Etusivu Tutki Apua
Kirjaudu sisään
yangkaixiang
/
NetworkTool
1
0
Fork 0
Tiedostot Ongelmat 0 Pull-pyynnöt 0 Wiki
Puu: 06b479af82
Haarat Tagit
NetworkTool
/
scripts
/
linux-negative-test.sh

linux-negative-test.sh 5.5 KB
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223 
  1. #!/usr/bin/env bash
    2. 

  2. set -euo pipefail
    3. 

  3. 

  4. HOST="169.254.100.2"
    5. 

  5. PORT="48888"
    6. 

  6. PASSWORD="2026"
    7. 

  7. INTERFACE=""
    8. 

  8. 

  9. usage() {
    10. 

  10.   cat <<'EOF'
    11. 

  11. Usage:
    12. 

  12.   linux-negative-test.sh [options]
    13. 

  13. 

  14. Purpose:
    15. 

  15.   Safe negative checks for the Linux server.
    16. 

  16.   This script does not call /api/network/apply and does not modify netplan.
    17. 

  17. 

  18. Checks:
    19. 

  19.   - Wrong password should be rejected
    20. 

  20.   - Missing interface should fail validate
    21. 

  21.   - Invalid IP should fail validate
    22. 

  22.   - Gateway outside subnet should fail validate
    23. 

  23.   - Invalid DNS should fail validate
    24. 

  24. 

  25. Options:
    26. 

  26.   --host <ip>         Server host, default: 169.254.100.2
    27. 

  27.   --port <port>       Server port, default: 48888
    28. 

  28.   --password <value>  Correct admin password, default: 2026
    29. 

  29.   --interface <name>  Existing target interface, default: suggested_target_interface
    30. 

  30.   --help              Show this help
    31. 

  31. EOF
    32. 

  32. }
    33. 

  33. 

  34. while [[ $# -gt 0 ]]; do
    35. 

  35.   case "$1" in
    36. 

  36.     --host)
    37. 

  37.       HOST="$2"
    38. 

  38.       shift 2
    39. 

  39.       ;;
    40. 

  40.     --port)
    41. 

  41.       PORT="$2"
    42. 

  42.       shift 2
    43. 

  43.       ;;
    44. 

  44.     --password)
    45. 

  45.       PASSWORD="$2"
    46. 

  46.       shift 2
    47. 

  47.       ;;
    48. 

  48.     --interface)
    49. 

  49.       INTERFACE="$2"
    50. 

  50.       shift 2
    51. 

  51.       ;;
    52. 

  52.     --help|-h)
    53. 

  53.       usage
    54. 

  54.       exit 0
    55. 

  55.       ;;
    56. 

  56.     *)
    57. 

  57.       echo "Unknown argument: $1" >&2
    58. 

  58.       usage >&2
    59. 

  59.       exit 2
    60. 

  60.       ;;
    61. 

  61.   esac
    62. 

  62. done
    63. 

  63. 

  64. for cmd in curl python3; do
    65. 

  65.   if ! command -v "$cmd" >/dev/null 2>&1; then
    66. 

  66.     echo "Missing required command: $cmd" >&2
    67. 

  67.     exit 2
    68. 

  68.   fi
    69. 

  69. done
    70. 

  70. 

  71. BASE_URL="http://${HOST}:${PORT}"
    72. 

  72. TMP_DIR="$(mktemp -d)"
    73. 

  73. trap 'rm -rf "$TMP_DIR"' EXIT
    74. 

  74. 

  75. log() {
    76. 

  76.   printf '[nettool-negative] %s\n' "$*"
    77. 

  77. }
    78. 

  78. 

  79. request() {
    80. 

  80.   local method="$1"
    81. 

  81.   local path="$2"
    82. 

  82.   local password="$3"
    83. 

  83.   local payload="${4:-}"
    84. 

  84.   local body_file="$TMP_DIR/body.json"
    85. 

  85.   local http_code
    86. 

  86. 

  87.   if [[ -n "$payload" ]]; then
    88. 

  88.     http_code="$(curl -sS -o "$body_file" -w "%{http_code}" -X "$method" \
    89. 

  89.       -H "X-Admin-Password: ${password}" \
    90. 

  90.       -H "Content-Type: application/json" \
    91. 

  91.       --data "$payload" \
    92. 

  92.       --connect-timeout 3 \
    93. 

  93.       --max-time 15 \
    94. 

  94.       "${BASE_URL}${path}")"
    95. 

  95.   else
    96. 

  96.     http_code="$(curl -sS -o "$body_file" -w "%{http_code}" -X "$method" \
    97. 

  97.       -H "X-Admin-Password: ${password}" \
    98. 

  98.       --connect-timeout 3 \
    99. 

  99.       --max-time 15 \
    100. 

  100.       "${BASE_URL}${path}")"
    101. 

  101.   fi
    102. 

  102. 

  103.   printf '%s\n' "$http_code"
    104. 

  104.   cat "$body_file"
    105. 

  105. }
    106. 

  106. 

  107. read_http_code() {
    108. 

  108.   sed -n '1p'
    109. 

  109. }
    110. 

  110. 

  111. read_body() {
    112. 

  112.   sed '1d'
    113. 

  113. }
    114. 

  114. 

  115. json_get() {
    116. 

  116.   local body="$1"
    117. 

  117.   local expr="$2"
    118. 

  118.   BODY_JSON="$body" python3 - "$expr" <<'PY'
    119. 

  119. import json
    120. 

  120. import os
    121. 

  121. import sys
    122. 

  122. 

  123. expr = sys.argv[1]
    124. 

  124. data = json.loads(os.environ["BODY_JSON"])
    125. 

  125. value = data
    126. 

  126. for part in expr.split('.'):
    127. 

  127.     if part:
    128. 

  128.         value = value[part]
    129. 

  129. if isinstance(value, list):
    130. 

  130.     import json as _json
    131. 

  131.     print(_json.dumps(value, ensure_ascii=False))
    132. 

  132. else:
    133. 

  133.     print(value)
    134. 

  134. PY
    135. 

  135. }
    136. 

  136. 

  137. expect_failure() {
    138. 

  138.   local name="$1"
    139. 

  139.   local expected_http="$2"
    140. 

  140.   local expected_code="$3"
    141. 

  141.   local result="$4"
    142. 

  142.   local http_code body actual_code
    143. 

  143. 

  144.   http_code="$(printf '%s\n' "$result" | read_http_code)"
    145. 

  145.   body="$(printf '%s\n' "$result" | read_body)"
    146. 

  146.   actual_code="$(json_get "$body" "code")"
    147. 

  147. 

  148.   if [[ "$http_code" != "$expected_http" ]]; then
    149. 

  149.     echo "${name} failed: expected http=${expected_http}, actual=${http_code}, body=${body}" >&2
    150. 

  150.     exit 1
    151. 

  151.   fi
    152. 

  152.   if [[ "$actual_code" != "$expected_code" ]]; then
    153. 

  153.     echo "${name} failed: expected code=${expected_code}, actual=${actual_code}, body=${body}" >&2
    154. 

  154.     exit 1
    155. 

  155.   fi
    156. 

  156. 

  157.   log "${name} -> expected failure confirmed (http=${http_code}, code=${actual_code})"
    158. 

  158. }
    159. 

  159. 

  160. build_payload() {
    161. 

  161.   python3 - "$1" "$2" "$3" "$4" "$5" <<'PY'
    162. 

  162. import json
    163. 

  163. import sys
    164. 

  164. 

  165. interface, ip, prefix, gateway, dns_csv = sys.argv[1:6]
    166. 

  166. dns = [item.strip() for item in dns_csv.split(',') if item.strip()]
    167. 

  167. payload = {
    168. 

  168.     "interface": interface,
    169. 

  169.     "ip": ip,
    170. 

  170.     "prefix": int(prefix),
    171. 

  171.     "gateway": gateway,
    172. 

  172.     "dns": dns,
    173. 

  173. }
    174. 

  174. print(json.dumps(payload, ensure_ascii=False))
    175. 

  175. PY
    176. 

  176. }
    177. 

  177. 

  178. log "discover interface"
    179. 

  179. result="$(request GET "/api/network/interfaces" "$PASSWORD")"
    180. 

  180. http_code="$(printf '%s\n' "$result" | read_http_code)"
    181. 

  181. body="$(printf '%s\n' "$result" | read_body)"
    182. 

  182. 

  183. if [[ "$http_code" != "200" ]]; then
    184. 

  184.   echo "Failed to query interfaces: http=${http_code} body=${body}" >&2
    185. 

  185.   exit 1
    186. 

  186. fi
    187. 

  187. 

  188. if [[ -z "$INTERFACE" ]]; then
    189. 

  189.   INTERFACE="$(json_get "$body" "data.suggested_target_interface")"
    190. 

  190. fi
    191. 

  191. 

  192. if [[ -z "$INTERFACE" || "$INTERFACE" == "None" ]]; then
    193. 

  193.   echo "Could not determine target interface. Pass --interface explicitly." >&2
    194. 

  194.   exit 1
    195. 

  195. fi
    196. 

  196. 

  197. log "target interface=${INTERFACE}"
    198. 

  198. 

  199. log "wrong password should be rejected"
    200. 

  200. result="$(request GET "/api/health" "wrong-password")"
    201. 

  201. expect_failure "wrong password health" "401" "1002" "$result"
    202. 

  202. 

  203. log "missing interface should fail validate"
    204. 

  204. payload="$(build_payload "not-a-real-iface" "192.168.10.20" "24" "192.168.10.1" "8.8.8.8")"
    205. 

  205. result="$(request POST "/api/network/validate" "$PASSWORD" "$payload")"
    206. 

  206. expect_failure "invalid interface validate" "400" "3001" "$result"
    207. 

  207. 

  208. log "invalid ip should fail validate"
    209. 

  209. payload="$(build_payload "$INTERFACE" "999.999.1.1" "24" "192.168.10.1" "8.8.8.8")"
    210. 

  210. result="$(request POST "/api/network/validate" "$PASSWORD" "$payload")"
    211. 

  211. expect_failure "invalid ip validate" "400" "3001" "$result"
    212. 

  212. 

  213. log "gateway outside subnet should fail validate"
    214. 

  214. payload="$(build_payload "$INTERFACE" "192.168.10.20" "24" "10.0.0.1" "8.8.8.8")"
    215. 

  215. result="$(request POST "/api/network/validate" "$PASSWORD" "$payload")"
    216. 

  216. expect_failure "gateway subnet validate" "400" "3001" "$result"
    217. 

  217. 

  218. log "invalid dns should fail validate"
    219. 

  219. payload="$(build_payload "$INTERFACE" "192.168.10.20" "24" "192.168.10.1" "8.8.8.8,not-an-ip")"
    220. 

  220. result="$(request POST "/api/network/validate" "$PASSWORD" "$payload")"
    221. 

  221. expect_failure "invalid dns validate" "400" "3001" "$result"
    222. 

  222. 

  223. log "negative checks completed"
    224.