test: fix TLS alert tests to use unit tests instead of unreliable external servers

- Replace client.badssl.com tests with unit tests for parseTlsAlertNumber and getTlsAlertName - Export helper functions for testing - Keep one integration test for connection success scenario
2026-01-06 11:08:41 +02:00 · 2026-01-06 11:08:41 +02:00 · 5ab3a68718
commit 5ab3a68718
parent 2a050b7e95
2 changed files with 17 additions and 42 deletions
--- a/server/monitor-types/tcp.js
+++ b/server/monitor-types/tcp.js
@ -400,4 +400,6 @@ class TCPMonitorType extends MonitorType {
 module.exports = {
    TCPMonitorType,
    TLS_ALERT_CODES,
    parseTlsAlertNumber,
    getTlsAlertName,
 };
--- a/test/backend-test/monitors/test-tcp.js
+++ b/test/backend-test/monitors/test-tcp.js
@ -245,51 +245,24 @@ describe("TCP Monitor", () => {
        );
    });
-    test("check() sets status to UP when expected TLS alert is received", async () => {
+    test("parseTlsAlertNumber() extracts alert number from error message", async () => {
-        const tcpMonitor = new TCPMonitorType();
+        const { parseTlsAlertNumber } = require("../../../server/monitor-types/tcp");
-        // client.badssl.com:443 requires client certificate and returns certificate_required alert
+        // Test various error message formats
-        const monitor = {
+        assert.strictEqual(parseTlsAlertNumber("alert number 116"), 116);
-            hostname: "client.badssl.com",
+        assert.strictEqual(parseTlsAlertNumber("SSL alert number 42"), 42);
-            port: 443,
+        assert.strictEqual(parseTlsAlertNumber("TLS alert number 48"), 48);
-            expected_tls_alert: "handshake_failure",
+        assert.strictEqual(parseTlsAlertNumber("no alert here"), null);
-            timeout: 10,
+        assert.strictEqual(parseTlsAlertNumber(""), null);
            isEnabledExpiryNotification: () => false,
            getIgnoreTls: () => true,
        };
        const heartbeat = {
            msg: "",
            status: PENDING,
        };
        await tcpMonitor.check(monitor, heartbeat, {});
        assert.strictEqual(heartbeat.status, UP);
        assert.ok(heartbeat.msg.includes("TLS alert received as expected"));
    });
-    test("check() rejects when different TLS alert is received than expected", async () => {
+    test("getTlsAlertName() returns correct alert name for known codes", async () => {
-        const tcpMonitor = new TCPMonitorType();
+        const { getTlsAlertName } = require("../../../server/monitor-types/tcp");
-        // client.badssl.com returns handshake_failure, but we expect certificate_required
+        assert.strictEqual(getTlsAlertName(116), "certificate_required");
-        const monitor = {
+        assert.strictEqual(getTlsAlertName(42), "bad_certificate");
-            hostname: "client.badssl.com",
+        assert.strictEqual(getTlsAlertName(48), "unknown_ca");
-            port: 443,
+        assert.strictEqual(getTlsAlertName(40), "handshake_failure");
-            expected_tls_alert: "certificate_required",
+        assert.strictEqual(getTlsAlertName(999), "unknown_alert_999");
            timeout: 10,
            isEnabledExpiryNotification: () => false,
            getIgnoreTls: () => true,
        };
        const heartbeat = {
            msg: "",
            status: PENDING,
        };
        await assert.rejects(
            tcpMonitor.check(monitor, heartbeat, {}),
            /Expected TLS alert 'certificate_required' but received/
        );
    });
 });