fixup

consideRatio · consideRatio · commit 196360c69cf5 · 2025-04-11T10:42:02.000+02:00
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
@@ -60,7 +60,7 @@ jobs:
 
       - name: Test vncserver
         run: |
-          container_id=$(docker run -d -it -p 5901:5901 test vncserver -xstartup /opt/install/jupyter_remote_desktop_proxy/share/xstartup -verbose -fg -geometry 1680x1050 -SecurityTypes None -rfbport 5901)
+          container_id=$(docker run -d -it test vncserver -xstartup /opt/install/jupyter_remote_desktop_proxy/share/xstartup -verbose -fg -geometry 1680x1050 -SecurityTypes None -rfbport -1 -rfbunixpath /tmp/vncserver.socket)
           sleep 1
 
           echo "::group::Install netcat, a test dependency"
@@ -73,6 +73,15 @@ jobs:
           docker exec -it $container_id timeout --preserve-status 1 nc -v localhost 5901 2>&1 | tee -a /dev/stderr | \
               grep --quiet RFB && echo "Passed test" || { echo "Failed test" && TEST_OK=false; }
 
+          echo "::group::Check TCP ports not opened"
+          ports=(5800 5801 5900 5901)
+          for port in "${ports[@]}"
+          do
+              docker exec -it $container_id_insecure timeout --preserve-status 1 nc -vz localhost $port | \
+                  grep --quiet succeeded && { echo "Failed security check - port $port open" && TEST_OK=false; } || echo "Passed security check - port $port not opened"
+          done
+          echo "::endgroup::"
+
           echo "::group::vncserver logs"
           docker exec $container_id bash -c 'cat ~/.vnc/*.log'
           echo "::endgroup::"
@@ -90,7 +99,7 @@ jobs:
 
       - name: Playwright browser test
         run: |
-          container_id=$(docker run -d -it -p 8888:8888 -e JUPYTER_TOKEN=secret test)
+          container_id=$(docker run -d -it -p 8888:8888 -p 5800:5800 -p 5801:5801 -p 5900:5900 -p 5901:5901 -e JUPYTER_TOKEN=secret test)
           sleep 3
           export CONTAINER_ID=$container_id
           export JUPYTER_HOST=http://localhost:8888
diff --git a/tests/test_browser.py b/tests/test_browser.py
@@ -1,4 +1,3 @@
-import socket
 from os import getenv
 from pathlib import Path
 from shutil import which
@@ -39,22 +38,6 @@ def compare_screenshot(test_image):
     assert m < threshold
 
 
-def assert_no_vncserver_tcp_port_open(host="localhost", port=5901, timeout=1):
-    """
-    Test that a specific port is not open, which would be a security issue.
-    Returns:
-        True if the port is closed (secure), False if open (security issue)
-    """
-    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-    sock.settimeout(timeout)
-    result = sock.connect_ex((host, port))
-    sock.close()
-    
-    # If result is 0, connection was successful (port is open - security issue)
-    # Otherwise, connection failed (port is closed - secure)
-    assert result != 0
-
-
 # To debug this set environment variable HEADLESS=0
 def test_desktop(browser):
     page = browser
@@ -71,8 +54,6 @@ def test_desktop(browser):
     expect(page1.get_by_text("Status: Connected")).to_be_visible()
     expect(page1.locator("canvas")).to_be_visible()
 
-    assert_no_vncserver_tcp_port_open()
-
     # Screenshot the desktop element only
     # May take a few seconds to load
     page1.wait_for_timeout(5000)
