haproxy/reg-tests/http-rules/normalize_uri.vtc

varnishtest "normalize-uri tests"
#REQUIRE_VERSION=2.4

# This reg-test tests the http-request normalize-uri action.

feature ignore_unknown_macro

server s1 {
    rxreq
    txresp
} -repeat 21 -start

haproxy h1 -conf {
    defaults
        mode http
        timeout connect 1s
        timeout client  1s
        timeout server  1s

    frontend fe_merge_slashes
        bind "fd@${fe_merge_slashes}"

        http-request set-var(txn.before) url
        http-request normalize-uri merge-slashes
        http-request set-var(txn.after) url

        http-response add-header before  %[var(txn.before)]
        http-response add-header after  %[var(txn.after)]

        default_backend be

    frontend fe_dotdot
        bind "fd@${fe_dotdot}"

        http-request set-var(txn.before) url
        http-request normalize-uri dotdot
        http-request set-var(txn.after) url

        http-request set-uri %[var(txn.before)]
        http-request normalize-uri dotdot full
        http-request set-var(txn.after_full) url

        http-response add-header before  %[var(txn.before)]
        http-response add-header after  %[var(txn.after)]
        http-response add-header after-full  %[var(txn.after_full)]

        default_backend be

    backend be
        server s1 ${s1_addr}:${s1_port}

} -start

client c1 -connect ${h1_fe_merge_slashes_sock} {
    txreq -url "/foo/bar"
    rxresp
    expect resp.http.before == "/foo/bar"
    expect resp.http.after == "/foo/bar"

    txreq -url "/foo//bar"
    rxresp
    expect resp.http.before == "/foo//bar"
    expect resp.http.after == "/foo/bar"

    txreq -url "/foo///bar"
    rxresp
    expect resp.http.before == "/foo///bar"
    expect resp.http.after == "/foo/bar"

    txreq -url "///foo///bar"
    rxresp
    expect resp.http.before == "///foo///bar"
    expect resp.http.after == "/foo/bar"

    txreq -url "///foo/bar"
    rxresp
    expect resp.http.before == "///foo/bar"
    expect resp.http.after == "/foo/bar"

    txreq -url "///foo///bar///"
    rxresp
    expect resp.http.before == "///foo///bar///"
    expect resp.http.after == "/foo/bar/"

    txreq -url "///"
    rxresp
    expect resp.http.before == "///"
    expect resp.http.after == "/"

    txreq -url "/foo?bar=///"
    rxresp
    expect resp.http.before == "/foo?bar=///"
    expect resp.http.after == "/foo?bar=///"

    txreq -url "//foo?bar=///"
    rxresp
    expect resp.http.before == "//foo?bar=///"
    expect resp.http.after == "/foo?bar=///"

    txreq -req OPTIONS -url "*"
    rxresp
    expect resp.http.before == "*"
    expect resp.http.after == "*"
} -run

client c2 -connect ${h1_fe_dotdot_sock} {
    txreq -url "/foo/bar"
    rxresp
    expect resp.http.before == "/foo/bar"
    expect resp.http.after == "/foo/bar"
    expect resp.http.after-full == "/foo/bar"

    txreq -url "/foo/.."
    rxresp
    expect resp.http.before == "/foo/.."
    expect resp.http.after == "/"
    expect resp.http.after-full == "/"

    txreq -url "/foo/../"
    rxresp
    expect resp.http.before == "/foo/../"
    expect resp.http.after == "/"
    expect resp.http.after-full == "/"

    txreq -url "/foo/bar/../"
    rxresp
    expect resp.http.before == "/foo/bar/../"
    expect resp.http.after == "/foo/"
    expect resp.http.after-full == "/foo/"

    txreq -url "/foo/../bar"
    rxresp
    expect resp.http.before == "/foo/../bar"
    expect resp.http.after == "/bar"
    expect resp.http.after-full == "/bar"

    txreq -url "/foo/../bar/"
    rxresp
    expect resp.http.before == "/foo/../bar/"
    expect resp.http.after == "/bar/"
    expect resp.http.after-full == "/bar/"

    txreq -url "/foo/../../bar/"
    rxresp
    expect resp.http.before == "/foo/../../bar/"
    expect resp.http.after == "/../bar/"
    expect resp.http.after-full == "/bar/"

    txreq -url "/foo//../../bar/"
    rxresp
    expect resp.http.before == "/foo//../../bar/"
    expect resp.http.after == "/bar/"
    expect resp.http.after-full == "/bar/"

    txreq -url "/foo/?bar=/foo/../"
    rxresp
    expect resp.http.before == "/foo/?bar=/foo/../"
    expect resp.http.after == "/foo/?bar=/foo/../"
    expect resp.http.after-full == "/foo/?bar=/foo/../"

    txreq -url "/foo/../?bar=/foo/../"
    rxresp
    expect resp.http.before == "/foo/../?bar=/foo/../"
    expect resp.http.after == "/?bar=/foo/../"
    expect resp.http.after-full == "/?bar=/foo/../"

    txreq -req OPTIONS -url "*"
    rxresp
    expect resp.http.before == "*"
    expect resp.http.after == "*"
    expect resp.http.after-full == "*"
} -run
MINOR: uri_normalizer: Add a `merge-slashes` normalizer to http-request normalize-uri This normalizer merges adjacent slashes into a single slash, thus removing empty path segments. See GitHub Issue #714. 2021-04-15 19:45:58 +00:00			`varnishtest "normalize-uri tests"`
			`#REQUIRE_VERSION=2.4`

			`# This reg-test tests the http-request normalize-uri action.`

			`feature ignore_unknown_macro`

			`server s1 {`
			`rxreq`
			`txresp`
MINOR: uri_normalizer: Add a `dotdot` normalizer to http-request normalize-uri This normalizer merges `../` path segments with the predecing segment, removing both the preceding segment and the `../`. Empty segments do not receive special treatment. The `merge-slashes` normalizer should be executed first. See GitHub Issue #714. 2021-04-15 19:45:59 +00:00			`} -repeat 21 -start`
MINOR: uri_normalizer: Add a `merge-slashes` normalizer to http-request normalize-uri This normalizer merges adjacent slashes into a single slash, thus removing empty path segments. See GitHub Issue #714. 2021-04-15 19:45:58 +00:00
			`haproxy h1 -conf {`
			`defaults`
			`mode http`
			`timeout connect 1s`
			`timeout client 1s`
			`timeout server 1s`

			`frontend fe_merge_slashes`
			`bind "fd@${fe_merge_slashes}"`

			`http-request set-var(txn.before) url`
			`http-request normalize-uri merge-slashes`
			`http-request set-var(txn.after) url`

			`http-response add-header before %[var(txn.before)]`
			`http-response add-header after %[var(txn.after)]`

			`default_backend be`

MINOR: uri_normalizer: Add a `dotdot` normalizer to http-request normalize-uri This normalizer merges `../` path segments with the predecing segment, removing both the preceding segment and the `../`. Empty segments do not receive special treatment. The `merge-slashes` normalizer should be executed first. See GitHub Issue #714. 2021-04-15 19:45:59 +00:00			`frontend fe_dotdot`
			`bind "fd@${fe_dotdot}"`

			`http-request set-var(txn.before) url`
			`http-request normalize-uri dotdot`
			`http-request set-var(txn.after) url`

MINOR: uri_normalizer: Add support for supressing leading `../` for dotdot normalizer This adds an option to supress `../` at the start of the resulting path. 2021-04-15 19:46:00 +00:00			`http-request set-uri %[var(txn.before)]`
			`http-request normalize-uri dotdot full`
			`http-request set-var(txn.after_full) url`

MINOR: uri_normalizer: Add a `dotdot` normalizer to http-request normalize-uri This normalizer merges `../` path segments with the predecing segment, removing both the preceding segment and the `../`. Empty segments do not receive special treatment. The `merge-slashes` normalizer should be executed first. See GitHub Issue #714. 2021-04-15 19:45:59 +00:00			`http-response add-header before %[var(txn.before)]`
			`http-response add-header after %[var(txn.after)]`
MINOR: uri_normalizer: Add support for supressing leading `../` for dotdot normalizer This adds an option to supress `../` at the start of the resulting path. 2021-04-15 19:46:00 +00:00			`http-response add-header after-full %[var(txn.after_full)]`
MINOR: uri_normalizer: Add a `dotdot` normalizer to http-request normalize-uri This normalizer merges `../` path segments with the predecing segment, removing both the preceding segment and the `../`. Empty segments do not receive special treatment. The `merge-slashes` normalizer should be executed first. See GitHub Issue #714. 2021-04-15 19:45:59 +00:00
			`default_backend be`

MINOR: uri_normalizer: Add a `merge-slashes` normalizer to http-request normalize-uri This normalizer merges adjacent slashes into a single slash, thus removing empty path segments. See GitHub Issue #714. 2021-04-15 19:45:58 +00:00			`backend be`
			`server s1 ${s1_addr}:${s1_port}`

			`} -start`

			`client c1 -connect ${h1_fe_merge_slashes_sock} {`
			`txreq -url "/foo/bar"`
			`rxresp`
			`expect resp.http.before == "/foo/bar"`
			`expect resp.http.after == "/foo/bar"`

			`txreq -url "/foo//bar"`
			`rxresp`
			`expect resp.http.before == "/foo//bar"`
			`expect resp.http.after == "/foo/bar"`

			`txreq -url "/foo///bar"`
			`rxresp`
			`expect resp.http.before == "/foo///bar"`
			`expect resp.http.after == "/foo/bar"`

			`txreq -url "///foo///bar"`
			`rxresp`
			`expect resp.http.before == "///foo///bar"`
			`expect resp.http.after == "/foo/bar"`

			`txreq -url "///foo/bar"`
			`rxresp`
			`expect resp.http.before == "///foo/bar"`
			`expect resp.http.after == "/foo/bar"`

			`txreq -url "///foo///bar///"`
			`rxresp`
			`expect resp.http.before == "///foo///bar///"`
			`expect resp.http.after == "/foo/bar/"`

			`txreq -url "///"`
			`rxresp`
			`expect resp.http.before == "///"`
			`expect resp.http.after == "/"`

			`txreq -url "/foo?bar=///"`
			`rxresp`
			`expect resp.http.before == "/foo?bar=///"`
			`expect resp.http.after == "/foo?bar=///"`

			`txreq -url "//foo?bar=///"`
			`rxresp`
			`expect resp.http.before == "//foo?bar=///"`
			`expect resp.http.after == "/foo?bar=///"`

			`txreq -req OPTIONS -url "*"`
			`rxresp`
			`expect resp.http.before == "*"`
			`expect resp.http.after == "*"`
			`} -run`
MINOR: uri_normalizer: Add a `dotdot` normalizer to http-request normalize-uri This normalizer merges `../` path segments with the predecing segment, removing both the preceding segment and the `../`. Empty segments do not receive special treatment. The `merge-slashes` normalizer should be executed first. See GitHub Issue #714. 2021-04-15 19:45:59 +00:00
			`client c2 -connect ${h1_fe_dotdot_sock} {`
			`txreq -url "/foo/bar"`
			`rxresp`
			`expect resp.http.before == "/foo/bar"`
			`expect resp.http.after == "/foo/bar"`
MINOR: uri_normalizer: Add support for supressing leading `../` for dotdot normalizer This adds an option to supress `../` at the start of the resulting path. 2021-04-15 19:46:00 +00:00			`expect resp.http.after-full == "/foo/bar"`
MINOR: uri_normalizer: Add a `dotdot` normalizer to http-request normalize-uri This normalizer merges `../` path segments with the predecing segment, removing both the preceding segment and the `../`. Empty segments do not receive special treatment. The `merge-slashes` normalizer should be executed first. See GitHub Issue #714. 2021-04-15 19:45:59 +00:00
			`txreq -url "/foo/.."`
			`rxresp`
			`expect resp.http.before == "/foo/.."`
			`expect resp.http.after == "/"`
MINOR: uri_normalizer: Add support for supressing leading `../` for dotdot normalizer This adds an option to supress `../` at the start of the resulting path. 2021-04-15 19:46:00 +00:00			`expect resp.http.after-full == "/"`
MINOR: uri_normalizer: Add a `dotdot` normalizer to http-request normalize-uri This normalizer merges `../` path segments with the predecing segment, removing both the preceding segment and the `../`. Empty segments do not receive special treatment. The `merge-slashes` normalizer should be executed first. See GitHub Issue #714. 2021-04-15 19:45:59 +00:00
			`txreq -url "/foo/../"`
			`rxresp`
			`expect resp.http.before == "/foo/../"`
			`expect resp.http.after == "/"`
MINOR: uri_normalizer: Add support for supressing leading `../` for dotdot normalizer This adds an option to supress `../` at the start of the resulting path. 2021-04-15 19:46:00 +00:00			`expect resp.http.after-full == "/"`
MINOR: uri_normalizer: Add a `dotdot` normalizer to http-request normalize-uri This normalizer merges `../` path segments with the predecing segment, removing both the preceding segment and the `../`. Empty segments do not receive special treatment. The `merge-slashes` normalizer should be executed first. See GitHub Issue #714. 2021-04-15 19:45:59 +00:00
			`txreq -url "/foo/bar/../"`
			`rxresp`
			`expect resp.http.before == "/foo/bar/../"`
			`expect resp.http.after == "/foo/"`
MINOR: uri_normalizer: Add support for supressing leading `../` for dotdot normalizer This adds an option to supress `../` at the start of the resulting path. 2021-04-15 19:46:00 +00:00			`expect resp.http.after-full == "/foo/"`
MINOR: uri_normalizer: Add a `dotdot` normalizer to http-request normalize-uri This normalizer merges `../` path segments with the predecing segment, removing both the preceding segment and the `../`. Empty segments do not receive special treatment. The `merge-slashes` normalizer should be executed first. See GitHub Issue #714. 2021-04-15 19:45:59 +00:00
			`txreq -url "/foo/../bar"`
			`rxresp`
			`expect resp.http.before == "/foo/../bar"`
			`expect resp.http.after == "/bar"`
MINOR: uri_normalizer: Add support for supressing leading `../` for dotdot normalizer This adds an option to supress `../` at the start of the resulting path. 2021-04-15 19:46:00 +00:00			`expect resp.http.after-full == "/bar"`
MINOR: uri_normalizer: Add a `dotdot` normalizer to http-request normalize-uri This normalizer merges `../` path segments with the predecing segment, removing both the preceding segment and the `../`. Empty segments do not receive special treatment. The `merge-slashes` normalizer should be executed first. See GitHub Issue #714. 2021-04-15 19:45:59 +00:00
			`txreq -url "/foo/../bar/"`
			`rxresp`
			`expect resp.http.before == "/foo/../bar/"`
			`expect resp.http.after == "/bar/"`
MINOR: uri_normalizer: Add support for supressing leading `../` for dotdot normalizer This adds an option to supress `../` at the start of the resulting path. 2021-04-15 19:46:00 +00:00			`expect resp.http.after-full == "/bar/"`
MINOR: uri_normalizer: Add a `dotdot` normalizer to http-request normalize-uri This normalizer merges `../` path segments with the predecing segment, removing both the preceding segment and the `../`. Empty segments do not receive special treatment. The `merge-slashes` normalizer should be executed first. See GitHub Issue #714. 2021-04-15 19:45:59 +00:00
			`txreq -url "/foo/../../bar/"`
			`rxresp`
			`expect resp.http.before == "/foo/../../bar/"`
			`expect resp.http.after == "/../bar/"`
MINOR: uri_normalizer: Add support for supressing leading `../` for dotdot normalizer This adds an option to supress `../` at the start of the resulting path. 2021-04-15 19:46:00 +00:00			`expect resp.http.after-full == "/bar/"`
MINOR: uri_normalizer: Add a `dotdot` normalizer to http-request normalize-uri This normalizer merges `../` path segments with the predecing segment, removing both the preceding segment and the `../`. Empty segments do not receive special treatment. The `merge-slashes` normalizer should be executed first. See GitHub Issue #714. 2021-04-15 19:45:59 +00:00
			`txreq -url "/foo//../../bar/"`
			`rxresp`
			`expect resp.http.before == "/foo//../../bar/"`
			`expect resp.http.after == "/bar/"`
MINOR: uri_normalizer: Add support for supressing leading `../` for dotdot normalizer This adds an option to supress `../` at the start of the resulting path. 2021-04-15 19:46:00 +00:00			`expect resp.http.after-full == "/bar/"`
MINOR: uri_normalizer: Add a `dotdot` normalizer to http-request normalize-uri This normalizer merges `../` path segments with the predecing segment, removing both the preceding segment and the `../`. Empty segments do not receive special treatment. The `merge-slashes` normalizer should be executed first. See GitHub Issue #714. 2021-04-15 19:45:59 +00:00
			`txreq -url "/foo/?bar=/foo/../"`
			`rxresp`
			`expect resp.http.before == "/foo/?bar=/foo/../"`
			`expect resp.http.after == "/foo/?bar=/foo/../"`
MINOR: uri_normalizer: Add support for supressing leading `../` for dotdot normalizer This adds an option to supress `../` at the start of the resulting path. 2021-04-15 19:46:00 +00:00			`expect resp.http.after-full == "/foo/?bar=/foo/../"`
MINOR: uri_normalizer: Add a `dotdot` normalizer to http-request normalize-uri This normalizer merges `../` path segments with the predecing segment, removing both the preceding segment and the `../`. Empty segments do not receive special treatment. The `merge-slashes` normalizer should be executed first. See GitHub Issue #714. 2021-04-15 19:45:59 +00:00
			`txreq -url "/foo/../?bar=/foo/../"`
			`rxresp`
			`expect resp.http.before == "/foo/../?bar=/foo/../"`
			`expect resp.http.after == "/?bar=/foo/../"`
MINOR: uri_normalizer: Add support for supressing leading `../` for dotdot normalizer This adds an option to supress `../` at the start of the resulting path. 2021-04-15 19:46:00 +00:00			`expect resp.http.after-full == "/?bar=/foo/../"`
MINOR: uri_normalizer: Add a `dotdot` normalizer to http-request normalize-uri This normalizer merges `../` path segments with the predecing segment, removing both the preceding segment and the `../`. Empty segments do not receive special treatment. The `merge-slashes` normalizer should be executed first. See GitHub Issue #714. 2021-04-15 19:45:59 +00:00
			`txreq -req OPTIONS -url "*"`
			`rxresp`
			`expect resp.http.before == "*"`
			`expect resp.http.after == "*"`
MINOR: uri_normalizer: Add support for supressing leading `../` for dotdot normalizer This adds an option to supress `../` at the start of the resulting path. 2021-04-15 19:46:00 +00:00			`expect resp.http.after-full == "*"`
MINOR: uri_normalizer: Add a `dotdot` normalizer to http-request normalize-uri This normalizer merges `../` path segments with the predecing segment, removing both the preceding segment and the `../`. Empty segments do not receive special treatment. The `merge-slashes` normalizer should be executed first. See GitHub Issue #714. 2021-04-15 19:45:59 +00:00			`} -run`