c/ooni-probe-cli
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
0317420398
ooni-probe-cli/internal/engine/netx/selfcensor/selfcensor_test.go
Simone Basso d57c78bc71
chore: merge probe-engine into probe-cli (#201) 
This is how I did it:

1. `git clone https://github.com/ooni/probe-engine internal/engine`

2. ```
(cd internal/engine && git describe --tags)
v0.23.0
```

3. `nvim go.mod` (merging `go.mod` with `internal/engine/go.mod`

4. `rm -rf internal/.git internal/engine/go.{mod,sum}`

5. `git add internal/engine`

6. `find . -type f -name \*.go -exec sed -i 's@/ooni/probe-engine@/ooni/probe-cli/v3/internal/engine@g' {} \;`

7. `go build ./...` (passes)

8. `go test -race ./...` (temporary failure on RiseupVPN)

9. `go mod tidy`

10. this commit message

Once this piece of work is done, we can build a new version of `ooniprobe` that
is using `internal/engine` directly. We need to do more work to ensure all the
other functionality in `probe-engine` (e.g. making mobile packages) are still WAI.

Part of https://github.com/ooni/probe/issues/1335
2021-02-02 12:05:47 +01:00

272 lines
7.5 KiB
Go
Raw Blame History

package selfcensor_test
import (
"context"
"strings"
"testing"
"time"
"github.com/ooni/probe-cli/v3/internal/engine/netx"
"github.com/ooni/probe-cli/v3/internal/engine/netx/selfcensor"
)
// TestDisabled MUST be the first test in this file.
func TestDisabled(t *testing.T) {
if selfcensor.Enabled() != false {
t.Fatal("self censorship should be disabled by default")
}
if selfcensor.Attempts() != 0 {
t.Fatal("we expect no self censorship attempts at the beginning")
}
t.Run("the system resolver does not trigger selfcensor events", func(t *testing.T) {
addrs, err := selfcensor.SystemResolver{}.LookupHost(
context.Background(), "dns.google",
)
if err != nil {
t.Fatal(err)
}
if addrs == nil {
t.Fatal("expected non-nil addrs here")
}
if selfcensor.Attempts() != 0 {
t.Fatal("we expect no self censorship attempts by default")
}
})
t.Run("the system dialer does not trigger selfcensor events", func(t *testing.T) {
conn, err := selfcensor.SystemDialer{}.DialContext(
context.Background(), "tcp", "8.8.8.8:443",
)
if err != nil {
t.Fatal(err)
}
if conn == nil {
t.Fatal("expected non-nil conn here")
}
conn.Close()
if selfcensor.Attempts() != 0 {
t.Fatal("we expect no self censorship attempts by default")
}
})
}
// TestDisabled MUST be the second test in this file.
func TestEnableInvalidJSON(t *testing.T) {
if selfcensor.Enabled() != false {
t.Fatal("we need to start with self censorship not enabled")
}
err := selfcensor.Enable("{")
if err == nil || !strings.HasSuffix(err.Error(), "unexpected end of JSON input") {
t.Fatal("not the error we expectd")
}
if selfcensor.Enabled() != false {
t.Fatal("we expected self censorship to still be not enabled")
}
}
// TestMaybeEnableWorksAsIntended MUST be the second test in this file.
func TestMaybeEnableWorksAsIntended(t *testing.T) {
if selfcensor.Enabled() != false {
t.Fatal("we need to start with self censorship not enabled")
}
err := selfcensor.MaybeEnable("")
if err != nil {
t.Fatal(err)
}
if selfcensor.Enabled() != false {
t.Fatal("we expected self censorship to still be not enabled")
}
}
func TestResolveCauseNXDOMAIN(t *testing.T) {
err := selfcensor.MaybeEnable(`{"PoisonSystemDNS":{"dns.google":["NXDOMAIN"]}}`)
if err != nil {
t.Fatal(err)
}
if selfcensor.Enabled() != true {
t.Fatal("we expected self censorship to be enabled now")
}
addrs, err := selfcensor.SystemResolver{}.LookupHost(
context.Background(), "dns.google",
)
if err == nil || !strings.HasSuffix(err.Error(), "no such host") {
t.Fatal("not the error we expected")
}
if addrs != nil {
t.Fatal("expected nil addrs here")
}
}
func TestResolveCauseTimeout(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
defer cancel()
err := selfcensor.MaybeEnable(`{"PoisonSystemDNS":{"dns.google":["TIMEOUT"]}}`)
if err != nil {
t.Fatal(err)
}
if selfcensor.Enabled() != true {
t.Fatal("we expected self censorship to be enabled now")
}
addrs, err := selfcensor.SystemResolver{}.LookupHost(ctx, "dns.google")
if err == nil || err.Error() != "i/o timeout" {
t.Fatal("not the error we expected")
}
if addrs != nil {
t.Fatal("expected nil addrs here")
}
}
func TestResolveCauseBogon(t *testing.T) {
err := selfcensor.MaybeEnable(`{"PoisonSystemDNS":{"dns.google":["10.0.0.7"]}}`)
if err != nil {
t.Fatal(err)
}
if selfcensor.Enabled() != true {
t.Fatal("we expected self censorship to be enabled now")
}
addrs, err := selfcensor.SystemResolver{}.LookupHost(
context.Background(), "dns.google")
if err != nil {
t.Fatal(err)
}
if len(addrs) != 1 || addrs[0] != "10.0.0.7" {
t.Fatal("not the addrs we expected")
}
}
func TestResolveCheckNetworkAndAddress(t *testing.T) {
err := selfcensor.MaybeEnable(`{"PoisonSystemDNS":{"dns.google":["10.0.0.7"]}}`)
if err != nil {
t.Fatal(err)
}
if selfcensor.Enabled() != true {
t.Fatal("we expected self censorship to be enabled now")
}
reso := selfcensor.SystemResolver{}
if reso.Network() != "system" {
t.Fatal("invalid Network")
}
if reso.Address() != "" {
t.Fatal("invalid Address")
}
}
func TestDialHandlesErrorsWithBlockedFingerprints(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
cancel() // so we should fail immediately!
err := selfcensor.MaybeEnable(`{"BlockedFingerprints":{"dns.google":"TIMEOUT"}}`)
if err != nil {
t.Fatal(err)
}
if selfcensor.Enabled() != true {
t.Fatal("we expected self censorship to be enabled now")
}
addrs, err := selfcensor.SystemDialer{}.DialContext(ctx, "tcp", "8.8.8.8:443")
if err == nil || !strings.HasSuffix(err.Error(), "operation was canceled") {
t.Fatal("not the error we expected")
}
if addrs != nil {
t.Fatal("expected nil addrs here")
}
}
func TestDialCauseTimeout(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
defer cancel()
err := selfcensor.MaybeEnable(`{"BlockedEndpoints":{"8.8.8.8:443":"TIMEOUT"}}`)
if err != nil {
t.Fatal(err)
}
if selfcensor.Enabled() != true {
t.Fatal("we expected self censorship to be enabled now")
}
addrs, err := selfcensor.SystemDialer{}.DialContext(ctx, "tcp", "8.8.8.8:443")
if err == nil || err.Error() != "i/o timeout" {
t.Fatal("not the error we expected")
}
if addrs != nil {
t.Fatal("expected nil addrs here")
}
}
func TestDialCauseConnectionRefused(t *testing.T) {
err := selfcensor.MaybeEnable(`{"BlockedEndpoints":{"8.8.8.8:443":"REJECT"}}`)
if err != nil {
t.Fatal(err)
}
if selfcensor.Enabled() != true {
t.Fatal("we expected self censorship to be enabled now")
}
addrs, err := selfcensor.SystemDialer{}.DialContext(
context.Background(), "tcp", "8.8.8.8:443")
if err == nil || !strings.HasSuffix(err.Error(), "connection refused") {
t.Fatal("not the error we expected")
}
if addrs != nil {
t.Fatal("expected nil addrs here")
}
}
func TestBlockedFingerprintsTimeout(t *testing.T) {
err := selfcensor.MaybeEnable(`{"BlockedFingerprints":{"dns.google":"TIMEOUT"}}`)
if err != nil {
t.Fatal(err)
}
if selfcensor.Enabled() != true {
t.Fatal("we expected self censorship to be enabled now")
}
tlsDialer := netx.NewTLSDialer(netx.Config{
Dialer: selfcensor.SystemDialer{},
})
conn, err := tlsDialer.DialTLSContext(
context.Background(), "tcp", "dns.google:443")
if err == nil || err.Error() != "generic_timeout_error" {
t.Fatal("not the error expected")
}
if conn != nil {
t.Fatal("expected nil conn here")
}
}
func TestBlockedFingerprintsNoMatch(t *testing.T) {
err := selfcensor.MaybeEnable(`{"BlockedFingerprints":{"ooni.io":"TIMEOUT"}}`)
if err != nil {
t.Fatal(err)
}
if selfcensor.Enabled() != true {
t.Fatal("we expected self censorship to be enabled now")
}
tlsDialer := netx.NewTLSDialer(netx.Config{
Dialer: selfcensor.SystemDialer{},
})
conn, err := tlsDialer.DialTLSContext(
context.Background(), "tcp", "dns.google:443")
if err != nil {
t.Fatal(err)
}
if conn == nil {
t.Fatal("expected non-nil conn here")
}
conn.Close()
}
func TestBlockedFingerprintsConnectionReset(t *testing.T) {
err := selfcensor.MaybeEnable(`{"BlockedFingerprints":{"dns.google":"RST"}}`)
if err != nil {
t.Fatal(err)
}
if selfcensor.Enabled() != true {
t.Fatal("we expected self censorship to be enabled now")
}
tlsDialer := netx.NewTLSDialer(netx.Config{
Dialer: selfcensor.SystemDialer{},
})
conn, err := tlsDialer.DialTLSContext(
context.Background(), "tcp", "dns.google:443")
if err == nil || err.Error() != "connection_reset" {
t.Fatal("not the error we expected")
}
if conn != nil {
t.Fatal("expected nil conn here")
}
}
Reference in New Issue View Git Blame Copy Permalink