wip tests that work on the live debian image

2026-05-28 04:35:40 -04:00 · 2026-02-16 17:36:31 +01:00 · 2026-02-16 17:36:31 +01:00 · 22b947bca2
commit 22b947bca2
parent 303d3a8a7a
3 changed files with 150 additions and 5 deletions
--- a/.github/NPTest.cache
+++ b/.github/NPTest.cache
@ -19,6 +19,13 @@
  'NP_HOST_TCP_HPJD' => '',
  'NP_HOST_TCP_HTTP2' => 'test.monitoring-plugins.org',
  'NP_HOST_TCP_HTTP' => 'localhost',
+  'NP_HOST_TCP_HTTP_IPV4' => '127.0.0.1',
+  'NP_HOST_TCP_HTTP_IPV4_CIDR_1' => '127.0.0.0.0/28',
+  'NP_HOST_TCP_HTTP_IPV4_CIDR_2' => '127.0.0.0.1/32',
+  'NP_HOST_TCP_HTTP_IPV6' => '::1',
+  'NP_HOST_TCP_HTTP_IPV6_CIDR_1' => '0000:0000:0000::0000:0000:0000/16',
+  'NP_HOST_TCP_HTTP_IPV6_CIDR_2' => '::1234:5678/16',
+  'NP_HOST_TCP_HTTP_SUBDOMAIN' => 'subdomain1.localhost.com',
  'NP_HOST_TCP_IMAP' => 'imap.web.de',
  'NP_HOST_TCP_JABBER' => 'jabber.org',
  'NP_HOST_TCP_LDAP' => 'localhost',
@ -28,7 +35,7 @@
  'NP_HOST_TCP_SMTP_NOSTARTTLS' => '',
  'NP_HOST_TCP_SMTP_STARTTLS' => 'localhost',
  'NP_HOST_TCP_SMTP_TLS' => 'localhost',
-  'NP_HOST_TLS_CERT' => 'localhost',
+'NP_HOST_TLS_CERT' => 'f2fa129a351a',
  'NP_HOST_TLS_HTTP' => 'localhost',
  'NP_HOST_UDP_TIME' => 'none',
  'NP_INTERNET_ACCESS' => 'yes',
--- a/.github/prepare_debian.sh
+++ b/.github/prepare_debian.sh
@ -67,10 +67,10 @@ apt-get -y install perl \
 	libjson-perl

 # remove ipv6 interface from hosts
-sed '/^::1/d' /etc/hosts > /tmp/hosts
-cp -f /tmp/hosts /etc/hosts
-ip addr show
-cat /etc/hosts
+# sed '/^::1/d' /etc/hosts > /tmp/hosts
+# cp -f /tmp/hosts /etc/hosts
+# ip addr show
+# cat /etc/hosts

 # apache
 a2enmod ssl
@ -80,6 +80,36 @@ a2ensite default-ssl
 rm /etc/ssl/certs/ssl-cert-snakeoil.pem
 rm /etc/ssl/private/ssl-cert-snakeoil.key
 openssl req -nodes -newkey rsa:2048 -x509 -sha256 -days 365 -nodes -keyout /etc/ssl/private/ssl-cert-snakeoil.key -out /etc/ssl/certs/ssl-cert-snakeoil.pem -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=$(hostname)"
+# add a subdomain for testing
+cat >/etc/apache2/sites-available/subdomain1.conf <<EOL
+<VirtualHost *:80>
+    ServerName subdomain1.localhost.com
+    DocumentRoot /var/www/subdomain1
+    
+    ErrorLog \${APACHE_LOG_DIR}/subdomain1_error.log
+    CustomLog \${APACHE_LOG_DIR}/subdomain1_access.log combined
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName subdomain1.localhost.com
+    DocumentRoot /var/www/subdomain1
+    
+    SSLEngine on
+    SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
+    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+    
+    ErrorLog \${APACHE_LOG_DIR}/subdomain1_ssl_error.log
+    CustomLog \${APACHE_LOG_DIR}/subdomain1_ssl_access.log combined
+</VirtualHost>
+EOL
+mkdir -p /var/www/subdomain1
+cat >/var/www/subdomain1/index.php <<EOL
+Subdomain: subdomain1.localhost.com
+EOL
+echo '127.0.0.1 subdomain1.localhost' >> /etc/hosts
+echo '127.0.0.1 subdomain1.localhost.com' >> /etc/hosts
+apache2ctl configtest
+a2ensite subdomain1.conf
 service apache2 restart

 # squid
--- a/plugins/t/check_curl.t
+++ b/plugins/t/check_curl.t
@ -25,7 +25,13 @@ my $plugin = 'check_http';
 $plugin    = 'check_curl' if $0 =~ m/check_curl/mx;

 my $host_tcp_http      = getTestParameter("NP_HOST_TCP_HTTP", "A host providing the HTTP Service (a web server)", "localhost");
+my $host_tcp_http_subdomain = getTestParameter("NP_HOST_TCP_HTTP_SUBDOMAIN", "A host that is served under a subdomain name", "subdomain1.localhost.com");
+my $host_tcp_http_ipv4 = getTestParameter("NP_HOST_TCP_HTTP_IPV4", "An IPv6 address providing a HTTP Service (a web server)", "127.0.0.1");
+my $host_tcp_http_ipv4_cidr_1 = getTestParameter("NP_HOST_TCP_HTTP_IPV4_CIDR_1", "A CIDR that the provided IPv4 address is in.");
+my $host_tcp_http_ipv4_cidr_2 = getTestParameter("NP_HOST_TCP_HTTP_IPV4_CIDR_2", "A CIDR that the provided IPv4 address is in.");
 my $host_tcp_http_ipv6      = getTestParameter("NP_HOST_TCP_HTTP_IPV6", "An IPv6 address providing a HTTP Service (a web server)", "::1");
+my $host_tcp_http_ipv6_cidr_1 = getTestParameter("NP_HOST_TCP_HTTP_IPV6_CIDR_1", "A CIDR that the provided IPv6 address is in.");
+my $host_tcp_http_ipv6_cidr_2 = getTestParameter("NP_HOST_TCP_HTTP_IPV6_CIDR_2", "A CIDR that the provided IPv6 address is in.");
 my $host_tls_http      = getTestParameter("NP_HOST_TLS_HTTP", "A host providing the HTTPS Service (a tls web server)", "localhost");
 my $host_tls_cert      = getTestParameter("NP_HOST_TLS_CERT", "the common name of the certificate.", "localhost");
 my $host_nonresponsive = getTestParameter("NP_HOST_NONRESPONSIVE", "The hostname of system not responsive to network requests", "10.0.0.1");
@ -222,3 +228,105 @@ SKIP: {
        $res = NPTest->testCmd( "./$plugin -H monitoring-plugins.org --extended-perfdata" );
        like  ( $res->output, '/\'time_connect\'=[\d\.]+/', 'Extended Performance Data Output OK' );
 }
+SKIP: {
+    skip "No internet access", 2 if $internet_access eq "no";
+
+    # Proxy tests
+    # These are the proxy tests that require a working proxy server
+    # The debian container in the github workflow runs a squid proxy server at port 3128
+    # Test that dont require one, like argument/environment variable parsing are in plugins/tests/check_curl.t
+
+    # Test if proxy works
+    $res = NPTest->testCmd( "./$plugin -H $host_tcp_http --proxy http://$host_tcp_proxy:$port_tcp_proxy -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 1/m, "proxy is used, there are no preventative measures ");
+    is( $res->return_code, 0, "Using proxy http:$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http works" );
+
+    $res = NPTest->testCmd( "./$plugin -I $host_tcp_http_ipv4 --proxy http://$host_tcp_proxy:$port_tcp_proxy -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 1/m, "proxy is used, there are no preventative measures ");
+    is( $res->return_code, 0, "Using proxy http:$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http_ipv4 works" );
+
+    $res = NPTest->testCmd( "./$plugin -I $host_tcp_http_ipv6 --proxy http://$host_tcp_proxy:$port_tcp_proxy -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 1/m, "proxy is used, there are no preventative measures ");
+    is( $res->return_code, 0, "Using proxy http:$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http_ipv6 works" );
+
+    $res = NPTest->testCmd( "./$plugin -H $host_tcp_http2 --proxy http://$host_tcp_proxy:$port_tcp_proxy -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 1/m, "proxy is used, there are no preventative measures ");
+    is( $res->return_code, 0, "Using proxy http:$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http2 works" );
+
+    $res = NPTest->testCmd( "./$plugin -H $host_tcp_http_subdomain --proxy http://$host_tcp_proxy:$port_tcp_proxy -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 1/m, "proxy is used, there are no preventative measures ");
+    is( $res->return_code, 0, "Using proxy http:$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http_subdomain works" );
+
+    $res = NPTest->testCmd( "./$plugin -H $host_tls_http --proxy http://$host_tcp_proxy:$port_tcp_proxy -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 1/m, "proxy is used, there are no preventative measures ");
+    is( $res->return_code, 0, "Using proxy http:$host_tcp_proxy:$port_tcp_proxy to connect to $host_tls_http works" );
+
+    # Noproxy '*' should prevent using proxy in any setting, even if its specified
+    $res = NPTest->testCmd( "./$plugin -H $host_tcp_http_subdomain --proxy http://$host_tcp_proxy:$port_tcp_proxy --noproxy \"\*\" -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used since noproxy has \"\*\" ");
+    is( $res->return_code, 0, "Should reach $host_tcp_http_subdomain with or without proxy." );
+
+    $res = NPTest->testCmd( "./$plugin -I $host_tcp_http_ipv4 --proxy http://$host_tcp_proxy:$port_tcp_proxy --noproxy \"\*\" -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used since noproxy has \"\*\" ");
+    is( $res->return_code, 0, "Should reach $host_tcp_http_ipv4 with or without proxy." );
+
+    $res = NPTest->testCmd( "./$plugin -I $host_tcp_http_ipv6 --proxy http://$host_tcp_proxy:$port_tcp_proxy --noproxy \"\*\" -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used since noproxy has \"\*\" ");
+    is( $res->return_code, 0, "Should reach $host_tcp_http_ipv6 with or without proxy." );
+
+    # Noproxy domain should prevent using proxy for subdomains of that domain 
+    $res = NPTest->testCmd( "./$plugin -H $host_tcp_http_subdomain --proxy http://$host_tcp_proxy:$port_tcp_proxy --noproxy $host_tcp_http -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used since subdomain: $host_tcp_http_subdomain  is under a noproxy domain: $host_tcp_http");
+    is( $res->return_code, 0, "Should reach $host_tcp_http_subdomain with or without proxy." );
+
+    # Noproxy should prevent using IP matches if an IP is found directly
+    $res = NPTest->testCmd( "./$plugin -I $host_tcp_http_ipv4 --proxy http://$host_tcp_proxy:$port_tcp_proxy --noproxy $host_tcp_http_ipv4 -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used since IP address: $host_tcp_http_ipv4 is added into noproxy: $host_tcp_http_ipv4");
+    is( $res->return_code, 0, "Should reach $host_tcp_http_ipv4 with or without proxy." );
+
+    $res = NPTest->testCmd( "./$plugin -I $host_tcp_http_ipv6 --proxy http://$host_tcp_proxy:$port_tcp_proxy --noproxy $host_tcp_http_ipv6 -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used since IP address: $host_tcp_http_ipv6 is added into noproxy: $host_tcp_http_ipv6");
+    is( $res->return_code, 0, "Should reach $host_tcp_http_ipv6 with or without proxy." );
+
+    # Noproxy should prevent using IP matches if a CIDR region that contains that Ip is used directly.
+    $res = NPTest->testCmd( "./$plugin -I $host_tcp_http_ipv4 --proxy http://$host_tcp_proxy:$port_tcp_proxy --noproxy $host_tcp_http_ipv4_cidr_1 -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used since IP address: $host_tcp_http_ipv4 is inside CIDR range: $host_tcp_http_ipv4_cidr_1");
+    is( $res->return_code, 0, "Should reach $host_tcp_http_ipv4 with or without proxy." );
+
+    $res = NPTest->testCmd( "./$plugin -I $host_tcp_http_ipv4 --proxy http://$host_tcp_proxy:$port_tcp_proxy --noproxy $host_tcp_http_ipv4_cidr_2 -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used since IP address: $host_tcp_http_ipv4 is inside CIDR range: $host_tcp_http_ipv4_cidr_2");
+    is( $res->return_code, 0, "Should reach $host_tcp_http_ipv4 with or without proxy." );
+
+    $res = NPTest->testCmd( "./$plugin -I $host_tcp_http_ipv6 --proxy http://$host_tcp_proxy:$port_tcp_proxy --noproxy $host_tcp_http_ipv6_cidr_1 -v " );
+    like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used since IP address: $host_tcp_http_ipv6 is inside CIDR range: $host_tcp_http_ipv6_cidr_1");
+    is( $res->return_code, 0, "Should reach $host_tcp_http_ipv6 with or without proxy." );
+
+    $res = NPTest->testCmd( "./$plugin -I $host_tcp_http_ipv6 --proxy http://$host_tcp_proxy:$port_tcp_proxy --noproxy $host_tcp_http_ipv6_cidr_2 -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is not used since IP address: $host_tcp_http_ipv6 is inside CIDR range: $host_tcp_http_ipv6_cidr_2");
+    is( $res->return_code, 0, "Should reach $host_tcp_http_ipv6 with or without proxy." );
+
+    # Noproxy should discern over different types of proxy schemes
+    $res = NPTest->testCmd( "./$plugin -H $host_tcp_http --proxy http://$host_tcp_proxy:$port_tcp_proxy -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 1/m, "proxy is used, and is using scheme http ");
+    is( $res->return_code, 0, "Using proxy http:$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http works" );
+
+    $res = NPTest->testCmd( "./$plugin -H $host_tcp_http --proxy https://$host_tcp_proxy:$port_tcp_proxy -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 1/m, "proxy is used, and is using scheme https");
+    is( $res->return_code, 0, "Using proxy https:$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http works" );
+
+    $res = NPTest->testCmd( "./$plugin -H $host_tcp_http --proxy socks4://$host_tcp_proxy:$port_tcp_proxy -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is used, and is using scheme socks4");
+    is( $res->return_code, 0, "Using proxy socks4:$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http works" );
+
+    $res = NPTest->testCmd( "./$plugin -H $host_tcp_http --proxy socks4a://$host_tcp_proxy:$port_tcp_proxy -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 1/m, "proxy is used, and is using scheme socks4a");
+    is( $res->return_code, 0, "Using proxy socks4a:$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http works" );
+
+    $res = NPTest->testCmd( "./$plugin -H $host_tcp_http --proxy socks5://$host_tcp_proxy:$port_tcp_proxy -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is used, and is using scheme socks5");
+    is( $res->return_code, 0, "Using proxy socks5:$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http works" );
+
+    $res = NPTest->testCmd( "./$plugin -H $host_tcp_http --proxy socks5h://$host_tcp_proxy:$port_tcp_proxy -v" );
+    like($res->output, qr/^\* proxy_resolves_hostname: 0/m, "proxy is used, and is using scheme socks5h");
+    is( $res->return_code, 0, "Using proxy socks5h:$host_tcp_proxy:$port_tcp_proxy to connect to $host_tcp_http works" );
+}