Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Insecure Verify #69

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Support Insecure Verify #69

wants to merge 1 commit into from

Conversation

alleeclark
Copy link
Contributor

@alleeclark alleeclark commented Sep 9, 2020
edited
Loading

When submitting an attack request with insecure for TLS configuration set to true does not get set. By default in the go language if insecure is not set, it will look to verify TLS if the target is serving https. This propose change sets insecure regardless if certs are found or not which is done in the vegeta library https://github.com/tsenart/vegeta/blob/19b74586217105bbde8ded6077c70095e97146bf/attack.go#L43 .

To Reproduce:
Submit an attack where insecure is true
curl --header "Content-Type: application/json" --request POST --data '{"rate": 5,"duration":"10s","body":"eyJ1c2VyX2lkIjWJhOjYmFhOCJ9Cg==","insecure":true,"target":{"method":"POST","URL":"https://localhost:8500/login","scheme":"http"}}' http://localhost:8080/api/v1/attack

View the report of the attack

curl http://localhost:8080/api/v1/report/e9bee353-6b6a-4cdf-8a3f-0e5d644fee43

{"id":"e9bee353-6b6a-4cdf-8a3f-0e5d644fee43","latencies":{"total":0,"mean":0,"max":0,"50th":0,"95th":0,"99th":0},"bytes_in":{"total":0,"mean":0},"bytes_out":{"total":0,"mean":0},"earliest":"2020-09-08T15:49:57.159557136-04:00","latest":"2020-09-08T15:50:06.95966272-04:00","end":"2020-09-08T15:50:06.95966272-04:00","duration":9800105584,"wait":0,"requests":50,"rate":5.101985848155735,"success":0,"status_codes":{"0":50},"errors":["Post \"https://localhost:8500/login\": x509: certificate signed by unknown authority"]}

Expected behavior:
Status codes should return a non zero value as well as no errors from the request.

After building and running the change the expected output returned
{"id":"feb089a7-b6ab-49bf-bc9f-0b45e9c6721a","latencies":{"total":991264253,"mean":19825285,"max":24151538,"50th":19546985,"95th":23186075,"99th":24151538},"bytes_in":{"total":0,"mean":0},"bytes_out":{"total":2600,"mean":52},"earliest":"2020-09-08T14:00:13.920450625-04:00","latest":"2020-09-08T14:00:23.718906389-04:00","end":"2020-09-08T14:00:23.73893505-04:00","duration":9798455764,"wait":20028661,"requests":50,"rate":5.102844897631973,"success":1,"status_codes":{"200":50},"errors":[]}

@alleeclark
Copy link
Contributor Author

alleeclark commented Sep 9, 2020
edited
Loading

After running make validate a new lint error showed due to my change:

pkg/vegeta/vegeta.go:18:2: if statements should only be cuddled with assignments used in the if statement itself (wsl)
	if key != "" && cert != "" {
	^

What are the recommendations? Should I just set insecure in attackWithOpts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@alleeclark