[tor-talk] Continuous Integration for testing application proxy leaks?

[Jeremy Rand]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Has anyone tried using continuous integration tools like Travis CI to
find proxy leaks in applications? The rough idea I had was to run all
the existing unit/integration tests for the application, wrapped in
something like:

strace -f -e
trace=socket,getsockopt,setsockopt,getsockname,connect,bind,send,sendto,
sendmsg,recv,recvfrom,recvmsg
./run_tests.sh

and use grep on the resulting output to find any results that connect
to anything other than the configured proxy. (This assumes that the
application has good test coverage already.) I'm curious if someone
has already tried to tackle this, or if there's a better way.

(H/t to pabouk at https://tor.stackexchange.com/a/118 for the idea of
using strace.)

Cheers,
- -- 
- -Jeremy Rand
Lead Application Engineer at Namecoin
Mobile email: jeremyrandmobile at airmail.cc
Mobile OpenPGP: 2158 0643 C13B B40F B0FD 5854 B007 A32D AB44 3D9C
Send non-security-critical things to my Mobile with OpenPGP.
Please don't send me unencrypted messages.
My business email jeremy at veclabs.net is having technical issues at the
moment.
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJZIP9GAAoJELPy0WV4bWVwUIwP/0yljcU/E7VBVfdMAldrevWy
ZePhkYR2j8nr5siDN2BxhdY/z44cFkp/r6OHjiS8WLhFlCyh7bUxtAxczuYsQ+8V
HKd3rP/tnTRXlgtmZk36YmggPa7Itw3kz4Ing38KFYe35Bo6NI8OQgO9zGZ5runt
exzp4feDF2Y2UUyFcef90fanznInAf9Z7qegx671NCYpvAAMdBzelSmRI0PYFd1t
YhqqgUozm0v26lQuVsM4ZaYuVOjtFkZFCZcXJlq2bNJwcE6UiMBFp2lPUA9Mu1WK
7YXP1DTZdSwNgNUgBtYXnnNngPEIdaZSP/FQWgIqq1bcfzpaRCGZK36cZv0nwzJi
amAkbvEaF7yjLA9kkQV0R3tT8ZGbJnGcpy2ItulH5qiHe7LDWlqaNpm6xb+SxjxU
4M9sZHpbWMLrF8sDw/UoP7EVcVqHYeivNxEzb+d+ooTc8/VA/ST8Se3H53QMkfsG
3sxc6LOpx7P4o06AOJF1Rx9CRtiHykimPgTSya5uQFfVDG3aVf2JcICxVwf9x01a
oE1jJvGS/Nwz9m0XyDGAqGhNcUE0x1RVvDxdYejJH911fkIdZqU7iYQv2XEUMyCj
JnGM4h0NsCVsMGFR0t1hvW6NkhlwFZXeYe75tNJ/w+neoat+ajDeojiDkZzs9m4V
jrEw8y+yC+fi2ppX1VZD
=TAof
-----END PGP SIGNATURE-----