November 2012 - tor-commits - lists.torproject.org

[ooni-probe/master] Add documentation for DNS Tamper test
by art＠torproject.org 20 Nov '12

20 Nov '12

commit f55592f4ccf56503ee7e836f220dfed136b43378 Author: Arturo Filastò <art(a)fuffa.org> Date: Tue Nov 20 20:40:32 2012 +0100 Add documentation for DNS Tamper test --- docs/source/tests/dnstamper.rst | 135 +++++++++++++++++++++++++++++++++++++++ 1 files changed, 135 insertions(+), 0 deletions(-) diff --git a/docs/source/tests/dnstamper.rst b/docs/source/tests/dnstamper.rst new file mode 100644 index 0000000..d37afa8 --- /dev/null +++ b/docs/source/tests/dnstamper.rst @@ -0,0 +1,135 @@ +Details +======= + +*Test Name*: DNS Tamper + +*Current version*: 0.3 + +*NetTest*: DNSTamperTest (https://gitweb.torproject.org/ooni-probe.git/blob/HEAD:/nettests/core/dnsta…) + +*Test Helper*: DNSTestHelper (https://gitweb.torproject.org/ooni-probe.git/blob/HEAD:/oonib/testhelpers/d…) + +*Test Type*: Content Blocking + +*Requires Root*: No + +Description +=========== + +This test performs A queries to a set of test resolvers and a known good +control resolver. If the two results do not match it will perform a reverse DNS +lookup on the first A record address of both sets and check if they both +resolve to the same name. + +NOTE: This test frequently results in false positives due to GeoIP-based +load balancing on major global sites such as google, facebook, and +youtube, etc. + +How to run the test +=================== + +`./bin/ooniprobe nettests/core/dnstamper.py -t <test resolvers file> -f <input file> -b IP:PORT` + +*test resolvers file* is a file containing the IP addresses of the resolvers to test for censorship, one per line. + +*input file* is a file containing the hostnames to check for tampering. + +*IP:PORT* is the address of the known good "control" resolver. + +Sample report +============= + +From running: +`./bin/ooniprobe nettests/core/dnstamper.py -t test_inputs/dns_tamper_test_resolvers.txt -f test_inputs/http_host_file.txt` + +:: + + ########################################### + # OONI Probe Report for DNS tamper test + # Tue Nov 20 20:38:54 2012 + ########################################### + --- + {probe_asn: null, probe_cc: null, probe_ip: 127.0.0.1, software_name: ooniprobe, software_version: 0.0.7.1-alpha, + start_time: 1353436734.0, test_name: DNS tamper, test_version: '0.3'} + ... + --- + input: torproject.org + report: + control_resolver: &id001 [8.8.8.8, 53] + queries: + - addrs: [86.59.30.40, 38.229.72.14, 38.229.72.16, 82.195.75.101] + answers: + - [<RR name=torproject.org type=A class=IN ttl=142s auth=False>, <A address=86.59.30.40 + ttl=142>] + - [<RR name=torproject.org type=A class=IN ttl=142s auth=False>, <A address=38.229.72.14 + ttl=142>] + - [<RR name=torproject.org type=A class=IN ttl=142s auth=False>, <A address=38.229.72.16 + ttl=142>] + - [<RR name=torproject.org type=A class=IN ttl=142s auth=False>, <A address=82.195.75.101 + ttl=142>] + query: '[Query(''torproject.org'', 1, 1)]' + query_type: A + resolver: *id001 + - addrs: [86.59.30.40, 38.229.72.14, 38.229.72.16, 82.195.75.101] + answers: + - [<RR name=torproject.org type=A class=IN ttl=142s auth=False>, <A address=86.59.30.40 + ttl=142>] + - [<RR name=torproject.org type=A class=IN ttl=142s auth=False>, <A address=38.229.72.14 + ttl=142>] + - [<RR name=torproject.org type=A class=IN ttl=142s auth=False>, <A address=38.229.72.16 + ttl=142>] + - [<RR name=torproject.org type=A class=IN ttl=142s auth=False>, <A address=82.195.75.101 + ttl=142>] + query: '[Query(''torproject.org'', 1, 1)]' + query_type: A + resolver: [8.8.8.8, 53] + - addrs: [86.59.30.40, 38.229.72.14, 38.229.72.16, 82.195.75.101] + answers: + - [<RR name=torproject.org type=A class=IN ttl=142s auth=False>, <A address=86.59.30.40 + ttl=142>] + - [<RR name=torproject.org type=A class=IN ttl=142s auth=False>, <A address=38.229.72.14 + ttl=142>] + - [<RR name=torproject.org type=A class=IN ttl=142s auth=False>, <A address=38.229.72.16 + ttl=142>] + - [<RR name=torproject.org type=A class=IN ttl=142s auth=False>, <A address=82.195.75.101 + ttl=142>] + query: '[Query(''torproject.org'', 1, 1)]' + query_type: A + resolver: [8.8.4.4, 53] + tampering: {8.8.4.4: false, 8.8.8.8: false} + test_resolvers: [8.8.8.8, 8.8.4.4] + test_name: test_a_queries + test_started: 1353440334.075345 + ... + --- + input: ooni.nu + report: + control_resolver: &id001 [8.8.8.8, 53] + queries: + - addrs: [178.79.139.176] + answers: + - [<RR name=ooni.nu type=A class=IN ttl=1478s auth=False>, <A address=178.79.139.176 + ttl=1478>] + query: '[Query(''ooni.nu'', 1, 1)]' + query_type: A + resolver: *id001 + - addrs: [178.79.139.176] + answers: + - [<RR name=ooni.nu type=A class=IN ttl=1478s auth=False>, <A address=178.79.139.176 + ttl=1478>] + query: '[Query(''ooni.nu'', 1, 1)]' + query_type: A + resolver: [8.8.8.8, 53] + - addrs: [178.79.139.176] + answers: + - [<RR name=ooni.nu type=A class=IN ttl=1478s auth=False>, <A address=178.79.139.176 + ttl=1478>] + query: '[Query(''ooni.nu'', 1, 1)]' + query_type: A + resolver: [8.8.4.4, 53] + tampering: {8.8.4.4: false, 8.8.8.8: false} + test_resolvers: [8.8.8.8, 8.8.4.4] + test_name: test_a_queries + test_started: 1353440334.077116 + ... +

1 0

[ooni-probe/master] Add some TODOs to the traceroute test description
by art＠torproject.org 20 Nov '12

20 Nov '12

commit 0fdd4585cf575f3fa393ad57525b0df913ed9566 Author: Arturo Filastò <art(a)fuffa.org> Date: Tue Nov 20 18:03:57 2012 +0100 Add some TODOs to the traceroute test description --- docs/source/tests/traceroute.rst | 8 ++++++++ 1 files changed, 8 insertions(+), 0 deletions(-) diff --git a/docs/source/tests/traceroute.rst b/docs/source/tests/traceroute.rst index cc2f770..70dea0c 100644 --- a/docs/source/tests/traceroute.rst +++ b/docs/source/tests/traceroute.rst @@ -504,3 +504,11 @@ From running: test_started: 1353425289.47829 ... + +TODO +==== + + * Add IP flag to get the MPLS VRF number of the Hop (if it exists) + + * Activate IP option 7 record route +

1 0

[ooni-probe/master] Add example usage of DNS Test Template
by art＠torproject.org 20 Nov '12

20 Nov '12

commit 3e364fa31d7659692ed3c6a2c4bd3387a336524e Author: Arturo Filastò <art(a)fuffa.org> Date: Tue Nov 20 19:58:36 2012 +0100 Add example usage of DNS Test Template --- nettests/examples/example_dnst.py | 11 +++++++++++ 1 files changed, 11 insertions(+), 0 deletions(-) diff --git a/nettests/examples/example_dnst.py b/nettests/examples/example_dnst.py new file mode 100644 index 0000000..b06e9af --- /dev/null +++ b/nettests/examples/example_dnst.py @@ -0,0 +1,11 @@ +from ooni.templates.dnst import DNSTest + +class ExampleDNSTest(DNSTest): + def test_a_lookup(self): + def gotResult(result): + # Result is an array containing all the A record lookup results + print result + + d = self.performALookup('torproject.org', ('8.8.8.8', 53)) + d.addCallback(gotResult) + return d

1 0

[ooni-probe/master] Improve doc string of HTTP URL list test
by art＠torproject.org 20 Nov '12

20 Nov '12

commit 0f14f5af932ade776a850c662b8ae48d4ebd28e6 Author: Arturo Filastò <art(a)fuffa.org> Date: Tue Nov 20 18:03:34 2012 +0100 Improve doc string of HTTP URL list test --- nettests/core/http_url_list.py | 5 ++++- 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/nettests/core/http_url_list.py b/nettests/core/http_url_list.py index 7d0fd5e..c0e2fc8 100644 --- a/nettests/core/http_url_list.py +++ b/nettests/core/http_url_list.py @@ -17,7 +17,10 @@ class HTTPURLList(httpt.HTTPTest): """ Performs GET, POST and PUT requests to a list of URLs specified as input and checks if the page that we get back as a result matches that - which we expect. + of a block page given as input. + + If no block page is given as input to the test it will simply collect the + responses to the HTTP requests and write them to a report file. """ name = "HTTP URL List" author = "Arturo Filastò"

1 0

[ooni-probe/master] Create DNS Test template
by art＠torproject.org 20 Nov '12

20 Nov '12

commit 2c17bf159b448de42603d9904d95e3df154fd952 Author: Arturo Filastò <art(a)fuffa.org> Date: Tue Nov 20 19:37:25 2012 +0100 Create DNS Test template * Use such template for DNS Tamper test --- nettests/core/dnstamper.py | 217 +++++++------------------------------------- ooni/templates/dnst.py | 108 ++++++++++++++++++++++ 2 files changed, 142 insertions(+), 183 deletions(-) diff --git a/nettests/core/dnstamper.py b/nettests/core/dnstamper.py index bc57f62..be3281a 100644 --- a/nettests/core/dnstamper.py +++ b/nettests/core/dnstamper.py @@ -18,11 +18,9 @@ import pdb from twisted.python import usage - from twisted.internet import defer -from twisted.names import client, dns -from twisted.names.client import Resolver -from twisted.names.error import DNSQueryRefusedError + +from ooni.templates import dnst from ooni import nettest from ooni.utils import log @@ -36,12 +34,12 @@ class UsageOptions(usage.Options): 'file containing list of DNS resolvers to test against'] ] -class DNSTamperTest(nettest.NetTestCase): +class DNSTamperTest(dnst.DNSTest): name = "DNS tamper" description = "DNS censorship detection test" - version = "0.2" - lookupTimeout = [1] + version = "0.3" + authors = "Arturo Filastò, Isis Lovecruft" requirements = None inputFile = ['file', 'f', None, @@ -51,16 +49,6 @@ class DNSTamperTest(nettest.NetTestCase): requiredOptions = ['backend', 'backendport', 'file', 'testresolvers'] def setUp(self): - self.report['test_lookups'] = {} - self.report['test_reverse'] = {} - self.report['control_lookup'] = [] - self.report['a_lookups'] = {} - self.report['tampering'] = {} - - self.test_a_lookups = {} - self.control_a_lookups = [] - self.control_reverse = None - self.test_reverse = {} if not self.localOptions['testresolvers']: self.test_resolvers = ['8.8.8.8'] @@ -74,74 +62,14 @@ class DNSTamperTest(nettest.NetTestCase): self.test_resolvers = [x.strip() for x in fp.readlines()] fp.close() + self.control_dns_server = (self.localOptions['backend'], + int(self.localOptions['backendport'])) - def process_a_answers(self, message, resolver_address): - log.msg("Processing A answers for %s" % resolver_address) - log.debug("These are the answers I got %s" % message.answers) - - all_a = [] - a_a = [] - - for answer in message.answers: - if answer.type is 1: - # A type query - r = answer.payload.dottedQuad() - self.report['a_lookups'][resolver_address] = r - a_a.append(r) - lookup = str(answer.payload) - all_a.append(lookup) - - if resolver_address == 'control': - self.report['control_server'] = self.localOptions['backend'] - self.report['control_lookup'] = all_a - self.control_a_lookups = a_a - else: - self.test_a_lookups[resolver_address] = a_a - self.report['test_lookups'][resolver_address] = all_a - - log.msg("Done") - - def process_ptr_answers(self, answers, resolver): - log.msg("Processing PTR answers for %s" % resolver) - name = None - - for answer in answers[0]: - if answer.type is 12: - # PTR type - name = str(answer.payload.name) + self.report['test_resolvers'] = self.test_resolvers + self.report['control_resolver'] = self.control_dns_server - if resolver == 'control': - self.control_reverse = name - self.report['control_reverse'] = name - else: - self.test_reverse[resolver] = name - self.report['test_reverse'][resolver] = name - - def ptr_lookup_error(self, failure, resolver): - log.msg("There was an error in PTR lookup %s" % resolver) - log.err(failure) - - if resolver == 'control': - self.report['control_reverse'] = None - else: - self.report['test_reverse'][resolver] = None - - def a_lookup_error(self, failure, resolver): - log.msg("There was an error in A lookup %s" % resolver) - log.err(failure) - - if failure.type is DNSQueryRefusedError: - self.report['tampering'][resolver] = 'connection-refused' - elif failure.type is defer.TimeoutError: - self.report['tampering'][resolver] = 'timeout' - - if resolver == 'control': - self.report['control_lookup'] = None - else: - self.report['test_lookups'][resolver] = None - self.test_a_lookups[resolver] = None - - def test_lookup(self): + @defer.inlineCallbacks + def test_a_queries(self): """ We perform an A lookup on the DNS test servers for the domains to be tested and an A lookup on the known good DNS server. @@ -163,115 +91,38 @@ class DNSTamperTest(nettest.NetTestCase): log.msg("Doing the test lookups on %s" % self.input) list_of_ds = [] hostname = self.input - dns_query = [dns.Query(hostname, dns.IN, dns.A)] - dns_server = [(self.localOptions['backend'], - self.localOptions['backendport'])] - resolver = Resolver(servers=dns_server) + self.report['tampering'] = {} - control_d = resolver.queryUDP(dns_query, timeout=self.lookupTimeout) - control_d.addCallback(self.process_a_answers, 'control') - control_d.addErrback(self.a_lookup_error, 'control') + control_answers = yield self.performALookup(hostname, self.control_dns_server) for test_resolver in self.test_resolvers: log.msg("Going for %s" % test_resolver) - dns_server = [(test_resolver, 53)] - - resolver = Resolver(servers=dns_server) - - d = resolver.queryUDP(dns_query, timeout=self.lookupTimeout) - d.addCallback(self.process_a_answers, test_resolver) - d.addErrback(self.a_lookup_error, test_resolver) - - # This is required to cancel the delayed calls of the - # twisted.names.client resolver - list_of_ds.append(d) + test_dns_server = (test_resolver, 53) - list_of_ds.append(control_d) - dl = defer.DeferredList(list_of_ds) - dl.addCallback(self.do_reverse_lookups) - dl.addBoth(self.compare_results) - return dl + experiment_answers = yield self.performALookup(hostname, test_dns_server) + log.debug("Got these answers %s" % experiment_answers) - def reverse_lookup(self, address, resolver): - query = [dns.Query(hostname, dns.IN, dns.PTR)] - ptr = '.'.join(address.split('.')[::-1]) + '.in-addr.arpa' - r = resolver.queryUDP(query, timeout=self.lookupTimeout) - return r - - def do_reverse_lookups(self, result): - """ - Take a resolved address in the form "176.139.79.178.in-addr.arpa." and - attempt to reverse the domain with both the control and test DNS - servers to see if they match. - - :param result: - A resolved domain name. - """ - log.msg("Doing the reverse lookups %s" % self.input) - list_of_ds = [] - dns_server = [(self.localOptions['backend'], - self.localOptions['backendport'])] - - resolver = Resolver(servers=dns_server) - - test_reverse = self.reverse_lookup(self.control_a_lookups[0], resolver, - timeout=self.lookupTimeout) - - test_reverse.addCallback(self.process_ptr_answers, 'control') - test_reverse.addErrback(self.ptr_lookup_error, 'control') - - list_of_ds.append(test_reverse) - - for test_resolver in self.test_resolvers: - try: - ip = self.test_a_lookups[test_resolver][0] - except: - break - - d = self.reverse_lookup(ip, res) - d.addCallback(self.process_ptr_answers, test_resolver) - d.addErrback(self.ptr_lookup_error, test_resolver) - list_of_ds.append(d) - - dl = defer.DeferredList(list_of_ds) - return dl - - def compare_results(self, *arg, **kw): - """ - Take the set intersection of two test result sets. If the intersection - is greater than zero (there are matching addresses in both sets) then - the no censorship is reported. Else, if no IP addresses match other - addresses, then we mark it as a censorship event. - """ - log.msg("Comparing results for %s" % self.input) - log.msg(self.test_a_lookups) - - for test, test_a_lookups in self.test_a_lookups.items(): - log.msg("Now doing %s | %s" % (test, test_a_lookups)) - if not test_a_lookups: - self.report['tampering'][test] = 'unknown' + if not experiment_answers: + log.err("Got no response, perhaps the DNS resolver is down?") + self.report['tampering'][test_resolver] = 'no_answer' continue - if set(test_a_lookups) & set(self.control_a_lookups): + log.debug("Comparing %s with %s" % (experiment_answers, control_answers)) + if set(experiment_answers) & set(control_answers): log.msg("Address has not tampered with on DNS server") - self.report['tampering'][test] = False - - elif self.control_reverse and set([self.control_reverse]) \ - & set([self.report['test_reverse'][test]]): - log.msg("Further testing has eliminated false positives") - self.report['tampering'][test] = 'reverse-match' - + self.report['tampering'][test_resolver] = False else: - log.msg("Reverse DNS on the results returned by returned") - log.msg("which does not match the expected domainname") - self.report['tampering'][test] = True - - if len(self.test_a_lookups) == len(self.test_resolvers): - return - else: - missing_tests = len(self.test_a_lookups) - missing_resolvers = len(self.test_resolvers) - log.msg("Still missing %s resolvers and %s tests" % - (missing_tests, missing_resolvers)) + log.msg("Trying to do reverse lookup") + + experiment_reverse = yield self.performPTRLookup(experiment_answers[0], test_dns_server) + control_reverse = yield self.performPTRLookup(control_answers[0], self.control_dns_server) + + if experiment_reverse == control_reverse: + log.msg("Further testing has eliminated false positives") + self.report['tampering'][test_resolver] = 'reverse_match' + else: + log.msg("Reverse DNS on the results returned by returned") + log.msg("which does not match the expected domainname") + self.report['tampering'][test_resolver] = True diff --git a/ooni/templates/dnst.py b/ooni/templates/dnst.py new file mode 100644 index 0000000..7a6eb37 --- /dev/null +++ b/ooni/templates/dnst.py @@ -0,0 +1,108 @@ +# -*- encoding: utf-8 -*- +# +# :authors: Arturo Filastò +# :licence: see LICENSE + +from twisted.internet import defer +from twisted.names import client, dns +from twisted.names.client import Resolver + +from twisted.names.error import DNSQueryRefusedError + +from ooni.utils import log +from ooni.nettest import NetTestCase + +class DNSTest(NetTestCase): + name = "Base DNS Test" + version = 0.1 + + requiresRoot = False + queryTimeout = [1] + + def _setUp(self): + self.report['queries'] = [] + + def performPTRLookup(self, address, dns_server): + """ + Does a reverse DNS lookup on the input ip address + + :address: the IP Address as a dotted quad to do a reverse lookup on. + + :dns_server: is the dns_server that should be used for the lookup as a + tuple of ip port (ex. ("127.0.0.1", 53)) + """ + ptr = '.'.join(address.split('.')[::-1]) + '.in-addr.arpa' + query = [dns.Query(ptr, dns.IN, dns.PTR)] + def gotResponse(message): + answers = [] + name = None + for answer in message.answers: + if answer.type is 12: + name = answer.payload.name + + result = {} + result['query_type'] = 'PTR' + result['query'] = repr(query) + result['answers'] = answers + result['name'] = name + self.report['queries'].append(result) + return name + + def gotError(failure): + log.exception(failure) + result = {} + result['query_type'] = 'PTR' + result['query'] = repr(query) + result['error'] = str(failure) + return None + + resolver = Resolver(servers=[dns_server]) + d = resolver.queryUDP(query, timeout=self.queryTimeout) + d.addCallback(gotResponse) + d.addErrback(gotError) + return d + + def performALookup(self, hostname, dns_server): + """ + Performs an A lookup and returns an array containg all the dotted quad + IP addresses in the response. + + :hostname: is the hostname to perform the A lookup on + + :dns_server: is the dns_server that should be used for the lookup as a + tuple of ip port (ex. ("127.0.0.1", 53)) + """ + query = [dns.Query(hostname, dns.IN, dns.A)] + def gotResponse(message): + addrs = [] + answers = [] + for answer in message.answers: + if answer.type is 1: + addr = answer.payload.dottedQuad() + addrs.append(addr) + # We store the resource record and the answer payload in a + # tuple + r = (repr(answer), repr(answer.payload)) + answers.append(r) + result = {} + result['query_type'] = 'A' + result['query'] = repr(query) + result['answers'] = answers + result['addrs'] = addrs + self.report['queries'].append(result) + return addrs + + def gotError(failure): + log.exception(failure) + result = {} + result['query_type'] = 'A' + result['query'] = repr(query) + result['error'] = str(failure) + return None + + resolver = Resolver(servers=[dns_server]) + d = resolver.queryUDP(query, timeout=self.queryTimeout) + d.addCallback(gotResponse) + d.addErrback(gotError) + return d +

1 0

[tor/release-0.2.3] bump to 0.2.3.25
by arma＠torproject.org 20 Nov '12

20 Nov '12

commit 17c24b3118224d6536c41fa4e1493a831fb29f0a Author: Roger Dingledine <arma(a)torproject.org> Date: Mon Nov 19 17:02:46 2012 -0500 bump to 0.2.3.25 --- configure.in | 2 +- contrib/tor-mingw.nsi.in | 2 +- src/win32/orconfig.h | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configure.in b/configure.in index 124bf9f..b29f318 100644 --- a/configure.in +++ b/configure.in @@ -4,7 +4,7 @@ dnl Copyright (c) 2007-2012, The Tor Project, Inc. dnl See LICENSE for licensing information AC_INIT -AM_INIT_AUTOMAKE(tor, 0.2.3.24-rc) +AM_INIT_AUTOMAKE(tor, 0.2.3.25) AM_CONFIG_HEADER(orconfig.h) AC_CANONICAL_HOST diff --git a/contrib/tor-mingw.nsi.in b/contrib/tor-mingw.nsi.in index 2f02a3f..69c4c2e 100644 --- a/contrib/tor-mingw.nsi.in +++ b/contrib/tor-mingw.nsi.in @@ -8,7 +8,7 @@ !include "LogicLib.nsh" !include "FileFunc.nsh" !insertmacro GetParameters -!define VERSION "0.2.3.24-rc" +!define VERSION "0.2.3.25" !define INSTALLER "tor-${VERSION}-win32.exe" !define WEBSITE "https://www.torproject.org/" !define LICENSE "LICENSE" diff --git a/src/win32/orconfig.h b/src/win32/orconfig.h index 5a67369..90c6b52 100644 --- a/src/win32/orconfig.h +++ b/src/win32/orconfig.h @@ -232,7 +232,7 @@ #define USING_TWOS_COMPLEMENT /* Version number of package */ -#define VERSION "0.2.3.24-rc" +#define VERSION "0.2.3.25"

1 0

[ooni-probe/master] Add list of tests to the toc
by art＠torproject.org 20 Nov '12

20 Nov '12

commit 6aa1ef90911b8f9e8de493895dba4dd3ba717b6b Author: Arturo Filastò <art(a)fuffa.org> Date: Tue Nov 20 17:50:38 2012 +0100 Add list of tests to the toc --- docs/source/index.rst | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/docs/source/index.rst b/docs/source/index.rst index ccfaad4..389df2a 100644 --- a/docs/source/index.rst +++ b/docs/source/index.rst @@ -15,6 +15,7 @@ Contents :maxdepth: 2 :glob: + tests/* oonib install writing_tests

1 0

[ooni-probe/master] Include release number in configuration file
by art＠torproject.org 20 Nov '12

20 Nov '12

commit 5d3f34a8f2683f1680a2f23eee621b3443e48639 Author: Arturo Filastò <art(a)fuffa.org> Date: Tue Nov 20 17:48:26 2012 +0100 Include release number in configuration file --- docs/source/conf.py | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/source/conf.py b/docs/source/conf.py index 1f61842..71a97a7 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -51,9 +51,9 @@ copyright = u'2012, The Tor Project' # built documents. # # The short X.Y version. -version = '0.0.1' +version = 'v0.0.7.1' # The full version, including alpha/beta/rc tags. -release = '0.0.1' +release = 'v0.0.7.1-alpha' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. @@ -94,7 +94,7 @@ pygments_style = 'sphinx' # The theme to use for HTML and HTML Help pages. See the documentation for # a list of builtin themes. -html_theme = 'haiku' +html_theme = 'default' html_theme_options = {'textcolor': "#222222", 'headingcolor': "#555",

1 0

[ooni-probe/master] Refactor HTTP Test Template
by art＠torproject.org 20 Nov '12

20 Nov '12

commit d5bcf96117a19e147d8e598d429e5f9a0841b8ca Author: Arturo Filastò <art(a)fuffa.org> Date: Tue Nov 20 17:36:52 2012 +0100 Refactor HTTP Test Template * !! Changes to the report format of HTTP Test template derived tests Requests are now stored inside of an array to allow the storing of multiple request/response pairs --- ooni/templates/httpt.py | 94 ++++++++++++++++++++++++++-------------------- 1 files changed, 53 insertions(+), 41 deletions(-) diff --git a/ooni/templates/httpt.py b/ooni/templates/httpt.py index 9bce30f..85f8586 100644 --- a/ooni/templates/httpt.py +++ b/ooni/templates/httpt.py @@ -55,8 +55,8 @@ class HTTPTest(NetTestCase): log.err("Warning! pyOpenSSL is not installed. https websites will" "not work") - self.agent = Agent(reactor, - sockhost="127.0.0.1", + self.agent = Agent(reactor, + sockhost="127.0.0.1", sockport=config.advanced.tor_socksport) if self.followRedirects: @@ -75,15 +75,25 @@ class HTTPTest(NetTestCase): def processInputs(self): pass - def _processResponseBody(self, data, body_processor): + def _processResponseBody(self, response_body, request, response, body_processor): log.debug("Processing response body") - self.response['body'] = data - self.report['response'] = self.response - + self.report['requests'].append({ + 'request': { + 'headers': request['headers'], + 'body': request['body'], + 'url': request['url'], + 'method': request['method'] + }, + 'response': { + 'headers': list(response.headers.getAllRawHeaders()), + 'body': response_body, + 'code': response.code + } + }) if body_processor: - body_processor(data) + body_processor(response_body) else: - self.processResponseBody(data) + self.processResponseBody(response_body) def processResponseBody(self, data): """ @@ -112,7 +122,7 @@ class HTTPTest(NetTestCase): def doRequest(self, url, method="GET", headers={}, body=None, headers_processor=None, - body_processor=None): + body_processor=None, use_tor=False): """ Perform an HTTP request with the specified method. @@ -134,36 +144,40 @@ class HTTPTest(NetTestCase): This function takes the response body as an argument. """ + + # We prefix the URL with 's' to make the connection go over the + # configured socks proxy + if use_tor: + log.debug("Using tor for the request") + url = 's'+url + log.debug("Performing request %s %s %s" % (url, method, headers)) - self.request['method'] = method - self.request['url'] = url - self.request['headers'] = headers - self.request['body'] = body + request = {} + request['method'] = method + request['url'] = url + request['headers'] = headers + request['body'] = body if self.randomizeUA: log.debug("Randomizing user agent") - self.randomize_useragent() + self.randomize_useragent(request) log.debug("Writing to report the request") - # Here we need to create a copy of the request object for reporting - # purposes - self.report['request'] = dict(self.request) + + if 'requests' not in self.report: + self.report['requests'] = [] # If we have a request body payload, set the request body to such # content if body: - body_producer = StringProducer(self.request['body']) + body_producer = StringProducer(request['body']) else: body_producer = None - headers = Headers(self.request['headers']) - - d = self.agent.request(self.request['method'], - self.request['url'], headers, body_producer) + headers = Headers(request['headers']) def errback(failure): - print failure.value failure.trap(ConnectionRefusedError, SOCKSError) if type(failure.value) is ConnectionRefusedError: log.err("Connection refused. The backend may be down") @@ -174,39 +188,37 @@ class HTTPTest(NetTestCase): def finished(data): return + d = self.agent.request(request['method'], request['url'], headers, + body_producer) + d.addErrback(errback) - d.addCallback(self._cbResponse, headers_processor, body_processor) + d.addCallback(self._cbResponse, request, headers_processor, body_processor) d.addCallback(finished) return d - def _cbResponse(self, response, headers_processor, body_processor): + def _cbResponse(self, response, request, headers_processor, + body_processor): log.debug("Got response %s" % response) - if not response: - self.report['response'] = None - log.err("We got an empty response") - return - - self.response['headers'] = list(response.headers.getAllRawHeaders()) - self.response['code'] = response.code - self.response['length'] = response.length - self.response['version'] = response.length - if str(self.response['code']).startswith('3'): + if str(response.code).startswith('3'): self.processRedirect(response.headers.getRawHeaders('Location')[0]) + # [!] We are passing to the headers_processor the headers dict and + # not the Headers() object + response_headers_dict = list(response.headers.getAllRawHeaders()) if headers_processor: - headers_processor(self.response['headers']) + headers_processor(response_headers_dict) else: - self.processResponseHeaders(self.response['headers']) + self.processResponseHeaders(response_headers_dict) finished = defer.Deferred() response.deliverBody(BodyReceiver(finished)) - finished.addCallback(self._processResponseBody, - body_processor) + finished.addCallback(self._processResponseBody, request, + response, body_processor) return finished - def randomize_useragent(self): + def randomize_useragent(self, request): user_agent = random.choice(userAgents) - self.request['headers']['User-Agent'] = [user_agent] + request['headers']['User-Agent'] = [user_agent]

1 0

[ooni-probe/master] Rename url list test to HTTP URL List
by art＠torproject.org 20 Nov '12

20 Nov '12

commit 5944c3c16c16df0c5a6103193b0753b2456a6360 Author: Arturo Filastò <art(a)fuffa.org> Date: Tue Nov 20 17:40:13 2012 +0100 Rename url list test to HTTP URL List * Refactor of the test logic --- nettests/core/http_url_list.py | 75 ++++++++++++++++++++++++++++++++++++++++ nettests/core/url_list.py | 71 ------------------------------------- 2 files changed, 75 insertions(+), 71 deletions(-) diff --git a/nettests/core/http_url_list.py b/nettests/core/http_url_list.py new file mode 100644 index 0000000..7d0fd5e --- /dev/null +++ b/nettests/core/http_url_list.py @@ -0,0 +1,75 @@ +# -*- encoding: utf-8 -*- +# +# :authors: Arturo Filastò +# :licence: see LICENSE + +from twisted.internet import defer +from twisted.python import usage +from ooni.templates import httpt + +class UsageOptions(usage.Options): + optParameters = [['content', 'c', None, + 'The file to read from containing the content of a block page'], + ['url', 'u', None, 'Specify a single URL to test.'] + ] + +class HTTPURLList(httpt.HTTPTest): + """ + Performs GET, POST and PUT requests to a list of URLs specified as + input and checks if the page that we get back as a result matches that + which we expect. + """ + name = "HTTP URL List" + author = "Arturo Filastò" + version = "0.1.3" + + usageOptions = UsageOptions + + inputFile = ['file', 'f', None, + 'List of URLS to perform GET and POST requests to'] + + def setUp(self): + """ + Check for inputs. + """ + if self.input: + self.url = self.input + elif self.localOptions['url']: + self.url = self.localOptions['url'] + else: + raise Exception("No input specified") + + def check_for_content_censorship(self, body): + """ + If we have specified what a censorship page looks like here we will + check if the page we are looking at matches it. + + XXX this is not tested, though it is basically what was used to detect + censorship in the palestine case. + """ + self.report['censored'] = True + + censorship_page = open(self.localOptions['content']) + response_page = iter(body.split("\n")) + + for censorship_line in censorship_page.xreadlines(): + response_line = response_page.next() + if response_line != censorship_line: + self.report['censored'] = False + break + censorship_page.close() + + def processResponseBody(self, body): + if self.localOptions['content']: + self.check_for_content_censorship(body) + + def test_get(self): + return self.doRequest(self.url, method="GET") + + def test_post(self): + return self.doRequest(self.url, method="POST") + + def test_put(self): + return self.doRequest(self.url, method="PUT") + + diff --git a/nettests/core/url_list.py b/nettests/core/url_list.py deleted file mode 100644 index e7178e7..0000000 --- a/nettests/core/url_list.py +++ /dev/null @@ -1,71 +0,0 @@ -# -*- encoding: utf-8 -*- -# -# :authors: Arturo Filastò -# :licence: see LICENSE - -from twisted.python import usage -from ooni.templates import httpt - -class UsageOptions(usage.Options): - optParameters = [['content', 'c', None, - 'The file to read from containing the content of a block page'], - ['url', 'u', None, 'Specify a single URL to test.'] - ] - -class URLList(httpt.HTTPTest): - """ - Performs GET, POST and PUT requests to a list of URLs specified as - input and checks if the page that we get back as a result matches that - which we expect. - """ - name = "URL List" - author = "Arturo Filastò" - version = "0.1.2" - - usageOptions = UsageOptions - - inputFile = ['file', 'f', None, - 'List of URLS to perform GET and POST requests to'] - - def setUp(self): - """ - Check for inputs. - """ - if self.input: - self.url = self.input - elif self.localOptions['url']: - self.url = self.localOptions['url'] - else: - raise Exception("No input specified") - - def check_for_censorship(self, body): - """ - If we have specified what a censorship page looks like here we will - check if the page we are looking at matches it. - - XXX this is not tested, though it is basically what was used to detect - censorship in the palestine case. - """ - if self.localOptions['content']: - self.report['censored'] = True - - censorship_page = open(self.localOptions['content']) - response_page = iter(body.split("\n")) - - for censorship_line in censorship_page.xreadlines(): - response_line = response_page.next() - if response_line != censorship_line: - self.report['censored'] = False - break - censorship_page.close() - - def test_get(self): - return self.doRequest(self.url, method="GET") - - def test_post(self): - return self.doRequest(self.url, method="POST") - - def test_put(self): - return self.doRequest(self.url, method="PUT") - -

1 0