def test_ssl_null_byte(self): '''Test a null-byte CN cert (CVE-2009-3490)''' srvkey_pem = 'ssl/badguy.key' srvcert_pem = 'ssl/badguy-nul-cn.crt' # We need to add www.bank.com to the hosts file, of wget dies while # validating the cert's CN before the NUL byte check testlib.config_replace(self.hosts_file, "127.0.0.1 www.bank.com", True) self._prepare_ssl(srvkey_pem, srvcert_pem) # modern wget now returns 5 on ssl validation errors if self.lsb_release['Release'] <= 9.10: expected = 1 else: expected = 5 # Make sure wget detected the NUL byte self._test_url_wget( "https://www.bank.com/", "ERROR: certificate common name is invalid (contains a NUL character)", expected=expected) # Let's try an SSL page without validating the self-signed cert test_str = testlib_httpd.create_html_page(self.html_page) self._test_url_wget("https://www.bank.com/" + \ os.path.basename(self.html_page), test_str, extra_opts=['--no-check-certificate'])
def test_http(self): '''Test http''' self._test_url_wget("http://localhost/") test_str = testlib_httpd.create_html_page(self.html_page) self._test_url_wget("http://localhost/" + \ os.path.basename(self.html_page), test_str)
def test_ssl(self): '''Test https''' (tmpdir, srvcert_pem, srvkey_pem, clientcert_pem, clientkey_pem, cacert_pem) = testlib_ssl.gen_ssl() self._prepare_ssl(srvkey_pem, srvcert_pem) testlib.recursive_rm(tmpdir) # modern wget now returns 5 on ssl validation errors if self.lsb_release['Release'] <= 9.10: expected = 1 else: expected = 5 # Cert is self-signed, make sure wget says so if self.lsb_release['Release'] <= 8.04: error_str = 'ERROR: Certificate verification error for localhost' else: error_str = "ERROR: cannot verify localhost's certificate" self._test_url_wget("https://localhost/", error_str, expected=expected) # Let's try an SSL page without validating the self-signed cert test_str = testlib_httpd.create_html_page(self.html_page) self._test_url_wget("https://localhost/" + \ os.path.basename(self.html_page), test_str, extra_opts=['--no-check-certificate'])
def test_cve_2010_2253(self): '''Test CVE-2010-2253''' self._enable_mod("php5") test_str = testlib_httpd.create_html_page(self.html_page) bad_filename = ".blah.txt" bad_file_path = os.path.join(self.tempdir, bad_filename) script = '''<?php $file = "%s"; header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private",false); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename=\\"%s\\";"); header("Content-Transfer-Encoding: binary"); header("Content-Length: " . filesize($file)); readfile($file); exit; ?> ''' % (self.html_page, bad_filename) testlib.create_fill(self.php5_content_dispo, script) # See if it actually downloaded the file self._test_url_lwp("http://localhost/" + \ os.path.basename(self.php5_content_dispo), expected=1) # Make sure it didn't use the bad filename error = "Found the %s file." % bad_file_path self.assertFalse(os.path.exists(bad_file_path), error)
def test_ssl_null_byte(self): '''Test a null-byte CN cert (CVE-2009-3490)''' srvkey_pem = 'ssl/badguy.key' srvcert_pem = 'ssl/badguy-nul-cn.crt' srv_ca = 'ssl/ca.crt' ca = os.path.join(self.tempdir, os.path.basename(srv_ca)) shutil.copy(srv_ca, ca) # We need to add www.bank.com to the hosts file, or w3m errors while # validating the cert's CN before the NUL byte check testlib.config_replace(self.hosts_file, "127.0.0.1 www.bank.com", True) test_str = testlib_httpd.create_html_page(self.html_page) self._prepare_ssl(srvkey_pem, srvcert_pem) cmdline = "w3m -dump -o ssl_ca_file=" + ca + " https://www.bank.com/" + \ os.path.basename(self.html_page) # Make sure w3m detected the NUL byte child = pexpect.spawn(cmdline) time.sleep(1.0) child.expect(".*Bad cert ident.*", timeout=2) child.sendline('y') time.sleep(1.0) child.kill(0)
def test_aab_http(self): '''Test http''' self._test_url("http://localhost:8000/") test_str = testlib_httpd.create_html_page(self.html_page) self._test_url("http://localhost:8000/" + \ os.path.basename(self.html_page), test_str) self._test_url("http://localhost:8000/cgi-bin/mailman/listinfo/mailman", "About Mailman")
def test_ssl(self): '''Test https''' tmpdir, pem = testlib_ssl.gen_pem() os.rename(pem, self.ssl_pem) testlib.recursive_rm(tmpdir) self._enable_mod("ssl") self._test_url("https://localhost/") test_str = testlib_httpd.create_html_page(self.html_page) self._test_url("https://localhost/" + \ os.path.basename(self.html_page), test_str)
def test_ssl(self): '''Test https''' (tmpdir, srvcert_pem, srvkey_pem, clientcert_pem, clientkey_pem, cacert_pem) = testlib_ssl.gen_ssl() self._prepare_ssl(srvkey_pem, srvcert_pem) testlib.recursive_rm(tmpdir) self._test_url_lftp("https://localhost/") test_str = testlib_httpd.create_html_page(self.html_page) self._test_url_lftp("https://localhost/" + \ os.path.basename(self.html_page), test_str)
def test_ssl(self): '''Test https (self signed with ca cert)''' (tmpdir, srvcert_pem, srvkey_pem, clientcert_pem, clientkey_pem, cacert_pem) = testlib_ssl.gen_ssl() self._prepare_ssl(srvkey_pem, srvcert_pem) ca = os.path.join(self.tempdir, os.path.basename(cacert_pem)) shutil.copy(cacert_pem, ca) testlib.recursive_rm(tmpdir) # We need to add server to the hosts file, or w3m errors while # validating the cert's CN before the NUL byte check testlib.config_replace(self.hosts_file, "127.0.0.1 server", True) #cmdline = "w3m -dump -o ssl_ca_file=" + ca + " https://localhost" test_str = testlib_httpd.create_html_page(self.html_page) self._w3m_cmd("https://server/" + \ os.path.basename(self.html_page), test_str, extra_args=['-o', 'ssl_ca_file=' + ca])
def test_update_ca_certificates_usr(self): '''Test update-ca-certificates for local CA (/usr)''' self.local_ca = "/usr/share/ca-certificates/testlib.crt" # Create a CA, update /etc/hosts and create a test page (tmpdir, srvcert_pem, srvkey_pem, clientcert_pem, clientkey_pem, cacert_pem) = testlib_ssl.gen_ssl() self._prepare_ssl(srvkey_pem, srvcert_pem) testlib.config_replace(self.hosts_file, "127.0.0.1 server", True) test_str = testlib_httpd.create_html_page(self.html_page) # First, try to access the self-signed server self._w3m_cmd("https://server/" + \ os.path.basename(self.html_page), test_str, verify=False) self._w3m_cmd("https://server/" + \ os.path.basename(self.html_page), "unable to get local issuer certificate") # Next, install the local CA shutil.copy(cacert_pem, self.local_ca) testlib.config_replace(self.ca_certificates_conf, os.path.basename(self.local_ca) + '\n', True) testlib.recursive_rm(tmpdir) rc, report = testlib.cmd(['update-ca-certificates']) expected = 0 result = 'Got exit code %d, expected %d\n' % (rc, expected) self.assertEquals(expected, rc, result + report) # Now try to access it self._w3m_cmd("https://server/" + \ os.path.basename(self.html_page), test_str) # Next, remove the installed CA testlib.config_restore(self.ca_certificates_conf) os.unlink(self.local_ca) rc, report = testlib.cmd(['update-ca-certificates']) expected = 0 result = 'Got exit code %d, expected %d\n' % (rc, expected) self.assertEquals(expected, rc, result + report) # Last, try to access the self-signed server again self._w3m_cmd("https://server/" + \ os.path.basename(self.html_page), test_str, verify=False) self._w3m_cmd("https://server/" + \ os.path.basename(self.html_page), "unable to get local issuer certificate")
def test_https(self): '''Test https''' (tmpdir, srvcert_pem, srvkey_pem, clientcert_pem, clientkey_pem, cacert_pem) = testlib_ssl.gen_ssl() shutil.copy(srvkey_pem, self.ssl_key) shutil.copy(srvcert_pem, self.ssl_crt) testlib.recursive_rm(tmpdir) testlib.config_replace(self.default_vhost, ''' server { listen 443; server_name localhost; root %s; index index.html index.htm index.nginx-debian.html; ssl on; ssl_certificate cert.pem; ssl_certificate_key cert.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; ssl_prefer_server_ciphers on; location / { try_files $uri $uri/ =404; } } ''' % self.document_root, append=True) self.daemon.restart() self._test_url("https://localhost/", "Welcome to nginx") test_str = testlib_httpd.create_html_page(self.html_page) self._test_url("https://localhost/" + \ os.path.basename(self.html_page), test_str)
def test_ssl_no_verify(self): '''Test https (self signed/no ca cert)''' (tmpdir, srvcert_pem, srvkey_pem, clientcert_pem, clientkey_pem, cacert_pem) = testlib_ssl.gen_ssl() self._prepare_ssl(srvkey_pem, srvcert_pem) ca = os.path.join(self.tempdir, os.path.basename(cacert_pem)) shutil.copy(cacert_pem, ca) testlib.recursive_rm(tmpdir) # We need to add server to the hosts file, or w3m errors while # validating the cert's CN before the NUL byte check testlib.config_replace(self.hosts_file, "127.0.0.1 server", True) test_str = testlib_httpd.create_html_page(self.html_page) cmdline = "w3m -dump https://server/" + os.path.basename(self.html_page) child = pexpect.spawn(cmdline) time.sleep(1.0) child.expect(".*unable to get local issuer certificate.*", timeout=2) child.sendline('y') time.sleep(1.0) child.kill(0)
def test_cve_2010_2251_2(self): '''Test CVE-2010-2251, part 2''' # This test makes sure filenames suggested by the server via a # Content-Disposition header are ignored, unless the new # xfer:auto-rename option is used. self._enable_mod("php5") test_str = testlib_httpd.create_html_page(self.html_page) bad_filename = "blah.txt" bad_file_path = os.path.join(self.tempdir, bad_filename) good_filename = os.path.basename(self.php5_content_dispo) good_file_path = os.path.join(self.tempdir, good_filename) specified_filename = "specified" specified_file_path = os.path.join(self.tempdir, specified_filename) script = '''<?php $file = "%s"; header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private",false); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename=\\"%s\\";"); header("Content-Transfer-Encoding: binary"); header("Content-Length: " . filesize($file)); readfile($file); exit; ?> ''' % (self.html_page, bad_filename) testlib.create_fill(self.php5_content_dispo, script) self._download_file_lftp_get1("http://localhost/" + good_filename, directory=self.tempdir) error = "Found the %s file." % bad_file_path self.assertFalse(os.path.exists(bad_file_path), error) error = "Didn't find the %s file." % good_file_path self.assertTrue(os.path.exists(good_file_path), error) # Clean up before the next test if os.path.exists(bad_file_path): os.unlink(bad_file_path) if os.path.exists(good_file_path): os.unlink(good_file_path) if self.lsb_release['Release'] > 6.06: # Attempt to download the file with the new option self._download_file_lftp_get1( "http://localhost/" + good_filename, directory=self.tempdir, extra_cmd='set xfer:auto-rename yes;') error = "Found the %s file." % good_file_path self.assertFalse(os.path.exists(good_file_path), error) error = "Didn't find the %s file." % bad_file_path self.assertTrue(os.path.exists(bad_file_path), error) # Clean up before the next test if os.path.exists(bad_file_path): os.unlink(bad_file_path) if os.path.exists(good_file_path): os.unlink(good_file_path) # Attempt to download the file with a specified filename self._download_file_lftp_get1("http://localhost/" + good_filename, directory=self.tempdir, extra_opts='-o ' + specified_filename) error = "Found the %s file." % bad_file_path self.assertFalse(os.path.exists(bad_file_path), error) error = "Found the %s file." % good_file_path self.assertFalse(os.path.exists(good_file_path), error) error = "Didn't find the %s file." % specified_file_path self.assertTrue(os.path.exists(specified_file_path), error)