cleanup(shellx): do not directly depend on apex/log (#357)

2021-06-04 14:02:18 +02:00
parent 944d3c53fa
commit 39aec6677d
8 changed files with 52 additions and 39 deletions
@@ -291,7 +291,7 @@ func TestHijackHTTP(t *testing.T) {
 	if err := policy.Apply(); err != nil {
 		t.Fatal(err)
 	}
-	err = shellx.Run("sudo", "-u", "nobody", "--",
+	err = shellx.Run(log.Log, "sudo", "-u", "nobody", "--",
 		"curl", "-sf", "http://example.com")
 	if err == nil {
 		t.Fatal("expected an error here")
@@ -330,7 +330,7 @@ func TestHijackHTTPS(t *testing.T) {
 	if err := policy.Apply(); err != nil {
 		t.Fatal(err)
 	}
-	err = shellx.Run("sudo", "-u", "nobody", "--",
+	err = shellx.Run(log.Log, "sudo", "-u", "nobody", "--",
 		"curl", "-sf", "https://example.com")
 	if err == nil {
 		t.Fatal("expected an error here")
@@ -3,6 +3,7 @@
 package iptables

 import (
+	"github.com/apex/log"
 	"github.com/ooni/probe-cli/v3/internal/runtimex"
 	"github.com/ooni/probe-cli/v3/internal/shellx"
 )
@@ -15,55 +16,56 @@ func (s *linuxShell) createChains() (err error) {
 			// JUST KNOW WE'VE BEEN HERE
 		}
 	}()
-	err = shellx.Run("sudo", "iptables", "-N", "JAFAR_INPUT")
+	err = shellx.Run(log.Log, "sudo", "iptables", "-N", "JAFAR_INPUT")
 	runtimex.PanicOnError(err, "cannot create JAFAR_INPUT chain")
-	err = shellx.Run("sudo", "iptables", "-N", "JAFAR_OUTPUT")
+	err = shellx.Run(log.Log, "sudo", "iptables", "-N", "JAFAR_OUTPUT")
 	runtimex.PanicOnError(err, "cannot create JAFAR_OUTPUT chain")
-	err = shellx.Run("sudo", "iptables", "-t", "nat", "-N", "JAFAR_NAT_OUTPUT")
+	err = shellx.Run(log.Log, "sudo", "iptables", "-t", "nat", "-N", "JAFAR_NAT_OUTPUT")
 	runtimex.PanicOnError(err, "cannot create JAFAR_NAT_OUTPUT chain")
-	err = shellx.Run("sudo", "iptables", "-I", "OUTPUT", "-j", "JAFAR_OUTPUT")
+	err = shellx.Run(log.Log, "sudo", "iptables", "-I", "OUTPUT", "-j", "JAFAR_OUTPUT")
 	runtimex.PanicOnError(err, "cannot insert jump to JAFAR_OUTPUT")
-	err = shellx.Run("sudo", "iptables", "-I", "INPUT", "-j", "JAFAR_INPUT")
+	err = shellx.Run(log.Log, "sudo", "iptables", "-I", "INPUT", "-j", "JAFAR_INPUT")
 	runtimex.PanicOnError(err, "cannot insert jump to JAFAR_INPUT")
-	err = shellx.Run("sudo", "iptables", "-t", "nat", "-I", "OUTPUT", "-j", "JAFAR_NAT_OUTPUT")
+	err = shellx.Run(log.Log, "sudo", "iptables", "-t", "nat", "-I", "OUTPUT", "-j", "JAFAR_NAT_OUTPUT")
 	runtimex.PanicOnError(err, "cannot insert jump to JAFAR_NAT_OUTPUT")
 	return nil
 }

 func (s *linuxShell) dropIfDestinationEquals(ip string) error {
-	return shellx.Run("sudo", "iptables", "-A", "JAFAR_OUTPUT", "-d", ip, "-j", "DROP")
+	return shellx.Run(log.Log,
+		"sudo", "iptables", "-A", "JAFAR_OUTPUT", "-d", ip, "-j", "DROP")
 }

 func (s *linuxShell) rstIfDestinationEqualsAndIsTCP(ip string) error {
-	return shellx.Run(
+	return shellx.Run(log.Log,
 		"sudo", "iptables", "-A", "JAFAR_OUTPUT", "--proto", "tcp", "-d", ip,
 		"-j", "REJECT", "--reject-with", "tcp-reset",
 	)
 }

 func (s *linuxShell) dropIfContainsKeywordHex(keyword string) error {
-	return shellx.Run(
+	return shellx.Run(log.Log,
 		"sudo", "iptables", "-A", "JAFAR_OUTPUT", "-m", "string", "--algo", "kmp",
 		"--hex-string", keyword, "-j", "DROP",
 	)
 }

 func (s *linuxShell) dropIfContainsKeyword(keyword string) error {
-	return shellx.Run(
+	return shellx.Run(log.Log,
 		"sudo", "iptables", "-A", "JAFAR_OUTPUT", "-m", "string", "--algo", "kmp",
 		"--string", keyword, "-j", "DROP",
 	)
 }

 func (s *linuxShell) rstIfContainsKeywordHexAndIsTCP(keyword string) error {
-	return shellx.Run(
+	return shellx.Run(log.Log,
 		"sudo", "iptables", "-A", "JAFAR_OUTPUT", "-m", "string", "--proto", "tcp", "--algo",
 		"kmp", "--hex-string", keyword, "-j", "REJECT", "--reject-with", "tcp-reset",
 	)
 }

 func (s *linuxShell) rstIfContainsKeywordAndIsTCP(keyword string) error {
-	return shellx.Run(
+	return shellx.Run(log.Log,
 		"sudo", "iptables", "-A", "JAFAR_OUTPUT", "-m", "string", "--proto", "tcp", "--algo",
 		"kmp", "--string", keyword, "-j", "REJECT", "--reject-with", "tcp-reset",
 	)
@@ -73,7 +75,7 @@ func (s *linuxShell) hijackDNS(address string) error {
 	// Hijack any DNS query, like the Vodafone station does when using the
 	// secure network feature. Our transparent proxies will use DoT, in order
 	// to bypass this restriction and avoid routing loop.
-	return shellx.Run(
+	return shellx.Run(log.Log,
 		"sudo", "iptables", "-t", "nat", "-A", "JAFAR_NAT_OUTPUT", "-p", "udp",
 		"--dport", "53", "-j", "DNAT", "--to", address,
 	)
@@ -82,7 +84,7 @@ func (s *linuxShell) hijackDNS(address string) error {
 func (s *linuxShell) hijackHTTPS(address string) error {
 	// We need to whitelist root otherwise the traffic sent by Jafar
 	// itself will match the rule and loop.
-	return shellx.Run(
+	return shellx.Run(log.Log,
 		"sudo", "iptables", "-t", "nat", "-A", "JAFAR_NAT_OUTPUT", "-p", "tcp",
 		"--dport", "443", "-m", "owner", "!", "--uid-owner", "0",
 		"-j", "DNAT", "--to", address,
@@ -92,7 +94,7 @@ func (s *linuxShell) hijackHTTPS(address string) error {
 func (s *linuxShell) hijackHTTP(address string) error {
 	// We need to whitelist root otherwise the traffic sent by Jafar
 	// itself will match the rule and loop.
-	return shellx.Run(
+	return shellx.Run(log.Log,
 		"sudo", "iptables", "-t", "nat", "-A", "JAFAR_NAT_OUTPUT", "-p", "tcp",
 		"--dport", "80", "-m", "owner", "!", "--uid-owner", "0",
 		"-j", "DNAT", "--to", address,
@@ -276,7 +276,7 @@ func main() {
 	policy := iptablesStart()
 	var err error
 	if *mainCommand != "" {
-		err = shellx.RunCommandline(fmt.Sprintf(
+		err = shellx.RunCommandline(log.Log, fmt.Sprintf(
 			"sudo -u '%s' -- %s", *mainUser, *mainCommand,
 		))
 	} else {
@@ -6,6 +6,7 @@ import (
 	"runtime"
 	"testing"

+	"github.com/apex/log"
 	"github.com/ooni/probe-cli/v3/internal/cmd/jafar/iptables"
 	"github.com/ooni/probe-cli/v3/internal/shellx"
 )
@@ -74,7 +75,7 @@ func TestMustx(t *testing.T) {
 			called   int
 			exitcode int
 		)
-		err := shellx.Run("curl", "-sf", "") // cause exitcode == 3
+		err := shellx.Run(log.Log, "curl", "-sf", "") // cause exitcode == 3
 		mustx(err, "", func(ec int) {
 			called++
 			exitcode = ec