3
# test-squid.py quality assurance test script
4
# Copyright (C) 2008-2012 Canonical Ltd.
5
# Author: Jamie Strandboge <jamie@canonical.com>
7
# This program is free software: you can redistribute it and/or modify
8
# it under the terms of the GNU General Public License version 2,
9
# as published by the Free Software Foundation.
11
# This program is distributed in the hope that it will be useful,
12
# but WITHOUT ANY WARRANTY; without even the implied warranty of
13
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
# GNU General Public License for more details.
16
# You should have received a copy of the GNU General Public License
17
# along with this program. If not, see <http://www.gnu.org/licenses/>.
22
DO NOT RUN ON A PRODUCTION SERVER.
26
$ sudo apt-get remove --purge squid
27
$ sudo apt-get -y install squid squidclient python-unit elinks netcat
28
$ sudo ./test-squid.py -v
31
The host running this script needs to have access to the internet
36
purge (via squidclient)
40
$ echo "http://blocked.com 1.2.3.4/- - GET -" | squidGuard -c /etc/squid/squidGuard.conf -d
41
if using a 'redirect', then the redirect URL is displayed, otherwise
43
- test block with the following in default acl in squidGuard.conf:
45
redirect http://www.example.com/redirected.html
46
- test pass with the following in default acl in squidGuard.conf:
48
redirect http://www.example.com/redirected.html
49
- test domains and urls with something like the following acl:
51
domainlist test/domains
57
redirect http://www.example.com/redirected.html
61
then create /var/lib/squidguard/db/test/domains with:
65
$ echo "http://ok.com 1.2.3.4/- - GET -" | squidGuard -c /etc/squid/squidGuard.conf -d
66
$ echo "http://blocked.com 1.2.3.4/- - GET -" | squidGuard -c /etc/squid/squidGuard.conf -d
69
# QRT-Packages: squid squidclient python-unit elinks netcat pygopherd apparmor-utils
70
# QRT-Depends: testlib_httpd.py private/qrt/squid.py
72
import unittest, subprocess
80
from private.qrt.squid import PrivateSquidTest
82
class PrivateSquidTest(object):
84
print >>sys.stdout, "Skipping private tests"
86
class BasicTest(testlib_httpd.HttpdCommon, PrivateSquidTest):
87
'''Test basic functionality'''
89
'''Setup mechanisms'''
91
# for some reason, squid on maverick is missing the init.d
92
# upstart compatibility symlink
93
if self.lsb_release['Release'] == 10.10 and not os.path.exists("/etc/init.d/squid"):
94
os.symlink("/lib/init/upstart-job", "/etc/init.d/squid")
96
self._set_initscript("/etc/init.d/squid")
97
if self.lsb_release['Release'] >= 12.04:
98
self._set_initscript("/etc/init.d/squid3")
100
testlib_httpd.HttpdCommon._setUp(self)
102
self.gophermap = "/var/gopher/gophermap"
104
self.aa_profile = "usr.sbin.squid3"
105
self.aa_abs_profile = "/etc/apparmor.d/%s" % self.aa_profile
106
self.version_with_apparmor = 12.10
107
# This hack is only used until we have tests run both confined and
109
self.aa_unload_at_teardown = False
112
'''Shutdown methods'''
113
testlib_httpd.HttpdCommon._tearDown(self)
114
testlib.config_restore(self.gophermap)
116
def test_daemons(self):
118
pidfile = "/run/squid3.pid"
121
if self.lsb_release['Release'] < 12.04:
122
pidfile = "/var/run/squid.pid"
125
self.assertTrue(testlib.check_pidfile(exe, pidfile))
127
def test_http_proxy(self):
129
self._test_url_proxy("http://www.ubuntu.com/", "", "http://localhost:3128/")
131
def test_https_proxy(self):
133
self._test_url_proxy("https://wiki.ubuntu.com/", "", "http://localhost:3128/")
135
def test_ftp_proxy(self):
137
self._test_url_proxy("ftp://ftp.ubuntu.com/", "", "http://localhost:3128/")
139
def test_squidclient(self):
140
'''Test squidclient'''
141
urls = ['http://www.ubuntu.com/', 'https://wiki.ubuntu.com/', \
142
'ftp://ftp.ubuntu.com/', 'gopher://127.0.0.1']
144
rc, report = testlib.cmd(['squidclient', '-h', '127.0.0.1', '-p', '3128', '-r', url])
146
result = 'Got exit code %d, expected %d\n' % (rc, expected)
147
self.assertEquals(expected, rc, result + report)
149
def test_CVE_2011_3205(self):
150
'''Test parsing lines > 4096 in length (CVE-2011-3205)'''
152
longline = "ABCDEF" * 4096
154
testlib.config_replace(self.gophermap, """Welcome to Pygopherd! You can place your documents
155
in /var/gopher for future use. You can remove the gophermap
156
file there to get rid of this message, or you can edit it to
157
use other things. (You'll need to do at least one of these
158
two things in order to get your own data to show up!)
162
Some links to get you started:
164
1Pygopherd Home /devel/gopher/pygopherd gopher.quux.org 70
165
1Quux.Org Mega Server / gopher.quux.org 70
166
1The Gopher Project /Software/Gopher gopher.quux.org 70
167
1Traditional UMN Home Gopher / gopher.tc.umn.edu 70
169
Welcome to the world of Gopher and enjoy!
170
""" %(longline), append=False)
172
rc, report = testlib.cmd(['squidclient', '-h', '127.0.0.1', '-p', '3128', '-r', "gopher://127.0.0.1"])
174
result = 'Got exit code %d, expected %d\n' % (rc, expected)
175
self.assertEquals(expected, rc, result + report)
177
# Run this last so if we enable the profile then we don't unload it
178
def test_zz_apparmor(self):
180
if self.lsb_release['Release'] < 12.10:
181
self._skipped("No profile in 12.04 and under")
183
self.aa_unload_at_teardown = True
185
# Currently while we have a profile, it is shipped disabled by default.
187
rc, report = testlib.check_apparmor(self.aa_abs_profile, 12.10, is_running=False)
189
result = 'Got exit code %d, expected %d\n' % (rc, expected)
190
self.assertEquals(rc, expected, result + report)
192
# Verify it is syntactically correct
193
rc, report = testlib.cmd(['apparmor_parser', '-p', self.aa_abs_profile])
195
result = 'Got exit code %d, expected %d\n' % (rc, expected)
196
self.assertEquals(rc, expected, result + report)
199
rc, report = testlib.cmd(['aa-enforce', self.aa_abs_profile])
201
result = 'Got exit code %d, expected %d\n' % (rc, expected)
202
self.assertEquals(rc, expected, result + report)
207
rc, report = testlib.check_apparmor(self.aa_abs_profile, 12.10, is_running=True)
209
result = 'Got exit code %d, expected %d\n' % (rc, expected)
210
self.assertEquals(rc, expected, result + report)
213
if __name__ == '__main__':
214
suite = unittest.TestSuite()
215
suite.addTest(unittest.TestLoader().loadTestsFromTestCase(BasicTest))
217
rc = unittest.TextTestRunner(verbosity=2).run(suite)
218
if not rc.wasSuccessful():