: while (my $c = $d->accept ) {
  107. while (my $r = $c->get_request) {
  108. if ($r->method eq "GET" and $r->url->path =~ m^/statuscode/(\d+)^) {
  109. $c->send_basic_header($1);
  110. $c->send_crlf;
  111. } elsif ($r->method eq "GET" and $r->url->path =~ m^/file/(.*)^) {
  112. $c->send_basic_header;
  113. $c->send_crlf;
  114. $c->send_file_response("$Bin/var/$1");
  115. } elsif ($r->method eq "GET" and $r->url->path eq "/slow") {
  116. $c->send_basic_header;
  117. $c->send_crlf;
  118. sleep 1;
  119. $c->send_response("slow");
  120. } elsif ($r->url->path eq "/method") {
  121. if ($r->method eq "DELETE") {
  122. $c->send_error(HTTP::Status->RC_METHOD_NOT_ALLOWED);
  123. } elsif ($r->method eq "foo") {
  124. $c->send_error(HTTP::Status->RC_NOT_IMPLEMENTED);
  125. } else {
  126. $c->send_status_line(200, $r->method);
  127. }
  128. } elsif ($r->url->path eq "/postdata") {
  129. $c->send_basic_header;
  130. $c->send_crlf;
  131. $c->send_response($r->method.":".$r->content);
  132. } elsif ($r->url->path eq "/redirect") {
  133. $c->send_redirect( "/redirect2" );
  134. } elsif ($r->url->path eq "/redir_external") {
  135. $c->send_redirect(($d->isa('HTTP::Daemon::SSL') ? "https" : "http") . "://169.254.169.254/redirect2" );
  136. } elsif ($r->url->path eq "/redirect2") {
  137. $c->send_basic_header;
  138. $c->send_crlf;
  139. $c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' ));
  140. } elsif ($r->url->path eq "/redir_timeout") {
  141. $c->send_redirect( "/timeout" );
  142. } elsif ($r->url->path eq "/timeout") {
  143. # Keep $c from being destroyed, but prevent severe leaks
  144. unshift @persist, $c;
  145. delete($persist[1000]);
  146. next MAINLOOP;
  147. } elsif ($r->url->path eq "/header_check") {
  148. $c->send_basic_header;
  149. $c->send_header('foo');
  150. $c->send_crlf;
  151. } else {
  152. $c->send_error(HTTP::Status->RC_FORBIDDEN);
  153. }
  154. $c->close;
  155. }
  156. }
  157. }
  158. END {
  159. foreach my $pid (@pids) {
  160. if ($pid) { print "Killing $pid\n"; kill "INT", $pid }
  161. }
  162. };
  163. if ($ARGV[0] && $ARGV[0] eq "-d") {
  164. while (1) {
  165. sleep 100;
  166. }
  167. }
  168. my $result;
  169. my $command = "./check_http -H 127.0.0.1";
  170. run_common_tests( { command => "$command -p $port_http" } );
  171. SKIP: {
  172. skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https};
  173. run_common_tests( { command => "$command -p $port_https", ssl => 1 } );
  174. $result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
  175. is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
  176. is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on Sun Mar 3 21:41:28 2019 +0000.', "output ok" );
  177. $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
  178. is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
  179. like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:28 2019 \+0000\)./', "output ok" );
  180. # Expired cert tests
  181. $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" );
  182. is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" );
  183. like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(Sun Mar 3 21:41:28 2019 \+0000\)./', "output ok" );
  184. $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
  185. is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
  186. is( $result->output,
  187. 'CRITICAL - Certificate \'Ton Voon\' expired on Thu Mar 5 00:13:16 2009 +0000.',
  188. "output ok" );
  189. }
  190. sub run_common_tests {
  191. my ($opts) = @_;
  192. my $command = $opts->{command};
  193. if ($opts->{ssl}) {
  194. $command .= " --ssl";
  195. }
  196. $result = NPTest->testCmd( "$command -u /file/root" );
  197. is( $result->return_code, 0, "/file/root");
  198. like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 274 bytes in [\d\.]+ second/', "Output correct" );
  199. $result = NPTest->testCmd( "$command -u /file/root -s Root" );
  200. is( $result->return_code, 0, "/file/root search for string");
  201. like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 274 bytes in [\d\.]+ second/', "Output correct" );
  202. $result = NPTest->testCmd( "$command -u /file/root -s NonRoot" );
  203. is( $result->return_code, 2, "Missing string check");
  204. like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - string 'NonRoot' not found on 'https?://127\.0\.0\.1:\d+/file/root'%, "Shows search string and location");
  205. $result = NPTest->testCmd( "$command -u /file/root -s NonRootWithOver30charsAndMoreFunThanAWetFish" );
  206. is( $result->return_code, 2, "Missing string check");
  207. like( $result->output, qr%HTTP CRITICAL: HTTP/1\.1 200 OK - string 'NonRootWithOver30charsAndM...' not found on 'https?://127\.0\.0\.1:\d+/file/root'%, "Shows search string and location");
  208. $result = NPTest->testCmd( "$command -u /header_check -d foo" );
  209. is( $result->return_code, 0, "header_check search for string");
  210. like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 96 bytes in [\d\.]+ second/', "Output correct" );
  211. $result = NPTest->testCmd( "$command -u /header_check -d bar" );
  212. is( $result->return_code, 2, "Missing header string check");
  213. like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - header 'bar' not found on 'https?://127\.0\.0\.1:\d+/header_check'%, "Shows search string and location");
  214. my $cmd;
  215. $cmd = "$command -u /slow";
  216. $result = NPTest->testCmd( $cmd );
  217. is( $result->return_code, 0, "$cmd");
  218. like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
  219. $result->output =~ /in ([\d\.]+) second/;
  220. cmp_ok( $1, ">", 1, "Time is > 1 second" );
  221. $cmd = "$command -u /statuscode/200";
  222. $result = NPTest->testCmd( $cmd );
  223. is( $result->return_code, 0, $cmd);
  224. like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
  225. $cmd = "$command -u /statuscode/200 -e 200";
  226. $result = NPTest->testCmd( $cmd );
  227. is( $result->return_code, 0, $cmd);
  228. like( $result->output, '/^HTTP OK: Status line output matched "200" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
  229. $cmd = "$command -u /statuscode/201";
  230. $result = NPTest->testCmd( $cmd );
  231. is( $result->return_code, 0, $cmd);
  232. like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - \d+ bytes in [\d\.]+ second /', "Output correct: ".$result->output );
  233. $cmd = "$command -u /statuscode/201 -e 201";
  234. $result = NPTest->testCmd( $cmd );
  235. is( $result->return_code, 0, $cmd);
  236. like( $result->output, '/^HTTP OK: Status line output matched "201" - \d+ bytes in [\d\.]+ second /', "Output correct: ".$result->output );
  237. $cmd = "$command -u /statuscode/201 -e 200";
  238. $result = NPTest->testCmd( $cmd );
  239. is( $result->return_code, 2, $cmd);
  240. like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port \d+: HTTP/1.1 201 Created/', "Output correct: ".$result->output );
  241. $cmd = "$command -u /statuscode/200 -e 200,201,202";
  242. $result = NPTest->testCmd( $cmd );
  243. is( $result->return_code, 0, $cmd);
  244. like( $result->output, '/^HTTP OK: Status line output matched "200,201,202" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
  245. $cmd = "$command -u /statuscode/201 -e 200,201,202";
  246. $result = NPTest->testCmd( $cmd );
  247. is( $result->return_code, 0, $cmd);
  248. like( $result->output, '/^HTTP OK: Status line output matched "200,201,202" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
  249. $cmd = "$command -u /statuscode/203 -e 200,201,202";
  250. $result = NPTest->testCmd( $cmd );
  251. is( $result->return_code, 2, $cmd);
  252. like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port (\d+): HTTP/1.1 203 Non-Authoritative Information/', "Output correct: ".$result->output );
  253. $cmd = "$command -j HEAD -u /method";
  254. $result = NPTest->testCmd( $cmd );
  255. is( $result->return_code, 0, $cmd);
  256. like( $result->output, '/^HTTP OK: HTTP/1.1 200 HEAD - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
  257. $cmd = "$command -j POST -u /method";
  258. $result = NPTest->testCmd( $cmd );
  259. is( $result->return_code, 0, $cmd);
  260. like( $result->output, '/^HTTP OK: HTTP/1.1 200 POST - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
  261. $cmd = "$command -j GET -u /method";
  262. $result = NPTest->testCmd( $cmd );
  263. is( $result->return_code, 0, $cmd);
  264. like( $result->output, '/^HTTP OK: HTTP/1.1 200 GET - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
  265. $cmd = "$command -u /method";
  266. $result = NPTest->testCmd( $cmd );
  267. is( $result->return_code, 0, $cmd);
  268. like( $result->output, '/^HTTP OK: HTTP/1.1 200 GET - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
  269. $cmd = "$command -P foo -u /method";
  270. $result = NPTest->testCmd( $cmd );
  271. is( $result->return_code, 0, $cmd);
  272. like( $result->output, '/^HTTP OK: HTTP/1.1 200 POST - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
  273. $cmd = "$command -j DELETE -u /method";
  274. $result = NPTest->testCmd( $cmd );
  275. is( $result->return_code, 1, $cmd);
  276. like( $result->output, '/^HTTP WARNING: HTTP/1.1 405 Method Not Allowed/', "Output correct: ".$result->output );
  277. $cmd = "$command -j foo -u /method";
  278. $result = NPTest->testCmd( $cmd );
  279. is( $result->return_code, 2, $cmd);
  280. like( $result->output, '/^HTTP CRITICAL: HTTP/1.1 501 Not Implemented/', "Output correct: ".$result->output );
  281. $cmd = "$command -P stufftoinclude -u /postdata -s POST:stufftoinclude";
  282. $result = NPTest->testCmd( $cmd );
  283. is( $result->return_code, 0, $cmd);
  284. like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
  285. $cmd = "$command -j PUT -P stufftoinclude -u /postdata -s PUT:stufftoinclude";
  286. $result = NPTest->testCmd( $cmd );
  287. is( $result->return_code, 0, $cmd);
  288. like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
  289. # To confirm that the free doesn't segfault
  290. $cmd = "$command -P stufftoinclude -j PUT -u /postdata -s PUT:stufftoinclude";
  291. $result = NPTest->testCmd( $cmd );
  292. is( $result->return_code, 0, $cmd);
  293. like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
  294. $cmd = "$command -u /redirect";
  295. $result = NPTest->testCmd( $cmd );
  296. is( $result->return_code, 0, $cmd);
  297. like( $result->output, '/^HTTP OK: HTTP/1.1 301 Moved Permanently - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
  298. $cmd = "$command -f follow -u /redirect";
  299. $result = NPTest->testCmd( $cmd );
  300. is( $result->return_code, 0, $cmd);
  301. like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
  302. $cmd = "$command -u /redirect -k 'follow: me'";
  303. $result = NPTest->testCmd( $cmd );
  304. is( $result->return_code, 0, $cmd);
  305. like( $result->output, '/^HTTP OK: HTTP/1.1 301 Moved Permanently - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
  306. $cmd = "$command -f follow -u /redirect -k 'follow: me'";
  307. $result = NPTest->testCmd( $cmd );
  308. is( $result->return_code, 0, $cmd);
  309. like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
  310. $cmd = "$command -f sticky -u /redirect -k 'follow: me'";
  311. $result = NPTest->testCmd( $cmd );
  312. is( $result->return_code, 0, $cmd);
  313. like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
  314. $cmd = "$command -f stickyport -u /redirect -k 'follow: me'";
  315. $result = NPTest->testCmd( $cmd );
  316. is( $result->return_code, 0, $cmd);
  317. like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
  318. # These tests may block
  319. print "ALRM\n";
  320. # stickyport - on full urlS port is set back to 80 otherwise
  321. $cmd = "$command -f stickyport -u /redir_external -t 5 -s redirected";
  322. eval {
  323. local $SIG{ALRM} = sub { die "alarm\n" };
  324. alarm(2);
  325. $result = NPTest->testCmd( $cmd );
  326. alarm(0); };
  327. isnt( $@, "alarm\n", $cmd );
  328. is( $result->return_code, 0, $cmd );
  329. # Let's hope there won't be any web server on :80 returning "redirected"!
  330. $cmd = "$command -f sticky -u /redir_external -t 5 -s redirected";
  331. eval {
  332. local $SIG{ALRM} = sub { die "alarm\n" };
  333. alarm(2);
  334. $result = NPTest->testCmd( $cmd );
  335. alarm(0); };
  336. isnt( $@, "alarm\n", $cmd );
  337. isnt( $result->return_code, 0, $cmd );
  338. # Test an external address - timeout
  339. SKIP: {
  340. skip "This doesn't seems to work all the time", 1 unless ($ENV{HTTP_EXTERNAL});
  341. $cmd = "$command -f follow -u /redir_external -t 5";
  342. eval {
  343. $result = NPTest->testCmd( $cmd, 2 );
  344. };
  345. like( $@, "/timeout in command: $cmd/", $cmd );
  346. }
  347. $cmd = "$command -u /timeout -t 5";
  348. eval {
  349. $result = NPTest->testCmd( $cmd, 2 );
  350. };
  351. like( $@, "/timeout in command: $cmd/", $cmd );
  352. $cmd = "$command -f follow -u /redir_timeout -t 2";
  353. eval {
  354. $result = NPTest->testCmd( $cmd, 5 );
  355. };
  356. is( $@, "", $cmd );
  357. }