engineyard-mongrel 1.1.4

data/test/unit/test_configurator.rb

@@ -0,0 +1,88 @@
+# Copyright (c) 2005 Zed A. Shaw 
+# You can redistribute it and/or modify it under the same terms as Ruby.
+#
+# Additional work donated by contributors.  See http://mongrel.rubyforge.org/attributions.html 
+# for more information.
+
+require 'test/test_helper'
+
+$test_plugin_fired = 0
+
+class TestPlugin < GemPlugin::Plugin "/handlers"
+  include Mongrel::HttpHandlerPlugin
+
+  def process(request, response)
+    $test_plugin_fired += 1
+  end
+end
+
+
+class Sentinel < GemPlugin::Plugin "/handlers"
+  include Mongrel::HttpHandlerPlugin
+
+  def process(request, response)
+    raise "This Sentinel plugin shouldn't run."
+  end
+end
+
+
+class ConfiguratorTest < Test::Unit::TestCase
+
+  def test_base_handler_config
+    @port = process_based_port
+    @config = nil
+
+    redirect_test_io do
+      @config = Mongrel::Configurator.new :host => "localhost" do
+        listener :port => process_based_port do
+          # 2 in front should run, but the sentinel shouldn't since dirhandler processes the request
+          uri "/", :handler => plugin("/handlers/testplugin")
+          uri "/", :handler => plugin("/handlers/testplugin")
+          uri "/", :handler => Mongrel::DirHandler.new(".")
+          uri "/", :handler => plugin("/handlers/testplugin")
+
+          uri "/test", :handler => plugin("/handlers/testplugin")
+          uri "/test", :handler => plugin("/handlers/testplugin")
+          uri "/test", :handler => Mongrel::DirHandler.new(".")
+          uri "/test", :handler => plugin("/handlers/testplugin")
+
+          debug "/"
+          setup_signals
+
+          run_config(HERE + "/mongrel.conf")
+          load_mime_map(HERE + "/mime.yaml")
+
+          run
+        end
+      end
+    end
+    
+    # pp @config.listeners.values.first.classifier.routes
+
+    @config.listeners.each do |host,listener| 
+      assert listener.classifier.uris.length == 3, "Wrong number of registered URIs"
+      assert listener.classifier.uris.include?("/"),  "/ not registered"
+      assert listener.classifier.uris.include?("/test"), "/test not registered"
+    end
+
+    res = Net::HTTP.get(URI.parse("http://localhost:#{@port}/test"))
+    assert res != nil, "Didn't get a response"
+    assert $test_plugin_fired == 3, "Test filter plugin didn't run 3 times."
+
+    redirect_test_io do
+      res = Net::HTTP.get(URI.parse("http://localhost:#{@port}/"))
+
+      assert res != nil, "Didn't get a response"
+      assert $test_plugin_fired == 6, "Test filter plugin didn't run 6 times."
+    end
+
+    redirect_test_io do
+      @config.stop(false, true)
+    end
+
+    assert_raise Errno::EBADF, Errno::ECONNREFUSED do
+      res = Net::HTTP.get(URI.parse("http://localhost:#{@port}/"))
+    end
+  end
+
+end

data/test/unit/test_debug.rb

@@ -0,0 +1,25 @@
+# Copyright (c) 2005 Zed A. Shaw 
+# You can redistribute it and/or modify it under the same terms as Ruby.
+#
+# Additional work donated by contributors.  See http://mongrel.rubyforge.org/attributions.html 
+# for more information.
+
+require 'test/test_helper'
+require 'mongrel/debug'
+
+class MongrelDbgTest < Test::Unit::TestCase
+
+  def test_tracing_to_log
+    FileUtils.rm_rf "log/mongrel_debug"
+
+    MongrelDbg::configure
+    out = StringIO.new
+
+    MongrelDbg::begin_trace(:rails)
+    MongrelDbg::trace(:rails, "Good stuff")
+    MongrelDbg::end_trace(:rails)
+
+    assert File.exist?("log/mongrel_debug"), "Didn't make logging directory"
+  end
+
+end

data/test/unit/test_handlers.rb

@@ -0,0 +1,136 @@
+# Copyright (c) 2005 Zed A. Shaw 
+# You can redistribute it and/or modify it under the same terms as Ruby.
+#
+# Additional work donated by contributors.  See http://mongrel.rubyforge.org/attributions.html 
+# for more information.
+
+require 'test/test_helper'
+
+class SimpleHandler < Mongrel::HttpHandler
+  def process(request, response)
+    response.start do |head,out|
+      head["Content-Type"] = "text/html"
+      results = "<html><body>Your request:<br /><pre>#{request.params.to_yaml}</pre><a href=\"/files\">View the files.</a></body></html>"
+      out << results
+    end
+  end
+end
+
+class DumbHandler < Mongrel::HttpHandler
+  def process(request, response)
+    response.start do |head,out|
+      head["Content-Type"] = "text/html"
+      out.write("test")
+    end
+  end
+end
+
+def check_status(results, expecting)
+  results.each do |res|
+    assert(res.kind_of?(expecting), "Didn't get #{expecting}, got: #{res.class}")
+  end
+end
+
+class HandlersTest < Test::Unit::TestCase
+
+  def setup
+    @port = process_based_port
+    stats = Mongrel::StatisticsFilter.new(:sample_rate => 1)
+
+    @config = Mongrel::Configurator.new :host => '127.0.0.1' do
+      listener :port => process_based_port do
+        uri "/", :handler => SimpleHandler.new
+        uri "/", :handler => stats
+        uri "/404", :handler => Mongrel::Error404Handler.new("Not found")
+        uri "/dumb", :handler => Mongrel::DeflateFilter.new
+        uri "/dumb", :handler => DumbHandler.new, :in_front => true
+        uri "/files", :handler => Mongrel::DirHandler.new("doc")
+        uri "/files_nodir", :handler => Mongrel::DirHandler.new("doc", listing_allowed=false, index_html="none")
+        uri "/status", :handler => Mongrel::StatusHandler.new(:stats_filter => stats)
+        uri "/relative", :handler => Mongrel::DirHandler.new(nil, listing_allowed=false, index_html="none")
+      end
+    end
+    
+    unless windows?
+      File.open('/tmp/testfile', 'w') do
+        # Do nothing
+      end
+    end
+    
+    @config.run
+  end
+
+  def teardown
+    @config.stop(false, true)
+    File.delete '/tmp/testfile' unless windows?
+  end
+  
+  def test_registration_exception_is_not_lost
+    assert_raises(Mongrel::URIClassifier::RegistrationError) do      
+      @config = Mongrel::Configurator.new do
+        listener do
+          uri "bogus", :handler => SimpleHandler.new
+        end
+      end
+    end
+  end
+
+  def test_more_web_server
+    res = hit([ "http://localhost:#{@port}/test",
+          "http://localhost:#{@port}/dumb",
+          "http://localhost:#{@port}/404",
+          "http://localhost:#{@port}/files/rdoc/index.html",
+          "http://localhost:#{@port}/files/rdoc/nothere.html",
+          "http://localhost:#{@port}/files/rdoc/",
+          "http://localhost:#{@port}/files_nodir/rdoc/",
+          "http://localhost:#{@port}/status",
+    ])
+    check_status res, String
+  end
+  
+  def test_nil_dirhandler
+    return if windows?
+    # Camping uses this internally
+    handler = Mongrel::DirHandler.new(nil, false)  
+    assert handler.can_serve("/tmp/testfile")
+    # Not a bug! A nil @file parameter is the only circumstance under which
+    # we are allowed to serve any existing file
+    assert handler.can_serve("../../../../../../../../../../tmp/testfile")
+  end
+  
+  def test_non_nil_dirhandler_is_not_vulnerable_to_path_traversal
+    # The famous security bug of Mongrel 1.1.2
+    handler = Mongrel::DirHandler.new("/doc", false)
+    assert_nil handler.can_serve("/tmp/testfile")
+    assert_nil handler.can_serve("../../../../../../../../../../tmp/testfile")
+  end
+
+  def test_deflate
+    Net::HTTP.start("localhost", @port) do |h|
+      # Test that no accept-encoding returns a non-deflated response
+      req = h.get("/dumb")
+      assert(
+        !req['Content-Encoding'] ||
+        !req['Content-Encoding'].include?('deflate'))
+      assert_equal "test", req.body
+
+      req = h.get("/dumb", {"Accept-Encoding" => "deflate"})
+      # -MAX_WBITS stops zlib from looking for a zlib header
+      inflater = Zlib::Inflate.new(-Zlib::MAX_WBITS)
+      assert req['Content-Encoding'].include?('deflate')
+      assert_equal "test", inflater.inflate(req.body)
+    end
+  end
+
+  # TODO: find out why this fails on win32 but nowhere else
+  #def test_posting_fails_dirhandler
+  #  req = Net::HTTP::Post.new("http://localhost:#{@port}/files/rdoc/")
+  #  req.set_form_data({'from'=>'2005-01-01', 'to'=>'2005-03-31'}, ';')
+  #  res = hit [["http://localhost:#{@port}/files/rdoc/",req]]
+  #  check_status res, Net::HTTPNotFound
+  #end
+
+  def test_unregister
+    @config.listeners["127.0.0.1:#{@port}"].unregister("/")
+  end
+end

data/test/unit/test_http_parser.rb

@@ -0,0 +1,156 @@
+# Copyright (c) 2005 Zed A. Shaw 
+# You can redistribute it and/or modify it under the same terms as Ruby.
+#
+# Additional work donated by contributors.  See http://mongrel.rubyforge.org/attributions.html 
+# for more information.
+
+require 'test/test_helper'
+
+include Mongrel
+
+class HttpParserTest < Test::Unit::TestCase
+    
+  def test_parse_simple
+    parser = HttpParser.new
+    req = {}
+    http = "GET / HTTP/1.1\r\n\r\n"
+    nread = parser.execute(req, http, 0)
+
+    assert nread == http.length, "Failed to parse the full HTTP request"
+    assert parser.finished?, "Parser didn't finish"
+    assert !parser.error?, "Parser had error"
+    assert nread == parser.nread, "Number read returned from execute does not match"
+
+    assert_equal 'HTTP/1.1', req['SERVER_PROTOCOL']
+    assert_equal '/', req['REQUEST_PATH']
+    assert_equal 'HTTP/1.1', req['HTTP_VERSION']
+    assert_equal '/', req['REQUEST_URI']
+    assert_equal 'CGI/1.2', req['GATEWAY_INTERFACE']
+    assert_equal 'GET', req['REQUEST_METHOD']    
+    assert_nil req['FRAGMENT']
+    assert_nil req['QUERY_STRING']
+    
+    parser.reset
+    assert parser.nread == 0, "Number read after reset should be 0"
+  end
+ 
+  def test_parse_strange_headers
+    parser = HttpParser.new
+    req = {}
+    should_be_good = "GET / HTTP/1.1\r\naaaaaaaaaaaaa:++++++++++\r\n\r\n"
+    nread = parser.execute(req, should_be_good, 0)
+    assert_equal should_be_good.length, nread
+    assert parser.finished?
+    assert !parser.error?
+
+    nasty_pound_header = "GET / HTTP/1.1\r\nX-SSL-Bullshit:   -----BEGIN CERTIFICATE-----\r\n\tMIIFbTCCBFWgAwIBAgICH4cwDQYJKoZIhvcNAQEFBQAwcDELMAkGA1UEBhMCVUsx\r\n\tETAPBgNVBAoTCGVTY2llbmNlMRIwEAYDVQQLEwlBdXRob3JpdHkxCzAJBgNVBAMT\r\n\tAkNBMS0wKwYJKoZIhvcNAQkBFh5jYS1vcGVyYXRvckBncmlkLXN1cHBvcnQuYWMu\r\n\tdWswHhcNMDYwNzI3MTQxMzI4WhcNMDcwNzI3MTQxMzI4WjBbMQswCQYDVQQGEwJV\r\n\tSzERMA8GA1UEChMIZVNjaWVuY2UxEzARBgNVBAsTCk1hbmNoZXN0ZXIxCzAJBgNV\r\n\tBAcTmrsogriqMWLAk1DMRcwFQYDVQQDEw5taWNoYWVsIHBhcmQYJKoZIhvcNAQEB\r\n\tBQADggEPADCCAQoCggEBANPEQBgl1IaKdSS1TbhF3hEXSl72G9J+WC/1R64fAcEF\r\n\tW51rEyFYiIeZGx/BVzwXbeBoNUK41OK65sxGuflMo5gLflbwJtHBRIEKAfVVp3YR\r\n\tgW7cMA/s/XKgL1GEC7rQw8lIZT8RApukCGqOVHSi/F1SiFlPDxuDfmdiNzL31+sL\r\n\t0iwHDdNkGjy5pyBSB8Y79dsSJtCW/iaLB0/n8Sj7HgvvZJ7x0fr+RQjYOUUfrePP\r\n\tu2MSpFyf+9BbC/aXgaZuiCvSR+8Snv3xApQY+fULK/xY8h8Ua51iXoQ5jrgu2SqR\r\n\twgA7BUi3G8LFzMBl8FRCDYGUDy7M6QaHXx1ZWIPWNKsCAwEAAaOCAiQwggIgMAwG\r\n\tA1UdEwEB/wQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMA4GA1UdDwEB/wQEAwID6DAs\r\n\tBglghkgBhvhCAQ0EHxYdVUsgZS1TY2llbmNlIFVzZXIgQ2VydGlmaWNhdGUwHQYD\r\n\tVR0OBBYEFDTt/sf9PeMaZDHkUIldrDYMNTBZMIGaBgNVHSMEgZIwgY+AFAI4qxGj\r\n\tloCLDdMVKwiljjDastqooXSkcjBwMQswCQYDVQQGEwJVSzERMA8GA1UEChMIZVNj\r\n\taWVuY2UxEjAQBgNVBAsTCUF1dGhvcml0eTELMAkGA1UEAxMCQ0ExLTArBgkqhkiG\r\n\t9w0BCQEWHmNhLW9wZXJhdG9yQGdyaWQtc3VwcG9ydC5hYy51a4IBADApBgNVHRIE\r\n\tIjAggR5jYS1vcGVyYXRvckBncmlkLXN1cHBvcnQuYWMudWswGQYDVR0gBBIwEDAO\r\n\tBgwrBgEEAdkvAQEBAQYwPQYJYIZIAYb4QgEEBDAWLmh0dHA6Ly9jYS5ncmlkLXN1\r\n\tcHBvcnQuYWMudmT4sopwqlBWsvcHViL2NybC9jYWNybC5jcmwwPQYJYIZIAYb4QgEDBDAWLmh0\r\n\tdHA6Ly9jYS5ncmlkLXN1cHBvcnQuYWMudWsvcHViL2NybC9jYWNybC5jcmwwPwYD\r\n\tVR0fBDgwNjA0oDKgMIYuaHR0cDovL2NhLmdyaWQt5hYy51ay9wdWIv\r\n\tY3JsL2NhY3JsLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAS/U4iiooBENGW/Hwmmd3\r\n\tXCy6Zrt08YjKCzGNjorT98g8uGsqYjSxv/hmi0qlnlHs+k/3Iobc3LjS5AMYr5L8\r\n\tUO7OSkgFFlLHQyC9JzPfmLCAugvzEbyv4Olnsr8hbxF1MbKZoQxUZtMVu29wjfXk\r\n\thTeApBv7eaKCWpSp7MCbvgzm74izKhu3vlDk9w6qVrxePfGgpKPqfHiOoGhFnbTK\r\n\twTC6o2xq5y0qZ03JonF7OJspEd3I5zKY3E+ov7/ZhW6DqT8UFvsAdjvQbXyhV8Eu\r\n\tYhixw1aKEPzNjNowuIseVogKOLXxWI5vAi5HgXdS0/ES5gDGsABo4fqovUKlgop3\r\n\tRA==\r\n\t-----END CERTIFICATE-----\r\n\r\n"
+    parser = HttpParser.new
+    req = {}
+    nread = parser.execute(req, nasty_pound_header, 0)
+    assert_equal nasty_pound_header.length, nread
+    assert parser.finished?
+    assert !parser.error?
+  end
+  
+  def test_parse_error
+    parser = HttpParser.new
+    req = {}
+    bad_http = "GET / SsUTF/1.1"
+
+    error = false
+    begin
+      nread = parser.execute(req, bad_http, 0)
+    rescue => details
+      error = true
+    end
+
+    assert error, "failed to throw exception"
+    assert !parser.finished?, "Parser shouldn't be finished"
+    assert parser.error?, "Parser SHOULD have error"
+  end
+
+  def test_fragment_in_uri
+    parser = HttpParser.new
+    req = {}
+    get = "GET /forums/1/topics/2375?page=1#posts-17408 HTTP/1.1\r\n\r\n"
+    assert_nothing_raised do
+      parser.execute(req, get, 0)
+    end
+    assert parser.finished?
+    assert_equal '/forums/1/topics/2375?page=1', req['REQUEST_URI']
+    assert_equal 'posts-17408', req['FRAGMENT']
+  end
+
+  # lame random garbage maker
+  def rand_data(min, max, readable=true)
+    count = min + ((rand(max)+1) *10).to_i
+    res = count.to_s + "/"
+    
+    if readable
+      res << Digest::SHA1.hexdigest(rand(count * 100).to_s) * (count / 40)
+    else
+      res << Digest::SHA1.digest(rand(count * 100).to_s) * (count / 20)
+    end
+
+    return res
+  end
+  
+
+  def test_horrible_queries
+    parser = HttpParser.new
+
+    # then that large header names are caught
+    10.times do |c|
+      get = "GET /#{rand_data(10,120)} HTTP/1.1\r\nX-#{rand_data(1024, 1024+(c*1024))}: Test\r\n\r\n"
+      assert_raises Mongrel::HttpParserError do
+        parser.execute({}, get, 0)
+        parser.reset
+      end
+    end
+
+    # then that large mangled field values are caught
+    10.times do |c|
+      get = "GET /#{rand_data(10,120)} HTTP/1.1\r\nX-Test: #{rand_data(1024, 1024+(c*1024), false)}\r\n\r\n"
+      assert_raises Mongrel::HttpParserError do
+        parser.execute({}, get, 0)
+        parser.reset
+      end
+    end
+
+    # then large headers are rejected too
+    get = "GET /#{rand_data(10,120)} HTTP/1.1\r\n"
+    get << "X-Test: test\r\n" * (80 * 1024)
+    assert_raises Mongrel::HttpParserError do
+      parser.execute({}, get, 0)
+      parser.reset
+    end
+
+    # finally just that random garbage gets blocked all the time
+    10.times do |c|
+      get = "GET #{rand_data(1024, 1024+(c*1024), false)} #{rand_data(1024, 1024+(c*1024), false)}\r\n\r\n"
+      assert_raises Mongrel::HttpParserError do
+        parser.execute({}, get, 0)
+        parser.reset
+      end
+    end
+
+  end
+
+
+
+  def test_query_parse
+    res = HttpRequest.query_parse("zed=1&frank=#{HttpRequest.escape('&&& ')}")
+    assert res["zed"], "didn't get the request right"
+    assert res["frank"], "no frank"
+    assert_equal "1", res["zed"], "wrong result"
+    assert_equal "&&& ", HttpRequest.unescape(res["frank"]), "wrong result"
+
+    res = HttpRequest.query_parse("zed=1&zed=2&zed=3&frank=11;zed=45")
+    assert res["zed"], "didn't get the request right"
+    assert res["frank"], "no frank"
+    assert_equal 4,res["zed"].length, "wrong number for zed"
+    assert_equal "11",res["frank"], "wrong number for frank"
+  end
+  
+end
+

data/test/unit/test_redirect_handler.rb

@@ -0,0 +1,45 @@
+# Copyright (c) 2005 Zed A. Shaw 
+# You can redistribute it and/or modify it under the same terms as Ruby.
+#
+# Additional work donated by contributors.  See http://mongrel.rubyforge.org/attributions.html 
+# for more information.
+
+require 'test/test_helper'
+
+class RedirectHandlerTest < Test::Unit::TestCase
+
+  def setup
+    @port = process_based_port
+    redirect_test_io do
+      @server = Mongrel::HttpServer.new('127.0.0.1', @port)
+    end
+    @server.run
+    @client = Net::HTTP.new('127.0.0.1', @port)
+  end
+
+  def teardown
+    @server.stop(true)
+  end
+
+  def test_simple_redirect
+    tester = Mongrel::RedirectHandler.new('/yo')
+    @server.register("/test", tester)
+
+    sleep(1)
+    res = @client.request_get('/test')
+    assert res != nil, "Didn't get a response"
+    assert_equal ['/yo'], res.get_fields('Location')
+  end
+
+  def test_rewrite
+    tester = Mongrel::RedirectHandler.new(/(\w+)/, '+\1+')
+    @server.register("/test", tester)
+
+    sleep(1)
+    res = @client.request_get('/test/something')
+    assert_equal ['/+test+/+something+'], res.get_fields('Location')
+  end
+
+end
+
+