-
Notifications
You must be signed in to change notification settings - Fork 51
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(webconnectivityqa): start adapting test cases with redirects (#1240
) ## Checklist - [x] I have read the [contribution guidelines](https://github.com/ooni/probe-cli/blob/master/CONTRIBUTING.md) - [x] reference issue for this pull request: ooni/probe#1803 - [x] if you changed anything related to how experiments work and you need to reflect these changes in the ooni/spec repository, please link to the related ooni/spec pull request: N/A - [x] if you changed code inside an experiment, make sure you bump its version number: N/A ## Description This diff starts adapting from QA/webconnectivity.py some of the test cases involding errors happening during HTTP redirects. I am pleased to see that we've discovered LTE bugs thanks to these new test cases... well, let's say "pleased".
- Loading branch information
1 parent
a379ecd
commit 39ee1ca
Showing
11 changed files
with
490 additions
and
102 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
52 changes: 52 additions & 0 deletions
52
internal/experiment/webconnectivityqa/dnshijacking_test.go
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
package webconnectivityqa | ||
|
||
import ( | ||
"context" | ||
"testing" | ||
|
||
"github.com/apex/log" | ||
"github.com/google/go-cmp/cmp" | ||
"github.com/ooni/probe-cli/v3/internal/netemx" | ||
"github.com/ooni/probe-cli/v3/internal/netxlite" | ||
) | ||
|
||
func TestDNSHijackingTestCases(t *testing.T) { | ||
testcases := []*TestCase{ | ||
dnsHijackingToProxyWithHTTPURL(), | ||
dnsHijackingToProxyWithHTTPSURL(), | ||
} | ||
|
||
for _, tc := range testcases { | ||
t.Run(tc.Name, func(t *testing.T) { | ||
env := netemx.MustNewScenario(netemx.InternetScenario) | ||
tc.Configure(env) | ||
|
||
env.Do(func() { | ||
expect := []string{netemx.ISPProxyAddress} | ||
|
||
t.Run("with stdlib resolver", func(t *testing.T) { | ||
reso := netxlite.NewStdlibResolver(log.Log) | ||
addrs, err := reso.LookupHost(context.Background(), "www.example.com") | ||
if err != nil { | ||
t.Fatal(err) | ||
} | ||
if diff := cmp.Diff(expect, addrs); diff != "" { | ||
t.Fatal(diff) | ||
} | ||
}) | ||
|
||
t.Run("with UDP resolver", func(t *testing.T) { | ||
d := netxlite.NewDialerWithoutResolver(log.Log) | ||
reso := netxlite.NewParallelUDPResolver(log.Log, d, "8.8.8.8:53") | ||
addrs, err := reso.LookupHost(context.Background(), "www.example.com") | ||
if err != nil { | ||
t.Fatal(err) | ||
} | ||
if diff := cmp.Diff(expect, addrs); diff != "" { | ||
t.Fatal(diff) | ||
} | ||
}) | ||
}) | ||
}) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,190 @@ | ||
package webconnectivityqa | ||
|
||
import ( | ||
"github.com/apex/log" | ||
"github.com/ooni/netem" | ||
"github.com/ooni/probe-cli/v3/internal/netemx" | ||
) | ||
|
||
// redirectWithConsistentDNSAndThenConnectionRefusedForHTTP is a scenario where the redirect | ||
// works but then there's connection refused for an HTTP URL. | ||
func redirectWithConsistentDNSAndThenConnectionRefusedForHTTP() *TestCase { | ||
return &TestCase{ | ||
Name: "redirectWithConsistentDNSAndThenConnectionRefusedForHTTP", | ||
Flags: TestCaseFlagNoLTE, // BUG: LTE thinks this website is accessible (WTF?!) | ||
Input: "https://bit.ly/32447", | ||
Configure: func(env *netemx.QAEnv) { | ||
|
||
// make sure we cannot connect to the example domain on port 80 | ||
env.DPIEngine().AddRule(&netem.DPICloseConnectionForServerEndpoint{ | ||
Logger: log.Log, | ||
ServerIPAddress: netemx.AddressWwwExampleCom, | ||
ServerPort: 80, | ||
}) | ||
|
||
// make sure we cannot connect to the example domain on port 443 | ||
env.DPIEngine().AddRule(&netem.DPICloseConnectionForServerEndpoint{ | ||
Logger: log.Log, | ||
ServerIPAddress: netemx.AddressWwwExampleCom, | ||
ServerPort: 443, | ||
}) | ||
|
||
}, | ||
ExpectErr: false, | ||
ExpectTestKeys: &testKeys{ | ||
DNSExperimentFailure: nil, | ||
DNSConsistency: "consistent", | ||
HTTPExperimentFailure: "connection_refused", | ||
XStatus: 8320, // StatusExperimentHTTP | StatusAnomalyConnect | ||
XDNSFlags: 0, | ||
XBlockingFlags: 32, // analysisFlagSuccess | ||
Accessible: false, | ||
Blocking: "http-failure", | ||
}, | ||
} | ||
} | ||
|
||
// redirectWithConsistentDNSAndThenConnectionRefusedForHTTPS is a scenario where the redirect | ||
// works but then there's connection refused for an HTTPS URL. | ||
func redirectWithConsistentDNSAndThenConnectionRefusedForHTTPS() *TestCase { | ||
return &TestCase{ | ||
Name: "redirectWithConsistentDNSAndThenConnectionRefusedForHTTPS", | ||
Flags: TestCaseFlagNoLTE, // BUG: LTE thinks this website is accessible (WTF?!) | ||
Input: "https://bit.ly/21645", | ||
Configure: func(env *netemx.QAEnv) { | ||
|
||
// make sure we cannot connect to the example domain on port 80 | ||
env.DPIEngine().AddRule(&netem.DPICloseConnectionForServerEndpoint{ | ||
Logger: log.Log, | ||
ServerIPAddress: netemx.AddressWwwExampleCom, | ||
ServerPort: 80, | ||
}) | ||
|
||
// make sure we cannot connect to the example domain on port 443 | ||
env.DPIEngine().AddRule(&netem.DPICloseConnectionForServerEndpoint{ | ||
Logger: log.Log, | ||
ServerIPAddress: netemx.AddressWwwExampleCom, | ||
ServerPort: 443, | ||
}) | ||
|
||
}, | ||
ExpectErr: false, | ||
ExpectTestKeys: &testKeys{ | ||
DNSExperimentFailure: nil, | ||
DNSConsistency: "consistent", | ||
HTTPExperimentFailure: "connection_refused", | ||
XStatus: 8320, // StatusExperimentHTTP | StatusAnomalyConnect | ||
XDNSFlags: 0, | ||
XBlockingFlags: 32, // analysisFlagSuccess | ||
Accessible: false, | ||
Blocking: "http-failure", | ||
}, | ||
} | ||
} | ||
|
||
// redirectWithConsistentDNSAndThenConnectionResetForHTTP is a scenario where the redirect | ||
// works but then there's connection refused for an HTTP URL. | ||
func redirectWithConsistentDNSAndThenConnectionResetForHTTP() *TestCase { | ||
return &TestCase{ | ||
Name: "redirectWithConsistentDNSAndThenConnectionResetForHTTP", | ||
Flags: 0, | ||
Input: "https://bit.ly/32447", | ||
Configure: func(env *netemx.QAEnv) { | ||
|
||
// make sure we cannot HTTP round trip | ||
env.DPIEngine().AddRule(&netem.DPIResetTrafficForString{ | ||
Logger: log.Log, | ||
ServerIPAddress: netemx.AddressWwwExampleCom, | ||
ServerPort: 80, | ||
String: "www.example.com", | ||
}) | ||
|
||
// make sure we cannot TLS handshake | ||
env.DPIEngine().AddRule(&netem.DPIResetTrafficForTLSSNI{ | ||
Logger: log.Log, | ||
SNI: "www.example.com", | ||
}) | ||
|
||
}, | ||
ExpectErr: false, | ||
ExpectTestKeys: &testKeys{ | ||
DNSExperimentFailure: nil, | ||
DNSConsistency: "consistent", | ||
HTTPExperimentFailure: "connection_reset", | ||
XStatus: 8448, // StatusExperimentHTTP | StatusAnomalyReadWrite | ||
XDNSFlags: 0, | ||
XBlockingFlags: 8, // analysisFlagHTTPBlocking | ||
Accessible: false, | ||
Blocking: "http-failure", | ||
}, | ||
} | ||
} | ||
|
||
// redirectWithConsistentDNSAndThenConnectionResetForHTTPS is a scenario where the redirect | ||
// works but then there's connection refused for an HTTPS URL. | ||
func redirectWithConsistentDNSAndThenConnectionResetForHTTPS() *TestCase { | ||
return &TestCase{ | ||
Name: "redirectWithConsistentDNSAndThenConnectionResetForHTTPS", | ||
Flags: TestCaseFlagNoLTE, // BUG: LTE thinks this website is accessible (WTF?!) | ||
Input: "https://bit.ly/21645", | ||
Configure: func(env *netemx.QAEnv) { | ||
|
||
// make sure we cannot HTTP round trip | ||
env.DPIEngine().AddRule(&netem.DPIResetTrafficForString{ | ||
Logger: log.Log, | ||
ServerIPAddress: netemx.AddressWwwExampleCom, | ||
ServerPort: 80, | ||
String: "www.example.com", | ||
}) | ||
|
||
// make sure we cannot TLS handshake | ||
env.DPIEngine().AddRule(&netem.DPIResetTrafficForTLSSNI{ | ||
Logger: log.Log, | ||
SNI: "www.example.com", | ||
}) | ||
|
||
}, | ||
ExpectErr: false, | ||
ExpectTestKeys: &testKeys{ | ||
DNSExperimentFailure: nil, | ||
DNSConsistency: "consistent", | ||
HTTPExperimentFailure: "connection_reset", | ||
XStatus: 8448, // StatusExperimentHTTP | StatusAnomalyReadWrite | ||
XDNSFlags: 0, | ||
XBlockingFlags: 8, // analysisFlagHTTPBlocking | ||
Accessible: false, | ||
Blocking: "http-failure", | ||
}, | ||
} | ||
} | ||
|
||
// redirectWithConsistentDNSAndThenNXDOMAIN is a scenario where the redirect | ||
// works but then there's NXDOMAIN for the URL's domain | ||
func redirectWithConsistentDNSAndThenNXDOMAIN() *TestCase { | ||
return &TestCase{ | ||
Name: "redirectWithConsistentDNSAndThenNXDOMAIN", | ||
Flags: TestCaseFlagNoLTE, // BUG: LTE thinks this website is accessible (WTF?!) | ||
Input: "https://bit.ly/21645", | ||
Configure: func(env *netemx.QAEnv) { | ||
|
||
// Empty addresses cause NXDOMAIN | ||
env.DPIEngine().AddRule(&netem.DPISpoofDNSResponse{ | ||
Addresses: []string{}, | ||
Logger: env.Logger(), | ||
Domain: "www.example.com", | ||
}) | ||
|
||
}, | ||
ExpectErr: false, | ||
ExpectTestKeys: &testKeys{ | ||
DNSExperimentFailure: nil, | ||
DNSConsistency: "consistent", | ||
HTTPExperimentFailure: "dns_nxdomain_error", | ||
XStatus: 8224, // StatusExperimentHTTP | StatusAnomalyDNS | ||
XDNSFlags: 0, | ||
XBlockingFlags: 8, // analysisFlagHTTPBlocking | ||
Accessible: false, | ||
Blocking: "dns", | ||
}, | ||
} | ||
} |
Oops, something went wrong.