2020-09-22 14:53:52 +02:00
|
|
|
// Copyright 2015-2020 Parity Technologies (UK) Ltd.
|
|
|
|
// This file is part of OpenEthereum.
|
2016-09-01 10:16:04 +02:00
|
|
|
|
2020-09-22 14:53:52 +02:00
|
|
|
// OpenEthereum is free software: you can redistribute it and/or modify
|
2016-09-01 10:16:04 +02:00
|
|
|
// it under the terms of the GNU General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
|
2020-09-22 14:53:52 +02:00
|
|
|
// OpenEthereum is distributed in the hope that it will be useful,
|
2016-09-01 10:16:04 +02:00
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU General Public License for more details.
|
|
|
|
|
|
|
|
// You should have received a copy of the GNU General Public License
|
2020-09-22 14:53:52 +02:00
|
|
|
// along with OpenEthereum. If not, see <http://www.gnu.org/licenses/>.
|
2016-09-01 10:16:04 +02:00
|
|
|
|
2016-11-09 18:26:35 +01:00
|
|
|
use std::{
|
2017-10-23 23:52:50 +02:00
|
|
|
io::{self, Read, Write},
|
2016-09-01 10:16:04 +02:00
|
|
|
net::{SocketAddr, TcpStream},
|
|
|
|
str::{self, Lines},
|
2020-08-05 06:08:03 +02:00
|
|
|
thread,
|
2016-09-21 12:44:49 +02:00
|
|
|
time::Duration,
|
2016-09-01 10:16:04 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
pub struct Response {
|
|
|
|
pub status: String,
|
|
|
|
pub headers: Vec<String>,
|
|
|
|
pub headers_raw: String,
|
|
|
|
pub body: String,
|
|
|
|
}
|
|
|
|
|
2016-12-27 16:38:55 +01:00
|
|
|
impl Response {
|
2016-12-28 13:45:25 +01:00
|
|
|
pub fn assert_header(&self, header: &str, value: &str) {
|
|
|
|
let header = format!("{}: {}", header, value);
|
2019-03-22 12:01:11 +01:00
|
|
|
assert!(
|
|
|
|
self.headers.iter().any(|h| h == &header),
|
|
|
|
"Couldn't find header {} in {:?}",
|
|
|
|
header,
|
|
|
|
&self.headers
|
|
|
|
)
|
2016-12-28 13:45:25 +01:00
|
|
|
}
|
2020-08-05 06:08:03 +02:00
|
|
|
|
2016-12-27 16:38:55 +01:00
|
|
|
pub fn assert_status(&self, status: &str) {
|
|
|
|
assert_eq!(
|
|
|
|
self.status,
|
|
|
|
status.to_owned(),
|
|
|
|
"Got unexpected code. Body: {:?}",
|
|
|
|
self.body
|
|
|
|
);
|
|
|
|
}
|
2020-08-05 06:08:03 +02:00
|
|
|
|
2016-12-27 16:38:55 +01:00
|
|
|
pub fn assert_security_headers_present(&self, port: Option<u16>) {
|
|
|
|
assert_security_headers_present(&self.headers, port)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-09-01 10:16:04 +02:00
|
|
|
pub fn read_block(lines: &mut Lines, all: bool) -> String {
|
|
|
|
let mut block = String::new();
|
|
|
|
loop {
|
|
|
|
let line = lines.next();
|
|
|
|
match line {
|
|
|
|
None => break,
|
|
|
|
Some("") if !all => break,
|
|
|
|
Some(v) => {
|
|
|
|
block.push_str(v);
|
|
|
|
block.push_str("\n");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
block
|
|
|
|
}
|
|
|
|
|
2016-11-09 18:26:35 +01:00
|
|
|
fn connect(address: &SocketAddr) -> TcpStream {
|
|
|
|
let mut retries = 0;
|
|
|
|
let mut last_error = None;
|
|
|
|
while retries < 10 {
|
|
|
|
retries += 1;
|
2020-08-05 06:08:03 +02:00
|
|
|
|
2016-11-09 18:26:35 +01:00
|
|
|
let res = TcpStream::connect(address);
|
|
|
|
match res {
|
|
|
|
Ok(stream) => {
|
|
|
|
return stream;
|
|
|
|
}
|
|
|
|
Err(e) => {
|
|
|
|
last_error = Some(e);
|
|
|
|
thread::sleep(Duration::from_millis(retries * 10));
|
2020-08-05 06:08:03 +02:00
|
|
|
}
|
|
|
|
}
|
2016-11-09 18:26:35 +01:00
|
|
|
}
|
|
|
|
panic!(
|
|
|
|
"Unable to connect to the server. Last error: {:?}",
|
|
|
|
last_error
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2016-09-01 10:16:04 +02:00
|
|
|
pub fn request(address: &SocketAddr, request: &str) -> Response {
|
2016-11-09 18:26:35 +01:00
|
|
|
let mut req = connect(address);
|
2016-12-28 13:45:25 +01:00
|
|
|
req.set_read_timeout(Some(Duration::from_secs(2))).unwrap();
|
2016-09-01 10:16:04 +02:00
|
|
|
req.write_all(request.as_bytes()).unwrap();
|
2020-08-05 06:08:03 +02:00
|
|
|
|
2017-10-23 14:02:53 +02:00
|
|
|
let mut response = Vec::new();
|
|
|
|
loop {
|
|
|
|
let mut chunk = [0; 32 * 1024];
|
|
|
|
match req.read(&mut chunk) {
|
2017-10-23 23:52:50 +02:00
|
|
|
Err(ref err) if err.kind() == io::ErrorKind::WouldBlock => break,
|
2017-10-23 14:02:53 +02:00
|
|
|
Err(err) => panic!("Unable to read response: {:?}", err),
|
|
|
|
Ok(0) => break,
|
|
|
|
Ok(read) => response.extend_from_slice(&chunk[..read]),
|
|
|
|
}
|
|
|
|
}
|
2020-08-05 06:08:03 +02:00
|
|
|
|
2017-10-23 14:02:53 +02:00
|
|
|
let response = String::from_utf8_lossy(&response).into_owned();
|
2016-09-01 10:16:04 +02:00
|
|
|
let mut lines = response.lines();
|
2017-02-04 09:52:14 +01:00
|
|
|
let status = lines.next().expect("Expected a response").to_owned();
|
2016-09-01 10:16:04 +02:00
|
|
|
let headers_raw = read_block(&mut lines, false);
|
2019-03-22 12:01:11 +01:00
|
|
|
let headers = headers_raw.split('\n').map(ToOwned::to_owned).collect();
|
2016-09-01 10:16:04 +02:00
|
|
|
let body = read_block(&mut lines, true);
|
2020-08-05 06:08:03 +02:00
|
|
|
|
2016-09-01 10:16:04 +02:00
|
|
|
Response {
|
2019-03-22 12:01:11 +01:00
|
|
|
status,
|
|
|
|
headers,
|
|
|
|
headers_raw,
|
|
|
|
body,
|
2016-09-01 10:16:04 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-10-19 11:02:21 +02:00
|
|
|
/// Check if all required security headers are present
|
2016-10-22 15:21:41 +02:00
|
|
|
pub fn assert_security_headers_present(headers: &[String], port: Option<u16>) {
|
2019-03-22 12:01:11 +01:00
|
|
|
if port.is_none() {
|
2016-10-22 15:21:41 +02:00
|
|
|
assert!(
|
2020-07-29 08:42:17 +02:00
|
|
|
headers
|
|
|
|
.iter()
|
|
|
|
.any(|header| header.as_str() == "X-Frame-Options: SAMEORIGIN"),
|
|
|
|
"X-Frame-Options: SAMEORIGIN missing: {:?}",
|
|
|
|
headers
|
2016-10-22 15:21:41 +02:00
|
|
|
);
|
|
|
|
}
|
2016-10-19 11:02:21 +02:00
|
|
|
assert!(
|
2020-07-29 08:42:17 +02:00
|
|
|
headers
|
|
|
|
.iter()
|
|
|
|
.any(|header| header.as_str() == "X-XSS-Protection: 1; mode=block"),
|
|
|
|
"X-XSS-Protection missing: {:?}",
|
|
|
|
headers
|
2016-10-19 11:02:21 +02:00
|
|
|
);
|
|
|
|
assert!(
|
2020-07-29 08:42:17 +02:00
|
|
|
headers
|
|
|
|
.iter()
|
|
|
|
.any(|header| header.as_str() == "X-Content-Type-Options: nosniff"),
|
|
|
|
"X-Content-Type-Options missing: {:?}",
|
|
|
|
headers
|
2016-10-19 11:02:21 +02:00
|
|
|
);
|
2017-06-28 09:12:02 +02:00
|
|
|
assert!(
|
2020-07-29 08:42:17 +02:00
|
|
|
headers
|
|
|
|
.iter()
|
|
|
|
.any(|header| header.starts_with("Content-Security-Policy: ")),
|
|
|
|
"Content-Security-Policy missing: {:?}",
|
|
|
|
headers
|
2017-06-28 09:12:02 +02:00
|
|
|
)
|
2016-10-19 11:02:21 +02:00
|
|
|
}
|