Commit graph

480 commits

Author SHA1 Message Date
Alexander Aleksandrovič Klimov
8a366bc140
Merge pull request #10841 from Icinga/binarytohex-length
Some checks are pending
Container Image / Container Image (push) Waiting to run
Linux / alpine:bash (push) Waiting to run
Linux / amazonlinux:2 (push) Waiting to run
Linux / amazonlinux:2023 (push) Waiting to run
Linux / debian:11 (linux/386) (push) Waiting to run
Linux / debian:11 (push) Waiting to run
Linux / debian:12 (linux/386) (push) Waiting to run
Linux / debian:12 (push) Waiting to run
Linux / debian:13 (push) Waiting to run
Linux / fedora:41 (push) Waiting to run
Linux / fedora:42 (push) Waiting to run
Linux / fedora:43 (push) Waiting to run
Linux / fedora:44 (push) Waiting to run
Linux / opensuse/leap:15.6 (push) Waiting to run
Linux / opensuse/leap:16.0 (push) Waiting to run
Linux / registry.suse.com/bci/bci-base:16.0 (push) Waiting to run
Linux / registry.suse.com/suse/sle15:15.6 (push) Waiting to run
Linux / registry.suse.com/suse/sle15:15.7 (push) Waiting to run
Linux / rockylinux/rockylinux:10 (push) Waiting to run
Linux / rockylinux:8 (push) Waiting to run
Linux / rockylinux:9 (push) Waiting to run
Linux / ubuntu:22.04 (push) Waiting to run
Linux / ubuntu:24.04 (push) Waiting to run
Linux / ubuntu:25.04 (push) Waiting to run
Linux / ubuntu:25.10 (push) Waiting to run
Linux / ubuntu:26.04 (push) Waiting to run
Windows / Windows (push) Waiting to run
Minor fixes and tests for BinaryToHex()
2026-07-01 10:35:11 +02:00
Dominik Bay
d29ac491f2
Restore single-argument Json.decode() in the DSL
The recursion depth limit added to JsonDecode() in 2.16.2 gave the C++
function a second parameter with a default value. Function pointers do not
carry default arguments, so the DSL function binding deduced an arity of 2
via boost::function_types::function_arity and required two arguments. As a
result `Json.decode("...")` failed with "Too few arguments for function",
an undocumented breaking change in a patch release.

Wrap JsonDecode() in a single-argument shim (mirroring the existing
JsonEncodeShim) so the registered function keeps its one-parameter contract
while still applying the default depth limit internally.

refs #10913
2026-06-30 10:42:40 +02:00
Julian Brost
165378adae
Merge pull request #10909 from Icinga/filter-expression-permission
Add filter-expression permission
2026-06-29 20:33:12 +02:00
Julian Brost
fb42312e6c
Merge pull request #10908 from Icinga/json-parsing-recursion-limit
[GHSA-wh38-wg57-5w7g] Fix stack overflow due to deeply nested data structures
2026-06-29 20:15:53 +02:00
Julian Brost
a155da01b2 Also execute JsonDecode stack size test in pthread if available
Depending on the Boost version, the existing test case based on Boost.Asio
coroutines might use a stack allocated without a guard page and might not
reliably detect an overflow. This commit additionally runs the same test
function within a pthread thread started with the same stack size as used by
our coroutines.
2026-06-23 15:38:19 +02:00
Julian Brost
0481a66b01 Add tests for JsonDecode depth limit in combination with coroutine stacks 2026-06-23 15:38:19 +02:00
Julian Brost
ed202ed745 tests: move SpawnSynchronizedCoroutine() to utils.cpp
This allows reusing the helper also from other test files.
2026-06-23 15:38:19 +02:00
Julian Brost
14d6ee9cdf JsonDecode: include path in JSON depth error
If parsing JSON is rejected due to the depth limit introduced in the last
commit, also include the path (like root["object"]["children"]...) that exceeds
the allowed nesting depth.
2026-06-23 15:38:19 +02:00
Julian Brost
4964d2444c JsonDecode: add depth limit
Data structures parsed from JSON may be accessed recursively, so deeply nested
structures may wreak havoc by overflowing the stack. Thus, enforce a general
nesting depth limit of 24 by default (which should be more than enough for
reasonable use), with the ability to pass a different limit to JsonDecode() if
needed.
2026-06-23 15:38:19 +02:00
Julian Brost
324d5bb815 Add filter-expression permission
This allows preventing ApiUsers from evaluating their own DSL expressions for
improved security.
2026-06-23 10:55:45 +02:00
Johannes Schmidt
503e23e723 Freeze perfdata arrays and remove locks in code using them
Since perfdata is set once when a check result is created and
never changed again, locking this is unnecessary. This avoids
components unnecessarily waiting on each other when processing
perfdata.

This fixes the locking cascade observed sometimes when the perfdata
writer work queue blocks, where it extends to a lock on the entire
check result eventually, affecting even more components.
2026-06-17 15:15:46 +02:00
Johannes Schmidt
e8a4336ab8 Add test-case for SendFile() with non-existant paths 2026-05-29 16:05:14 +02:00
Julian Brost
c241546fed Add test for BinaryToHex 2026-05-07 14:17:05 +02:00
Johannes Schmidt
7ee3386622 Fix PerfdataWriterConnection test-cases on parallel build 2026-04-22 08:36:28 +02:00
Johannes Schmidt
aab0b64f3a Generate all unit-test certificates with CN=localhost 2026-04-21 16:11:57 +02:00
Julian Brost
a810d6409b
Merge pull request #10767 from Icinga/certificate_fixture_two_electric_boogaloo
Generate certificates in unit-test fixtures to fix parallel test execution
2026-04-07 09:35:47 +02:00
Yonas Habteab
0718632f40 tests: fix testbase linker error 2026-04-01 12:18:21 +02:00
Yonas Habteab
415140bc36 Add common OTel type/lib 2026-04-01 12:18:21 +02:00
Johannes Schmidt
a05e2a3554 Rename EnsureCertFor to GetCertFor 2026-03-31 16:31:49 +02:00
Johannes Schmidt
f9a7e004b5 Generate ctest fixtures for generating CA and certificates 2026-03-31 16:31:49 +02:00
Johannes Schmidt
7c59c11417 Give CTestProperties a polymorphic interface 2026-03-31 16:31:49 +02:00
Johannes Schmidt
20ff982127 Make unit-test data and cache directory unique per test
This is necessary for parallel test execution so that tests don't overwrite
or delete (destructor of the fixture) data in these directories.

This is implemented by generating a unique name for each test with
`Utility::NewUniqueId()`.
2026-03-31 16:31:49 +02:00
Johannes Schmidt
c844a10dd4 Add network label to http tests
Mostly unrelated change to add the network label to test suites
already touched by other changes in this PR. The label is already
used for the perfdata writer tests to make it easy to exclude tests
that need a network connection when building and testing in a sandbox.
2026-03-31 16:31:49 +02:00
Johannes Schmidt
72ebd43ef1 Give base_timer/(invoke|scope) timers a 10x multiplier on Windows 2026-03-31 09:33:09 +02:00
Johannes Schmidt
3f670463f4 Revert "Give timer tests more leeway for inaccurate implementations"
This reverts commit 1430e63e72.
2026-03-31 09:32:28 +02:00
Julian Brost
6592eae21d
Merge pull request #10668 from Icinga/perfdata-writers-connection-handling
Add PerfdatawriterConnection to handle network requests for Perfdata Writers
2026-03-17 15:10:57 +01:00
Johannes Schmidt
75b2ec6d96 Add unit-tests for PerfdataWriterConnection
There's a set of two tests for each perfdatawriter, just
to make sure they can connect and send data that looks reasonably
correct, and to make sure pausing actually works while the connection
is stuck.

Then there's a more in-depth suite of tests for PerfdataWriterConnection
itself, to verify that connection handling works well in all types
of scenarios.

Co-authored-by: Yonas Habteab <yonas.habteab@icinga.com>
2026-03-17 12:11:30 +01:00
Johannes Schmidt
e153e6d079 Fix CertificateFixture error if previous test fails 2026-03-12 09:35:13 +01:00
Johannes Schmidt
d7409aad27 Add a new CTest fixture for dirty_ssl_certs for tlsutility
This doesn't fix any concrete errors in master, but if tests ever get
reordered for some reason and the tlsutility tests run before the
http tests, they will leave broken certificates behind. This could
be solved by cleaning up manually in the tests, but that again could
cause issues if the tlsutility tests ever run in the middle of the
http ones.

The proper solution is using a CTest fixture to establish a dependency
where the tlsutility tests always run before the tests using a new
CTest fixture that provides the cleanup between these test groups.
2026-03-11 14:26:48 +01:00
Johannes Schmidt
1430e63e72 Give timer tests more leeway for inaccurate implementations
On Windows, waiting on system timers is notoriously inaccurate, with
short sleeps taking tens of milliseconds longer than specified.

This led to these tests to sporadically fail on the Windows GHAs with
`check 5 == counter has failed [5 != 4]`, because it couldn't get the
expected five invokations within the given tolerance of 50ms.

Currently on master, the tests check if a timer triggers five times
in 550ms with a 100ms interval, only leaving those 50ms to spare.
This commit extends the tolerance of to 75ms. This is a pretty
conservative increase (when we could have gone to 99ms), but it
might be enough to satisfy the windows GHAs.
2026-03-03 14:10:33 +01:00
Johannes Schmidt
11d099f4bb Add Assert-Macros for the TestLogger
Also add a Clear() function to clear existing log content.
2026-02-26 13:31:10 +01:00
Johannes Schmidt
6fc9130983 Move and extend ReceiveCheckResults function 2026-02-26 13:31:10 +01:00
Johannes Schmidt
e339a229ba Add TestThread class to not get unit-tests stuck in join()s 2026-02-26 13:31:10 +01:00
Yonas Habteab
d4d46a9780 HTTP: stream responses where appropriate 2026-02-11 09:47:39 +01:00
Yonas Habteab
32887884e5 Make ValueGenerator more flexible & easy to use
This commit refactors the ValueGenerator class to be a template that can
work with any container type. Previously, one has to manually take care
of the used container by lazily iterating over it within a lambda. Now,
the `ValueGenerator` class itself takes care of all the iteration,
making it easier to use and less error-prone. The new base `Generator`
class is required to allow the `JsonEncoder` to handle generators in a
type-erased manner.
2026-02-10 16:57:56 +01:00
Julian Brost
4b4d15ce72
Merge pull request #10700 from Icinga/license-gpl3-later
Some checks failed
Container Image / Container Image (push) Has been cancelled
Linux / alpine:bash (push) Has been cancelled
Linux / amazonlinux:2 (push) Has been cancelled
Linux / amazonlinux:2023 (push) Has been cancelled
Linux / debian:11 (linux/386) (push) Has been cancelled
Linux / debian:11 (push) Has been cancelled
Linux / debian:12 (linux/386) (push) Has been cancelled
Linux / debian:12 (push) Has been cancelled
Linux / debian:13 (push) Has been cancelled
Linux / fedora:41 (push) Has been cancelled
Linux / fedora:42 (push) Has been cancelled
Linux / fedora:43 (push) Has been cancelled
Linux / opensuse/leap:15.6 (push) Has been cancelled
Linux / opensuse/leap:16.0 (push) Has been cancelled
Linux / registry.suse.com/bci/bci-base:16.0 (push) Has been cancelled
Linux / registry.suse.com/suse/sle15:15.6 (push) Has been cancelled
Linux / registry.suse.com/suse/sle15:15.7 (push) Has been cancelled
Linux / rockylinux/rockylinux:10 (push) Has been cancelled
Linux / rockylinux:8 (push) Has been cancelled
Linux / rockylinux:9 (push) Has been cancelled
Linux / ubuntu:22.04 (push) Has been cancelled
Linux / ubuntu:24.04 (push) Has been cancelled
Linux / ubuntu:25.04 (push) Has been cancelled
Linux / ubuntu:25.10 (push) Has been cancelled
Windows / Windows (push) Has been cancelled
Upgrade license to GPLv3 & replace existing copyright with SPDX header
2026-02-05 13:14:54 +01:00
Johannes Schmidt
e26b1041c7 Use noop lambda in dummy NotificationCommand
The dummy command would sometimes fail with a "broken pipe" error
on slow runners like the arm64 container image one, so this commit
replaces them with executing a noop lambda. Using "/bin/echo" might
also have been fine, but with this there isn't even a process spawned
that can get a broken pipe.
2026-02-05 10:15:55 +01:00
Johannes Schmidt
f8c15b1b28 Fix notificationcomponent test-cases with fixed TestLoggerFixture
Due to the changes in the previous commit, the test-cases for
notitificationcomponent now also pick up LogDebug level messages that
also fit the pattern. To get the test-cases working again a second
pattern is needed to exclude these.
2026-02-05 10:09:15 +01:00
Yonas Habteab
161f16641f tests: fix min severity doesn't get updated
If the logger is started with `Activate()` before `SetActive()`, it won't
log anything, as the logger updates the "min severity" value of loggers
only when starting them, and if they're not active at that point, they
will just be ignored, so the min severity remains at info.
2026-02-05 09:47:47 +01:00
Yonas Habteab
91c7e60df8 Replace all existing copyright headers with SPDX headers
I've used the following command to replace the original copyright header
lines in a C-style comment block:

```
$ find . \( -type d \( -name '\..*' -o -name third-party -o -name scripts -o -name prefix -o -name malloc -o -name server -o -name docker -o -name build -o -name doc \) -prune \) -o -type f -exec perl -pi -e 's{/\*[^*]*\(\s*c\s*\)\s*(\d{4})\s*Icinga\s+GmbH[^*]*\*/}{// SPDX-FileCopyrightText: \1 Icinga GmbH <https://icinga.com>\n// SPDX-License-Identifier: GPL-2.0-or-later}gi' {} +
```

For files that use shell-style comments (#) like CMakeLists.txt, I've
used this command:

```
$ find . \( -type d \( -name '\..*' -o -name third-party -o -name scripts -o -name prefix -o -name malloc -o -name server -o -name docker -o -name build -o -name doc \) -prune \) -o -type f -exec perl -pi -e 's{#.*\(\s*c\s*\)\s(\d{4})\sIcinga\s+GmbH.*}{# SPDX-FileCopyrightText: \1 Icinga GmbH <https://icinga.com>\n# SPDX-License-Identifier: GPL-2.0-or-later}gi' {} +
```

And for SQL files:

```
$ find . \( -type d \( -name '\..*' -o -name third-party -o -name scripts -o -name prefix -o -name malloc -o -name server -o -name docker -o -name build -o -name doc \) -prune \) -o -type f \( -name '*.sql' \) -exec perl -pi -e 's{--.*\(c\)\s(\d{4})\sIcinga\sGmbH.*}{-- SPDX-FileCopyrightText: \1 Icinga GmbH <https://icinga.com>\n-- SPDX-License-Identifier: GPL-2.0-or-later}gi' {} +
$ find . \( -type d \( -name '\..*' -o -name third-party -o -name scripts -o -name prefix -o -name malloc -o -name server -o -name docker -o -name build -o -name doc \) -prune \) -o -type f \( -name '*.sql' \) -exec perl -pi -e 's{-- Copyright \(c\)\s(\d{4})\sIcinga\s+Development\sTeam.*}{-- SPDX-FileCopyrightText: \1 Icinga GmbH <https://icinga.com>\n-- SPDX-License-Identifier: GPL-2.0-or-later}gi' {} +
```
2026-02-04 14:00:05 +01:00
Johannes Schmidt
1505f09ed6 Refactor HttpMessage into generalized templated types
This adds generalized IncomingHttpMessage and OutgoingHttpMessage templates
that support different types of streams (via a std::variant) and can both
be used for either requests or responses.

The tacked on metadata from the old HttpRequest and server connection from
the old HttpServerConnection have been moved to HttpApi(Request|Response)
classes that derive from the above generalized message types.
2026-01-22 17:20:32 +01:00
Johannes Schmidt
a0f603f608 Update names of HttpRequest and HttpResponse 2026-01-22 12:41:21 +01:00
Johannes Schmidt
5145e2f526 Add test-case to verify delayed (times) notifications feature 2026-01-13 10:55:24 +01:00
Johannes Schmidt
f7b801d367 Add test-case to reproduce a race condition in NotificationComponent
The race is between `NotificationTimerHandler`, which sends a reminder notification
after a certain inverval during problem states and `SendNotificationsHandler` which
sends out the notifications on state changes.

When the timer handler runs just before a state change triggers a notification, the
timer handler might pick up that state-change before the send notification handler
can set its no_more_notifications flag. In that case a "reminder" notification will
be sent out before the initial one, and despite `interval = 0` on the notification
object.
2026-01-12 10:49:48 +01:00
Yonas Habteab
213ae2e1f3 tests: verify statically provided certs as well
Co-Authored-By: Alexander A. Klimov <alexander.klimov@icinga.com>
2025-12-05 10:26:21 +01:00
Yonas Habteab
949e5d3e1d Test internal cert generation & verification process 2025-12-04 13:25:38 +01:00
Yonas Habteab
dc8cf202ad tests: skip superfluous cert generation in EnsureCertFor()
The certificate generated by `PkiUtility::NewCert()` is self-signed,
and so the subsequent `PkiUtility::SignCsr()` call is required.
However, `PkiUtility::SignCsr()` doesn't reuse existin cert, instead
it'll generate a fresh one on its own. So, skip the first one entirely!
2025-12-04 13:01:48 +01:00
Julian Brost
aca67f6d88 HttpUtility: add functions for validating HTTP header names and values 2025-11-28 16:19:19 +01:00
Yonas Habteab
ed9014103f
Merge pull request #10609 from Icinga/fix-misc-compiler-warnings
Some checks failed
Container Image / Container Image (push) Has been cancelled
Linux / alpine:bash (push) Has been cancelled
Linux / amazonlinux:2 (push) Has been cancelled
Linux / amazonlinux:2023 (push) Has been cancelled
Linux / debian:11 (linux/386) (push) Has been cancelled
Linux / debian:11 (push) Has been cancelled
Linux / debian:12 (linux/386) (push) Has been cancelled
Linux / debian:12 (push) Has been cancelled
Linux / debian:13 (push) Has been cancelled
Linux / fedora:41 (push) Has been cancelled
Linux / fedora:42 (push) Has been cancelled
Linux / opensuse/leap:15.6 (push) Has been cancelled
Linux / opensuse/leap:16.0 (push) Has been cancelled
Linux / registry.suse.com/suse/sle15:15.6 (push) Has been cancelled
Linux / registry.suse.com/suse/sle15:15.7 (push) Has been cancelled
Linux / rockylinux/rockylinux:10 (push) Has been cancelled
Linux / rockylinux:8 (push) Has been cancelled
Linux / rockylinux:9 (push) Has been cancelled
Linux / ubuntu:22.04 (push) Has been cancelled
Linux / ubuntu:24.04 (push) Has been cancelled
Linux / ubuntu:25.04 (push) Has been cancelled
Windows / Windows (push) Has been cancelled
Fix misc compiler warnings
2025-11-19 14:26:57 +01:00
Johannes Schmidt
a2e0ce426f Fix -Wunused-variable warnings 2025-11-19 12:00:58 +01:00