Path: | rinject.rb |
Last Update: | Tue Sep 09 06:33:12 +0200 2008 |
RInject.rb: RInject is a tool for automated testing of web applications and services. It can be used to test HTTP(S) interfaces for service-level monitoring. Compared to WebInject, RInject has a more powerful verification- and parsing-engine.
*Author*: Benedikt Koeppel http://muasch.ch mailto:be.public@gmail.com *Licence*: RInject: automated testing of web applications and services Copyright (C) 2008 Benedikt A. Koeppel This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>. *Usage*: +rinject.rb [options]+ -c --config CONFIG: Specify config-file -o --output OUTPUT: Specify output-location -n --no-output: Disable any output -C --cases CASES: From where to load testcases -h --help: Help RInject reads all testcases from the file, specified with -C or --cases Syntax for XML-File: <testcases repeat="1"> <!-- +comment+ --> <!-- basic schema of XML file --> <case id="+id+" sleep="+seconds+" log="+error|all|request|response|none+"> <description>+description+</description> <error>+error message+</error> <request method="+get|post+" url="+url+"> <post type="+enctype+"> <postarg name="+name1+" value="+value1+" /> <postarg name="+nameN+" value="+valueN+" /> </post> <header name="+header-name1+" value="+header-value1+" /> <header name="+header-nameN+" value="+header-valueN+" /> <httpauth username="+username+" password="+password"+ /> </request> <response> <verify name="+verification-name1+" error="+errormessage1+" exp="+regular expression1+" type="+positive|negative+" /> <verify name="+verification-nameN+" error="+errormessageN+" exp="+regular expressionN+" type="+positive|negative+" /> <parse name="+parse-variable-name1+" exp="+regular expression1+" escape="+false|true+" default="+default-value1+" /> <parse name="+parse-variable-nameN+" exp="+regular expressionN+" escape="+false|true+" default="+default-valueN+" /> </response> </case> <!-- two examples --> <!-- example 1: - send POST-data to http://example.net/login.php with two additional headers - verify that responsecode is 200 - verify that "Welcome Mr." or "Welcome Mrs." is in the source of the website - verify that "Failed to connect to" is *not* in the source of the website - read what's after "Welcome Mr." or "Welcome Mrs." in between to "!" and save this string as ${Username} --> <case id="1" sleep="0" log="error"> <description>POST Login to http://example.net/login.php</description> <error>POST Login failed!</error> <request method="post" url="http://example.net/login.php"> <post type="application/x-www-form-urlencoded"> <postarg name="username" value="rinject" /> <postarg name="password" value="PW01234:" /> <postarg name="submit" value="true" /> </post> <header name="UserAgent" value="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" /> <header name="Referer" value="http://example.net/index.php" /> </request> <response> <verify name="HTTP responsecode" error="HTTP code 200 expected" exp="HTTP\/[\d]\.[\d] 200" type="positive" /> <verify name="Successfully logged in" error="Welcome-String not found" exp="Welcome (Mr\.|Mrs\.)" type="positive" /> <verify name="Database is not working" error="DB is not working" exp="Failed to connect to" type="negative" /> <parse name="Username" exp="Welcome (Mr\.|Mrs\.) (.*?)!" escape="false" default="" /> </response> </case> <!-- example 2: - send GET-request to http://example.net/users/${Username} where ${Username} is the variable from case 1 - verify that responsecode is 200 - verify that "Userinformation for ${Username}" is in the source of the website --> <case id="2" sleep="0" log="error"> <description>View user details</description> <error>User details can't be displayed</error> <request method="get" url="http://example.net/users/${Username}" /> <response> <verify name="HTTP responsecode" error="HTTP code 200 expected" exp="HTTP\/[\d]\.[\d] 200" type="positive" /> <verify name="Information for ${Username}" error="No information about ${Username} displayed" exp="Userinformation for ${Username}" type="positive" /> </response> </case> </testcases> Running ./rinject.rb -C testcases.xml puts out the status in Nagios plugin format of all cases as last line run +./rinject.rb [options] | tail -n 1+ to get only the Nagios output *TODO*: -c --config is not working yet -o --output is not working yet -n --no-output is not working yet no stupid output, but correct logging instead!