search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix for SSL Versioning when multiple options are used.
[monitoring-plugins.git] / plugins / tests / check_http.t
blobc3085e13cfa9534793b12edd6d0128e2640463e5
1 #! /usr/bin/perl -w -I ..
2 #
3 # Test check_http by having an actual HTTP server running
4 #
5 # To create the https server certificate:
6 # openssl req -new -x509 -keyout server-key.pem -out server-cert.pem -days 3650 -nodes
7 # Country Name (2 letter code) [AU]:UK
8 # State or Province Name (full name) [Some-State]:Derbyshire
9 # Locality Name (eg, city) []:Belper
10 # Organization Name (eg, company) [Internet Widgits Pty Ltd]:Nagios Plugins
11 # Organizational Unit Name (eg, section) []:
12 # Common Name (eg, YOUR name) []:Ton Voon
13 # Email Address []:tonvoon@mac.com
14
15 use strict;
16 use Test::More;
17 use NPTest;
18 use FindBin qw($Bin);
19
20 my $common_tests = 70;
21 my $ssl_only_tests = 8;
22 # Check that all dependent modules are available
23 eval {
24 require HTTP::Daemon;
25 require HTTP::Status;
26 require HTTP::Response;
27 };
28
29 if ($@) {
30 plan skip_all => "Missing required module for test: $@";
31 } else {
32 if (-x "./check_http") {
33 plan tests => $common_tests * 2 + $ssl_only_tests;
34 } else {
35 plan skip_all => "No check_http compiled";
36 }
37 }
38
39 my $servers = { http => 0 }; # HTTP::Daemon should always be available
40 eval { require HTTP::Daemon::SSL };
41 if ($@) {
42 diag "Cannot load HTTP::Daemon::SSL: $@";
43 } else {
44 $servers->{https} = 0;
45 }
46
47 # set a fixed version, so the header size doesn't vary
48 $HTTP::Daemon::VERSION = "1.00";
49
50 my $port_http = 50000 + int(rand(1000));
51 my $port_https = $port_http + 1;
52 my $port_https_expired = $port_http + 2;
53
54 # This array keeps sockets around for implementing timeouts
55 my @persist;
56
57 # Start up all servers
58 my @pids;
59 my $pid = fork();
60 if ($pid) {
61 # Parent
62 push @pids, $pid;
63 if (exists $servers->{https}) {
64 # Fork a normal HTTPS server
65 $pid = fork();
66 if ($pid) {
67 # Parent
68 push @pids, $pid;
69 # Fork an expired cert server
70 $pid = fork();
71 if ($pid) {
72 push @pids, $pid;
73 } else {
74 my $d = HTTP::Daemon::SSL->new(
75 LocalPort => $port_https_expired,
76 LocalAddr => "127.0.0.1",
77 SSL_cert_file => "$Bin/certs/expired-cert.pem",
78 SSL_key_file => "$Bin/certs/expired-key.pem",
79 ) || die;
80 print "Please contact https expired at: <URL:", $d->url, ">\n";
81 run_server( $d );
82 exit;
83 }
84 } else {
85 my $d = HTTP::Daemon::SSL->new(
86 LocalPort => $port_https,
87 LocalAddr => "127.0.0.1",
88 SSL_cert_file => "$Bin/certs/server-cert.pem",
89 SSL_key_file => "$Bin/certs/server-key.pem",
90 ) || die;
91 print "Please contact https at: <URL:", $d->url, ">\n";
92 run_server( $d );
93 exit;
94 }
95 }
96 # give our webservers some time to startup
97 sleep(1);
98 } else {
99 # Child
100 #print "child\n";
101 my $d = HTTP::Daemon->new(
102 LocalPort => $port_http,
103 LocalAddr => "127.0.0.1",
104 ) || die;
105 print "Please contact http at: <URL:", $d->url, ">\n";
106 run_server( $d );
107 exit;
108 }
109
110 # Run the same server on http and https
111 sub run_server {
112 my $d = shift;
113 MAINLOOP: while (my $c = $d->accept ) {
114 while (my $r = $c->get_request) {
115 if ($r->method eq "GET" and $r->url->path =~ m^/statuscode/(\d+)^) {
116 $c->send_basic_header($1);
117 $c->send_crlf;
118 } elsif ($r->method eq "GET" and $r->url->path =~ m^/file/(.*)^) {
119 $c->send_basic_header;
120 $c->send_crlf;
121 $c->send_file_response("$Bin/var/$1");
122 } elsif ($r->method eq "GET" and $r->url->path eq "/slow") {
123 $c->send_basic_header;
124 $c->send_crlf;
125 sleep 1;
126 $c->send_response("slow");
127 } elsif ($r->url->path eq "/method") {
128 if ($r->method eq "DELETE") {
129 $c->send_error(HTTP::Status->RC_METHOD_NOT_ALLOWED);
130 } elsif ($r->method eq "foo") {
131 $c->send_error(HTTP::Status->RC_NOT_IMPLEMENTED);
132 } else {
133 $c->send_status_line(200, $r->method);
134 }
135 } elsif ($r->url->path eq "/postdata") {
136 $c->send_basic_header;
137 $c->send_crlf;
138 $c->send_response($r->method.":".$r->content);
139 } elsif ($r->url->path eq "/redirect") {
140 $c->send_redirect( "/redirect2" );
141 } elsif ($r->url->path eq "/redir_external") {
142 $c->send_redirect(($d->isa('HTTP::Daemon::SSL') ? "https" : "http") . "://169.254.169.254/redirect2" );
143 } elsif ($r->url->path eq "/redirect2") {
144 $c->send_basic_header;
145 $c->send_crlf;
146 $c->send_response(HTTP::Response->new( 200, 'OK', undef, 'redirected' ));
147 } elsif ($r->url->path eq "/redir_timeout") {
148 $c->send_redirect( "/timeout" );
149 } elsif ($r->url->path eq "/timeout") {
150 # Keep $c from being destroyed, but prevent severe leaks
151 unshift @persist, $c;
152 delete($persist[1000]);
153 next MAINLOOP;
154 } elsif ($r->url->path eq "/header_check") {
155 $c->send_basic_header;
156 $c->send_header('foo');
157 $c->send_crlf;
158 } else {
159 $c->send_error(HTTP::Status->RC_FORBIDDEN);
160 }
161 $c->close;
162 }
163 }
164 }
165
166 END {
167 foreach my $pid (@pids) {
168 if ($pid) { print "Killing $pid\n"; kill "INT", $pid }
169 }
170 };
171
172 if ($ARGV[0] && $ARGV[0] eq "-d") {
173 while (1) {
174 sleep 100;
175 }
176 }
177
178 my $result;
179 my $command = "./check_http -H 127.0.0.1";
180
181 run_common_tests( { command => "$command -p $port_http" } );
182 SKIP: {
183 skip "HTTP::Daemon::SSL not installed", $common_tests + $ssl_only_tests if ! exists $servers->{https};
184 run_common_tests( { command => "$command -p $port_https", ssl => 1 } );
185
186 $result = NPTest->testCmd( "$command -p $port_https -S -C 14" );
187 is( $result->return_code, 0, "$command -p $port_https -S -C 14" );
188 is( $result->output, 'OK - Certificate \'Ton Voon\' will expire on 03/03/2019 21:41.', "output ok" );
189
190 $result = NPTest->testCmd( "$command -p $port_https -S -C 14000" );
191 is( $result->return_code, 1, "$command -p $port_https -S -C 14000" );
192 like( $result->output, '/WARNING - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(03/03/2019 21:41\)./', "output ok" );
193
194 # Expired cert tests
195 $result = NPTest->testCmd( "$command -p $port_https -S -C 13960,14000" );
196 is( $result->return_code, 2, "$command -p $port_https -S -C 13960,14000" );
197 like( $result->output, '/CRITICAL - Certificate \'Ton Voon\' expires in \d+ day\(s\) \(03/03/2019 21:41\)./', "output ok" );
198
199 $result = NPTest->testCmd( "$command -p $port_https_expired -S -C 7" );
200 is( $result->return_code, 2, "$command -p $port_https_expired -S -C 7" );
201 is( $result->output,
202 'CRITICAL - Certificate \'Ton Voon\' expired on 03/05/2009 00:13.',
203 "output ok" );
204
205 }
206
207 sub run_common_tests {
208 my ($opts) = @_;
209 my $command = $opts->{command};
210 if ($opts->{ssl}) {
211 $command .= " --ssl";
212 }
213
214 $result = NPTest->testCmd( "$command -u /file/root" );
215 is( $result->return_code, 0, "/file/root");
216 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 274 bytes in [\d\.]+ second/', "Output correct" );
217
218 $result = NPTest->testCmd( "$command -u /file/root -s Root" );
219 is( $result->return_code, 0, "/file/root search for string");
220 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 274 bytes in [\d\.]+ second/', "Output correct" );
221
222 $result = NPTest->testCmd( "$command -u /file/root -s NonRoot" );
223 is( $result->return_code, 2, "Missing string check");
224 like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - string 'NonRoot' not found on 'https?://127\.0\.0\.1:\d+/file/root'%, "Shows search string and location");
225
226 $result = NPTest->testCmd( "$command -u /file/root -s NonRootWithOver30charsAndMoreFunThanAWetFish" );
227 is( $result->return_code, 2, "Missing string check");
228 like( $result->output, qr%HTTP CRITICAL: HTTP/1\.1 200 OK - string 'NonRootWithOver30charsAndM...' not found on 'https?://127\.0\.0\.1:\d+/file/root'%, "Shows search string and location");
229
230 $result = NPTest->testCmd( "$command -u /header_check -d foo" );
231 is( $result->return_code, 0, "header_check search for string");
232 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - 96 bytes in [\d\.]+ second/', "Output correct" );
233
234 $result = NPTest->testCmd( "$command -u /header_check -d bar" );
235 is( $result->return_code, 2, "Missing header string check");
236 like( $result->output, qr%^HTTP CRITICAL: HTTP/1\.1 200 OK - header 'bar' not found on 'https?://127\.0\.0\.1:\d+/header_check'%, "Shows search string and location");
237
238 my $cmd;
239 $cmd = "$command -u /slow";
240 $result = NPTest->testCmd( $cmd );
241 is( $result->return_code, 0, "$cmd");
242 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
243 $result->output =~ /in ([\d\.]+) second/;
244 cmp_ok( $1, ">", 1, "Time is > 1 second" );
245
246 $cmd = "$command -u /statuscode/200";
247 $result = NPTest->testCmd( $cmd );
248 is( $result->return_code, 0, $cmd);
249 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
250
251 $cmd = "$command -u /statuscode/200 -e 200";
252 $result = NPTest->testCmd( $cmd );
253 is( $result->return_code, 0, $cmd);
254 like( $result->output, '/^HTTP OK: Status line output matched "200" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
255
256 $cmd = "$command -u /statuscode/201";
257 $result = NPTest->testCmd( $cmd );
258 is( $result->return_code, 0, $cmd);
259 like( $result->output, '/^HTTP OK: HTTP/1.1 201 Created - \d+ bytes in [\d\.]+ second /', "Output correct: ".$result->output );
260
261 $cmd = "$command -u /statuscode/201 -e 201";
262 $result = NPTest->testCmd( $cmd );
263 is( $result->return_code, 0, $cmd);
264 like( $result->output, '/^HTTP OK: Status line output matched "201" - \d+ bytes in [\d\.]+ second /', "Output correct: ".$result->output );
265
266 $cmd = "$command -u /statuscode/201 -e 200";
267 $result = NPTest->testCmd( $cmd );
268 is( $result->return_code, 2, $cmd);
269 like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port \d+: HTTP/1.1 201 Created/', "Output correct: ".$result->output );
270
271 $cmd = "$command -u /statuscode/200 -e 200,201,202";
272 $result = NPTest->testCmd( $cmd );
273 is( $result->return_code, 0, $cmd);
274 like( $result->output, '/^HTTP OK: Status line output matched "200,201,202" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
275
276 $cmd = "$command -u /statuscode/201 -e 200,201,202";
277 $result = NPTest->testCmd( $cmd );
278 is( $result->return_code, 0, $cmd);
279 like( $result->output, '/^HTTP OK: Status line output matched "200,201,202" - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
280
281 $cmd = "$command -u /statuscode/203 -e 200,201,202";
282 $result = NPTest->testCmd( $cmd );
283 is( $result->return_code, 2, $cmd);
284 like( $result->output, '/^HTTP CRITICAL - Invalid HTTP response received from host on port (\d+): HTTP/1.1 203 Non-Authoritative Information/', "Output correct: ".$result->output );
285
286 $cmd = "$command -j HEAD -u /method";
287 $result = NPTest->testCmd( $cmd );
288 is( $result->return_code, 0, $cmd);
289 like( $result->output, '/^HTTP OK: HTTP/1.1 200 HEAD - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
290
291 $cmd = "$command -j POST -u /method";
292 $result = NPTest->testCmd( $cmd );
293 is( $result->return_code, 0, $cmd);
294 like( $result->output, '/^HTTP OK: HTTP/1.1 200 POST - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
295
296 $cmd = "$command -j GET -u /method";
297 $result = NPTest->testCmd( $cmd );
298 is( $result->return_code, 0, $cmd);
299 like( $result->output, '/^HTTP OK: HTTP/1.1 200 GET - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
300
301 $cmd = "$command -u /method";
302 $result = NPTest->testCmd( $cmd );
303 is( $result->return_code, 0, $cmd);
304 like( $result->output, '/^HTTP OK: HTTP/1.1 200 GET - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
305
306 $cmd = "$command -P foo -u /method";
307 $result = NPTest->testCmd( $cmd );
308 is( $result->return_code, 0, $cmd);
309 like( $result->output, '/^HTTP OK: HTTP/1.1 200 POST - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
310
311 $cmd = "$command -j DELETE -u /method";
312 $result = NPTest->testCmd( $cmd );
313 is( $result->return_code, 1, $cmd);
314 like( $result->output, '/^HTTP WARNING: HTTP/1.1 405 Method Not Allowed/', "Output correct: ".$result->output );
315
316 $cmd = "$command -j foo -u /method";
317 $result = NPTest->testCmd( $cmd );
318 is( $result->return_code, 2, $cmd);
319 like( $result->output, '/^HTTP CRITICAL: HTTP/1.1 501 Not Implemented/', "Output correct: ".$result->output );
320
321 $cmd = "$command -P stufftoinclude -u /postdata -s POST:stufftoinclude";
322 $result = NPTest->testCmd( $cmd );
323 is( $result->return_code, 0, $cmd);
324 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
325
326 $cmd = "$command -j PUT -P stufftoinclude -u /postdata -s PUT:stufftoinclude";
327 $result = NPTest->testCmd( $cmd );
328 is( $result->return_code, 0, $cmd);
329 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
330
331 # To confirm that the free doesn't segfault
332 $cmd = "$command -P stufftoinclude -j PUT -u /postdata -s PUT:stufftoinclude";
333 $result = NPTest->testCmd( $cmd );
334 is( $result->return_code, 0, $cmd);
335 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
336
337 $cmd = "$command -u /redirect";
338 $result = NPTest->testCmd( $cmd );
339 is( $result->return_code, 0, $cmd);
340 like( $result->output, '/^HTTP OK: HTTP/1.1 301 Moved Permanently - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
341
342 $cmd = "$command -f follow -u /redirect";
343 $result = NPTest->testCmd( $cmd );
344 is( $result->return_code, 0, $cmd);
345 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
346
347 $cmd = "$command -u /redirect -k 'follow: me'";
348 $result = NPTest->testCmd( $cmd );
349 is( $result->return_code, 0, $cmd);
350 like( $result->output, '/^HTTP OK: HTTP/1.1 301 Moved Permanently - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
351
352 $cmd = "$command -f follow -u /redirect -k 'follow: me'";
353 $result = NPTest->testCmd( $cmd );
354 is( $result->return_code, 0, $cmd);
355 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
356
357 $cmd = "$command -f sticky -u /redirect -k 'follow: me'";
358 $result = NPTest->testCmd( $cmd );
359 is( $result->return_code, 0, $cmd);
360 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
361
362 $cmd = "$command -f stickyport -u /redirect -k 'follow: me'";
363 $result = NPTest->testCmd( $cmd );
364 is( $result->return_code, 0, $cmd);
365 like( $result->output, '/^HTTP OK: HTTP/1.1 200 OK - \d+ bytes in [\d\.]+ second/', "Output correct: ".$result->output );
366
367 # These tests may block
368 print "ALRM\n";
369
370 # stickyport - on full urlS port is set back to 80 otherwise
371 $cmd = "$command -f stickyport -u /redir_external -t 5 -s redirected";
372 eval {
373 local $SIG{ALRM} = sub { die "alarm\n" };
374 alarm(2);
375 $result = NPTest->testCmd( $cmd );
376 alarm(0); };
377 isnt( $@, "alarm\n", $cmd );
378 is( $result->return_code, 0, $cmd );
379
380 # Let's hope there won't be any web server on :80 returning "redirected"!
381 $cmd = "$command -f sticky -u /redir_external -t 5 -s redirected";
382 eval {
383 local $SIG{ALRM} = sub { die "alarm\n" };
384 alarm(2);
385 $result = NPTest->testCmd( $cmd );
386 alarm(0); };
387 isnt( $@, "alarm\n", $cmd );
388 isnt( $result->return_code, 0, $cmd );
389
390 # Test an external address - timeout
391 SKIP: {
392 skip "This doesn't seems to work all the time", 1 unless ($ENV{HTTP_EXTERNAL});
393 $cmd = "$command -f follow -u /redir_external -t 5";
394 eval {
395 local $SIG{ALRM} = sub { die "alarm\n" };
396 alarm(2);
397 $result = NPTest->testCmd( $cmd );
398 alarm(0); };
399 is( $@, "alarm\n", $cmd );
400 }
401
402 $cmd = "$command -u /timeout -t 5";
403 eval {
404 local $SIG{ALRM} = sub { die "alarm\n" };
405 alarm(2);
406 $result = NPTest->testCmd( $cmd );
407 alarm(0); };
408 is( $@, "alarm\n", $cmd );
409
410 $cmd = "$command -f follow -u /redir_timeout -t 2";
411 eval {
412 local $SIG{ALRM} = sub { die "alarm\n" };
413 alarm(5);
414 $result = NPTest->testCmd( $cmd );
415 alarm(0); };
416 isnt( $@, "alarm\n", $cmd );
417
418 }
Monitoring Plugins