You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
Michele Sessa 8d1b0b182a docs(localhost): add note to clarifiy auditor should check source code 2 years ago
..
README.md docs(localhost): add note to clarifiy auditor should check source code 2 years ago

README.md

Localhost is about creating your own HTTP server and test it with an actual browser.

Take the necessary time to understand the project and to test it, looking into the source code will help a lot.

Functional

Is the student able to justify his choices and explain the following: Note: Ask the student to show you the implementation in the source code when necessary.

How does an HTTP server works?
Which function was used for I/O Multiplexing and how does it works?
Is the server using only one select (or equivalent) to read the client requests and write answers?
Why is it important to use only one select and how was it achieved?
Read the code that goes from the select (or equivalent) to the read and write of a client, is there only one read or write per client per select (or equivalent)?
Are the return values for I/O functions checked properly?
If an error is returned by the previous functions on a socket, is the client removed?
Is writing and reading ALWAYS done through a select (or equivalent)?

Configuration file

Check the configuration file and modify it if necessary. Are the following configurations working properly:

Setup a single server with a single port.
Setup multiple servers with different port.
Setup multiple servers with different hostnames (for example: curl --resolve test.com:80:127.0.0.1 http://test.com/).
Setup custom error pages.
Limit the client body (for example: curl -X POST -H "Content-Type: plain/text" --data "BODY with something shorter or longer than body limit").
Setup routes and ensure they are taken into account.
Setup a default file in case the path is a directory.
Setup a list of accepted methods for a route (for example: try to DELETE something with and without permission).

Methods and cookies

For each method be sure to check the status code (200, 404 etc):

Are the GET requests working properly?
Are the POST requests working properly?
Are the DELETE requests working properly?
Test a WRONG request, is the server still working properly?
Upload some files to the server and get them back to test they were not corrupted.
A working session and cookies system is present on the server?

Interaction with the browser

Open the browser used by the team during tests and its developer tools panel to help you with tests.

Is the browser connecting with the server with no issues?
Are the request and response headers correct? (It should serve a full static website without any problem).
Try a wrong URL on the server, is it handled properly?
Try to list a directory, is it handled properly?
Try a redirected URL, is it handled properly?
Check the implemented CGI, does it works properly with chunked and unchunked data?

Port issues

Configure multiple ports and websites and ensure it is working as expected.
Configure the same port multiple times. The server should find the error.
Configure multiple servers at the same time with different configurations but with common ports. Ask why the server should work if one of the configurations isn't working.

Siege & stress test

Use siege with a GET method on an empty page, availability should be at least 99.5% with the command siege -b [IP]:[PORT].
Check if there is no memory leak (you could use some tools like top).
Check if there is no hanging connection.

General

+There's more than one CGI system such as [Python,C++,Perl].
+There is a second implementation of the server in a different language (repeat practical tests on it before to validate).