FilesExpand file tree

 master

/

phpmyadmin_test.py

Copy path

BlameMore file actions

BlameMore file actions

Latest commit

 

History

History

History

executable file

·

212 lines (156 loc) · 6.66 KB

 master

/

phpmyadmin_test.py

Top

File metadata and controls

• Code
• Blame

executable file

·

212 lines (156 loc) · 6.66 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

#!/usr/bin/env python3

import argparse

import os

import subprocess

import re

import sys

import mechanize

import tempfile

import pytest

def create_browser():

br = mechanize.Browser()

# Ignore robots.txt

br.set_handle_robots(False)

return br

def do_login(br, url, username, password, server):

# Login page

br.open(url)

# Fill login form

br.select_form('login_form')

br['pma_username'] = username

br['pma_password'] = password

if server is not None:

br['pma_servername'] = server

# Login and check if logged in

response = br.submit()

return response

def get_world_sql_path():

if os.path.exists('/world.sql'):

return '/world.sql'

elif os.path.exists('./world.sql'):

return './world.sql'

else:

path = os.path.dirname(os.path.realpath(__file__))

return path + '/world.sql'

def test_import(url, username, password, server, sqlfile):

if sqlfile is None:

sqlfile = get_world_sql_path()

br = create_browser()

response = do_login(br, url, username, password, server)

assert(b'Server version' in response.read())

# Open server import

response = br.follow_link(text_regex=re.compile('Import'))

assert(b'OpenDocument Spreadsheet' in response.read())

# Upload SQL file

br.select_form('import')

br.form.add_file(open(sqlfile), 'text/plain', sqlfile)

response = br.submit()

response = response.read()

assert(b'5326 queries executed' in response)

def docker_secret(env_name):

dir_path = os.path.dirname(os.path.realpath(__file__))

secret_file = tempfile.mkstemp()

password = "The_super_secret_password"

password_file = open(secret_file[1], 'wb')

password_file.write(str.encode(password))

password_file.close()

test_env = {env_name + '_FILE': secret_file[1]}

# Run entrypoint and afterwards echo the environment variables

result = subprocess.Popen("bash " +dir_path+ "/../docker-entrypoint.sh 'env'", shell=True, stdout=subprocess.PIPE, env=test_env)

output = result.stdout.read().decode()

assert (env_name + "=" + password) in output

def test_phpmyadmin_secrets():

docker_secret('MYSQL_PASSWORD')

docker_secret('MYSQL_ROOT_PASSWORD')

docker_secret('PMA_USER')

docker_secret('PMA_PASSWORD')

docker_secret('PMA_HOSTS')

docker_secret('PMA_HOST')

docker_secret('PMA_CONTROLHOST')

docker_secret('PMA_CONTROLUSER')

docker_secret('PMA_CONTROLPASS')

def test_is_using_ssl(url, username, password, server):

is_using_ssl = os.environ.get('IS_USING_SSL');

br = create_browser()

response = do_login(br, url, username, password, server)

response = response.read()

assert(b'Server connection' in response)

if is_using_ssl:

assert(b'SSL is used' in response)

assert(b'SSL is not being used' not in response)

else:

assert(b'SSL is used' not in response)

assert(b'SSL is not being used' in response)

def test_is_using_ssl_client_cert(url, server):

is_using_ssl = os.environ.get('IS_USING_SSL');

if not is_using_ssl:

pytest.skip("Missing IS_USING_SSL ENV", allow_module_level=True)

br = create_browser()

password = ""

response = do_login(br, url, "ssl-specific-user", password, server)

response = response.read()

assert(b'Server connection' in response)

assert(b'ssl-specific-user@' in response)

assert(b'SSL is used' in response)

assert(b'SSL is not being used' not in response)

def test_php_ini(url, username, password, server):

skip_expose_php_test = os.environ.get('SKIP_EXPOSE_PHP_TEST');

br = create_browser()

response = do_login(br, url, username, password, server)

response = response.read()

assert(b'Show PHP information' in response)

# Open Show PHP information

response = br.follow_link(text_regex=re.compile('Show PHP information'))

response = response.read()

assert(b'PHP Version' in response)

assert(b'upload_max_filesize' in response)

assert(b'post_max_size' in response)

assert(b'expose_php' in response)

assert(b'session.save_path' in response)

assert(b'<tr><td class="e">max_execution_time</td><td class="v">125</td><td class="v">125</td></tr>' in response)

assert(b'<tr><td class="e">upload_max_filesize</td><td class="v">123M</td><td class="v">123M</td></tr>' in response)

assert(b'<tr><td class="e">post_max_size</td><td class="v">123M</td><td class="v">123M</td></tr>' in response)

if not skip_expose_php_test:

assert(b'<tr><td class="e">expose_php</td><td class="v">Off</td><td class="v">Off</td></tr>' in response)

assert(b'<tr><td class="e">session.save_path</td><td class="v">/sessions</td><td class="v">/sessions</td></tr>' in response)

def test_import_from_folder(url, username, password, server, sqlfile):

upload_dir = os.environ.get('PMA_UPLOADDIR');

if not upload_dir:

pytest.skip("Missing PMA_UPLOADDIR ENV", allow_module_level=True)

# Copy file into the volume

with open(get_world_sql_path(), 'rb') as src, open(upload_dir + '/world-data.sql', 'wb') as dst:

dst.write(src.read())

br = create_browser()

response = do_login(br, url, username, password, server)

assert(b'Server version' in response.read())

# Open server import

response = br.follow_link(text_regex=re.compile('Import'))

response = response.read()

assert(b'Browse your computer:' in response)

assert(upload_dir.encode() in response)

assert(b'world-data.sql' in response)

def test_export_to_folder(url, username, password, server, sqlfile):

save_dir = os.environ.get('PMA_SAVEDIR');

if not save_dir:

pytest.skip("Missing PMA_SAVEDIR ENV", allow_module_level=True)

# Delete file from previous runs

if os.path.exists(save_dir + "/db_server.sql"):

os.remove(save_dir + "/db_server.sql")

assert os.path.exists(save_dir + "/db_server.sql") == False

# Avoid: "The web server does not have permission to save the file"

os.chmod(save_dir , 0o777)

br = create_browser()

response = do_login(br, url, username, password, server)

assert(b'Server version' in response.read())

# Open server export

response = br.follow_link(text_regex=re.compile('Export'))

response = response.read()

assert(b'Save on server in the directory' in response)

assert(save_dir.encode() in response)

br.select_form('dump')

br.find_control("quick_export_onserver").items[0].selected=True

response = br.submit()

response = response.read()

assert(b'Dump has been saved to file' in response)

assert(b'Dump has been saved to file /etc/phpmyadmin/exports/db_server.sql' in response)

assert os.path.exists(save_dir + "/db_server.sql") == True