Skip to content

Instantly share code, notes, and snippets.

@danwang

danwang/gist:4233881

Created December 7, 2012 15:18
Show Gist options
  • Save danwang/4233881 to your computer and use it in GitHub Desktop.
Save danwang/4233881 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
--- ftp_test_suite_framework_update.py 2012-12-07 06:32:36.002404214 -0800
+++ ftp_test_suite_framework_update_2.py 2012-12-07 07:13:16.474522327 -0800
@@ -10,13 +10,13 @@
1206_704pm
"""
-"""
+"""
Tests a variety of Passive FTP behaviors.
* ---------------------------------------------
* To run a particular test, just comment out all the other ones. Tests should not depend on each other.
* ---------------------------------------------
* Recommended: turn on log.setLevel(logging.DEBUG) in testcase.py to debug, rather than adding in print statements here.
-* ---------------------------------------------
+* ---------------------------------------------
* Caveat for adding new tests: make sure to use different IP and port combinations for tests that would possibly conflict.
* ---------------------------------------------
"""
@@ -279,7 +279,7 @@
different_client_port_227_data[("10.1.1.1",5001,"5.5.5.5",1934)][True] += "since we don't assume what "
different_client_port_227_data[("10.1.1.1",5001,"5.5.5.5",1934)][True] += "srcport client uses, so "
different_client_port_227_data[("10.1.1.1",5001,"5.5.5.5",1934)][True] += "forget that (n+1) trickery. "
-different_client_port_227_data[("10.1.1.1",5001,"5.5.5.5",1934)][False] = "See piazza post 1026."
+different_client_port_227_data[("10.1.1.1",5001,"5.5.5.5",1934)][False] = "See piazza post 1026."
different_client_port_229 = {}
different_client_port_229[("10.1.1.1",1026,"12.5.5.5",21)] = {}
@@ -358,7 +358,7 @@
simultaneous_ftp_227_data_long_delay[("10.1.1.1",1027,"123.4.5.6",4182 )][True] = "open the minimum of "
simultaneous_ftp_227_data_long_delay[("10.1.1.1",1027,"123.4.5.6",4182 )][True] = "one connection or 10 "
simultaneous_ftp_227_data_long_delay[("10.1.1.1",1027,"123.4.5.6",4182 )][True] = "seconds."
-simultaneous_ftp_227_data_long_delay[("10.1.1.1",1027,"123.4.5.6",4182 )][False] = "See Piazza 1156, 1091."
+simultaneous_ftp_227_data_long_delay[("10.1.1.1",1027,"123.4.5.6",4182 )][False] = "See Piazza 1156, 1091."
simultaneous_ftp_229 = {}
simultaneous_ftp_229[("10.1.1.1",1026,"123.4.5.6",21)] = {}
@@ -379,7 +379,7 @@
simultaneous_ftp_229_data_long_delay[("10.1.1.1",1027,"123.4.5.6",33006)][True] = "open the minimum of "
simultaneous_ftp_229_data_long_delay[("10.1.1.1",1027,"123.4.5.6",33006)][True] = "one connection or 10 "
simultaneous_ftp_229_data_long_delay[("10.1.1.1",1027,"123.4.5.6",33006)][True] = "seconds."
-simultaneous_ftp_229_data_long_delay[("10.1.1.1",1027,"123.4.5.6",33006)][False] = "See Piazza 1156, 1091."
+simultaneous_ftp_229_data_long_delay[("10.1.1.1",1027,"123.4.5.6",33006)][False] = "See Piazza 1156, 1091."
multiline_ftp_227 = {}
multiline_ftp_227[("10.1.1.1",1050,"123.4.5.6",21)] = {}
@@ -397,7 +397,7 @@
split_multiline_ftp_227[("10.1.1.1",1050,"123.4.5.6",21)][False] = "PASV"
split_multiline_ftp_227[("10.1.1.1",1050,"123.4.5.6",21)][True] = "227-First line\n"
split_multiline_ftp_227[("10.1.1.1",1050,"123.4.5.6",21)][True] += "Entering Passive Mode (123,4,5,6,37,3).\n"
-split_multiline_ftp_227[("10.1.1.1",1050,"123.4.5.6",21)][True] += "227 Entering Passive Mode (123,4,5,6,37,3).\n"
+split_multiline_ftp_227[("10.1.1.1",1050,"123.4.5.6",21)][True] += "227 Entering Passive Mode (123,4,5,6,37,3)."
split_multiline_ftp_227_data = {}
split_multiline_ftp_227_data[("10.1.1.1",1051,"123.4.5.6",9475)] = {}
split_multiline_ftp_227_data[("10.1.1.1",1051,"123.4.5.6",9475)][True] = "This should pass. "
@@ -408,7 +408,7 @@
multiline_ftp_229[("10.1.1.1",1050,"123.4.5.6",21)][False] = "EPASV"
multiline_ftp_229[("10.1.1.1",1050,"123.4.5.6",21)][True] = "229-First line\n"
multiline_ftp_229[("10.1.1.1",1050,"123.4.5.6",21)][True] += "Entering Extended Passive Mode (|||7077|)\n"
-multiline_ftp_229[("10.1.1.1",1050,"123.4.5.6",21)][True] += "229 Entering Extended Passive Mode (|||7077|)\n"
+multiline_ftp_229[("10.1.1.1",1050,"123.4.5.6",21)][True] += "229 Entering Extended Passive Mode (|||7077|)"
multiline_ftp_229_data = {}
multiline_ftp_229_data[("10.1.1.1",1051,"123.4.5.6",7077)] = {}
multiline_ftp_229_data[("10.1.1.1",1051,"123.4.5.6",7077)][True] = "This should pass. "
@@ -419,7 +419,7 @@
split_multiline_ftp_229[("10.1.1.1",1050,"123.4.5.6",21)][False] = "EPASV"
split_multiline_ftp_229[("10.1.1.1",1050,"123.4.5.6",21)][True] = "229-First line\n"
split_multiline_ftp_229[("10.1.1.1",1050,"123.4.5.6",21)][True] += "Entering Extended Passive Mode (|||7078|)\n"
-split_multiline_ftp_229[("10.1.1.1",1050,"123.4.5.6",21)][True] += "229 Entering Extended Passive Mode (|||7078|)\n"
+split_multiline_ftp_229[("10.1.1.1",1050,"123.4.5.6",21)][True] += "229 Entering Extended Passive Mode (|||7078|)"
split_multiline_ftp_229_data = {}
split_multiline_ftp_229_data[("10.1.1.1",1051,"123.4.5.6",7078)] = {}
split_multiline_ftp_229_data[("10.1.1.1",1051,"123.4.5.6",7078)][True] = "This should pass. "
@@ -438,20 +438,20 @@
print "FTP Test Suite Start"
resetFirewall()
-
+
# //=========================================================================================
# Basic connection tests (test default behavior, before any FTP connections)
# //=========================================================================================
-
+
msg = "Denied connection outside port range (0, 1023)"
run_test(connection_test(unsafe_port, allowed=False))
msg = "Allowed connections within port range (0, 1023)"
run_test(connection_test(safe_port, allowed=True))
-
+
# //=========================================================================================
# Data transfer tests
# //=========================================================================================
-
+
# 227
msg = "Transferred data over a passive FTP (227) connection"
run_test(data_transfer_test([typical_ftp_227, typical_ftp_227_data]))
@@ -465,7 +465,7 @@
run_test(data_transfer_test([small_port_ftp_227, small_port_ftp_227_data]))
msg = "Transferred data over a passive FTP (227) connection that sends a multi-line 227 request"
run_test(data_transfer_test([multiline_ftp_227, multiline_ftp_227_data]))
-
+
# 229
msg = "Transferred data over a passive FTP (229) connection"
run_test(data_transfer_test([typical_ftp_229, typical_ftp_229_data]))
@@ -477,20 +477,20 @@
run_test(data_transfer_test([small_port_ftp_229, small_port_ftp_229_data]))
msg = "Transferred data over a passive FTP (229) connection that sends a multi-line 229 request"
run_test(data_transfer_test([multiline_ftp_229, multiline_ftp_229_data]))
-
- # Different servers and clients
+
+ # Different servers and clients
msg = "Denied data transfer from a different client (2.2.2.2) than the one that initiated the FTP connection (1.1.1.1)"
-
+
run_test(data_transfer_test([different_client_ip, different_client_ip_data], [True, False]))
msg = "Denied data transfer to a different server (6.6.6.6) than the server of the initial FTP connection (123.4.5.6)"
run_test(data_transfer_test([different_server_ip, different_server_ip_data], [True, False]))
msg = "Denied data transfer to the server (11.11.12.13) than the server advertised by the initial FTP connection (5.8.8.8) even though the initial server was (11.11.12.13)"
run_test(data_transfer_test([shady_ftp_227, shady_ftp_227_data], [True, False]))
-
+
# //=========================================================================================
# Malformed Responses
# //=========================================================================================
-
+
# 227
msg = "Denied data transfer to a server that sends a malformed 227 response (too few numbers)"
run_test(data_transfer_test([too_few_numbers_ftp_227, too_few_numbers_ftp_227_data], [True, False]))
@@ -500,7 +500,7 @@
run_test(data_transfer_test([too_big_ip_ftp_227, too_big_ip_ftp_227_data], [True, False]))
msg = "Denied data transfer to a server that sends a malformed 227 response (too big port)"
run_test(data_transfer_test([too_big_port_ftp_227, too_big_port_ftp_227_data], [True, False]))
-
+
# 229
msg = "Denied data transfer to a server that sends a malformed 229 response (too few numbers)"
run_test(data_transfer_test([too_few_numbers_ftp_229, too_few_numbers_ftp_229_data], [True, False]))
@@ -508,8 +508,8 @@
run_test(data_transfer_test([too_many_numbers_ftp_229, too_many_numbers_ftp_229_data], [True, False]))
msg = "Denied data transfer to a server that sends a malformed 229 response (too big port)"
run_test(data_transfer_test([too_big_port_ftp_229, too_big_port_ftp_229_data], [True, False]))
-
- # //=========================================================================================
+
+ # //=========================================================================================
# Split packets
# //=========================================================================================
""" TIP: also make sure to test with alternative end of line characters, specifically \r\n. (CTRL+F \n below) """
@@ -518,7 +518,7 @@
run_test(data_transfer_test([split_ftp_227, split_ftp_227_data], packet_size=3))
msg = "Transferred data over a passive FTP (response type 229) connection split over multiple packets (size = 3)"
run_test(data_transfer_test([split_ftp_229, split_ftp_229_data], packet_size=3))
-
+
msg = "Transferred data over a passive FTP (227) connection that sends a multi-line 227 request with (size = 2)"
run_test(data_transfer_test([split_multiline_ftp_227, split_multiline_ftp_227_data], packet_size=2))
msg = "Transferred data over a passive FTP (229) connection that sends a multi-line 229 request with (size = 2)"
@@ -527,8 +527,8 @@
# //=========================================================================================
# Timers/delays (to make sure connections persist long enough, but not too long
# Assume timeout of 10
- # //=========================================================================================
-
+ # //=========================================================================================
+
# 227
msg = "Transferred data over a passive FTP (227) connection, then allowed data over that connection after 6 seconds"
run_test(data_transfer_test([short_delayed_ftp_227, short_delayed_ftp_227_data_delayed], [True, True], [0,6]))
@@ -553,7 +553,7 @@
run_test(data_transfer_test([simultaneous_ftp_227_data_short_delay, simultaneous_ftp_227_data_long_delay], [True, False], [0,12], 2))
#run_test(deny_delayed_data_transfer_test(simultaneous_ftp_227_data_short_delay, simultaneous_ftp_227_data_long_delay, 6, 6, 2), msg + "(PHASE 2: connection should be closed by now)")
"""
-
+
# 229
msg = "Transferred data over a passive FTP (229) connection, then allowed data over that connection after 6 seconds"
run_test(data_transfer_test([short_delayed_ftp_229, short_delayed_ftp_229_data_delayed], [True, True], [0,6]))
@@ -578,23 +578,23 @@
run_test(data_transfer_test([simultaneous_ftp_229_data_short_delay, simultaneous_ftp_229_data_long_delay], [True, False], [0,12], 2))
#run_test(deny_delayed_data_transfer_test(simultaneous_ftp_229_data_short_delay, simultaneous_ftp_229_data_long_delay, 6, 6, 2), msg + "(PHASE 2: connection should be closed by now)")
"""
-
-
+
+
# //=========================================================================================
# New tests
# //=========================================================================================
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
# //=========================================================================================
# Basic connection tests (test that basic behavior wasn't corrupted by FTP connections)
# //=========================================================================================
-
+
print ""
print "Waiting for ~10 seconds to pass (all unused FTP ports closing...)"
print "UNIMPLEMENTED. DECOMMENT TO DO SO."
@@ -603,11 +603,11 @@
run_test(connection_test(unsafe_port, allowed=False))
msg = "Allowed connections within port range (0, 1023)"
run_test(connection_test(safe_port, allowed=True))
-
-
+
+
time.sleep(1)
print "FTP Test Suite Passed!"
-
+
#def run_test(test_expr, message):
# success(message) if test_expr else fail(message)
def run_test(test_expr):
@@ -628,7 +628,7 @@
#exit()
print ""
os._exit(1)
-
+
def send_packets(message_list, packet_size, should_allow):
listOfLists = []
for connect in message_list:
@@ -636,7 +636,7 @@
flow = generateFlow()
SYNpacket = generatePacket("", reverse=False)
event = frameworkCall(None, flow, SYNpacket, reverse=False)
-
+
# Verify correctness (connection)
if should_allow:
if event.action.deny or not event.action.forward:
@@ -646,14 +646,14 @@
if (event.action.defer or event.action.forward) or not event.action.deny:
print "Test_"+str(subtest_num)+" failed! Connection mistakenly allowed: "+str(flow)
return False
-
+
# Add a newline character to each packet
message_list[connect][False] += '\n'
message_list[connect][True] += '\n'
# message_list[connect][False] += '\r\n' # test an alternative newline character
# message_list[connect][True] += '\r\n' # test an alternative newline character
-
- # Data Packets
+
+ # Data Packets
listA = generateSizedPackets(message_list[connect][False], reverse=False, maxSize=packet_size, isRandom=False)
listB = generateSizedPackets(message_list[connect][True], reverse=True, maxSize=packet_size, isRandom=False)
DATApacket = listA.pop(0)
@@ -661,7 +661,7 @@
listOfLists.append((listA, event, flow, False))
listOfLists.append((listB, event, flow, True))
event = frameworkCall(event, flow, DATApacket, reverse=False)
-
+
# Verify correctness (data)
if should_allow:
if event.action.deny or not event.action.forward:
@@ -671,11 +671,11 @@
if (event.action.defer or event.action.forward) or not event.action.deny:
print "Test_"+str(subtest_num)+" failed! Connection mistakenly allowed: "+str(flow)
return False
-
+
DATApacket, event, flow, reverse, listOfLists = pickRandomlyFromLists(listOfLists)
while DATApacket != None:
event = frameworkCall(event, flow, DATApacket, reverse)
-
+
# Verify correctness (data)
if should_allow:
if event.action.deny or not event.action.forward:
@@ -685,9 +685,9 @@
if (event.action.defer or event.action.forward) or not event.action.deny:
print "Test_"+str(subtest_num)+" failed! Connection mistakenly allowed: "+str(flow)
return False
-
+
DATApacket, event, flow, reverse, listOfLists = pickRandomlyFromLists(listOfLists)
-
+
time.sleep(0.1)
for timer in allTimers:
print "Execute: "+str(timer)
@@ -695,8 +695,8 @@
timer._callback(*timer._args,**timer._kw)
for timer in allTimers:
timer.cancel()
-
-
+
+
return True
@@ -713,14 +713,14 @@
# for er in range(30):
# print "THIS IS TESTING INCORRECTLY! COMMAND NOT ALLOWED! CHECK AGAIN!!!"
# return
-
+
#time.sleep(command_delay)
- #data_passed = send_packets(command_message_list, packet_size, True)
-
+ #data_passed = send_packets(command_message_list, packet_size, True)
+
for i in range(len(delay_array)):
time.sleep(delay_array[i])
test_passed = test_passed and send_packets(message_list_array[i], packet_size, allow_deny_array[i])
-
+
return test_passed
@@ -738,8 +738,8 @@
if (event.action.defer or event.action.forward) or not event.action.deny: # this line changed
print "Test_"+str(subtest_num)+" failed! Connection mistakenly allowed: "+str(flow)
return False
- return True
-
+ return True
+
"""
#---------------------------------------------------------------------------------
#---------------------------------------------------------------------------------
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment