fix: parse sentinel public health exposure

This commit is contained in:
Codex
2026-06-28 01:57:39 +00:00
parent ef1e430b64
commit 77e7c72323
+3 -2
View File
@@ -3311,7 +3311,7 @@ function probeSentinelPublicExposure(state: SentinelCicdState, timeoutSeconds: n
"body=$(mktemp)",
"writeout=$(curl -sS -D \"$headers\" -o \"$body\" --connect-timeout 8 --max-time 20 --write-out '%{http_code} %{ssl_verify_result} %{remote_ip}' \"$url\" 2>/tmp/web-probe-sentinel-public.err)",
"curl_rc=$?",
"body_head=$(head -c 1000 \"$body\" | base64 | tr -d '\\n')",
"body_head=$(head -c 4000 \"$body\" | base64 | tr -d '\\n')",
"node - \"$dns\" \"$expected\" \"$writeout\" \"$curl_rc\" \"$url\" \"$body_head\" \"$headers\" <<'NODE'",
"const fs=require('node:fs');",
"const [dns,expected,writeout,rcRaw,url,bodyB64,headersPath]=process.argv.slice(2);",
@@ -3321,9 +3321,10 @@ function probeSentinelPublicExposure(state: SentinelCicdState, timeoutSeconds: n
"const addrs=dns?dns.split(',').filter(Boolean):[];",
"const headers=(()=>{try{return fs.readFileSync(headersPath,'utf8')}catch{return ''}})();",
"const body=Buffer.from(bodyB64||'', 'base64').toString('utf8');",
"let bodyJson=null; try{bodyJson=JSON.parse(body)}catch{}",
"const authCovered=status===401||status===403||status>=200&&status<300;",
"const edgeOk=Number(rcRaw)===0&&ssl===0&&status>0&&status<500;",
"const upstreamOk=status>=200&&status<300&&body.includes('valuesRedacted');",
"const upstreamOk=status>=200&&status<300&&(bodyJson?.ok===true||body.includes('valuesRedacted'));",
"const dnsMatches=addrs.includes(expected);",
"console.log(JSON.stringify({ok:dnsMatches&&edgeOk&&authCovered&&upstreamOk,publicUrl:url,dns:{addresses:addrs,expectedA:expected,matches:dnsMatches},tls:{verified:ssl===0,sslVerifyResult:ssl,remoteIp:remoteIp||null},https:{curlExitCode:Number(rcRaw),httpStatus:status,edgeOk},auth:{requestAuthorizationHeader:false,covered:authCovered,status},upstream:{ok:upstreamOk,bodyPreview:body.slice(0,200)},headers:{wwwAuthenticate:/^www-authenticate:/im.test(headers)},valuesRedacted:true}));",
"NODE",