sni / webinject Goto Github PK

MYMETA.{yml,json} are files that are generated at install time on the user machine. They must not be bundled in your distribution.

Check this for details: http://weblog.bulknews.net/post/44251476706/stop-shipping-mymeta-to-cpan

Each https call gets a 501 HTTP Response Code back.
http checks work fine.

Failed HTTP Response Code Verification (received 501, expecting 200

Use of uninitialized value in concatenation (.) or string at /usr/local/share/perl5/Webinject.pm line 850.

Tested the same testcases on Centos 6 without issues

Perl versions on Fedora 19:

perl v5.16.3

*** Checking for Perl dependencies...
[Core Features]

• LWP ...loaded. (6.05)
• XML::Simple ...loaded. (2.20)
• HTTP::Request::Common ...loaded. (6.04)
• HTTP::Cookies ...loaded. (6.01)
• Time::HiRes ...loaded. (1.9725)
• Getopt::Long ...loaded. (2.38)
• Crypt::SSLeay ...loaded. (0.64)
• XML::Parser ...loaded. (2.41)
• Error ...loaded. (0.17020)
• File::Temp ...loaded. (0.22)
• URI ...loaded. (1.60)

Hi there,

I'm using Webinject for a login and mail sending test on a horde webmailer. There seems to be an error while parsing the response. Googling it has given the same error for other versions (1.41) with the hint to use the actual version. Unfortunately I do (1.86) and still get this error. This is my command line:

root@rzicinga:/usr/lib/nagios/plugins/others/webinject# ./check_webinject -c config.xml webmail.unibw-hamburg.de.xml
Use of uninitialized value $val in substitution (s///) at ./check_webinject line 1582.
WebInject CRITICAL - case #4: Failed Positive Verification, can not find a string matching regex: Betre

Test: webmail.unibw-hamburg.de.xml - 1
Desc: Login in Horde Webmail
POST Request: https://webmail.unibw-hamburg.de/hordegroupware/login.php
Passed HTTP Response Code Verification (not in error range)
TEST CASE PASSED

Response Time = 0.167 sec

Test: webmail.unibw-hamburg.de.xml - 2
Desc: Wechsel auf die Inbox
GET Request: https://webmail.unibw-hamburg.de/hordegroupware/imp/mailbox.php?mailbox=INBOX
Passed HTTP Response Code Verification (not in error range)
TEST CASE PASSED

Response Time = 0.101 sec

Test: webmail.unibw-hamburg.de.xml - 3
Desc: Folge der Weiterleitung
GET Request: https://webmail.unibw-hamburg.de/hordegroupware/imp/redirect.php?actionID=login&autologin=1&server_key=imap
Passed HTTP Response Code Verification (not in error range)
TEST CASE PASSED

Response Time = 0.101 sec

Test: webmail.unibw-hamburg.de.xml - 4
Desc: Enter form send mail
GET Request: https://webmail.unibw-hamburg.de/hordegroupware/imp/compose.php?mailbox=INBOX&uniq=1391607126.7291
Passed HTTP Response Code Verification (not in error range)
Verify: 'Betre'
Failed Positive Verification
Failed Parseresult, cannot find uniq=()"
Failed Parseresult, cannot find compose_requestToken" value="()"
Failed Parseresult, cannot find compose_formToken" value="()"
Failed Parseresult, cannot find messageCache" value="()"
TEST CASE FAILED : case #4: Failed Positive Verification, can not find a string matching regex: Betre

Response Time = 0.101 sec

Test Cases Run: 4
Test Cases Passed: 3
Test Cases Failed: 1
Verifications Passed: 4
Verifications Failed: 1

These are the testcases:

<testvar varname="HORDE_USER">[email protected]</testvar>
<testvar varname="HORDE_PASS">supersecretpw</testvar>
<testvar varname="SOURCE_EMAIL">[email protected]</testvar>
<testvar varname="DEST_EMAIL">[email protected]</testvar>
<testvar varname="DEST_FOLDER">Monitoring_nicht_loeschen</testvar>

Thanks in advance for any help!

Webinject version: 1.94
Getting the following error in a test case running on RHEL server:

Content-Type: text/plain
Client-Date: Thu, 16 May 2019 10:06:25 GMT
Client-Warning: Internal response
500 Can't connect to xxx.xxx.xxx (SSL connect attempt failed)

And when using the GUI on a windows machine using the same test case getting
500 SSL negotiation failed

Hi, there!

I'm very interested in using webinject for tesing my web service api.
By the way, my api returns json object as the result.
Is there anyway to verify the (complex) json response easily?

For example:
My sample response is
{ "result_code" : "0", "result_msg" : "success" }.
Now I can use "verifypositive" node at my test case definition like "result_code : 0".

But I prefer the following way:

result.result_code = 0
result.result_msg = success

I hope you can understand me.

Thanks in advance

Hi there,

First off, I've been using Webinject recently and I could appreciate how nice it is.

According to some forums it seems Webinject is capable of NTLM authentication. I've been installing the latest version and trying to configure such an authentication without success.

My question is : is it really possible? If yes, is it necessary to modify the check_webinject script?

And quite important too, is there some kind of howto regarding specifically NTLM authentication through Webinject?

I need to auth on an IIS server prior to access and log other web applications.

Thank you

Hi,

I use your Webinject for my Icinga 2 check plugin and run in some trouble with a selfsigned certificate. The problem was located at LWP perl module which seems to be not able handling this type of certificate because it have no Root certificate for validation.

There are two solution first is ignoring certificate validation what not solve the cause of problem but make the plugin easy usable in a selfsign enviornment. Second solution is offering LWP the root certificate for validation.

So I will suggest implementing this feature to ignore or offer webinject certificates. Like:
webinject.pl -c config.xml testcases.xml --no_ssl_verify or
webinject.pl -c config.xml testscases.xml --ssl_cert /root/pki/certs/host.pem --ssl_key /root/pki/keys/host-key.pem

Code example:
This makes LWP ignoring the cert but I wish that webinject drop this line if I indicate it to do this with a switch or something:
$useragent->ssl_opts(verify_hostname => 0);
And this makes LWP using certificates here same with a switch and passing the paths

$useragent->ssl_opts => {
        SSL_use_cert => 1,
        SSL_cert_file   => "/path/to/clientcert.crt",
        SSL_key_file    => "/path/to/privatekey.key",
    },

Hi Sven,

I've been using webinject via a proxy service over the last few days and it's working great. I have however hit a snag. When I try and run using a proxy for a HTTPS request it fails with the auth. I think it's not parsing the username and password correctly. Am doing something wrong?

Example config.xml
https://www.google.com.au
yes
10
username:[email protected]:44444
nagios
10
testcases.xml

Example testcases.xml

Log output
500 Can't connect to www.google.com.au:443 (Bad service '[email protected]')

Note it works fine when using a HTTP baseurl.

Regards,
Josh

We've have been trying to align our webinject checks to validate gzipped response. Does any version of this support the same ? If so how does it manage to decompress the zipped response content.

Hello,

The post method : application/json;charset=utf-8 will be supported in the future ?

I have this error when query a mapservice :
ERROR: Bad Form Encoding Type, I only accept "application/x-www-form-urlencoded", "multipart/form-data", "text/xml", "application/soap+xml"

Another thing, I pray for NTLM authentication managed natively in your code.

Hi.

I have to check a webservice where I submit a xml document. The problem is, that the only indication that it went well, is if no xml is returned. I can check for a content lenght being equal to zero.
It does not seem that webinject is able to handle this situation? I get these errors:
Failed XML parser on response:
no element found at line 1, column 0, byte -1 at /usr/lib/perl5/XML/Parser.pm line 187.
Is it possible to add an option to not parse the response?

Regards

Jens Hyllegaard

Hi,

I am trying to get a form URL to be used in the next request:

This is necessary because the first generates an URL with a session token.

The test fails and the http.log contains:

POST %7BPARSEDRESULT%7D
Content-Type: application/x-www-form-urlencoded

It looks like {PARSEDRESULT} is taken literally here. Why?

I use addheader in webinject test:

addheader="__RequestVerificationToken: {PARSEDRESULT}"

In request debug header (in http.log) I see: --RequestVerificationToken: TOKEN
I think it should be __RequestVerificationToken insted of --RequestVerificationToken

So I can not complete the request because of wrong header.

Am I doing something wrong?

MYMETA.json and MYMETA.yml should not be included in the archive sent to CPAN.
You seem to have MANIFEST.SKIP file that excludes them, but it looks like it didn't do its job.

Webinject wors fine when executed from its directory.
When ran from outside the directory the script shows the usage.

[root@rcifrlv12 ~]# /opt/logi/webinject-1.8.6/webinject.pl -c config.xml AMP_Crg.xml
ERROR: Failed to open config.xml file: Aucun fichier ou r▒pertoire de ce type
Usage:
/opt/logi/webinject-1.8.6/webinject.pl
[-c|--config config_file]
[-o|--output output_location]
[-n|--no-output]
[-t|--timeout]
[-r|--report-type]
[-s key=value]
[testcase_file [XPath]]
/opt/logi/webinject-1.8.6/webinject.pl --version|-v

The version 1.4.1 works fine in both situations.

Thank you
Best Regards

We have a web application from an outside developer that uses javascript on a form submission event to set a cookie in the browser. This cookie is critical to authentication (i.e. if the cookie isn't present it rejects a POST with creds).

We are using Webinject to test authentication through the web application to ensure users are able to login.

While this quirk is in my opinion a failing of the application it would be nice for Webinject to be flexible enough to support the ability to add arbitrary cookies to a test case.

I have the following patch to do this...

diff --git a/lib/Webinject.pm b/lib/Webinject.pm
index ddb43af..6dc801a 100644
--- a/lib/Webinject.pm
+++ b/lib/Webinject.pm
@@ -904,7 +904,18 @@ sub _http_defaults {
     my $request   = shift;
     my $useragent = shift;
     my $case      = shift;
-
+
+       if($case->{'addcookie'}) {
+               my $cookie_jar = $useragent->cookie_jar();
+               # add cookies to the cookie jar
+               # can add multiple cookies with a pipe delimiter
+               for my $addcookie (split /\|/mx, $case->{'addcookie'}) {
+                               my ($ck_version, $ck_key, $ck_val, $ck_path, $ck_domain, $ck_port, $ck_path_spec, $ck_secure, $ck_maxage, $ck_discard) = split(/,/, $addcookie);
+                               $cookie_jar->set_cookie( $ck_version, $ck_key, $ck_val, $ck_path, $ck_domain, $ck_port, $ck_path_spec, $ck_secure, $ck_maxage, $ck_discard);
+               }
+               $cookie_jar->save();
+               $cookie_jar->add_cookie_header($request);
+       }
     # add an additional HTTP Header if specified
     if($case->{'addheader'}) {
         # can add multiple headers with a pipe delimiter

Which supports a new attribute in test cases with the following format
addcookie="0,PS_DEVICEFEATURES,width:1680,/,host.domain.tld,0,1,1,86400,0"

Which is basically the exact arguments to the cookie jar set_cookie method.

Would this functionality be acceptable as a feature addition?

If so, is this approach acceptable, if not suggestions for how to change things to make it acceptable?

I figured I would work out the details here before submitting a pull request, sorry if that's not preferable!

When running a test which contains a postbody="file=>relative/pathto/bodyfile" instruction, I get different results depending on from where I call ./webinject.pl. I would expect the relative path of the postbody directive to have resolved from the location of the test case file, but it appears to be dependent on the directory you are in when ./webinject.pl is run.

I don't know from which directory Nagios runs ./webinject.pl so I can't form a relative path from there, and specifying the absolute path in the postbody directive seems less clean/portable.

Is it reasonable to request that relative paths in the postbody directive be resolved from the test case file location? (I think you would do so by persisting the path, e.g. to $xmltestcases->{'case'}->{'path'} in the main engine loop; then applying $case->{path} . $1 in _httppost_xml, but I'm not especially good at reading other people's Perl 😄)

Similarly, where -c config.xml meant the path relative to where webinject.pl was; now I seem to have to specify a full path to -c to get the same effect. This isn't so bad, as there is a consistent behaviour available by not specifying -c (i.e. config.xml in the same directory as webinject.pl).

I was using the v1.4.something (from the website), which seemed to behave, and am now using v1.92 (from CPAN), which now seems not to.

PS: I only discovered the existence of v1.92 in a Google Groups post -- why is this not mentioned/linked/available on the website?