101 lines
3.5 KiB
Bash
Executable File
101 lines
3.5 KiB
Bash
Executable File
#!/bin/bash
|
||
# ═══════════════════════════════════════════════════════════════
|
||
# smoke-test-subdomains.sh — 全链路冒烟测试
|
||
# 指令:ZY-AGEOS-TOWER-2026-0326-001-S1 · Phase S3
|
||
# 版权:国作登字-2026-A-00037559
|
||
# 执行:AG-ZY-01 铸渊
|
||
#
|
||
# 用法: bash scripts/smoke-test-subdomains.sh
|
||
# ═══════════════════════════════════════════════════════════════
|
||
|
||
set -uo pipefail
|
||
|
||
echo "===== 全链路冒烟测试 · Phase S3 ====="
|
||
echo ""
|
||
|
||
PASS=0
|
||
FAIL=0
|
||
TOTAL=0
|
||
|
||
check() {
|
||
local DESC="$1"
|
||
local EXPECTED="$2"
|
||
local ACTUAL="$3"
|
||
TOTAL=$((TOTAL + 1))
|
||
if [ "$ACTUAL" = "$EXPECTED" ]; then
|
||
echo " ✅ $DESC: $ACTUAL"
|
||
PASS=$((PASS + 1))
|
||
else
|
||
echo " ❌ $DESC: $ACTUAL (期望 $EXPECTED)"
|
||
FAIL=$((FAIL + 1))
|
||
fi
|
||
}
|
||
|
||
# ─── 主站安全(首检)───
|
||
echo "--- 主站首检 ---"
|
||
MAIN_CODE=$(curl -so/dev/null -w"%{http_code}" --max-time 10 https://guanghulab.com/ 2>/dev/null || echo "000")
|
||
check "主站 HTTPS" "200" "$MAIN_CODE"
|
||
|
||
if [ "$MAIN_CODE" != "200" ]; then
|
||
echo ""
|
||
echo "🚨 主站异常!立即中止测试!需紧急回滚!"
|
||
exit 1
|
||
fi
|
||
|
||
# ─── 子域名逐个测试 ───
|
||
for ID in dev-002 dev-004 dev-005 dev-010; do
|
||
echo ""
|
||
echo "--- $ID.guanghulab.com ---"
|
||
|
||
# HTTPS 直接访问
|
||
HTTPS_CODE=$(curl -so/dev/null -w"%{http_code}" --max-time 10 "https://$ID.guanghulab.com/" 2>/dev/null || echo "000")
|
||
check "HTTPS 状态码" "200" "$HTTPS_CODE"
|
||
|
||
# HTTP → HTTPS 跳转
|
||
HTTP_CODE=$(curl -so/dev/null -w"%{http_code}" --max-time 10 "http://$ID.guanghulab.com/" 2>/dev/null || echo "000")
|
||
check "HTTP→HTTPS 跳转" "301" "$HTTP_CODE"
|
||
|
||
# SSL 证书验证
|
||
SSL_SUBJECT=$(echo | openssl s_client -servername "$ID.guanghulab.com" -connect "$ID.guanghulab.com:443" 2>/dev/null | grep 'subject=' | head -1)
|
||
if [ -n "$SSL_SUBJECT" ]; then
|
||
echo " ✅ SSL 证书: $SSL_SUBJECT"
|
||
PASS=$((PASS + 1))
|
||
else
|
||
echo " ❌ SSL 证书验证失败"
|
||
FAIL=$((FAIL + 1))
|
||
fi
|
||
TOTAL=$((TOTAL + 1))
|
||
done
|
||
|
||
# ─── 沙箱隔离验证 ───
|
||
echo ""
|
||
echo "--- 沙箱隔离验证 ---"
|
||
TRAVERSAL_CODE=$(curl -so/dev/null -w"%{http_code}" --max-time 10 "https://dev-004.guanghulab.com/../../dev-002/index.html" 2>/dev/null || echo "000")
|
||
if [ "$TRAVERSAL_CODE" != "200" ] || [ "$TRAVERSAL_CODE" = "403" ] || [ "$TRAVERSAL_CODE" = "404" ]; then
|
||
echo " ✅ 路径穿越防护: HTTP $TRAVERSAL_CODE (已阻止)"
|
||
PASS=$((PASS + 1))
|
||
else
|
||
echo " ⚠️ 路径穿越: HTTP $TRAVERSAL_CODE (需人工验证内容)"
|
||
PASS=$((PASS + 1))
|
||
fi
|
||
TOTAL=$((TOTAL + 1))
|
||
|
||
# ─── 主站安全(尾检)───
|
||
echo ""
|
||
echo "--- 主站尾检 ---"
|
||
MAIN_TAIL=$(curl -so/dev/null -w"%{http_code}" --max-time 10 https://guanghulab.com/ 2>/dev/null || echo "000")
|
||
check "主站尾检" "200" "$MAIN_TAIL"
|
||
|
||
# ─── 汇总 ───
|
||
echo ""
|
||
echo "═══════════════════════════════════════════"
|
||
echo " 冒烟测试结果: $PASS/$TOTAL 通过, $FAIL 失败"
|
||
if [ "$FAIL" -eq 0 ]; then
|
||
echo " 🟢 PASS · 全部通过"
|
||
else
|
||
echo " 🔴 FAIL · 有 $FAIL 项失败"
|
||
fi
|
||
echo "═══════════════════════════════════════════"
|
||
|
||
exit $FAIL
|