[multiple] remove deprecated modules

remove deprecated modules: mod_evasive mod_secdownload mod_uploadprogress mod_usertrack These scheduled lighttpd behavior changes have been announced over the past year: * Continue gradual deprecation of "mini-application" lighttpd modules for which mod_magnet lua implementations are better and more flexible. Please post on lighttpd forums to share feedback if you use these modules. Forums: https://redmine.lighttpd.net/projects/lighttpd/boards * Deprecated: mod_evasive has been removed. mod_evasive can be replaced by mod_magnet and a few lines of lua: Replacement: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_evasive https://wiki.lighttpd.net/AbsoLUAtion#Fight-DDoS https://wiki.lighttpd.net/AbsoLUAtion#Mod_Security * Deprecated: mod_secdownload has been removed. mod_secdownload can be replaced by mod_magnet and a few lines of lua: Replacement: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_secdownload mod_secdownload historically uses insecure MD5 though SHA1, SHA256 available * Deprecated: mod_uploadprogress has been removed. mod_uploadprogress can be replaced by mod_magnet and a few lines of lua: Replacement: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_uploadprogress * Deprecated: mod_usertrack has been removed. mod_usertrack can be replaced by mod_magnet and a few lines of lua: Replacement: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_usertrack mod_usertrack historically uses insecure MD5.
author: Glenn Strauss <gstrauss@gluelogic.com> 2022-11-23 10:45:05 -0500
committer: Glenn Strauss <gstrauss@gluelogic.com> 2022-11-30 19:04:38 -0500
commit: fcf0dc3e336a5d62c58036cdb8fc9f4c099b178e (patch)
tree: a94e7c0cf42cbdbf8308c559e104f7e44f279c8e /tests/request.t
parent: 326ace4ffd93582b86effee23c1014477c495eaf (diff)
download: lighttpd-git-fcf0dc3e336a5d62c58036cdb8fc9f4c099b178e.tar.gz
1 files changed, 1 insertions, 191 deletions
diff --git a/tests/request.t b/tests/request.t
index b25f4f96..3fdb1ab6 100755
--- a/tests/request.t
+++ b/tests/request.t
@@ -8,7 +8,7 @@ BEGIN {
 
 use strict;
 use IO::Socket;
-use Test::More tests => 178;
+use Test::More tests => 164;
 use LightyTest;
 
 my $tf = LightyTest->new();
@@ -1592,196 +1592,6 @@ ok($tf_proxy->stop_proc == 0, "Stopping lighttpd proxy");
 } while (0);
 
 
-## mod_secdownload
-
-use Digest::MD5 qw(md5_hex);
-use Digest::SHA qw(hmac_sha1 hmac_sha256);
-use MIME::Base64 qw(encode_base64url);
-
-my $secret = "verysecret";
-my ($f, $thex, $m);
-
-$t->{REQUEST}  = ( <<EOF
-GET /index.html HTTP/1.0
-Host: www.example.org
-EOF
- );
-$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
-
-ok($tf->handle_http($t) == 0, 'skipping secdownload - direct access');
-
-## MD5
-$f = "/index.html";
-$thex = sprintf("%08x", time);
-$m = md5_hex($secret.$f.$thex);
-
-$t->{REQUEST}  = ( <<EOF
-GET /sec/$m/$thex$f HTTP/1.0
-Host: vvv.example.org
-EOF
- );
-$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
-
-ok($tf->handle_http($t) == 0, 'secdownload (md5)');
-
-$thex = sprintf("%08x", time - 1800);
-$m = md5_hex($secret.$f.$thex);
-
-$t->{REQUEST}  = ( <<EOF
-GET /sec/$m/$thex$f HTTP/1.0
-Host: vvv.example.org
-EOF
- );
-$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
-
-ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (md5)');
-
-$t->{REQUEST}  = ( <<EOF
-GET /sec$f HTTP/1.0
-Host: vvv.example.org
-EOF
- );
-$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
-
-ok($tf->handle_http($t) == 0, 'secdownload - direct access (md5)');
-
-$f = "/noexists";
-$thex = sprintf("%08x", time);
-$m = md5_hex($secret.$f.$thex);
-
-$t->{REQUEST}  = ( <<EOF
-GET /sec/$m/$thex$f HTTP/1.0
-Host: vvv.example.org
-EOF
- );
-$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
-
-ok($tf->handle_http($t) == 0, 'secdownload - timeout (md5)');
-
-
-if (!$tf->has_crypto()) {
-
-    for (1..4) { ok(1, "secdownload (hmac-sha1) (skipped) - (missing SSL support)"); }
-    for (1..5) { ok(1, "secdownload (hmac-sha256) (skipped) - (missing SSL support)"); }
-
-}
-else {
-
-## HMAC-SHA1
-$f = "/index.html";
-$thex = sprintf("%08x", time);
-$m = encode_base64url(hmac_sha1("/$thex$f", $secret));
-
-$t->{REQUEST}  = ( <<EOF
-GET /sec/$m/$thex$f HTTP/1.0
-Host: vvv-sha1.example.org
-EOF
- );
-$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
-
-ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha1)');
-
-$thex = sprintf("%08x", time - 1800);
-$m = encode_base64url(hmac_sha1("/$thex$f", $secret));
-
-$t->{REQUEST}  = ( <<EOF
-GET /sec/$m/$thex$f HTTP/1.0
-Host: vvv-sha1.example.org
-EOF
- );
-$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
-
-ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (hmac-sha1)');
-
-$t->{REQUEST}  = ( <<EOF
-GET /sec$f HTTP/1.0
-Host: vvv-sha1.example.org
-EOF
- );
-$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
-
-ok($tf->handle_http($t) == 0, 'secdownload - direct access (hmac-sha1)');
-
-
-$f = "/noexists";
-$thex = sprintf("%08x", time);
-$m = encode_base64url(hmac_sha1("/$thex$f", $secret));
-
-$t->{REQUEST}  = ( <<EOF
-GET /sec/$m/$thex$f HTTP/1.0
-Host: vvv-sha1.example.org
-EOF
- );
-$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
-
-ok($tf->handle_http($t) == 0, 'secdownload - timeout (hmac-sha1)');
-
-## HMAC-SHA256
-$f = "/index.html";
-$thex = sprintf("%08x", time);
-$m = encode_base64url(hmac_sha256("/$thex$f", $secret));
-
-$t->{REQUEST}  = ( <<EOF
-GET /sec/$m/$thex$f HTTP/1.0
-Host: vvv-sha256.example.org
-EOF
- );
-$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
-
-ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha256)');
-
-## HMAC-SHA256
-$f = "/index.html?qs=1";
-$thex = sprintf("%08x", time);
-$m = encode_base64url(hmac_sha256("/$thex$f", $secret));
-
-$t->{REQUEST}  = ( <<EOF
-GET /sec/$m/$thex$f HTTP/1.0
-Host: vvv-sha256.example.org
-EOF
- );
-$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 200 } ];
-
-ok($tf->handle_http($t) == 0, 'secdownload (hmac-sha256) with hash-querystr');
-
-$thex = sprintf("%08x", time - 1800);
-$m = encode_base64url(hmac_sha256("/$thex$f", $secret));
-
-$t->{REQUEST}  = ( <<EOF
-GET /sec/$m/$thex$f HTTP/1.0
-Host: vvv-sha256.example.org
-EOF
- );
-$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 410 } ];
-
-ok($tf->handle_http($t) == 0, 'secdownload - gone (timeout) (hmac-sha256)');
-
-$t->{REQUEST}  = ( <<EOF
-GET /sec$f HTTP/1.0
-Host: vvv-sha256.example.org
-EOF
- );
-$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
-
-ok($tf->handle_http($t) == 0, 'secdownload - direct access (hmac-sha256)');
-
-
-$f = "/noexists";
-$thex = sprintf("%08x", time);
-$m = encode_base64url(hmac_sha256("/$thex$f", $secret));
-
-$t->{REQUEST}  = ( <<EOF
-GET /sec/$m/$thex$f HTTP/1.0
-Host: vvv-sha256.example.org
-EOF
- );
-$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 404 } ];
-
-ok($tf->handle_http($t) == 0, 'secdownload - timeout (hmac-sha256)');
-
-} # SKIP if lighttpd built without crypto algorithms (e.g. without openssl)
-
-
 ## mod_setenv
 
 $t->{REQUEST} = ( <<EOF
author	Glenn Strauss <gstrauss@gluelogic.com>	2022-11-23 10:45:05 -0500
committer	Glenn Strauss <gstrauss@gluelogic.com>	2022-11-30 19:04:38 -0500
commit	fcf0dc3e336a5d62c58036cdb8fc9f4c099b178e (patch)
tree	a94e7c0cf42cbdbf8308c559e104f7e44f279c8e /tests/request.t
parent	326ace4ffd93582b86effee23c1014477c495eaf (diff)
download	lighttpd-git-fcf0dc3e336a5d62c58036cdb8fc9f4c099b178e.tar.gz