PageRenderTime 40ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 0ms

/features/step_definitions/firewall_leaks.rb

https://gitlab.com/JesseW/tails
Ruby | 61 lines | 60 code | 1 blank | 0 comment | 3 complexity | 43757d7e57deb75a52d7499a663dfd93 MD5 | raw file
Possible License(s): GPL-3.0, CC-BY-3.0 
    

  1. Then(/^the firewall leak detector has detected (.*?) leaks$/) do |type|
    2. 

  2.   next if @skip_steps_while_restoring_background
    3. 

  3.   leaks = FirewallLeakCheck.new(@sniffer.pcap_file,
    4. 

  4.                                 :accepted_hosts => get_all_tor_nodes)
    5. 

  5.   case type.downcase
    6. 

  6.   when 'ipv4 tcp'
    7. 

  7.     if leaks.ipv4_tcp_leaks.empty?
    8. 

  8.       leaks.save_pcap_file
    9. 

  9.       raise "Couldn't detect any IPv4 TCP leaks"
    10. 

  10.     end
    11. 

  11.   when 'ipv4 non-tcp'
    12. 

  12.     if leaks.ipv4_nontcp_leaks.empty?
    13. 

  13.       leaks.save_pcap_file
    14. 

  14.       raise "Couldn't detect any IPv4 non-TCP leaks"
    15. 

  15.     end
    16. 

  16.   when 'ipv6'
    17. 

  17.     if leaks.ipv6_leaks.empty?
    18. 

  18.       leaks.save_pcap_file
    19. 

  19.       raise "Couldn't detect any IPv6 leaks"
    20. 

  20.     end
    21. 

  21.   when 'non-ip'
    22. 

  22.     if leaks.nonip_leaks.empty?
    23. 

  23.       leaks.save_pcap_file
    24. 

  24.       raise "Couldn't detect any non-IP leaks"
    25. 

  25.     end
    26. 

  26.   else
    27. 

  27.     raise "Incorrect packet type '#{type}'"
    28. 

  28.   end
    29. 

  29. end
    30. 

  30. 

  31. Given(/^I disable Tails' firewall$/) do
    32. 

  32.   next if @skip_steps_while_restoring_background
    33. 

  33.   @vm.execute("do_not_ever_run_me")
    34. 

  34.   iptables = @vm.execute("iptables -L -n -v").stdout.chomp.split("\n")
    35. 

  35.   for line in iptables do
    36. 

  36.     if !line[/Chain (INPUT|OUTPUT|FORWARD) \(policy ACCEPT/] and
    37. 

  37.        !line[/pkts[[:blank:]]+bytes[[:blank:]]+target/] and
    38. 

  38.        !line.empty?
    39. 

  39.       raise "The Tails firewall was not successfully disabled:\n#{iptables}"
    40. 

  40.     end
    41. 

  41.   end
    42. 

  42. end
    43. 

  43. 

  44. When(/^I do a TCP DNS lookup of "(.*?)"$/) do |host|
    45. 

  45.   next if @skip_steps_while_restoring_background
    46. 

  46.   lookup = @vm.execute("host -T #{host} #{SOME_DNS_SERVER}", LIVE_USER)
    47. 

  47.   assert(lookup.success?, "Failed to resolve #{host}:\n#{lookup.stdout}")
    48. 

  48. end
    49. 

  49. 

  50. When(/^I do a UDP DNS lookup of "(.*?)"$/) do |host|
    51. 

  51.   next if @skip_steps_while_restoring_background
    52. 

  52.   lookup = @vm.execute("host #{host} #{SOME_DNS_SERVER}", LIVE_USER)
    53. 

  53.   assert(lookup.success?, "Failed to resolve #{host}:\n#{lookup.stdout}")
    54. 

  54. end
    55. 

  55. 

  56. When(/^I send some ICMP pings$/) do
    57. 

  57.   next if @skip_steps_while_restoring_background
    58. 

  58.   # We ping an IP address to avoid a DNS lookup
    59. 

  59.   ping = @vm.execute("ping -c 5 #{SOME_DNS_SERVER}", LIVE_USER)
    60. 

  60.   assert(ping.success?, "Failed to ping #{SOME_DNS_SERVER}:\n#{ping.stderr}")
    61. 

  61. end
    62. 

  62.