Merge pull request #2367 from mhils/issue-2329

Fix #2329
2025-01-30 14:58:38 +00:00 · 2017-06-02 14:18:56 +02:00 · 2017-06-02 14:18:56 +02:00 · 020e5a5c95
commit 020e5a5c95
parent 619566fc9f 5e17b5f62e
5 changed files with 64 additions and 13 deletions
--- a/mitmproxy/log.py
+++ b/mitmproxy/log.py
@ -4,6 +4,9 @@ class LogEntry:
        self.msg = msg
        self.level = level

+    def __repr__(self):
+        return "LogEntry({}, {})".format(self.msg, self.level)
+

 class Log:
    """
--- a/mitmproxy/proxy/root_context.py
+++ b/mitmproxy/proxy/root_context.py
@ -70,8 +70,16 @@ class RootContext:
                top_layer.server_tls,
                top_layer.server_conn.address[0]
            )
-        if isinstance(top_layer, protocol.ServerConnectionMixin) or isinstance(top_layer, protocol.UpstreamConnectLayer):
+        if isinstance(top_layer, protocol.ServerConnectionMixin):
            return protocol.TlsLayer(top_layer, client_tls, client_tls)
+        if isinstance(top_layer, protocol.UpstreamConnectLayer):
+            # if the user manually sets a scheme for connect requests, we use this to decide if we
+            # want TLS or not.
+            if top_layer.connect_request.scheme:
+                tls = top_layer.connect_request.scheme == "https"
+            else:
+                tls = client_tls
+            return protocol.TlsLayer(top_layer, client_tls, tls)

        # 3. In Http Proxy mode and Upstream Proxy mode, the next layer is fixed.
        if isinstance(top_layer, protocol.TlsLayer):
--- a/mitmproxy/test/taddons.py
+++ b/mitmproxy/test/taddons.py
@ -17,6 +17,8 @@ class TestAddons(addonmanager.AddonManager):
    def trigger(self, event, *args, **kwargs):
        if event == "log":
            self.master.logs.append(args[0])
+        elif event == "tick" and not args and not kwargs:
+            pass
        else:
            self.master.events.append((event, args, kwargs))
        super().trigger(event, *args, **kwargs)
--- a/test/mitmproxy/proxy/test_server.py
+++ b/test/mitmproxy/proxy/test_server.py
@ -1,28 +1,27 @@
 import os
 import socket
 import time
-import pytest
 from unittest import mock

-from mitmproxy.test import tutils
-from mitmproxy import options
-from mitmproxy.addons import script
-from mitmproxy.addons import proxyauth
-from mitmproxy import http
-from mitmproxy.proxy.config import HostMatcher
+import pytest
+
 import mitmproxy.net.http
-from mitmproxy.net import tcp
-from mitmproxy.net import socks
 from mitmproxy import certs
 from mitmproxy import exceptions
+from mitmproxy import http
+from mitmproxy import options
+from mitmproxy.addons import proxyauth
+from mitmproxy.addons import script
+from mitmproxy.net import socks
+from mitmproxy.net import tcp
 from mitmproxy.net.http import http1
+from mitmproxy.proxy.config import HostMatcher
+from mitmproxy.test import tutils
 from pathod import pathoc
 from pathod import pathod
-
 from .. import tservers
 from ...conftest import skip_appveyor

-
 """
    Note that the choice of response code in these tests matters more than you
    might think. libcurl treats a 304 response code differently from, say, a
@ -1009,6 +1008,40 @@ class TestUpstreamProxySSL(
        assert len(self.chain[0].tmaster.state.flows) == 0
        assert len(self.chain[1].tmaster.state.flows) == 1

+    def test_connect_https_to_http(self):
+        """
+        https://github.com/mitmproxy/mitmproxy/issues/2329
+
+        Client <- HTTPS -> Proxy <- HTTP -> Proxy <- HTTPS -> Server
+        """
+        self.proxy.tmaster.addons.add(RewriteToHttp())
+        self.chain[1].tmaster.addons.add(RewriteToHttps())
+        p = self.pathoc()
+        with p.connect():
+            resp = p.request("get:'/p/418'")
+
+        assert self.proxy.tmaster.state.flows[0].client_conn.tls_established
+        assert not self.proxy.tmaster.state.flows[0].server_conn.tls_established
+        assert not self.chain[1].tmaster.state.flows[0].client_conn.tls_established
+        assert self.chain[1].tmaster.state.flows[0].server_conn.tls_established
+        assert resp.status_code == 418
+
+
+class RewriteToHttp:
+    def http_connect(self, f):
+        f.request.scheme = "http"
+
+    def request(self, f):
+        f.request.scheme = "http"
+
+
+class RewriteToHttps:
+    def http_connect(self, f):
+        f.request.scheme = "https"
+
+    def request(self, f):
+        f.request.scheme = "https"
+

 class UpstreamProxyChanger:
    def __init__(self, addr):
--- a/test/mitmproxy/test_log.py
+++ b/test/mitmproxy/test_log.py
@ -1 +1,6 @@
-# TODO: write tests
+from mitmproxy import log
+
+
+def test_logentry():
+    e = log.LogEntry("foo", "info")
+    assert repr(e) == "LogEntry(foo, info)"