From 892b30a0c364d68f6b491298d1444ce915d444c7 Mon Sep 17 00:00:00 2001 From: CarloToso <105941898+CarloToso@users.noreply.github.com> Date: Fri, 13 Jan 2023 01:49:37 +0100 Subject: [PATCH 1/6] add destination to RedirectController --- test/tools/WebListener/Controllers/RedirectController.cs | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/test/tools/WebListener/Controllers/RedirectController.cs b/test/tools/WebListener/Controllers/RedirectController.cs index 1b7df04f3b3..551db38055d 100644 --- a/test/tools/WebListener/Controllers/RedirectController.cs +++ b/test/tools/WebListener/Controllers/RedirectController.cs @@ -21,9 +21,10 @@ public class RedirectController : Controller public IActionResult Index(int count) { string url = Regex.Replace(input: Request.GetDisplayUrl(), pattern: "\\/Redirect.*", replacement: string.Empty, options: RegexOptions.IgnoreCase); + var destinationIsPresent = Request.Query.TryGetValue("destination", out StringValues destination); if (count <= 1) { - url = $"{url}/Get/"; + url = destinationIsPresent ? destination.FirstOrDefault() : $"{url}/Get/"; } else { @@ -44,6 +45,11 @@ public IActionResult Index(int count) url = new Uri($"{url}?type={type.FirstOrDefault()}").PathAndQuery; Response.Redirect(url, false); } + else if (destinationIsPresent) + { + Response.StatusCode = 302; + Response.Headers.Add("Location", url); + } else { Response.Redirect(url, false); From f513cbaa46dd0539b3ac927e78f738dd933596e6 Mon Sep 17 00:00:00 2001 From: CarloToso <105941898+CarloToso@users.noreply.github.com> Date: Fri, 13 Jan 2023 02:41:56 +0100 Subject: [PATCH 2/6] Add 8 tests --- .../WebCmdlets.Tests.ps1 | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) diff --git a/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 b/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 index c2b3f110655..b0135fa850d 100644 --- a/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 +++ b/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 @@ -514,6 +514,24 @@ Describe "Invoke-WebRequest tests" -Tags "Feature", "RequireAdminOnWindows" { $result.Error.FullyQualifiedErrorId | Should -Be "WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand" } + It "Validate Invoke-WebRequest redirect with query destination Http" { + $httpUri = Get-WebListenerUrl -Test 'Get' + $uri = Get-WebListenerUrl -Test 'Redirect' -Query @{destination = $httpUri} + $command = "Invoke-WebRequest -Uri '$uri' -SkipCertificateCheck" + + $result = ExecuteWebCommand -command $command + $result.Output.Headers.Host | Should -Be "127.0.0.1:8083" + } + + It "Validate Invoke-WebRequest redirect with query destination Https" { + $httpUri = Get-WebListenerUrl -Test 'Get' -Https + $uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpUri} + $command = "Invoke-WebRequest -Uri '$uri' -SkipCertificateCheck" + + $result = ExecuteWebCommand -command $command + $result.Output.Headers.Host | Should -Be "127.0.0.1:9094" + } + It "Invoke-WebRequest supports request that returns page containing UTF-8 data." { $uri = Get-WebListenerUrl -Test 'Encoding' -TestValue 'Utf8' $command = "Invoke-WebRequest -Uri '$uri'" @@ -937,6 +955,24 @@ Describe "Invoke-WebRequest tests" -Tags "Feature", "RequireAdminOnWindows" { $response.Error.Exception.Response.StatusCode | Should -Be $StatusCode $response.Error.Exception.Response.Headers.Location | Should -BeNullOrEmpty } + + It "Validate Invoke-WebRequest Https to Http redirect with -AllowInsecureRedirect" { + $httpUri = Get-WebListenerUrl -Test 'Get' + $uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpUri} + $command = "Invoke-WebRequest -Uri '$uri' -SkipCertificateCheck -AllowInsecureRedirect" + + $result = ExecuteWebCommand -command $command + $result.Output.Headers.Host | Should -Be "127.0.0.1:8083" + } + + It "Validate Invoke-WebRequest Https to Http redirect fails" { + $httpUri = Get-WebListenerUrl -Test 'Get' + $uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpUri} + $command = "Invoke-WebRequest -Uri '$uri' -SkipCertificateCheck" + + $result = ExecuteWebCommand -command $command + $result.Error.FullyQualifiedErrorId | Should -Be "WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand" + } } @@ -2170,6 +2206,24 @@ Describe "Invoke-RestMethod tests" -Tags "Feature", "RequireAdminOnWindows" { $result.Error.FullyQualifiedErrorId | Should -Be "WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand" } + It "Validate Invoke-RestMethod redirect with query destination Http" { + $httpUri = Get-WebListenerUrl -Test 'Get' + $uri = Get-WebListenerUrl -Test 'Redirect' -Query @{destination = $httpUri} + $command = "Invoke-RestMethod -Uri '$uri' -SkipCertificateCheck" + + $result = ExecuteWebCommand -command $command + $result.Output.Headers.Host | Should -Be "127.0.0.1:8083" + } + + It "Validate Invoke-RestMethod redirect with query destination Https" { + $httpUri = Get-WebListenerUrl -Test 'Get' -Https + $uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpUri} + $command = "Invoke-RestMethod -Uri '$uri' -SkipCertificateCheck" + + $result = ExecuteWebCommand -command $command + $result.Output.Headers.Host | Should -Be "127.0.0.1:9094" + } + It "Invoke-RestMethod supports request that returns page containing UTF-8 data." { $uri = Get-WebListenerUrl -Test 'Encoding' -TestValue 'Utf8' $command = "Invoke-RestMethod -Uri '$uri'" @@ -2595,6 +2649,24 @@ Describe "Invoke-RestMethod tests" -Tags "Feature", "RequireAdminOnWindows" { $response.Error.Exception.Response.Headers.Location | Should -BeNullOrEmpty } + It "Validate Invoke-RestMethod Https to Http redirect with -AllowInsecureRedirect" { + $httpUri = Get-WebListenerUrl -Test 'Get' + $uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpUri} + $command = "Invoke-RestMethod -Uri '$uri' -SkipCertificateCheck -AllowInsecureRedirect" + + $result = ExecuteWebCommand -command $command + $result.Output.Headers.Host | Should -Be "127.0.0.1:8083" + } + + It "Validate Invoke-RestMethod Https to Http redirect fails" { + $httpUri = Get-WebListenerUrl -Test 'Get' + $uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpUri} + $command = "Invoke-RestMethod -Uri '$uri' -SkipCertificateCheck" + + $result = ExecuteWebCommand -command $command + $result.Error.FullyQualifiedErrorId | Should -Be "WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand" + } + #endregion Redirect tests Context "Invoke-RestMethod SkipHeaderVerification Tests" { From 1943e762b1f7416fb31fe4b48481476a96ed1b3c Mon Sep 17 00:00:00 2001 From: CarloToso <105941898+CarloToso@users.noreply.github.com> Date: Fri, 13 Jan 2023 02:43:47 +0100 Subject: [PATCH 3/6] fix indenting --- .../WebCmdlets.Tests.ps1 | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 b/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 index b0135fa850d..31accae882c 100644 --- a/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 +++ b/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 @@ -956,23 +956,23 @@ Describe "Invoke-WebRequest tests" -Tags "Feature", "RequireAdminOnWindows" { $response.Error.Exception.Response.Headers.Location | Should -BeNullOrEmpty } - It "Validate Invoke-WebRequest Https to Http redirect with -AllowInsecureRedirect" { - $httpUri = Get-WebListenerUrl -Test 'Get' - $uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpUri} - $command = "Invoke-WebRequest -Uri '$uri' -SkipCertificateCheck -AllowInsecureRedirect" + It "Validate Invoke-WebRequest Https to Http redirect with -AllowInsecureRedirect" { + $httpUri = Get-WebListenerUrl -Test 'Get' + $uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpUri} + $command = "Invoke-WebRequest -Uri '$uri' -SkipCertificateCheck -AllowInsecureRedirect" - $result = ExecuteWebCommand -command $command - $result.Output.Headers.Host | Should -Be "127.0.0.1:8083" - } + $result = ExecuteWebCommand -command $command + $result.Output.Headers.Host | Should -Be "127.0.0.1:8083" + } - It "Validate Invoke-WebRequest Https to Http redirect fails" { - $httpUri = Get-WebListenerUrl -Test 'Get' - $uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpUri} - $command = "Invoke-WebRequest -Uri '$uri' -SkipCertificateCheck" + It "Validate Invoke-WebRequest Https to Http redirect fails" { + $httpUri = Get-WebListenerUrl -Test 'Get' + $uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpUri} + $command = "Invoke-WebRequest -Uri '$uri' -SkipCertificateCheck" - $result = ExecuteWebCommand -command $command - $result.Error.FullyQualifiedErrorId | Should -Be "WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand" - } + $result = ExecuteWebCommand -command $command + $result.Error.FullyQualifiedErrorId | Should -Be "WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand" + } } @@ -2206,7 +2206,7 @@ Describe "Invoke-RestMethod tests" -Tags "Feature", "RequireAdminOnWindows" { $result.Error.FullyQualifiedErrorId | Should -Be "WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand" } - It "Validate Invoke-RestMethod redirect with query destination Http" { + It "Validate Invoke-RestMethod redirect with query destination Http" { $httpUri = Get-WebListenerUrl -Test 'Get' $uri = Get-WebListenerUrl -Test 'Redirect' -Query @{destination = $httpUri} $command = "Invoke-RestMethod -Uri '$uri' -SkipCertificateCheck" From 5fdc7f0529db99b2f3865dfdd8eed83d79010965 Mon Sep 17 00:00:00 2001 From: CarloToso <105941898+CarloToso@users.noreply.github.com> Date: Fri, 13 Jan 2023 03:06:10 +0100 Subject: [PATCH 4/6] Host to $httpUri.Authority --- .../WebCmdlets.Tests.ps1 | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 b/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 index 31accae882c..af696d0df06 100644 --- a/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 +++ b/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 @@ -514,22 +514,22 @@ Describe "Invoke-WebRequest tests" -Tags "Feature", "RequireAdminOnWindows" { $result.Error.FullyQualifiedErrorId | Should -Be "WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand" } - It "Validate Invoke-WebRequest redirect with query destination Http" { + It "Validate Invoke-WebRequest redirect with -Query destination Http" { $httpUri = Get-WebListenerUrl -Test 'Get' $uri = Get-WebListenerUrl -Test 'Redirect' -Query @{destination = $httpUri} - $command = "Invoke-WebRequest -Uri '$uri' -SkipCertificateCheck" + $command = "Invoke-WebRequest -Uri '$uri'" $result = ExecuteWebCommand -command $command - $result.Output.Headers.Host | Should -Be "127.0.0.1:8083" + $result.Output.Headers.Host | Should -Be $httpUri.Authority } - It "Validate Invoke-WebRequest redirect with query destination Https" { - $httpUri = Get-WebListenerUrl -Test 'Get' -Https - $uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpUri} + It "Validate Invoke-WebRequest redirect with -Query destination Https" { + $httpsUri = Get-WebListenerUrl -Test 'Get' -Https + $uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpsUri} $command = "Invoke-WebRequest -Uri '$uri' -SkipCertificateCheck" $result = ExecuteWebCommand -command $command - $result.Output.Headers.Host | Should -Be "127.0.0.1:9094" + $result.Output.Headers.Host | Should -Be $httpsUri.Authority } It "Invoke-WebRequest supports request that returns page containing UTF-8 data." { @@ -962,7 +962,7 @@ Describe "Invoke-WebRequest tests" -Tags "Feature", "RequireAdminOnWindows" { $command = "Invoke-WebRequest -Uri '$uri' -SkipCertificateCheck -AllowInsecureRedirect" $result = ExecuteWebCommand -command $command - $result.Output.Headers.Host | Should -Be "127.0.0.1:8083" + $result.Output.Headers.Host | Should -Be $httpUri.Authority } It "Validate Invoke-WebRequest Https to Http redirect fails" { @@ -2206,22 +2206,22 @@ Describe "Invoke-RestMethod tests" -Tags "Feature", "RequireAdminOnWindows" { $result.Error.FullyQualifiedErrorId | Should -Be "WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand" } - It "Validate Invoke-RestMethod redirect with query destination Http" { + It "Validate Invoke-RestMethod redirect with -Query destination Http" { $httpUri = Get-WebListenerUrl -Test 'Get' $uri = Get-WebListenerUrl -Test 'Redirect' -Query @{destination = $httpUri} - $command = "Invoke-RestMethod -Uri '$uri' -SkipCertificateCheck" + $command = "Invoke-RestMethod -Uri '$uri'" $result = ExecuteWebCommand -command $command - $result.Output.Headers.Host | Should -Be "127.0.0.1:8083" + $result.Output.Headers.Host | Should -Be $httpUri.Authority } - It "Validate Invoke-RestMethod redirect with query destination Https" { - $httpUri = Get-WebListenerUrl -Test 'Get' -Https - $uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpUri} + It "Validate Invoke-RestMethod redirect with -Query destination Https" { + $httpsUri = Get-WebListenerUrl -Test 'Get' -Https + $uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpsUri} $command = "Invoke-RestMethod -Uri '$uri' -SkipCertificateCheck" $result = ExecuteWebCommand -command $command - $result.Output.Headers.Host | Should -Be "127.0.0.1:9094" + $result.Output.Headers.Host | Should -Be $httpsUri.Authority } It "Invoke-RestMethod supports request that returns page containing UTF-8 data." { @@ -2655,7 +2655,7 @@ Describe "Invoke-RestMethod tests" -Tags "Feature", "RequireAdminOnWindows" { $command = "Invoke-RestMethod -Uri '$uri' -SkipCertificateCheck -AllowInsecureRedirect" $result = ExecuteWebCommand -command $command - $result.Output.Headers.Host | Should -Be "127.0.0.1:8083" + $result.Output.Headers.Host | Should -Be $httpUri.Authority } It "Validate Invoke-RestMethod Https to Http redirect fails" { From 341d604a7fe9bdf97b55a56df22b7563516852d8 Mon Sep 17 00:00:00 2001 From: CarloToso <105941898+CarloToso@users.noreply.github.com> Date: Fri, 13 Jan 2023 11:18:03 +0100 Subject: [PATCH 5/6] fix Invoke-WebRequests Tests --- .../Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 b/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 index af696d0df06..75cfb10ea33 100644 --- a/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 +++ b/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 @@ -520,7 +520,8 @@ Describe "Invoke-WebRequest tests" -Tags "Feature", "RequireAdminOnWindows" { $command = "Invoke-WebRequest -Uri '$uri'" $result = ExecuteWebCommand -command $command - $result.Output.Headers.Host | Should -Be $httpUri.Authority + $jsonContent = $result.Output.Content | ConvertFrom-Json + $jsonContent.headers.Host | Should -Match $httpUri.Authority } It "Validate Invoke-WebRequest redirect with -Query destination Https" { @@ -529,7 +530,8 @@ Describe "Invoke-WebRequest tests" -Tags "Feature", "RequireAdminOnWindows" { $command = "Invoke-WebRequest -Uri '$uri' -SkipCertificateCheck" $result = ExecuteWebCommand -command $command - $result.Output.Headers.Host | Should -Be $httpsUri.Authority + $jsonContent = $result.Output.Content | ConvertFrom-Json + $jsonContent.headers.Host | Should -Match $httpsUri.Authority } It "Invoke-WebRequest supports request that returns page containing UTF-8 data." { @@ -962,7 +964,8 @@ Describe "Invoke-WebRequest tests" -Tags "Feature", "RequireAdminOnWindows" { $command = "Invoke-WebRequest -Uri '$uri' -SkipCertificateCheck -AllowInsecureRedirect" $result = ExecuteWebCommand -command $command - $result.Output.Headers.Host | Should -Be $httpUri.Authority + $jsonContent = $result.Output.Content | ConvertFrom-Json + $jsonContent.headers.Host | Should -Match $httpUri.Authority } It "Validate Invoke-WebRequest Https to Http redirect fails" { From 474c24b70858f70c71e6b24a62517a75ce7e3cee Mon Sep 17 00:00:00 2001 From: CarloToso <105941898+CarloToso@users.noreply.github.com> Date: Fri, 13 Jan 2023 12:55:22 +0100 Subject: [PATCH 6/6] add suggestions --- .../Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 b/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 index 75cfb10ea33..b930c27d7d9 100644 --- a/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 +++ b/test/powershell/Modules/Microsoft.PowerShell.Utility/WebCmdlets.Tests.ps1 @@ -968,7 +968,7 @@ Describe "Invoke-WebRequest tests" -Tags "Feature", "RequireAdminOnWindows" { $jsonContent.headers.Host | Should -Match $httpUri.Authority } - It "Validate Invoke-WebRequest Https to Http redirect fails" { + It "Validate Invoke-WebRequest Https to Http redirect without -AllowInsecureRedirect" { $httpUri = Get-WebListenerUrl -Test 'Get' $uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpUri} $command = "Invoke-WebRequest -Uri '$uri' -SkipCertificateCheck" @@ -2661,7 +2661,7 @@ Describe "Invoke-RestMethod tests" -Tags "Feature", "RequireAdminOnWindows" { $result.Output.Headers.Host | Should -Be $httpUri.Authority } - It "Validate Invoke-RestMethod Https to Http redirect fails" { + It "Validate Invoke-RestMethod Https to Http redirect without -AllowInsecureRedirect" { $httpUri = Get-WebListenerUrl -Test 'Get' $uri = Get-WebListenerUrl -Test 'Redirect' -Https -Query @{destination = $httpUri} $command = "Invoke-RestMethod -Uri '$uri' -SkipCertificateCheck"