M/eb` dZddlZddlZddlZddlZddlmZddlZddlm Z ddl m Z ddl m Z ddl mZddl mZdd lmZGd d ej&Zed k(r4ej,ej.ej0d degzyy)z)Tests for certbot_nginx._internal.parser.N)List)errors)os) nginxparser)obj)parser) test_utilceZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZdZy)NginxParserTestzNginx Parser Test.ctj|jtj|jtj|jyN)shutilrmtreetemp_dir config_dirwork_dir)selfs K/usr/lib/python3/dist-packages/certbot_nginx/_internal/tests/parser_test.pytearDownzNginxParserTest.tearDowns2 dmm$ doo& dmm$ctjj|jd}t j |}|j |jk(sJy)Nz*etc_nginx/////ubuntu_nginx/../../etc_nginx)rpathjoinrr NginxParserroot config_path)rrnparsers rtest_root_normalizedz$NginxParserTest.test_root_normalizedsGww||DMM,;<$$T*||t/////rcztj} tj|jt j tj j|j}|j|jk(sJ tj|y#tj|wxYwr ) rgetcwdchdirrrrrrelpathrr)rcurr_dirrs rtest_root_absolutez"NginxParserTest.test_root_absolute sx99;  HHT]] #((9I9I)JKG<<4#3#33 33 HHX BHHX s A6B##B:ctj|jtjj z}|j |jk(sJyr )rrrrrseprrrs rtest_root_no_trailing_slashz+NginxParserTest.test_root_no_trailing_slash,s=$$T%5%5 %CD||t/////rctj|j}|jdDchc]}|j |c}t |j jk(sJgdg|j |j dk(sJdgddgddgdd gdd gggg|j |j d k(sJy cc}w) z+Test recursive conf file parsing. )foo.conf nginx.conf server.confz mime.typessites-enabled/defaultzsites-enabled/both.comsites-enabled/example.comzsites-enabled/headers.comzsites-enabled/migration.comzsites-enabled/sslon.comsites-enabled/globalssl.comzsites-enabled/ipv6.comzsites-enabled/ipv6ssl.comzsites-enabled/example.net) server_namesomenamealias another.aliasr,serverlisten69.50.225.155:9000 127.0.0.1r0 .example.com example.*r.N)rrrloadabs_pathsetparsedkeys)rrxs r test_loadzNginxParserTest.test_load0s$$T%5%56  8 9  # 9W^^0023 4 4 4FF (8(8(GHI IIx)=>)1;(?)6(G)6 (DFGH!(8(88):; ; ;; 9sCctj|j}tjdk7rUd|j dk(sJtj j|jd|j dk(sJyd|j dk(sJtj j|jd|j dk(sJy)Nntz /etc/nginx/*zfoo/barzC:\etc\nginx\*zfoo\bar)rrrrnamer;rrr's r test_abs_pathzNginxParserTest.test_abs_pathLs$$T%5%56 77d?!W%5%5n%EE EE77<< 0 0)<$--i89 99''*:*:;N*OO OO77<< 0 0*=$--j9: ::rctj|j}|jdd|j |j d}dt tj|j dk(sJdt tj|j dk(sJd gd d gd d gd dgd dgggg|dk(sJy)NtestFlazyzsites-enabled/example.com.testz*.test zsites-enabled/*.testr4r5r6r7r0r8r9r)rrrfiledump _parse_filesr;lenglob)rrr=s r test_filedumpzNginxParserTest.test_filedumpXs$$T%5%56e,%%g&6&6 ,'./C '"2"28"<=>>>>S IIg&&'=> ?AA AAx)=>)1;(?)6(G)6 (DFGH  # ##rc dgdgdggdgdggfdgdgdggdggfdgdgdggdggfggfdgfdgdgdggdgdgdgggddgddgddgddggfdgdgdggdgdgdgggddgddgddggfdgdgdggdgdgdgggddgddggfdgdgdggdgdgdgggddggfdgdgdggdgdgdggggfg }|D])\}}g}tj|d|fd||k(r)Jy) NrrIcVt|txrt|dk\xr|ddk(S)NrSrrQ) isinstancelistrM)r?s rz7NginxParserTest.test__do_for_subarray..xs0jD.A/.$'FaK/.$%aDAIrc$|j|Sr )append)r?yptss rrXz7NginxParserTest.test__do_for_subarray..{sCJJqMr)r_do_for_subarray)rmylistsmylistresultpathss rtest__do_for_subarrayz%NginxParserTest.test__do_for_subarraygsS1#sOqcA3Z0S1#sOqcU+S1#sOqcU+8r7cA3_sQC!o6Q!Q!Q!Q8:cA3_sQC!o6!Q!Q!Q8PQcA3_sQC!o6!Q!Q8HIcA3_sQC!o6!QAcA3_sQC!o6; =& #NFF%'E  # #F%.6;$I  K F? "? #rc Htj|j}|j}t j |j dt jddddddgdddhgdg}|Dcgc]}d|jvs|c}d}||k(sJycc}w)Nr/z4.8.2.657TFz globalssl.comr) rrr get_vhostsr VirtualHostr;Addrfilep)rrvhostsvhostr? globalssl_coms rtest_get_vhosts_global_sslz*NginxParserTest.test_get_vhosts_global_ssl~s$$T%5%56##% 0 01N O!$)T4*/"8!9 $d_,=rA3H %+Iqo.HI!L  %%%Js 9B Bc tj|j}|j}t j |j dt jddddddgddddhggd}t j |j dt jd dddddt jdd ddddgddhd ggd }t j |j d t jddddddt jddddddgddddhgdg}t j |j dt jddddddt jddddddgdddhgdg}t j |j dt jddddddgddddhggd}dt|k(sJ|Dcgc]}d|jvs|c}d} || k(sJ|Dcgc]}d |jvs|c}d} || k(sJ|Dcgc]}d|jvs|c}d} || k(sJ|Dcgc]}d|jvs|c}d} || k(sJ|Dcgc]}d |jvs|c}d} || k(sJycc}wcc}wcc}wcc}wcc}w)!Nr+8080FT localhost~^(www\.)?(example|bar)\.rJrS r18000>r2r1r3)rJrS r.z 69.50.225.1559000r7r8r9rr-myhost otherhostwww.example.orgr**80 *.www.foo.com*.www.example.com)rQrSr example.comdefault) rrrrerrfr;rgrMrhnames)rrrivhost1vhost2vhost3vhost4vhost5r? example_comrfooconfrpr1s rtest_get_vhostszNginxParserTest.test_get_vhostss $$T%5%56##%!1!1,!?"%((2vue+0%#9":!&"-&B"D!#Z 1!1!1,!?"%((:vue+0%#9"%((2vue+0%#9":"'!G!#[2!1!12M!N"%((?F+0%#G"%((;E5+0%#9":"'"0+!>QC I!1!12I!J"%((8R+0%#9"%((;E4+0%#9":"'/@.A!#aS *!1!1*!="%((3dD+0%#9":!%to2E.G!#Y 0S[   "(EQMQWW,DqEaH $$$$= QWW(<1=a@   $> agg(=1>qA   &A1+*@QA!D """%?!qww)>A?B!!!F=>A?s</J9J9J>,J>KK*K>KK 'K c tj|j}tjdddddddgddgddgddgd d ggggd}|j |rJgd gd dd gg|_|j |rJddggd g|_|j |rJddgddggd g|_|j |dusJy)Nr5zmyhost default_serverr0rylocation/rhtmlindexzindex.html index.htm)r5z*:80default_serverssl)r0r|r}z/home/ubuntu/sites/foo/z80 sslr{ronT)rrrrrfhas_ssl_on_directiveraw)rr mock_vhosts rtest_has_ssl_on_directivez)NginxParserTest.test_has_ssl_on_directives $$T%5%56__T4tT1201S!VV$4w@V6W#XY  // ;;;EO!#<=? // ;;;#X.OQ // ;;;#T* $-OQ ++J74???rc tj|j}tj|j ddddddhdgd}|j d}ddh}||_||_dg|_|j|d d gd d gg|j|d |j|d |j|d gddgddgddgddgggggk(sJy)Nr+rprqrrr.r8r9rfoobarssl_certificate/etc/ssl/cert2.pemr4r5r6r7r0) rrrrrfr;rhrradd_server_directivesremove_server_directivesr=)rrrrrs rtest_remove_server_directivesz-NginxParserTest.test_remove_server_directivess $$T%5%56__W%5%5l%C%)4&1+G&I%): 7 &&'BC -&  # %%j(-u~8I8L8N'O P ((U;((5FG~~k*jH&:;$k2)>:);7   !! !!rc tj|j}tj|j ddddddhdgd}|j |ddggdgtjd}tj|j|j d}d ttj||k(sJ|j d }d d h}||_||_d g|_|j |ddgddgg|j |ddggd dlm}|j|dgddgddgdd gdd gddgd|gddgd|gggg ggk(sJ|j d}hd}||_||_g|_t'j(t*j,5|j |ddgddggdddy#1swYyxYw)Nr+rprqrrrr)z r z/etc/ssl/cert.pemz&\n\s+ssl_certificate /etc/ssl/cert.pemrSr.r8r9rrrCOMMENTr4r5r6r7r0#r,>r2r1r3)rrrrrfr;rrecompilerdumpsr=rMfindallrhrrcertbot_nginx._internal.parserrpytestraisesrMisconfigurationError) rrrssl_redumprrr server_confs rtest_add_server_directivesz*NginxParserTest.test_add_server_directivess/$$T%5%56__W%5%5l%C%)4&1+G&I%): 7 %%j(-u~8M'N OEF  0@0@0N!OPC 6401111&&'BC -&  # %%j(-u~8I8L8N'O P %%jE5>2BC:~~k*jH&:;$k2)>:);7!5>>-/CD>2r    &&}5 6&    ]]677 8 G  ) )*!5>-/CDF G G G Gs -GGc tj|j}|jd}t j |dddddhddg}|j |gdg|j |ddd|jd ggdd lm}|j|d gd d gd dgddgddggdgd|jd gd|ggg ggk(sJy)Nr.r8r9r) rrwhat a nice commentrincluderzcomment_in_file.confrr4r5r6r7r0)rrrr) rrrr;rrfrrrr=)rrrrrs rtest_comment_is_repeatablez*NginxParserTest.test_comment_is_repeatables$$T%5%56&&'BC __[%)4&4k%B%)A30  %%j'P&Q S%%j(. 3&-&6&67M&N(P'Q R ;~~k*jH&:;$k2)>:);7<%w'7'78N'OP>  ! ! ! !rc tj|j}ddh}|jd}t j |ddd|ddg}|j |ddggddlm}|j|dgd d gd d gddgd |gddgggggk(sJddh|_ |j |d dgg|j|dgd d gd d gddgd |gddggd dgd |ggg ggk(sJy)Nr8r9r.rr0z foobar.comrr4r5r6r7rrzcert.pem) rrrr;rrfupdate_or_add_server_directivesrrr=r)rrtargetrhrrs rtest_replace_server_directivesz.NginxParserTest.test_replace_server_directives/sV$$T%5%56 +.  !<=__UD$fdQCP // -67 9:~~e$jH&:;$k2)<83.);7   )+6 // +Z89 ;~~e$jH&:;$k2)<83.);7-z:S'NB   rcd}hdhdddhddhhdhd d d hhd hd ddhdhtdhdhdhg}gd}t|D]#\}}|tj|||k(r#Jy)N www.eff.org>irrelevant.long.name.eff.org*.orgr>eff.org ww2.eff.orgtest.www.eff.org *.eff.org .www.eff.org.eff.orgr>www.eff. www.eff.* *.www.eff.org>*.eff.*r~^(www\.)?(eff.+)rzr> .test.eff.orgwww.*r>rrrrrr www.Eff.org.efF.org))exactrNN)rr)wildcard_startr) wildcard_endr)regexr)rrzrr)rrr)rrrr)rr)rr)r< enumeraterget_best_match)r target_namerwinnersiwinners rtest_get_best_matchz#NginxParserTest.test_get_best_matchHs# I?~.g&;A+,A5!7+3 #7+ JIAv#22;aIJ JJ Jrctjgdgdgdg}ddlm}ddlm}||d||d|j gd|dgd|gdgk(sJy) N) arbr)crd)rerfr) COMMENT_BLOCK)comment_directiverSr)r UnspacedListrrrspaced)rblockrrs rtest_comment_directivez&NginxParserTest.test_comment_directivemsj(( '  !*#$ AD%#%#|| '     !  ## ##rc tjd}|dd}ddlm}||dd||dd||d d |jgd gd gd gdgdgdgddgk(sJy)Na4 server { listen 80; root /var/www/html; index star.html; server_name *.functorkitten.xyz; ssl_session_timeout 1440m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; }rrS)_comment_out_directiverIblah1rTblah2blah3) r5rr{)rrrz /var/www/html)rrrz star.html) r0rz*.functorkitten.xyz)rrz1 ssl_session_timeout 1440m; # duplicated in blah1)rrz; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # duplicated in blah2)rrz4 ssl_prefer_server_ciphers on; # duplicated in blah3z )rloadsrrr)r server_blockrrs rtest_comment_out_directivez*NginxParserTest.test_comment_out_directives"(( *  Q"Iua1ua1ua1|| 7 @ = O \ U a   rctjddgg}|drJtjgdg}|dsJtjddgddgg}|drJtjddgddgg}|dsJy)Nr5443r)r5rroffr)r_parse_server_rawrr4s rtest_parse_server_raw_sslz)NginxParserTest.test_parse_server_raw_ssls)) u +  %=  )) $+  e}})) u u~+  %=  )) u t}+  e}}rcZtjddgg}t|ddk(sJy)Nr5zunix:/var/run/nginx.sockaddrsr)rrrMrs rtest_parse_server_raw_unixz*NginxParserTest.test_parse_server_raw_unixs9)) 1 2+  6'?#q(((rcxtj|j}|jddgg}|dsJy)Nr5rr)rrr parse_server)rrr4s r$test_parse_server_global_ssl_appliedz4NginxParserTest.test_parse_server_global_ssl_appliedsC$$T%5%56%% u '  e}}rctj|j}|j}|Dcgc]}d|jvs|c}d}|j |d}|j dtt|jjdusJ|j|jk7sJtj|j}|j}|Dcgc]}d|jvs|}}t|dk(sJ|d } tt| jjdusJtt|jtt| jk(sJt|jt| jk(sJtt|jjtt| jsJycc}wcc}w) NrrTremove_singleton_listen_paramsrnextFrQrS)rrrrerhduplicate_vhostrKnextiterrrrrMrrsuper_eq) rrrir?r new_vhost new_nparser new_vhosts new_defaultsnew_vhost_parseds rtest_duplicate_vhostz$NginxParserTest.test_duplicate_vhosts$$T%5%56##%$= QWW(<1=a@++GTX+Y R D)*22e;;;~~---(()9)9:  ++- #-Faagg1EF F< A%%%'?D)//0199UBBBD'(D6F6L6L1M,NNNN7;;3'7';';#<<<<D'(11$tGsHH1H H ctj|j}|j}|Dcgc]}d|jvs|c}d}|j |d}|j d|jD]}|jsJ|j |d}|j dd}|jD]}|js|jsJd}!|sJycc}w)Nipv6sslrTrrnrF) rrrrerhrrKripv6onlyipv6) rrrir?r raddridentical_vhostcalleds r$test_duplicate_vhost_remove_ipv6onlyz4NginxParserTest.test_duplicate_vhost_remove_ipv6onlys$$T%5%56##%$= QWW(<1=a@++GTX+Y R OO %D}} $$ %"11'Z_1`R #)) Dyy}}$}  v>s C0C0ctj|j}|jd}|j |}dg|dddk(sJddg|ddddk(sJy) Nvalid_unicode_comments.confr4rrQr5r{rSrR)rrrr;rLrrrr=s rtest_valid_unicode_charactersz-NginxParserTest.test_valid_unicode_characterssy$$T%5%56 =>%%d+zVAYq\!_,,,$6!9Q<?1#5555rctj|j}|j|j d|j dy)zLThis tests the parser's ability to load and save a config containing UnicoderFrGN)rrrrLr;rKr's rtest_valid_unicode_roundtripz,NginxParserTest.test_valid_unicode_roundtripsH$$T%5%56   : ;  e$rc|j5}tj|j}|j d}|j |}dddgk(sJt djDsJy#1swY/xYw)Ninvalid_unicode_comments.confc30K|]}d|vxrd|vywzinvalid characterzUTF-8N.0outputs r zBNginxParserTest.test_invalid_unicode_characters..* !F * CF1B C ) assertLogsrrrr;rLanyr!rlogrrr=s rtest_invalid_unicode_charactersz/NginxParserTest.test_invalid_unicode_characterss __  0#(()9)9:G##$CDD))$/F 0 V|| **     0 0s ABB ctj|j}|jd}tj|}dg|ddk(sJddg|dddk(sJy) Nrr4rQrr5r{rSrR)rrrr;_parse_ssl_optionsrs r,test_valid_unicode_characters_in_ssl_optionsz**40zVAYq\)))$6!9Q<?222rc"|j5}tj|j}|j d}tj |}dddgk(sJt djDsJy#1swY/xYw)Nrc30K|]}d|vxrd|vywrrrs rr"zQNginxParserTest.test_invalid_unicode_characters_in_ssl_options..r#r$)r%rrrr;r+r&r!r's r.test_invalid_unicode_characters_in_ssl_optionsz>NginxParserTest.test_invalid_unicode_characters_in_ssl_options s __  5#(()9)9:G##$CDD..t4F 5 V|| **     5 5s ABBN) __name__ __module__ __qualname____doc__rrr$r(r@rDrOrbrlrrrrrrrrrrrrr rrrr)r,r/rrrr r s% 0 0;8 : ##. &2"h@(!0+GZ!02#JJ#$6*) V.*6%  3  rr __main__rS)r3rNrrsystypingrrcertbotrcertbot.compatrcertbot_nginx._internalrrrcertbot_nginx._internal.testsr util NginxTestr r0exitmainargv__file__rrrrAsx/  /'*;B dnnB J z CHH[V[[!" 2 34r