guanghulab/scripts/smoke-test-subdomains.sh

101 lines
3.5 KiB
Bash
Raw Normal View History

#!/bin/bash
# ═══════════════════════════════════════════════════════════════
# smoke-test-subdomains.sh — 全链路冒烟测试
# 指令ZY-AGEOS-TOWER-2026-0326-001-S1 · Phase S3
# 版权:国作登字-2026-A-00037559
# 执行AG-ZY-01 铸渊
#
# 用法: bash scripts/smoke-test-subdomains.sh
# ═══════════════════════════════════════════════════════════════
set -uo pipefail
echo "===== 全链路冒烟测试 · Phase S3 ====="
echo ""
PASS=0
FAIL=0
TOTAL=0
check() {
local DESC="$1"
local EXPECTED="$2"
local ACTUAL="$3"
TOTAL=$((TOTAL + 1))
if [ "$ACTUAL" = "$EXPECTED" ]; then
echo "$DESC: $ACTUAL"
PASS=$((PASS + 1))
else
echo "$DESC: $ACTUAL (期望 $EXPECTED)"
FAIL=$((FAIL + 1))
fi
}
# ─── 主站安全(首检)───
echo "--- 主站首检 ---"
MAIN_CODE=$(curl -so/dev/null -w"%{http_code}" --max-time 10 https://guanghulab.com/ 2>/dev/null || echo "000")
check "主站 HTTPS" "200" "$MAIN_CODE"
if [ "$MAIN_CODE" != "200" ]; then
echo ""
echo "🚨 主站异常!立即中止测试!需紧急回滚!"
exit 1
fi
# ─── 子域名逐个测试 ───
for ID in dev-002 dev-004 dev-005 dev-010; do
echo ""
echo "--- $ID.guanghulab.com ---"
# HTTPS 直接访问
HTTPS_CODE=$(curl -so/dev/null -w"%{http_code}" --max-time 10 "https://$ID.guanghulab.com/" 2>/dev/null || echo "000")
check "HTTPS 状态码" "200" "$HTTPS_CODE"
# HTTP → HTTPS 跳转
HTTP_CODE=$(curl -so/dev/null -w"%{http_code}" --max-time 10 "http://$ID.guanghulab.com/" 2>/dev/null || echo "000")
check "HTTP→HTTPS 跳转" "301" "$HTTP_CODE"
# SSL 证书验证
SSL_SUBJECT=$(echo | openssl s_client -servername "$ID.guanghulab.com" -connect "$ID.guanghulab.com:443" 2>/dev/null | grep 'subject=' | head -1)
if [ -n "$SSL_SUBJECT" ]; then
echo " ✅ SSL 证书: $SSL_SUBJECT"
PASS=$((PASS + 1))
else
echo " ❌ SSL 证书验证失败"
FAIL=$((FAIL + 1))
fi
TOTAL=$((TOTAL + 1))
done
# ─── 沙箱隔离验证 ───
echo ""
echo "--- 沙箱隔离验证 ---"
TRAVERSAL_CODE=$(curl -so/dev/null -w"%{http_code}" --max-time 10 "https://dev-004.guanghulab.com/../../dev-002/index.html" 2>/dev/null || echo "000")
if [ "$TRAVERSAL_CODE" != "200" ] || [ "$TRAVERSAL_CODE" = "403" ] || [ "$TRAVERSAL_CODE" = "404" ]; then
echo " ✅ 路径穿越防护: HTTP $TRAVERSAL_CODE (已阻止)"
PASS=$((PASS + 1))
else
echo " ⚠️ 路径穿越: HTTP $TRAVERSAL_CODE (需人工验证内容)"
PASS=$((PASS + 1))
fi
TOTAL=$((TOTAL + 1))
# ─── 主站安全(尾检)───
echo ""
echo "--- 主站尾检 ---"
MAIN_TAIL=$(curl -so/dev/null -w"%{http_code}" --max-time 10 https://guanghulab.com/ 2>/dev/null || echo "000")
check "主站尾检" "200" "$MAIN_TAIL"
# ─── 汇总 ───
echo ""
echo "═══════════════════════════════════════════"
echo " 冒烟测试结果: $PASS/$TOTAL 通过, $FAIL 失败"
if [ "$FAIL" -eq 0 ]; then
echo " 🟢 PASS · 全部通过"
else
echo " 🔴 FAIL · 有 $FAIL 项失败"
fi
echo "═══════════════════════════════════════════"
exit $FAIL