diff --git a/scripts/src/hwlab-node-web-sentinel-cicd.ts b/scripts/src/hwlab-node-web-sentinel-cicd.ts index 62f01e81..df7d96eb 100644 --- a/scripts/src/hwlab-node-web-sentinel-cicd.ts +++ b/scripts/src/hwlab-node-web-sentinel-cicd.ts @@ -3311,7 +3311,7 @@ function probeSentinelPublicExposure(state: SentinelCicdState, timeoutSeconds: n "body=$(mktemp)", "writeout=$(curl -sS -D \"$headers\" -o \"$body\" --connect-timeout 8 --max-time 20 --write-out '%{http_code} %{ssl_verify_result} %{remote_ip}' \"$url\" 2>/tmp/web-probe-sentinel-public.err)", "curl_rc=$?", - "body_head=$(head -c 1000 \"$body\" | base64 | tr -d '\\n')", + "body_head=$(head -c 4000 \"$body\" | base64 | tr -d '\\n')", "node - \"$dns\" \"$expected\" \"$writeout\" \"$curl_rc\" \"$url\" \"$body_head\" \"$headers\" <<'NODE'", "const fs=require('node:fs');", "const [dns,expected,writeout,rcRaw,url,bodyB64,headersPath]=process.argv.slice(2);", @@ -3321,9 +3321,10 @@ function probeSentinelPublicExposure(state: SentinelCicdState, timeoutSeconds: n "const addrs=dns?dns.split(',').filter(Boolean):[];", "const headers=(()=>{try{return fs.readFileSync(headersPath,'utf8')}catch{return ''}})();", "const body=Buffer.from(bodyB64||'', 'base64').toString('utf8');", + "let bodyJson=null; try{bodyJson=JSON.parse(body)}catch{}", "const authCovered=status===401||status===403||status>=200&&status<300;", "const edgeOk=Number(rcRaw)===0&&ssl===0&&status>0&&status<500;", - "const upstreamOk=status>=200&&status<300&&body.includes('valuesRedacted');", + "const upstreamOk=status>=200&&status<300&&(bodyJson?.ok===true||body.includes('valuesRedacted'));", "const dnsMatches=addrs.includes(expected);", "console.log(JSON.stringify({ok:dnsMatches&&edgeOk&&authCovered&&upstreamOk,publicUrl:url,dns:{addresses:addrs,expectedA:expected,matches:dnsMatches},tls:{verified:ssl===0,sslVerifyResult:ssl,remoteIp:remoteIp||null},https:{curlExitCode:Number(rcRaw),httpStatus:status,edgeOk},auth:{requestAuthorizationHeader:false,covered:authCovered,status},upstream:{ok:upstreamOk,bodyPreview:body.slice(0,200)},headers:{wwwAuthenticate:/^www-authenticate:/im.test(headers)},valuesRedacted:true}));", "NODE",