Review Board 1.7.16


Testsuite: For httpd server, need option to define server name for security purposes

Review Request #4377 - Created Jan. 26, 2015 and submitted

Ashley Sanders
testsuite
ASTERISK-24316
Reviewers
asterisk-dev
testsuite
Currently, all responses from the Asterisk HTTP server contain a [Server] header that identifies Asterisk and its version (e.g. "Server:Asterisk/<version>", where <version> is the currently running version of Asterisk). The preferred behavior is to allow the user to configure an alternate name to use for the value returned in the [Server] header for HTTP responses (e.g. "Server:SomeSuperAwesomeServerName").

This patch to the Asterisk source provides a new configuration property, [servername], in http.conf, that gives users the ability to modify the value that Asterisk uses when identifying itself. 

This test verifies that the HTTP server correctly reports the expected name through the [Server] header field in all HTTP responses. It uses three instances of Asterisk to test the three possible logic paths:
1) No configuration was provided
2) A non-empty/non-null value was provided through the new configuration property [servername]
3) An empty/null value was provided through the new configuration property [servername]

For clarity, consider this example for the possible outcomes as described above, respectively:
1) There was nothing configured for [servername].
2) The user configured a non-empty value for [servername] (e.g. servername="JohnMcClane")
3) The user configured an empty/null value for [servername] (e.g. servername="")

The HTTP server is expected to create the [Server] header field as follows, respectively:
1) Server: Asterisk/<version>
2) Server: JohnMcClane
3) 

In case #3, the [Server] header field will be omitted from HTTP response headers.

***Note*** This is the test. It is only the test. You can find the review for the Asterisk source at: https://reviewboard.asterisk.org/r/4374/

 

Changes between revision 1 and 2

1 2
1 2

  1. ./asterisk/trunk/tests/http_server/servername/run-test: Loading...
./asterisk/trunk/tests/http_server/servername/run-test
Diff Revision 1 Diff Revision 2
[20] 18 lines
[+20]
19
from asterisk.version import AsteriskVersion
19
from asterisk.version import AsteriskVersion
20
from asterisk.test_case import TestCase
20
from asterisk.test_case import TestCase
21

    
   
21

   
22
LOGGER = logging.getLogger(__name__)
22
LOGGER = logging.getLogger(__name__)
23

    
   
23

   
24
EXPECTED_NAMES = ["Peabody", "Asterisk/<version>", ""]
24
EXPECTED_NAMES = ["Peabody", "Asterisk/<version>", None]
25

    
   
25

   
26
BASE_URL = "http://127.0.0.%d:8088/httpstatus"
26
BASE_URL = "http://127.0.0.%d:8088/httpstatus"
27

    
   
27

   
28
class HttpClientTest(TestCase):
28
class HttpClientTest(TestCase):
29
    """Responsible for making a request to the http-server and then parsing
29
    """Responsible for making a request to the http-server and then parsing
[+20] [20] 10 lines
[+20]
40
        """Runs the test."""
40
        """Runs the test."""
41

    
   
41

   
42
        TestCase.run(self)
42
        TestCase.run(self)
43

    
   
43

   
44
        for i in range(0, 3):
44
        for i in range(0, 3):
45
            name = EXPECTED_NAMES[i].replace("<version>",
45
            name = EXPECTED_NAMES[i]

    
   
46
            if name is not None:

    
   
47
                name = name.replace("<version>",
46
                            str(AsteriskVersion()).rstrip('\n'))
48
                                str(AsteriskVersion()).rstrip('\n'))

    
   
49

   
47
            url = BASE_URL % (i+1)
50
            url = BASE_URL % (i+1)
48

    
   
51

   
49
            self.run_scenario(url, name)
52
            self.run_scenario(url, name)
50
            if self.passed == False:
53
            if self.passed == False:
51
                break
54
                break
[+20] [20] 44 lines
  1. ./asterisk/trunk/tests/http_server/servername/run-test: Loading...

https://reviewboard.asterisk.org/ runs on a server provided by Digium, Inc. and uses bandwidth donated to the open source Asterisk community by API Digital Communications in Huntsville, AL USA.
Please report problems with this site to asteriskteam@digium.com.