def test_tunnel_handshake_command(tctx: Context, success):
server = Server(("proxy", 1234))
tl = TTunnelLayer(tctx, server, tctx.server)
tl.child_layer = TChildLayer(tctx)
playbook = Playbook(tl, logs=True)
(playbook << Log("Got start. Server state: CLOSED") >> DataReceived(
tctx.client, b"client-hello") << SendData(
tctx.client, b"client-hello-reply") >> DataReceived(
tctx.client, b"open") << OpenConnection(server) >> reply(None)
<< SendData(server, b"handshake-hello") >> DataReceived(
server, b"handshake-" + success.encode()) << SendData(
server, b"handshake-" + success.encode()))
if success == "success":
assert (playbook << Log(f"Opened: err=None. Server state: OPEN") >>
DataReceived(server, b"tunneled-server-hello") << SendData(
server, b"tunneled-server-hello-reply") >>
ConnectionClosed(tctx.client) << Log("Got client close.") <<
CloseConnection(tctx.client))
assert tl.tunnel_state is tunnel.TunnelState.OPEN
assert (playbook >> ConnectionClosed(server) <<
Log("Got server close.") << CloseConnection(server))
assert tl.tunnel_state is tunnel.TunnelState.CLOSED
else:
assert (playbook << CloseConnection(server) <<
Log("Opened: err='handshake error'. Server state: CLOSED"))
assert tl.tunnel_state is tunnel.TunnelState.CLOSED
def test_disconnect_during_handshake_start(tctx: Context, disconnect):
server = Server(("proxy", 1234))
server.state = ConnectionState.OPEN
tl = TTunnelLayer(tctx, server, tctx.server)
tl.child_layer = TChildLayer(tctx)
playbook = Playbook(tl, logs=True)
assert (
playbook
<< SendData(server, b"handshake-hello")
)
if disconnect == "client":
assert (
playbook
>> ConnectionClosed(tctx.client)
>> ConnectionClosed(server) # proxyserver will cancel all other connections as well.
<< CloseConnection(server)
<< Log("Got start. Server state: CLOSED")
<< Log("Got client close.")
<< CloseConnection(tctx.client)
)
else:
assert (
playbook
>> ConnectionClosed(server)
<< CloseConnection(server)
<< Log("Got start. Server state: CLOSED")
)
def test_disconnect_during_handshake_command(tctx: Context, disconnect):
server = Server(("proxy", 1234))
tl = TTunnelLayer(tctx, server, tctx.server)
tl.child_layer = TChildLayer(tctx)
playbook = Playbook(tl, logs=True)
assert (
playbook
<< Log("Got start. Server state: CLOSED")
>> DataReceived(tctx.client, b"client-hello")
<< SendData(tctx.client, b"client-hello-reply")
>> DataReceived(tctx.client, b"open")
<< OpenConnection(server)
>> reply(None)
<< SendData(server, b"handshake-hello")
)
if disconnect == "client":
assert (
playbook
>> ConnectionClosed(tctx.client)
>> ConnectionClosed(server) # proxyserver will cancel all other connections as well.
<< CloseConnection(server)
<< Log("Opened: err='connection closed without notice'. Server state: CLOSED")
<< Log("Got client close.")
<< CloseConnection(tctx.client)
)
else:
assert (
playbook
>> ConnectionClosed(server)
<< CloseConnection(server)
<< Log("Opened: err='connection closed without notice'. Server state: CLOSED")
)
def test_simple(tctx):
"""open connection, receive data, send it to peer"""
f = Placeholder(TCPFlow)
assert (
Playbook(tcp.TCPLayer(tctx))
<< tcp.TcpStartHook(f)
>> reply()
<< OpenConnection(tctx.server)
>> reply(None)
>> DataReceived(tctx.client, b"hello!")
<< tcp.TcpMessageHook(f)
>> reply()
<< SendData(tctx.server, b"hello!")
>> DataReceived(tctx.server, b"hi")
<< tcp.TcpMessageHook(f)
>> reply()
<< SendData(tctx.client, b"hi")
>> ConnectionClosed(tctx.server)
<< CloseConnection(tctx.client, half_close=True)
>> ConnectionClosed(tctx.client)
<< CloseConnection(tctx.server)
<< tcp.TcpEndHook(f)
>> reply()
>> ConnectionClosed(tctx.client)
<< None
)
assert len(f().messages) == 2
def test_close_disconnect(ws_testdata):
tctx, playbook, flow = ws_testdata
assert (playbook << websocket.WebsocketStartHook(flow) >> reply() >>
ConnectionClosed(tctx.server) << CloseConnection(tctx.server) <<
SendData(tctx.client, b"\x88\x02\x03\xe8") << CloseConnection(
tctx.client) << websocket.WebsocketErrorHook(flow) >> reply()
>> ConnectionClosed(tctx.client))
assert "ABNORMAL_CLOSURE" in flow.error.msg
def test_close_disconnect(ws_testdata):
tctx, playbook, flow = ws_testdata
assert (playbook << websocket.WebsocketStartHook(flow) >> reply() >>
ConnectionClosed(tctx.server) << CloseConnection(tctx.server) <<
SendData(tctx.client, b"\x88\x02\x03\xe8") << CloseConnection(
tctx.client) << websocket.WebsocketEndHook(flow) >> reply() >>
ConnectionClosed(tctx.client))
# The \x03\xe8 above is code 1000 (normal closure).
# But 1006 (ABNORMAL_CLOSURE) is expected, because the connection was already closed.
assert flow.websocket.close_code == 1006
def test_receive_data_after_half_close(tctx):
"""
data received after the other connection has been half-closed should still be forwarded.
"""
assert (Playbook(tcp.TCPLayer(tctx), hooks=False) <<
OpenConnection(tctx.server) >> reply(None) >> DataReceived(
tctx.client, b"eof-delimited-request") << SendData(
tctx.server, b"eof-delimited-request") >> ConnectionClosed(
tctx.client) <<
CloseConnection(tctx.server, half_close=True) >> DataReceived(
tctx.server, b"i'm late") << SendData(tctx.client, b"i'm late")
>> ConnectionClosed(tctx.server) << CloseConnection(tctx.client))
def test_http_proxy_tcp(tctx, mode, close_first):
"""Test TCP over HTTP CONNECT."""
server = Placeholder(Server)
if mode == "upstream":
tctx.options.mode = "upstream:http://proxy:8080"
toplayer = http.HttpLayer(tctx, HTTPMode.upstream)
else:
tctx.options.mode = "regular"
toplayer = http.HttpLayer(tctx, HTTPMode.regular)
playbook = Playbook(toplayer, hooks=False)
assert (
playbook
>> DataReceived(tctx.client, b"CONNECT example:443 HTTP/1.1\r\n\r\n")
<< SendData(tctx.client, b"HTTP/1.1 200 Connection established\r\n\r\n")
>> DataReceived(tctx.client, b"this is not http")
<< layer.NextLayerHook(Placeholder())
>> reply_next_layer(lambda ctx: TCPLayer(ctx, ignore=True))
<< OpenConnection(server)
)
playbook >> reply(None)
if mode == "upstream":
playbook << SendData(server, b"CONNECT example:443 HTTP/1.1\r\n\r\n")
playbook >> DataReceived(server, b"HTTP/1.1 200 Connection established\r\n\r\n")
assert (
playbook
<< SendData(server, b"this is not http")
>> DataReceived(server, b"true that")
<< SendData(tctx.client, b"true that")
)
if mode == "regular":
assert server().address == ("example", 443)
else:
assert server().address == ("proxy", 8080)
if close_first == "client":
a, b = tctx.client, server
else:
a, b = server, tctx.client
assert (
playbook
>> ConnectionClosed(a)
<< CloseConnection(b)
>> ConnectionClosed(b)
<< CloseConnection(a)
)
def test_http_proxy_tcp(tctx, mode, close_first):
"""Test TCP over HTTP CONNECT."""
server = Placeholder(Server)
f = Placeholder(TCPFlow)
tctx.options.connection_strategy = "lazy"
if mode == "upstream":
tctx.options.mode = "upstream:http://proxy:8080"
toplayer = http.HttpLayer(tctx, HTTPMode.upstream)
else:
tctx.options.mode = "regular"
toplayer = http.HttpLayer(tctx, HTTPMode.regular)
playbook = Playbook(toplayer, hooks=False)
assert (playbook >> DataReceived(
tctx.client, b"CONNECT example:443 HTTP/1.1\r\n\r\n") << SendData(
tctx.client, b"HTTP/1.1 200 Connection established\r\n\r\n") >>
DataReceived(tctx.client, b"this is not http") <<
layer.NextLayerHook(Placeholder()) >>
reply_next_layer(lambda ctx: TCPLayer(ctx, ignore=False)) <<
TcpStartHook(f) >> reply() << OpenConnection(server))
playbook >> reply(None)
if mode == "upstream":
playbook << SendData(server, b"CONNECT example:443 HTTP/1.1\r\n\r\n")
playbook >> DataReceived(
server, b"HTTP/1.1 200 Connection established\r\n\r\n")
assert (playbook << SendData(server, b"this is not http") >> DataReceived(
server, b"true that") << SendData(tctx.client, b"true that"))
if mode == "regular":
assert server().address == ("example", 443)
else:
assert server().address == ("proxy", 8080)
assert (playbook >> TcpMessageInjected(
f, TCPMessage(False,
b"fake news from your friendly man-in-the-middle")) <<
SendData(tctx.client,
b"fake news from your friendly man-in-the-middle"))
if close_first == "client":
a, b = tctx.client, server
else:
a, b = server, tctx.client
assert (playbook >> ConnectionClosed(a) << CloseConnection(b) >>
ConnectionClosed(b) << CloseConnection(a))
def test_tunnel_default_impls(tctx: Context):
"""
Some tunnels don't need certain features, so the default behaviour
should be to be transparent.
"""
server = Server(None)
server.state = ConnectionState.OPEN
tl = tunnel.TunnelLayer(tctx, server, tctx.server)
tl.child_layer = TChildLayer(tctx)
playbook = Playbook(tl, logs=True)
assert (
playbook
<< Log("Got start. Server state: OPEN")
>> DataReceived(server, b"server-hello")
<< SendData(server, b"server-hello-reply")
)
assert tl.tunnel_state is tunnel.TunnelState.OPEN
assert (
playbook
>> ConnectionClosed(server)
<< Log("Got server close.")
<< CloseConnection(server)
)
assert tl.tunnel_state is tunnel.TunnelState.CLOSED
assert (
playbook
>> DataReceived(tctx.client, b"open")
<< OpenConnection(server)
>> reply(None)
<< Log("Opened: err=None. Server state: OPEN")
>> DataReceived(server, b"half-close")
<< CloseConnection(server, half_close=True)
)
def test_cancel_then_server_disconnect(tctx):
"""
Test that we properly handle the case of the following event sequence:
- client cancels a stream
- we start an error hook
- server disconnects
- error hook completes.
"""
playbook, cff = start_h2_client(tctx)
flow = Placeholder(HTTPFlow)
server = Placeholder(Server)
assert (
playbook
>> DataReceived(tctx.client,
cff.build_headers_frame(example_request_headers, flags=["END_STREAM"]).serialize())
<< http.HttpRequestHeadersHook(flow)
>> reply()
<< http.HttpRequestHook(flow)
>> reply()
<< OpenConnection(server)
>> reply(None)
<< SendData(server, b'GET / HTTP/1.1\r\nHost: example.com\r\n\r\n')
>> DataReceived(tctx.client, cff.build_rst_stream_frame(1, ErrorCodes.CANCEL).serialize())
<< CloseConnection(server)
<< http.HttpErrorHook(flow)
>> reply()
>> ConnectionClosed(server)
<< None
)
def test_http_client_aborts(tctx, stream):
"""Test handling of the case where a client aborts during request transmission."""
server = Placeholder(Server)
flow = Placeholder(HTTPFlow)
playbook = Playbook(http.HttpLayer(tctx, HTTPMode.regular), hooks=True)
def enable_streaming(flow: HTTPFlow):
flow.request.stream = True
assert (playbook >> DataReceived(
tctx.client, b"POST http://example.com/ HTTP/1.1\r\n"
b"Host: example.com\r\n"
b"Content-Length: 6\r\n"
b"\r\n"
b"abc") << http.HttpRequestHeadersHook(flow))
if stream:
assert (playbook >> reply(side_effect=enable_streaming) <<
OpenConnection(server) >> reply(None) << SendData(
server, b"POST / HTTP/1.1\r\n"
b"Host: example.com\r\n"
b"Content-Length: 6\r\n"
b"\r\n"
b"abc"))
else:
assert playbook >> reply()
(playbook >> ConnectionClosed(tctx.client) << CloseConnection(tctx.client))
if stream:
playbook << CloseConnection(server)
assert (playbook << http.HttpErrorHook(flow) >> reply() << None)
assert "peer closed connection" in flow().error.msg
def test_disconnect_while_intercept(tctx):
"""Test a server disconnect while a request is intercepted."""
tctx.options.connection_strategy = "eager"
server1 = Placeholder(Server)
server2 = Placeholder(Server)
flow = Placeholder(HTTPFlow)
assert (
Playbook(http.HttpLayer(tctx, HTTPMode.regular), hooks=False)
>> DataReceived(tctx.client, b"CONNECT example.com:80 HTTP/1.1\r\n\r\n")
<< http.HttpConnectHook(Placeholder(HTTPFlow))
>> reply()
<< OpenConnection(server1)
>> reply(None)
<< SendData(tctx.client, b'HTTP/1.1 200 Connection established\r\n\r\n')
>> DataReceived(tctx.client, b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n")
<< layer.NextLayerHook(Placeholder())
>> reply_next_layer(lambda ctx: http.HttpLayer(ctx, HTTPMode.transparent))
<< http.HttpRequestHook(flow)
>> ConnectionClosed(server1)
<< CloseConnection(server1)
>> reply(to=-3)
<< OpenConnection(server2)
>> reply(None)
<< SendData(server2, b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n")
>> DataReceived(server2, b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n")
<< SendData(tctx.client, b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n")
)
assert server1() != server2()
assert flow().server_conn == server2()
def test_rst_then_close(tctx):
"""
Test that we properly handle the case of a client that first causes protocol errors and then disconnects.
Adapted from h2spec http2/5.1/5.
"""
playbook, cff = start_h2_client(tctx)
flow = Placeholder(HTTPFlow)
server = Placeholder(Server)
assert (
playbook
>> DataReceived(tctx.client,
cff.build_headers_frame(example_request_headers, flags=["END_STREAM"]).serialize())
<< http.HttpRequestHeadersHook(flow)
>> reply()
<< http.HttpRequestHook(flow)
>> reply()
<< OpenConnection(server)
>> DataReceived(tctx.client, cff.build_data_frame(b"unexpected data frame").serialize())
<< SendData(tctx.client, cff.build_rst_stream_frame(1, ErrorCodes.STREAM_CLOSED).serialize())
>> ConnectionClosed(tctx.client)
<< CloseConnection(tctx.client)
>> reply("connection cancelled", to=-5)
<< http.HttpErrorHook(flow)
>> reply()
)
assert flow().error.msg == "connection cancelled"
def test_server_aborts(tctx, data):
"""Test the scenario where the server doesn't serve a response"""
server = Placeholder(Server)
flow = Placeholder(HTTPFlow)
err = Placeholder(bytes)
playbook = Playbook(http.HttpLayer(tctx, HTTPMode.regular), hooks=False)
assert (
playbook
>> DataReceived(tctx.client, b"GET http://example.com/ HTTP/1.1\r\nHost: example.com\r\n\r\n")
<< OpenConnection(server)
>> reply(None)
<< SendData(server, b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n")
)
if data:
playbook >> DataReceived(server, data)
assert (
playbook
>> ConnectionClosed(server)
<< CloseConnection(server)
<< http.HttpErrorHook(flow)
>> reply()
<< SendData(tctx.client, err)
<< CloseConnection(tctx.client)
)
assert flow().error
assert b"502 Bad Gateway" in err()
def test_socks5_premature_close(tctx: Context):
assert (
Playbook(modes.Socks5Proxy(tctx), logs=True)
>> DataReceived(tctx.client, b"\x05")
>> ConnectionClosed(tctx.client)
<< Log(r"Client closed connection before completing SOCKS5 handshake: b'\x05'")
<< CloseConnection(tctx.client)
)
def test_close_during_connect_hook(tctx):
flow = Placeholder(HTTPFlow)
assert (Playbook(http.HttpLayer(tctx, HTTPMode.regular)) >> DataReceived(
tctx.client, b'CONNECT hi.ls:443 HTTP/1.1\r\n'
b'Proxy-Connection: keep-alive\r\n'
b'Connection: keep-alive\r\n'
b'Host: hi.ls:443\r\n\r\n') << http.HttpConnectHook(flow) >>
ConnectionClosed(tctx.client) << CloseConnection(
tctx.client) >> reply(to=-3))
def test_transparent_eager_connect_failure(tctx: Context, monkeypatch):
"""Test that we recover from a transparent mode resolve error."""
tctx.options.connection_strategy = "eager"
monkeypatch.setattr(platform, "original_addr", lambda sock:
("address", 22))
assert (Playbook(modes.TransparentProxy(tctx), logs=True) << GetSocket(
tctx.client) >> reply(object()) << OpenConnection(tctx.server) >>
reply("something something") << CloseConnection(
tctx.client) >> ConnectionClosed(tctx.client))
def test_reverse_eager_connect_failure(tctx: Context):
"""
Test
client --TCP-- mitmproxy --TCP over TLS-- server
reverse proxying.
"""
tctx.options.mode = "reverse:https://localhost:8000"
tctx.options.connection_strategy = "eager"
playbook = Playbook(modes.ReverseProxy(tctx))
assert (playbook << OpenConnection(tctx.server) >> reply("IPoAC unstable")
<< CloseConnection(tctx.client) >> ConnectionClosed(tctx.client))
def test_response_until_eof(tctx):
"""Test scenario where the server response body is terminated by EOF."""
server = Placeholder(Server)
assert (Playbook(http.HttpLayer(
tctx, HTTPMode.regular), hooks=False) >> DataReceived(
tctx.client,
b"GET http://example.com/ HTTP/1.1\r\nHost: example.com\r\n\r\n")
<< OpenConnection(server) >> reply(None) << SendData(
server, b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n") >>
DataReceived(server, b"HTTP/1.1 200 OK\r\n\r\nfoo") >>
ConnectionClosed(server) << CloseConnection(server) << SendData(
tctx.client, b"HTTP/1.1 200 OK\r\n\r\nfoo") << CloseConnection(
tctx.client))
def test_http_server_aborts(tctx, stream):
"""Test handling of the case where a server aborts during response transmission."""
server = Placeholder(Server)
flow = Placeholder(HTTPFlow)
playbook = Playbook(http.HttpLayer(tctx, HTTPMode.regular))
def enable_streaming(flow: HTTPFlow):
flow.response.stream = True
assert (playbook >> DataReceived(
tctx.client, b"GET http://example.com/ HTTP/1.1\r\n"
b"Host: example.com\r\n\r\n") << http.HttpRequestHeadersHook(flow) >>
reply() << http.HttpRequestHook(flow) >> reply() <<
OpenConnection(server) >> reply(None) << SendData(
server, b"GET / HTTP/1.1\r\n"
b"Host: example.com\r\n\r\n") >> DataReceived(
server, b"HTTP/1.1 200 OK\r\n"
b"Content-Length: 6\r\n"
b"\r\n"
b"abc") << http.HttpResponseHeadersHook(flow))
if stream:
assert (playbook >> reply(side_effect=enable_streaming) << SendData(
tctx.client, b"HTTP/1.1 200 OK\r\n"
b"Content-Length: 6\r\n"
b"\r\n"
b"abc"))
else:
assert playbook >> reply()
assert (playbook >> ConnectionClosed(server) << CloseConnection(server) <<
http.HttpErrorHook(flow))
if stream:
assert (playbook >> reply() << CloseConnection(tctx.client))
else:
error_html = Placeholder(bytes)
assert (playbook >> reply() << SendData(tctx.client, error_html) <<
CloseConnection(tctx.client))
assert b"502 Bad Gateway" in error_html()
assert b"peer closed connection" in error_html()
assert "peer closed connection" in flow().error.msg
def test_dont_reuse_closed(tctx):
"""Test that a closed connection is not reused."""
server = Placeholder(Server)
server2 = Placeholder(Server)
assert (
Playbook(http.HttpLayer(tctx, HTTPMode.regular), hooks=False) >>
DataReceived(
tctx.client,
b"GET http://example.com/ HTTP/1.1\r\nHost: example.com\r\n\r\n")
<< OpenConnection(server) >> reply(None) << SendData(
server,
b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n") >> DataReceived(
server, b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n") <<
SendData(tctx.client, b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n")
>> ConnectionClosed(server) << CloseConnection(server) >> DataReceived(
tctx.client,
b"GET http://example.com/two HTTP/1.1\r\nHost: example.com\r\n\r\n"
) << OpenConnection(server2) >> reply(None) << SendData(
server2,
b"GET /two HTTP/1.1\r\nHost: example.com\r\n\r\n") >> DataReceived(
server2, b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n") <<
SendData(tctx.client, b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n"))
def test_http2_client_aborts(tctx, stream, when, how):
"""
Test handling of the case where a client aborts during request or response transmission.
If the client aborts the request transmission, we must trigger an error hook,
if the client disconnects during response transmission, no error hook is triggered.
"""
server = Placeholder(Server)
flow = Placeholder(HTTPFlow)
playbook, cff = start_h2_client(tctx)
resp = Placeholder(bytes)
def enable_request_streaming(flow: HTTPFlow):
flow.request.stream = True
def enable_response_streaming(flow: HTTPFlow):
flow.response.stream = True
assert (
playbook
>> DataReceived(tctx.client, cff.build_headers_frame(example_request_headers).serialize())
<< http.HttpRequestHeadersHook(flow)
)
if stream and when == "request":
assert (
playbook
>> reply(side_effect=enable_request_streaming)
<< http.HttpRequestHook(flow)
>> reply()
<< OpenConnection(server)
>> reply(None)
<< SendData(server, b"GET / HTTP/1.1\r\n"
b"Host: example.com\r\n\r\n")
)
else:
assert playbook >> reply()
if when == "request":
if "RST" in how:
playbook >> DataReceived(tctx.client, cff.build_rst_stream_frame(1, ErrorCodes.CANCEL).serialize())
else:
playbook >> ConnectionClosed(tctx.client)
playbook << CloseConnection(tctx.client)
if stream:
playbook << CloseConnection(server)
playbook << http.HttpErrorHook(flow)
playbook >> reply()
if how == "RST+disconnect":
playbook >> ConnectionClosed(tctx.client)
playbook << CloseConnection(tctx.client)
assert playbook
assert "stream reset" in flow().error.msg or "peer closed connection" in flow().error.msg
return
assert (
playbook
>> DataReceived(tctx.client, cff.build_data_frame(b"", flags=["END_STREAM"]).serialize())
<< http.HttpRequestHook(flow)
>> reply()
<< OpenConnection(server)
>> reply(None)
<< SendData(server, b"GET / HTTP/1.1\r\n"
b"Host: example.com\r\n\r\n")
>> DataReceived(server, b"HTTP/1.1 200 OK\r\nContent-Length: 6\r\n\r\n123")
<< http.HttpResponseHeadersHook(flow)
)
if stream:
assert (
playbook
>> reply(side_effect=enable_response_streaming)
<< SendData(tctx.client, resp)
)
else:
assert playbook >> reply()
if "RST" in how:
playbook >> DataReceived(tctx.client, cff.build_rst_stream_frame(1, ErrorCodes.CANCEL).serialize())
else:
playbook >> ConnectionClosed(tctx.client)
playbook << CloseConnection(tctx.client)
assert (
playbook
<< CloseConnection(server)
<< http.HttpErrorHook(flow)
>> reply()
)
if how == "RST+disconnect":
assert (
playbook
>> ConnectionClosed(tctx.client)
<< CloseConnection(tctx.client)
)
if "RST" in how:
assert "stream reset" in flow().error.msg
else:
assert "peer closed connection" in flow().error.msg
def test_kill_flow(tctx, when):
"""Test that we properly kill flows if instructed to do so"""
server = Placeholder(Server)
connect_flow = Placeholder(HTTPFlow)
flow = Placeholder(HTTPFlow)
def kill(flow: HTTPFlow):
# Can't use flow.kill() here because that currently still depends on a reply object.
flow.error = Error(Error.KILLED_MESSAGE)
def assert_kill(err_hook: bool = True):
playbook >> reply(side_effect=kill)
if err_hook:
playbook << http.HttpErrorHook(flow)
playbook >> reply()
playbook << CloseConnection(tctx.client)
assert playbook
playbook = Playbook(http.HttpLayer(tctx, HTTPMode.regular))
assert (playbook
>> DataReceived(tctx.client, b"CONNECT example.com:80 HTTP/1.1\r\n\r\n")
<< http.HttpConnectHook(connect_flow))
if when == "http_connect":
return assert_kill(False)
assert (playbook
>> reply()
<< SendData(tctx.client, b'HTTP/1.1 200 Connection established\r\n\r\n')
>> DataReceived(tctx.client, b"GET /foo?hello=1 HTTP/1.1\r\nHost: example.com\r\n\r\n")
<< layer.NextLayerHook(Placeholder())
>> reply_next_layer(lambda ctx: http.HttpLayer(ctx, HTTPMode.transparent))
<< http.HttpRequestHeadersHook(flow))
if when == "requestheaders":
return assert_kill()
assert (playbook
>> reply()
<< http.HttpRequestHook(flow))
if when == "request":
return assert_kill()
if when == "script-response-responseheaders":
assert (playbook
>> reply(side_effect=lambda f: setattr(f, "response", Response.make()))
<< http.HttpResponseHeadersHook(flow))
return assert_kill()
assert (playbook
>> reply()
<< OpenConnection(server)
>> reply(None)
<< SendData(server, b"GET /foo?hello=1 HTTP/1.1\r\nHost: example.com\r\n\r\n")
>> DataReceived(server, b"HTTP/1.1 200 OK\r\nContent-Length: 12\r\n\r\nHello World")
<< http.HttpResponseHeadersHook(flow))
if when == "responseheaders":
return assert_kill()
if when == "response":
assert (playbook
>> reply()
>> DataReceived(server, b"!")
<< http.HttpResponseHook(flow))
return assert_kill(False)
elif when == "error":
assert (playbook
>> reply()
>> ConnectionClosed(server)
<< CloseConnection(server)
<< http.HttpErrorHook(flow))
return assert_kill(False)
else:
raise AssertionError
def test_original_server_disconnects(tctx):
"""Test that we correctly handle the case where the initial server conn is just closed."""
tctx.server.state = ConnectionState.OPEN
assert (Playbook(http.HttpLayer(tctx, HTTPMode.transparent)) >>
ConnectionClosed(tctx.server) << CloseConnection(tctx.server))
def test_upstream_proxy(tctx, redirect, scheme):
"""Test that an upstream HTTP proxy is used."""
server = Placeholder(Server)
server2 = Placeholder(Server)
flow = Placeholder(HTTPFlow)
tctx.options.mode = "upstream:http://proxy:8080"
playbook = Playbook(http.HttpLayer(tctx, HTTPMode.upstream), hooks=False)
if scheme == "http":
assert (
playbook
>> DataReceived(tctx.client, b"GET http://example.com/ HTTP/1.1\r\nHost: example.com\r\n\r\n")
<< OpenConnection(server)
>> reply(None)
<< SendData(server, b"GET http://example.com/ HTTP/1.1\r\nHost: example.com\r\n\r\n")
)
else:
assert (
playbook
>> DataReceived(tctx.client, b"CONNECT example.com:443 HTTP/1.1\r\n\r\n")
<< SendData(tctx.client, b"HTTP/1.1 200 Connection established\r\n\r\n")
>> DataReceived(tctx.client, b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n")
<< layer.NextLayerHook(Placeholder())
>> reply_next_layer(lambda ctx: http.HttpLayer(ctx, HTTPMode.transparent))
<< OpenConnection(server)
>> reply(None)
<< SendData(server, b"CONNECT example.com:443 HTTP/1.1\r\n\r\n")
>> DataReceived(server, b"HTTP/1.1 200 Connection established\r\n\r\n")
<< SendData(server, b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n")
)
playbook >> DataReceived(server, b"HTTP/1.1 418 OK\r\nContent-Length: 0\r\n\r\n")
playbook << SendData(tctx.client, b"HTTP/1.1 418 OK\r\nContent-Length: 0\r\n\r\n")
assert playbook
assert server().address == ("proxy", 8080)
if scheme == "http":
playbook >> DataReceived(tctx.client, b"GET http://example.com/two HTTP/1.1\r\nHost: example.com\r\n\r\n")
else:
playbook >> DataReceived(tctx.client, b"GET /two HTTP/1.1\r\nHost: example.com\r\n\r\n")
assert (playbook << http.HttpRequestHook(flow))
if redirect == "change-destination":
flow().request.host = "other-server"
flow().request.host_header = "example.com"
elif redirect == "change-proxy":
flow().server_conn.via = ServerSpec("http", address=("other-proxy", 1234))
playbook >> reply()
if redirect:
# Protocol-wise we wouldn't need to open a new connection for plain http host redirects,
# but we disregard this edge case to simplify implementation.
playbook << OpenConnection(server2)
playbook >> reply(None)
else:
server2 = server
if scheme == "http":
if redirect == "change-destination":
playbook << SendData(server2, b"GET http://other-server/two HTTP/1.1\r\nHost: example.com\r\n\r\n")
else:
playbook << SendData(server2, b"GET http://example.com/two HTTP/1.1\r\nHost: example.com\r\n\r\n")
else:
if redirect == "change-destination":
playbook << SendData(server2, b"CONNECT other-server:443 HTTP/1.1\r\n\r\n")
playbook >> DataReceived(server2, b"HTTP/1.1 200 Connection established\r\n\r\n")
elif redirect == "change-proxy":
playbook << SendData(server2, b"CONNECT example.com:443 HTTP/1.1\r\n\r\n")
playbook >> DataReceived(server2, b"HTTP/1.1 200 Connection established\r\n\r\n")
playbook << SendData(server2, b"GET /two HTTP/1.1\r\nHost: example.com\r\n\r\n")
playbook >> DataReceived(server2, b"HTTP/1.1 418 OK\r\nContent-Length: 0\r\n\r\n")
playbook << SendData(tctx.client, b"HTTP/1.1 418 OK\r\nContent-Length: 0\r\n\r\n")
assert playbook
if redirect == "change-proxy":
assert server2().address == ("other-proxy", 1234)
else:
assert server2().address == ("proxy", 8080)
assert (
playbook
>> ConnectionClosed(tctx.client)
<< CloseConnection(tctx.client)
)
def test_request_streaming(tctx, response):
"""
Test HTTP request streaming
This is a bit more contrived as we may receive server data while we are still sending the request.
"""
server = Placeholder(Server)
flow = Placeholder(HTTPFlow)
playbook = Playbook(http.HttpLayer(tctx, HTTPMode.regular))
def enable_streaming(flow: HTTPFlow):
flow.request.stream = lambda x: x.upper()
assert (
playbook
>> DataReceived(tctx.client, b"POST http://example.com/ HTTP/1.1\r\n"
b"Host: example.com\r\n"
b"Content-Length: 6\r\n\r\n"
b"abc")
<< http.HttpRequestHeadersHook(flow)
>> reply(side_effect=enable_streaming)
<< http.HttpRequestHook(flow)
>> reply()
<< OpenConnection(server)
>> reply(None)
<< SendData(server, b"POST / HTTP/1.1\r\n"
b"Host: example.com\r\n"
b"Content-Length: 6\r\n\r\n"
b"ABC")
)
if response == "normal response":
assert (
playbook
>> DataReceived(tctx.client, b"def")
<< SendData(server, b"DEF")
>> DataReceived(server, b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n")
<< http.HttpResponseHeadersHook(flow)
>> reply()
<< http.HttpResponseHook(flow)
>> reply()
<< SendData(tctx.client, b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n")
)
elif response == "early response":
# We may receive a response before we have finished sending our request.
# We continue sending unless the server closes the connection.
# https://tools.ietf.org/html/rfc7231#section-6.5.11
assert (
playbook
>> DataReceived(server, b"HTTP/1.1 413 Request Entity Too Large\r\nContent-Length: 0\r\n\r\n")
<< http.HttpResponseHeadersHook(flow)
>> reply()
<< http.HttpResponseHook(flow)
>> reply()
<< SendData(tctx.client, b"HTTP/1.1 413 Request Entity Too Large\r\nContent-Length: 0\r\n\r\n")
>> DataReceived(tctx.client, b"def")
<< SendData(server, b"DEF") # Important: no request hook here!
)
elif response == "early close":
assert (
playbook
>> DataReceived(server, b"HTTP/1.1 413 Request Entity Too Large\r\nContent-Length: 0\r\n\r\n")
<< http.HttpResponseHeadersHook(flow)
>> reply()
<< http.HttpResponseHook(flow)
>> reply()
<< SendData(tctx.client, b"HTTP/1.1 413 Request Entity Too Large\r\nContent-Length: 0\r\n\r\n")
>> ConnectionClosed(server)
<< CloseConnection(server)
<< CloseConnection(tctx.client)
)
elif response == "early kill":
err = Placeholder(bytes)
assert (
playbook
>> ConnectionClosed(server)
<< CloseConnection(server)
<< http.HttpErrorHook(flow)
>> reply()
<< SendData(tctx.client, err)
<< CloseConnection(tctx.client)
)
assert b"502 Bad Gateway" in err()
else: # pragma: no cover
assert False
def _test_cancel(stream_req, stream_resp, draw):
"""
Test that we don't raise an exception if someone disconnects.
"""
tctx = context.Context(connection.Client(("client", 1234), ("127.0.0.1", 8080), 1605699329), opts)
playbook, cff = start_h2_client(tctx)
flow = Placeholder(HTTPFlow)
server = Placeholder(Server)
def maybe_stream(flow: HTTPFlow):
if stream_req:
flow.request.stream = True
if stream_resp and flow.response:
flow.response.stream = True
hook_req_headers = http.HttpRequestHeadersHook(flow)
hook_req = http.HttpRequestHook(flow)
hook_resp_headers = http.HttpResponseHeadersHook(flow)
hook_resp = http.HttpResponseHook(flow)
hook_error = http.HttpErrorHook(flow)
openconn = OpenConnection(server)
send_upstream = SendData(server, Placeholder(bytes))
data_req = DataReceived(tctx.client, cff.build_headers_frame(example_request_headers).serialize())
data_reqbody = DataReceived(tctx.client, cff.build_data_frame(b"foo", flags=["END_STREAM"]).serialize())
data_resp = DataReceived(server, cff.build_headers_frame(example_response_headers).serialize())
data_respbody = DataReceived(server, cff.build_data_frame(b"bar", flags=["END_STREAM"]).serialize())
client_disc = ConnectionClosed(tctx.client)
client_rst = DataReceived(tctx.client, cff.build_rst_stream_frame(1).serialize())
server_disc = ConnectionClosed(server)
server_rst = DataReceived(server, cff.build_rst_stream_frame(1).serialize())
evts: Dict[str, Tuple[Any, Any, Any]] = {}
# precondition, but-not-after-this
evts["data_req"] = data_req, None, client_disc
evts["data_reqbody"] = data_reqbody, data_req, client_disc
evts["reply_hook_req_headers"] = reply(to=hook_req_headers, side_effect=maybe_stream), hook_req_headers, None
evts["reply_hook_req"] = reply(to=hook_req), hook_req, None
evts["reply_openconn"] = reply(None, to=openconn, side_effect=make_h2), openconn, None
evts["data_resp"] = data_resp, send_upstream, server_disc
evts["data_respbody"] = data_respbody, data_resp, server_disc
evts["reply_hook_resp_headers"] = reply(to=hook_resp_headers, side_effect=maybe_stream), hook_resp_headers, None
evts["reply_hook_resp"] = reply(to=hook_resp), hook_resp, None
evts["reply_hook_error"] = reply(to=hook_error), hook_error, None
evts["err_client_disc"] = client_disc, None, None
evts["err_client_rst"] = client_rst, None, client_disc
evts["err_server_disc"] = server_disc, send_upstream, None
evts["err_server_rst"] = server_rst, send_upstream, server_disc
def eq_maybe(a, b):
# _eq helpfully raises a TypeError when placeholder types don't match
# that is useful in (test) development, but may happen legitimately when fuzzing here.
try:
return _eq(a, b)
except TypeError:
return False
while evts:
candidates = []
for name, (evt, precon, negprecon) in evts.items():
precondition_ok = (
precon is None or any(eq_maybe(x, precon) for x in playbook.actual)
)
neg_precondition_ok = (
negprecon is None or not any(eq_maybe(x, negprecon) for x in playbook.actual)
)
if precondition_ok and neg_precondition_ok:
# crude hack to increase fuzzing efficiency: make it more likely that we progress.
for i in range(1 if name.startswith("err_") else 3):
candidates.append((name, evt))
if not candidates:
break
name, evt = draw(candidates)
del evts[name]
try:
assert playbook >> evt
except AssertionError:
if any(
isinstance(x, _TracebackInPlaybook)
for x in playbook.actual
):
raise
else:
# add commands that the server issued.
playbook.expected.extend(playbook.actual[len(playbook.expected):])
def test_request_streaming(tctx, why, transfer_encoding, response):
"""
Test HTTP request streaming
This is a bit more contrived as we may receive server data while we are still sending the request.
"""
server = Placeholder(Server)
flow = Placeholder(HTTPFlow)
playbook = Playbook(http.HttpLayer(tctx, HTTPMode.regular))
if why.startswith("body_size"):
tctx.options.stream_large_bodies = why.replace("body_size=", "")
def enable_streaming(flow: HTTPFlow):
if why == "addon":
flow.request.stream = True
playbook >> DataReceived(
tctx.client, b"POST http://example.com/ HTTP/1.1\r\n"
b"Host: example.com\r\n")
if transfer_encoding == "identity":
playbook >> DataReceived(tctx.client, b"Content-Length: 9\r\n\r\n"
b"abc")
else:
playbook >> DataReceived(
tctx.client, b"Transfer-Encoding: chunked\r\n\r\n"
b"3\r\nabc\r\n")
playbook << http.HttpRequestHeadersHook(flow)
playbook >> reply(side_effect=enable_streaming)
needs_more_data_before_open = (why == "body_size=3"
and transfer_encoding == "chunked")
if needs_more_data_before_open:
playbook >> DataReceived(tctx.client, b"3\r\ndef\r\n")
playbook << OpenConnection(server)
playbook >> reply(None)
playbook << SendData(server, b"POST / HTTP/1.1\r\n"
b"Host: example.com\r\n")
if transfer_encoding == "identity":
playbook << SendData(server, b"Content-Length: 9\r\n\r\n" b"abc")
playbook >> DataReceived(tctx.client, b"def")
playbook << SendData(server, b"def")
else:
if needs_more_data_before_open:
playbook << SendData(
server, b"Transfer-Encoding: chunked\r\n\r\n"
b"6\r\nabcdef\r\n")
else:
playbook << SendData(
server, b"Transfer-Encoding: chunked\r\n\r\n"
b"3\r\nabc\r\n")
playbook >> DataReceived(tctx.client, b"3\r\ndef\r\n")
playbook << SendData(server, b"3\r\ndef\r\n")
if response == "normal response":
if transfer_encoding == "identity":
playbook >> DataReceived(tctx.client, b"ghi")
playbook << SendData(server, b"ghi")
else:
playbook >> DataReceived(tctx.client, b"3\r\nghi\r\n0\r\n\r\n")
playbook << SendData(server, b"3\r\nghi\r\n")
playbook << http.HttpRequestHook(flow)
playbook >> reply()
if transfer_encoding == "chunked":
playbook << SendData(server, b"0\r\n\r\n")
assert (
playbook >> DataReceived(
server, b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n") <<
http.HttpResponseHeadersHook(flow) >> reply() <<
http.HttpResponseHook(flow) >> reply() << SendData(
tctx.client, b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n"))
elif response == "early response":
# We may receive a response before we have finished sending our request.
# We continue sending unless the server closes the connection.
# https://tools.ietf.org/html/rfc7231#section-6.5.11
assert (playbook >> DataReceived(
server,
b"HTTP/1.1 413 Request Entity Too Large\r\nContent-Length: 0\r\n\r\n"
) << http.HttpResponseHeadersHook(flow) >> reply(
) << http.HttpResponseHook(flow) >> reply() << SendData(
tctx.client,
b"HTTP/1.1 413 Request Entity Too Large\r\nContent-Length: 0\r\n\r\n"
))
if transfer_encoding == "identity":
playbook >> DataReceived(tctx.client, b"ghi")
playbook << SendData(server, b"ghi")
else:
playbook >> DataReceived(tctx.client, b"3\r\nghi\r\n0\r\n\r\n")
playbook << SendData(server, b"3\r\nghi\r\n")
playbook << http.HttpRequestHook(flow)
playbook >> reply()
if transfer_encoding == "chunked":
playbook << SendData(server, b"0\r\n\r\n")
assert playbook
elif response == "early close":
assert (playbook >> DataReceived(
server,
b"HTTP/1.1 413 Request Entity Too Large\r\nContent-Length: 0\r\n\r\n"
) << http.HttpResponseHeadersHook(flow) >> reply(
) << http.HttpResponseHook(flow) >> reply() << SendData(
tctx.client,
b"HTTP/1.1 413 Request Entity Too Large\r\nContent-Length: 0\r\n\r\n"
) >> ConnectionClosed(server) << CloseConnection(server) <<
CloseConnection(tctx.client))
elif response == "early kill":
err = Placeholder(bytes)
assert (playbook >> ConnectionClosed(server) << CloseConnection(server)
<< http.HttpErrorHook(flow) >> reply() << SendData(
tctx.client, err) << CloseConnection(tctx.client))
assert b"502 Bad Gateway" in err()
else: # pragma: no cover
assert False
