@@ -88,27 +88,92 @@ jobs:
8888 README.md \
8989 "${{ matrix.target }}.env"
9090 echo "Starting container ${{ matrix.target }}-verification"
91+ # The backend is a dummy
9192 docker run \
9293 --pull "never" \
9394 -d \
9495 --name ${{ matrix.target }}-test \
9596 --env-file "${{ matrix.target }}.env" \
97+ -p 8080:8080 \
98+ -e BACKEND=http://localhost:9999 \
9699 "${{ matrix.target }}-verification"
97- sleep 30
98- docker logs ${{ matrix.target }}-test
99100
100101name : Verify ${{ matrix.target }}
101102 run : |
102- [ $(docker inspect ${{ matrix.target }}-test --format='{{.State.Running}}') = 'true' ]
103- if grep -q "nginx "<<< "${{ matrix.target }}"; then
104- curl -q -D headers.txt http://localhost:8080/?test=../../etc/passwd
103+ HOST_AND_PORT="localhost:8080"
104+ counter=10
105+ while true; do
106+ printf "Checking whether container is running..."
107+ if [ $(docker inspect ${{ matrix.target }}-test --format='{{.State.Running}}') = 'true' ]; then
108+ echo "ok"
109+ printf "Trying to connect..."
110+ if curl -s --connect-timeout 5 --max-time 1 "${HOST_AND_PORT}" > /dev/null 2>&1; then
111+ echo "ok"
112+ break
113+ fi
114+ fi
115+
116+ echo "failed"
117+ ((counter--))
118+ if [ ${counter} -gt 0 ]; then
119+ echo "Will retry in 5 seconds"
120+ sleep 5
121+ else
122+ printf "No more retries. Here'se the log output from the container\n\n\n"
123+ docker logs ${{ matrix.target }}-test
124+ exit 1
125+ fi
126+ done
127+
128+ if grep -q "nginx"<<< "${{ matrix.target }}"; then
129+ printf "\n\n### nginx tests ###\n\n"
130+
131+ printf "Storing headers for sample attack..."
132+ curl -s -D headers.txt -o /dev/null "${HOST_AND_PORT}/?test=../../etc/passwd"
133+ printf "...done\n\n\n"
134+
135+ printf "Check status 403..."
105136 grep -q "HTTP/1.1 403 Forbidden" headers.txt
137+ printf yes\n\n\n"
138+
139+ printf "Check 'Access-Control-Allow-Origin' header..."
106140 grep -q "Access-Control-Allow-Origin: *" headers.txt
141+ printf yes\n\n\n"
142+
143+ printf "Check 'Access-Control-Max-Age' header..."
107144 grep -q "Access-Control-Max-Age: 3600" headers.txt
145+ printf yes\n\n\n"
146+
147+ printf "Check 'Access-Control-Allow-Methods' header..."
108148 grep -q "Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS" headers.txt
149+ printf yes\n\n\n"
150+
151+ printf "Check 'Access-Control-Allow-Headers'..."
109152 grep -q "Access-Control-Allow-Headers: *" headers.txt
153+ printf yes\n\n\n"
154+
155+ echo "### nginx tests - done ###"
110156 fi
111157
158+ printf "\n\n### generic tests ###\n\n"
159+
160+ echo "Test HTTP/2 upgrade..."
161+ curl -v --http2 --no-progress-meter -o /dev/null "${HOST_AND_PORT}" 2>&1 | tee out.txt
162+ grep -iP "< 101 Switching Protocols|< HTTP/2" < out.txt | tee out2.txt
163+ wc -l out2.txt | grep -qoP "\d+" | xargs -I % test % -eq 2
164+ rm out*.txt
165+ printf ...yes\n\n\n"
166+
167+ echo "Test HTTP/2 prior knowledge..."
168+ curl -v --http2-prior-knowledge --no-progress-meter -o /dev/null "${HOST_AND_PORT}"
169+ curl -v --http2-prior-knowledge --no-progress-meter -o /dev/null "${HOST_AND_PORT}" 2>&1 | tee out.txt
170+ grep --help
171+ grep -i "< HTTP/2" out.txt
172+ grep -iv "< 101 Switching Protocols" out.txt
173+ printf ...yes\n\n\n"
174+
175+ echo "### generic tests - done ###"
176+
112177name : Checkout CRS
113178 uses : actions/checkout@v4
114179 with :
0 commit comments