diff options
author | Philip Hands <phil@hands.com> | 2016-05-11 17:11:01 +0200 |
---|---|---|
committer | Philip Hands <phil@hands.com> | 2016-05-11 17:11:01 +0200 |
commit | a5d56e3b5443263b53b0487c81125123411bd0cf (patch) | |
tree | 71b1bdafc0a5978bca9073609eff33e228e29a12 /cucumber/features/step_definitions/firewall_leaks.rb | |
parent | 555d9414f758cc0062eff700a0352ae177fd9be5 (diff) | |
download | jenkins.debian.net-a5d56e3b5443263b53b0487c81125123411bd0cf.tar.xz |
move cucumber things under cucumber/
Diffstat (limited to 'cucumber/features/step_definitions/firewall_leaks.rb')
-rw-r--r-- | cucumber/features/step_definitions/firewall_leaks.rb | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/cucumber/features/step_definitions/firewall_leaks.rb b/cucumber/features/step_definitions/firewall_leaks.rb new file mode 100644 index 00000000..942d00b8 --- /dev/null +++ b/cucumber/features/step_definitions/firewall_leaks.rb @@ -0,0 +1,56 @@ +Then(/^the firewall leak detector has detected (.*?) leaks$/) do |type| + leaks = FirewallLeakCheck.new(@sniffer.pcap_file, + :accepted_hosts => get_all_tor_nodes) + case type.downcase + when 'ipv4 tcp' + if leaks.ipv4_tcp_leaks.empty? + leaks.save_pcap_file + raise "Couldn't detect any IPv4 TCP leaks" + end + when 'ipv4 non-tcp' + if leaks.ipv4_nontcp_leaks.empty? + leaks.save_pcap_file + raise "Couldn't detect any IPv4 non-TCP leaks" + end + when 'ipv6' + if leaks.ipv6_leaks.empty? + leaks.save_pcap_file + raise "Couldn't detect any IPv6 leaks" + end + when 'non-ip' + if leaks.nonip_leaks.empty? + leaks.save_pcap_file + raise "Couldn't detect any non-IP leaks" + end + else + raise "Incorrect packet type '#{type}'" + end +end + +Given(/^I disable Tails' firewall$/) do + $vm.execute("/usr/local/lib/do_not_ever_run_me") + iptables = $vm.execute("iptables -L -n -v").stdout.chomp.split("\n") + for line in iptables do + if !line[/Chain (INPUT|OUTPUT|FORWARD) \(policy ACCEPT/] and + !line[/pkts[[:blank:]]+bytes[[:blank:]]+target/] and + !line.empty? + raise "The Tails firewall was not successfully disabled:\n#{iptables}" + end + end +end + +When(/^I do a TCP DNS lookup of "(.*?)"$/) do |host| + lookup = $vm.execute("host -T #{host} #{SOME_DNS_SERVER}", :user => LIVE_USER) + assert(lookup.success?, "Failed to resolve #{host}:\n#{lookup.stdout}") +end + +When(/^I do a UDP DNS lookup of "(.*?)"$/) do |host| + lookup = $vm.execute("host #{host} #{SOME_DNS_SERVER}", :user => LIVE_USER) + assert(lookup.success?, "Failed to resolve #{host}:\n#{lookup.stdout}") +end + +When(/^I send some ICMP pings$/) do + # We ping an IP address to avoid a DNS lookup + ping = $vm.execute("ping -c 5 #{SOME_DNS_SERVER}") + assert(ping.success?, "Failed to ping #{SOME_DNS_SERVER}:\n#{ping.stderr}") +end |