[forwardport] fix(qa): adapt to new wcth (#691)

This diff forward ports 36ba3630c9002db0bd79e3a7e49641ce6b665471,
whose original commit message follows:

- - -

This diff contains minimal changes to make webconnectivity QA
WAI with the new Web Connectivity test helper.

It seems we're currently doing round robin between the old and
the new implementation, so I needed to locally pin my probes
to use the new implementation by changing the code. But, obviously,
I don't want to commit this code.

Likewise, in my working environment, I need to build the docker
container using `docker buildx build --platform linux/amd64`, but
I am not sure whether to commit this code.

While there, I noticed there was a missing QA test for the case
in which we're passing through a transparent HTTP proxy. I noticed
as well that the test that said it was passing through such a
proxy was actually using a transparent TLS proxy. I remediated
this by ensuring we have a test for both cases.

The other major change in the suite is that, when using the new TH,
there's uncommon headers intersection in some tests, so we have
had a flip from headers not matching to headers matching.

Finally, some formatting changes because I did re-run black.

These changes should be enough to call it a day with respect to
QA (see https://github.com/ooni/probe/issues/2016#issuecomment-1033813344).

This diff WILL need to be forward ported to master.

(I don't know whether the GitHub QA will converge after these changes
and I suspect it won't because of the test helper round robin.)
This commit is contained in:
Simone Basso 2022-02-09 23:09:37 +01:00 committed by GitHub
parent 7bbd36a434
commit e72263dacb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 87 additions and 46 deletions

2
.gitignore vendored
View File

@ -1,11 +1,13 @@
/apitool /apitool
/apitool.exe /apitool.exe
/*.asc /*.asc
/badproxy.pem
/coverage.cov /coverage.cov
/*.deb /*.deb
/DEBIAN_INSTALLED_PACKAGE.txt /DEBIAN_INSTALLED_PACKAGE.txt
/debops-ci /debops-ci
.DS_Store .DS_Store
/jafar
/*.jsonl /*.jsonl
/miniooni /miniooni
/miniooni.exe /miniooni.exe

View File

@ -7,15 +7,9 @@
network conditions and verifies that the measurement is consistent network conditions and verifies that the measurement is consistent
with the expectations, by parsing the resulting JSONL. """ with the expectations, by parsing the resulting JSONL. """
import contextlib
import json
import os
import shlex
import socket import socket
import subprocess
import sys import sys
import time import time
import urllib.parse
sys.path.insert(0, ".") sys.path.insert(0, ".")
import common import common
@ -29,6 +23,18 @@ def execute_jafar_and_return_validated_test_keys(
tk = common.execute_jafar_and_miniooni( tk = common.execute_jafar_and_miniooni(
ooni_exe, outfile, experiment_args, tag, args ooni_exe, outfile, experiment_args, tag, args
) )
print("dns_experiment_failure", tk["dns_experiment_failure"], file=sys.stderr)
print("dns_consistency", tk["dns_consistency"], file=sys.stderr)
print("control_failure", tk["control_failure"], file=sys.stderr)
print("http_experiment_failure", tk["http_experiment_failure"], file=sys.stderr)
print("tk_body_length_match", tk["body_length_match"], file=sys.stderr)
print("body_proportion", tk["body_proportion"], file=sys.stderr)
print("status_code_match", tk["status_code_match"], file=sys.stderr)
print("headers_match", tk["headers_match"], file=sys.stderr)
print("title_match", tk["title_match"], file=sys.stderr)
print("blocking", tk["blocking"], file=sys.stderr)
print("accessible", tk["accessible"], file=sys.stderr)
print("x_status", tk["x_status"], file=sys.stderr)
return tk return tk
@ -46,6 +52,8 @@ def webconnectivity_https_ok_with_control_failure(ooni_exe, outfile):
args = [ args = [
"-iptables-reset-keyword", "-iptables-reset-keyword",
"wcth.ooni.io", "wcth.ooni.io",
"-iptables-reset-keyword",
"th.ooni.org",
] ]
tk = execute_jafar_and_return_validated_test_keys( tk = execute_jafar_and_return_validated_test_keys(
ooni_exe, ooni_exe,
@ -77,6 +85,8 @@ def webconnectivity_http_ok_with_control_failure(ooni_exe, outfile):
args = [ args = [
"-iptables-reset-keyword", "-iptables-reset-keyword",
"wcth.ooni.io", "wcth.ooni.io",
"-iptables-reset-keyword",
"th.ooni.org",
] ]
tk = execute_jafar_and_return_validated_test_keys( tk = execute_jafar_and_return_validated_test_keys(
ooni_exe, ooni_exe,
@ -102,13 +112,39 @@ def webconnectivity_http_ok_with_control_failure(ooni_exe, outfile):
def webconnectivity_transparent_http_proxy(ooni_exe, outfile): def webconnectivity_transparent_http_proxy(ooni_exe, outfile):
"""Test case where we pass through a transparent HTTP proxy""" """Test case where we pass through a transparent HTTP proxy"""
args = [] args = []
args.append("-iptables-hijack-http-to")
args.append("127.0.0.1:80")
tk = execute_jafar_and_return_validated_test_keys(
ooni_exe,
outfile,
"-i http://example.org web_connectivity",
"webconnectivity_transparent_http_proxy",
args,
)
assert tk["dns_experiment_failure"] == None
assert tk["dns_consistency"] == "consistent"
assert tk["control_failure"] == None
assert tk["http_experiment_failure"] == None
assert tk["body_length_match"] == True
assert tk["body_proportion"] == 1
assert tk["status_code_match"] == True
assert tk["headers_match"] == True
assert tk["title_match"] == True
assert tk["blocking"] == False
assert tk["accessible"] == True
assert_status_flags_are(ooni_exe, tk, 2)
def webconnectivity_transparent_https_proxy(ooni_exe, outfile):
"""Test case where we pass through a transparent HTTPS proxy"""
args = []
args.append("-iptables-hijack-https-to") args.append("-iptables-hijack-https-to")
args.append("127.0.0.1:443") args.append("127.0.0.1:443")
tk = execute_jafar_and_return_validated_test_keys( tk = execute_jafar_and_return_validated_test_keys(
ooni_exe, ooni_exe,
outfile, outfile,
"-i https://example.org web_connectivity", "-i https://example.org web_connectivity",
"webconnectivity_transparent_http_proxy", "webconnectivity_transparent_https_proxy",
args, args,
) )
assert tk["dns_experiment_failure"] == None assert tk["dns_experiment_failure"] == None
@ -159,6 +195,8 @@ def webconnectivity_control_unreachable_and_using_http(ooni_exe, outfile):
args = [] args = []
args.append("-iptables-reset-keyword") args.append("-iptables-reset-keyword")
args.append("wcth.ooni.io") args.append("wcth.ooni.io")
args.append("-iptables-reset-keyword")
args.append("th.ooni.org")
tk = execute_jafar_and_return_validated_test_keys( tk = execute_jafar_and_return_validated_test_keys(
ooni_exe, ooni_exe,
outfile, outfile,
@ -555,7 +593,7 @@ def webconnectivity_http_diff_with_inconsistent_dns(ooni_exe, outfile):
assert tk["body_length_match"] == False assert tk["body_length_match"] == False
assert tk["body_proportion"] < 1 assert tk["body_proportion"] < 1
assert tk["status_code_match"] == False assert tk["status_code_match"] == False
assert tk["headers_match"] == False assert tk["headers_match"] == True
assert tk["title_match"] == False assert tk["title_match"] == False
assert tk["blocking"] == "dns" assert tk["blocking"] == "dns"
assert tk["accessible"] == False assert tk["accessible"] == False
@ -584,7 +622,7 @@ def webconnectivity_http_diff_with_consistent_dns(ooni_exe, outfile):
assert tk["body_length_match"] == False assert tk["body_length_match"] == False
assert tk["body_proportion"] < 1 assert tk["body_proportion"] < 1
assert tk["status_code_match"] == False assert tk["status_code_match"] == False
assert tk["headers_match"] == False assert tk["headers_match"] == True
assert tk["title_match"] == False assert tk["title_match"] == False
assert tk["blocking"] == "http-diff" assert tk["blocking"] == "http-diff"
assert tk["accessible"] == False assert tk["accessible"] == False
@ -824,6 +862,7 @@ def main():
webconnectivity_https_ok_with_control_failure, webconnectivity_https_ok_with_control_failure,
webconnectivity_http_ok_with_control_failure, webconnectivity_http_ok_with_control_failure,
webconnectivity_transparent_http_proxy, webconnectivity_transparent_http_proxy,
webconnectivity_transparent_https_proxy,
webconnectivity_dns_hijacking, webconnectivity_dns_hijacking,
webconnectivity_control_unreachable_and_using_http, webconnectivity_control_unreachable_and_using_http,
webconnectivity_nonexistent_domain, webconnectivity_nonexistent_domain,