curl/tests/http
Viktor Szakats 3829759bd0
build: enable missing OpenSSF-recommended warnings, with fixes
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
as of 2023-11-29 [1].

Enable new recommended warnings (except `-Wsign-conversion`):

- enable `-Wformat=2` for clang (in both cmake and autotools).
- add `CURL_PRINTF()` internal attribute and mark functions accepting
  printf arguments with it. This is a copy of existing
  `CURL_TEMP_PRINTF()` but using `__printf__` to make it compatible
  with redefinting the `printf` symbol:
  https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94
- fix `CURL_PRINTF()` and existing `CURL_TEMP_PRINTF()` for
  mingw-w64 and enable it on this platform.
- enable `-Wimplicit-fallthrough`.
- enable `-Wtrampolines`.
- add `-Wsign-conversion` commented with a FIXME.
- cmake: enable `-pedantic-errors` the way we do it with autotools.
  Follow-up to d5c0351055 #2747
- lib/curl_trc.h: use `CURL_FORMAT()`, this also fixes it to enable format
  checks. Previously it was always disabled due to the internal `printf`
  macro.

Fix them:

- fix bug where an `set_ipv6_v6only()` call was missed in builds with
  `--disable-verbose` / `CURL_DISABLE_VERBOSE_STRINGS=ON`.
- add internal `FALLTHROUGH()` macro.
- replace obsolete fall-through comments with `FALLTHROUGH()`.
- fix fallthrough markups: Delete redundant ones (showing up as
  warnings in most cases). Add missing ones. Fix indentation.
- silence `-Wformat-nonliteral` warnings with llvm/clang.
- fix one `-Wformat-nonliteral` warning.
- fix new `-Wformat` and `-Wformat-security` warnings.
- fix `CURL_FORMAT_SOCKET_T` value for mingw-w64. Also move its
  definition to `lib/curl_setup.h` allowing use in `tests/server`.
- lib: fix two wrongly passed string arguments in log outputs.
  Co-authored-by: Jay Satiro
- fix new `-Wformat` warnings on mingw-w64.

[1] 56c0fde389/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C%2B%2B.md

Closes #12489
2023-12-16 13:12:37 +00:00
..
clients build: enable missing OpenSSF-recommended warnings, with fixes 2023-12-16 13:12:37 +00:00
testenv url: proxy ssl connection reuse fix 2023-11-03 16:43:45 +01:00
.gitignore tidy-up: mostly whitespace nits 2023-08-31 23:02:10 +00:00
config.ini.in tests/http: remove year ranges from copyrights 2023-03-15 00:05:29 +01:00
conftest.py tidy-up: mostly whitespace nits 2023-08-31 23:02:10 +00:00
Makefile.am tests/http: more tests with specific clients 2023-04-26 23:24:46 +02:00
README.md tests: update tests/httpd references to tests/http 2023-03-28 17:50:59 +02:00
requirements.txt tidy-up: mostly whitespace nits 2023-08-31 23:02:10 +00:00
scorecard.py http3/ngtcp2: shorten handshake, trace cleanup 2023-08-07 17:13:52 +02:00
test_01_basic.py http2: polish things around POST 2023-09-04 19:48:49 +02:00
test_02_download.py test_02_download: fix paramters to test_02_27 2023-12-07 09:32:46 +01:00
test_03_goaway.py pytest: exclude test_03_goaway in CI runs due to timing dependency 2023-09-21 08:57:57 +02:00
test_04_stuttered.py pytest: improvements 2023-09-07 10:30:14 +02:00
test_05_errors.py tidy-up: mostly whitespace nits 2023-08-31 23:02:10 +00:00
test_06_eyeballs.py tidy-up: mostly whitespace nits 2023-08-31 23:02:10 +00:00
test_07_upload.py pytest: use lower count in repeat tests 2023-11-02 16:35:00 +01:00
test_08_caddy.py pytest: improvements 2023-09-07 10:30:14 +02:00
test_09_push.py tidy-up: mostly whitespace nits 2023-08-31 23:02:10 +00:00
test_10_proxy.py url: proxy ssl connection reuse fix 2023-11-03 16:43:45 +01:00
test_11_unix.py proxy: http2 proxy tunnel implementation 2023-04-06 13:04:46 +02:00
test_12_reuse.py tests: make test_12_01 a bit more forgiving on connection counts 2023-04-13 08:46:53 +02:00
test_13_proxy_auth.py http2: polish things around POST 2023-09-04 19:48:49 +02:00
test_14_auth.py http2: polish things around POST 2023-09-04 19:48:49 +02:00
test_15_tracing.py tidy-up: mostly whitespace nits 2023-08-31 23:02:10 +00:00
test_20_websockets.py tests/http: more tests with specific clients 2023-04-26 23:24:46 +02:00

The curl HTTP Test Suite

This is an additional test suite using a combination of Apache httpd and nghttpx servers to perform various tests beyond the capabilities of the standard curl test suite.

Usage

The test cases and necessary files are in tests/http. You can invoke pytest from there or from the top level curl checkout and it will find all tests.

curl> pytest
platform darwin -- Python 3.9.15, pytest-6.2.0, py-1.10.0, pluggy-0.13.1
rootdir: /Users/sei/projects/curl
collected 5 items

tests/http/test_01_basic.py .....

Pytest takes arguments. -v increases its verbosity and can be used several times. -k <expr> can be used to run only matching test cases. The expr can be something resembling a python test or just a string that needs to match test cases in their names.

curl> pytest -vv -k test_01_02

runs all test cases that have test_01_02 in their name. This does not have to be the start of the name.

Depending on your setup, some test cases may be skipped and appear as s in the output. If you run pytest verbose, it will also give you the reason for skipping.

Prerequisites

You will need:

  1. a recent Python, the cryptography module and, of course, pytest
  2. a apache httpd development version. On Debian/Ubuntu, the package apache2-dev has this.
  3. a local curl project build
  4. optionally, a nghttpx with HTTP/3 enabled or h3 test cases will be skipped.

Configuration

Via curl's configure script you may specify:

  • --with-test-nghttpx=<path-of-nghttpx> if you have nghttpx to use somewhere outside your $PATH.
  • --with-test-httpd=<httpd-install-path> if you have an Apache httpd installed somewhere else. On Debian/Ubuntu it will otherwise look into /usr/bin and /usr/sbin to find those.

Usage Tips

Several test cases are parameterized, for example with the HTTP version to use. If you want to run a test with a particular protocol only, use a command line like:

curl> pytest -k "test_02_06 and h2"

Several test cases can be repeated, they all have the repeat parameter. To make this work, you have to start pytest in the test directory itself (for some unknown reason). Like in:

curl/tests/http> pytest -k "test_02_06 and h2" --repeat=100

which then runs this test case a hundred times. In case of flaky tests, you can make pytest stop on the first one with:

curl/tests/http> pytest -k "test_02_06 and h2" --repeat=100 --maxfail=1

which allow you to inspect output and log files for the failed run. Speaking of log files, the verbosity of pytest is also used to collect curl trace output. If you specify -v three times, the curl command is started with --trace:

curl/tests/http> pytest -vvv -k "test_02_06 and h2" --repeat=100 --maxfail=1

all of curl's output and trace file are found in tests/http/gen/curl.

Writing Tests

There is a lot of pytest documentation with examples. No use in repeating that here. Assuming you are somewhat familiar with it, it is useful how this general test suite is setup. Especially if you want to add test cases.

Servers

In conftest.py 3 "fixtures" are defined that are used by all test cases:

  1. env: the test environment. It is an instance of class testenv/env.py:Env. It holds all information about paths, availability of features (HTTP/3!), port numbers to use, domains and SSL certificates for those.
  2. httpd: the Apache httpd instance, configured and started, then stopped at the end of the test suite. It has sites configured for the domains from env. It also loads a local module mod_curltest? and makes it available in certain locations. (more on mod_curltest below).
  3. nghttpx: an instance of nghttpx that provides HTTP/3 support. nghttpx proxies those requests to the httpd server. In a direct mapping, so you may access all the resources under the same path as with HTTP/2. Only the port number used for HTTP/3 requests will be different.

pytest manages these fixture so that they are created once and terminated before exit. This means you can Ctrl-C a running pytest and the server will shutdown. Only when you brutally chop its head off, might there be servers left behind.

Test Cases

Tests making use of these fixtures have them in their parameter list. This tells pytest that a particular test needs them, so it has to create them. Since one can invoke pytest for just a single test, it is important that a test references the ones it needs.

All test cases start with test_ in their name. We use a double number scheme to group them. This makes it ease to run only specific tests and also give a short mnemonic to communicate trouble with others in the project. Otherwise you are free to name test cases as you think fitting.

Tests are grouped thematically in a file with a single Python test class. This is convenient if you need a special "fixture" for several tests. "fixtures" can have "class" scope.

There is a curl helper class that knows how to invoke curl and interpret its output. Among other things, it does add the local CA to the command line, so that SSL connections to the test servers are verified. Nothing prevents anyone from running curl directly, for specific uses not covered by the CurlClient class.

mod_curltest

The module source code is found in testenv/mod_curltest. It is compiled using the apxs command, commonly provided via the apache2-dev package. Compilation is quick and done once at the start of a test run.

The module adds 2 "handlers" to the Apache server (right now). Handler are pieces of code that receive HTTP requests and generate the response. Those handlers are:

  • curltest-echo: hooked up on the path /curltest/echo. This one echoes a request and copies all data from the request body to the response body. Useful for simulating upload and checking that the data arrived as intended.
  • curltest-tweak: hooked up on the path /curltest/tweak. This handler is more of a Swiss army knife. It interprets parameters from the URL query string to drive its behavior.
    • status=nnn: generate a response with HTTP status code nnn.
    • chunks=n: generate n chunks of data in the response body, defaults to 3.
    • chunk_size=nnn: each chunk should contain nnn bytes of data. Maximum is 16KB right now.
    • chunkd_delay=duration: wait duration time between writing chunks
    • delay=duration: wait duration time to send the response headers
    • body_error=(timeout|reset): produce an error after the first chunk in the response body
    • id=str: add str in the response header request-id

duration values are integers, optionally followed by a unit. Units are:

  • d: days (probably not useful here)
  • h: hours
  • mi: minutes
  • s: seconds (the default)
  • ms: milliseconds

As you can see, mod_curltest's tweak handler allow to simulate many kinds of responses. An example of its use is test_03_01 where responses are delayed using chunk_delay. This gives the response a defined duration and the test uses that to reload httpd in the middle of the first request. A graceful reload in httpd lets ongoing requests finish, but will close the connection afterwards and tear down the serving process. The following request need then to open a new connection. This is verified by the test case.