Created
December 7, 2012 15:18
-
-
Save danwang/4233881 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- ftp_test_suite_framework_update.py 2012-12-07 06:32:36.002404214 -0800 | |
+++ ftp_test_suite_framework_update_2.py 2012-12-07 07:13:16.474522327 -0800 | |
@@ -10,13 +10,13 @@ | |
1206_704pm | |
""" | |
-""" | |
+""" | |
Tests a variety of Passive FTP behaviors. | |
* --------------------------------------------- | |
* To run a particular test, just comment out all the other ones. Tests should not depend on each other. | |
* --------------------------------------------- | |
* Recommended: turn on log.setLevel(logging.DEBUG) in testcase.py to debug, rather than adding in print statements here. | |
-* --------------------------------------------- | |
+* --------------------------------------------- | |
* Caveat for adding new tests: make sure to use different IP and port combinations for tests that would possibly conflict. | |
* --------------------------------------------- | |
""" | |
@@ -279,7 +279,7 @@ | |
different_client_port_227_data[("10.1.1.1",5001,"5.5.5.5",1934)][True] += "since we don't assume what " | |
different_client_port_227_data[("10.1.1.1",5001,"5.5.5.5",1934)][True] += "srcport client uses, so " | |
different_client_port_227_data[("10.1.1.1",5001,"5.5.5.5",1934)][True] += "forget that (n+1) trickery. " | |
-different_client_port_227_data[("10.1.1.1",5001,"5.5.5.5",1934)][False] = "See piazza post 1026." | |
+different_client_port_227_data[("10.1.1.1",5001,"5.5.5.5",1934)][False] = "See piazza post 1026." | |
different_client_port_229 = {} | |
different_client_port_229[("10.1.1.1",1026,"12.5.5.5",21)] = {} | |
@@ -358,7 +358,7 @@ | |
simultaneous_ftp_227_data_long_delay[("10.1.1.1",1027,"123.4.5.6",4182 )][True] = "open the minimum of " | |
simultaneous_ftp_227_data_long_delay[("10.1.1.1",1027,"123.4.5.6",4182 )][True] = "one connection or 10 " | |
simultaneous_ftp_227_data_long_delay[("10.1.1.1",1027,"123.4.5.6",4182 )][True] = "seconds." | |
-simultaneous_ftp_227_data_long_delay[("10.1.1.1",1027,"123.4.5.6",4182 )][False] = "See Piazza 1156, 1091." | |
+simultaneous_ftp_227_data_long_delay[("10.1.1.1",1027,"123.4.5.6",4182 )][False] = "See Piazza 1156, 1091." | |
simultaneous_ftp_229 = {} | |
simultaneous_ftp_229[("10.1.1.1",1026,"123.4.5.6",21)] = {} | |
@@ -379,7 +379,7 @@ | |
simultaneous_ftp_229_data_long_delay[("10.1.1.1",1027,"123.4.5.6",33006)][True] = "open the minimum of " | |
simultaneous_ftp_229_data_long_delay[("10.1.1.1",1027,"123.4.5.6",33006)][True] = "one connection or 10 " | |
simultaneous_ftp_229_data_long_delay[("10.1.1.1",1027,"123.4.5.6",33006)][True] = "seconds." | |
-simultaneous_ftp_229_data_long_delay[("10.1.1.1",1027,"123.4.5.6",33006)][False] = "See Piazza 1156, 1091." | |
+simultaneous_ftp_229_data_long_delay[("10.1.1.1",1027,"123.4.5.6",33006)][False] = "See Piazza 1156, 1091." | |
multiline_ftp_227 = {} | |
multiline_ftp_227[("10.1.1.1",1050,"123.4.5.6",21)] = {} | |
@@ -397,7 +397,7 @@ | |
split_multiline_ftp_227[("10.1.1.1",1050,"123.4.5.6",21)][False] = "PASV" | |
split_multiline_ftp_227[("10.1.1.1",1050,"123.4.5.6",21)][True] = "227-First line\n" | |
split_multiline_ftp_227[("10.1.1.1",1050,"123.4.5.6",21)][True] += "Entering Passive Mode (123,4,5,6,37,3).\n" | |
-split_multiline_ftp_227[("10.1.1.1",1050,"123.4.5.6",21)][True] += "227 Entering Passive Mode (123,4,5,6,37,3).\n" | |
+split_multiline_ftp_227[("10.1.1.1",1050,"123.4.5.6",21)][True] += "227 Entering Passive Mode (123,4,5,6,37,3)." | |
split_multiline_ftp_227_data = {} | |
split_multiline_ftp_227_data[("10.1.1.1",1051,"123.4.5.6",9475)] = {} | |
split_multiline_ftp_227_data[("10.1.1.1",1051,"123.4.5.6",9475)][True] = "This should pass. " | |
@@ -408,7 +408,7 @@ | |
multiline_ftp_229[("10.1.1.1",1050,"123.4.5.6",21)][False] = "EPASV" | |
multiline_ftp_229[("10.1.1.1",1050,"123.4.5.6",21)][True] = "229-First line\n" | |
multiline_ftp_229[("10.1.1.1",1050,"123.4.5.6",21)][True] += "Entering Extended Passive Mode (|||7077|)\n" | |
-multiline_ftp_229[("10.1.1.1",1050,"123.4.5.6",21)][True] += "229 Entering Extended Passive Mode (|||7077|)\n" | |
+multiline_ftp_229[("10.1.1.1",1050,"123.4.5.6",21)][True] += "229 Entering Extended Passive Mode (|||7077|)" | |
multiline_ftp_229_data = {} | |
multiline_ftp_229_data[("10.1.1.1",1051,"123.4.5.6",7077)] = {} | |
multiline_ftp_229_data[("10.1.1.1",1051,"123.4.5.6",7077)][True] = "This should pass. " | |
@@ -419,7 +419,7 @@ | |
split_multiline_ftp_229[("10.1.1.1",1050,"123.4.5.6",21)][False] = "EPASV" | |
split_multiline_ftp_229[("10.1.1.1",1050,"123.4.5.6",21)][True] = "229-First line\n" | |
split_multiline_ftp_229[("10.1.1.1",1050,"123.4.5.6",21)][True] += "Entering Extended Passive Mode (|||7078|)\n" | |
-split_multiline_ftp_229[("10.1.1.1",1050,"123.4.5.6",21)][True] += "229 Entering Extended Passive Mode (|||7078|)\n" | |
+split_multiline_ftp_229[("10.1.1.1",1050,"123.4.5.6",21)][True] += "229 Entering Extended Passive Mode (|||7078|)" | |
split_multiline_ftp_229_data = {} | |
split_multiline_ftp_229_data[("10.1.1.1",1051,"123.4.5.6",7078)] = {} | |
split_multiline_ftp_229_data[("10.1.1.1",1051,"123.4.5.6",7078)][True] = "This should pass. " | |
@@ -438,20 +438,20 @@ | |
print "FTP Test Suite Start" | |
resetFirewall() | |
- | |
+ | |
# //========================================================================================= | |
# Basic connection tests (test default behavior, before any FTP connections) | |
# //========================================================================================= | |
- | |
+ | |
msg = "Denied connection outside port range (0, 1023)" | |
run_test(connection_test(unsafe_port, allowed=False)) | |
msg = "Allowed connections within port range (0, 1023)" | |
run_test(connection_test(safe_port, allowed=True)) | |
- | |
+ | |
# //========================================================================================= | |
# Data transfer tests | |
# //========================================================================================= | |
- | |
+ | |
# 227 | |
msg = "Transferred data over a passive FTP (227) connection" | |
run_test(data_transfer_test([typical_ftp_227, typical_ftp_227_data])) | |
@@ -465,7 +465,7 @@ | |
run_test(data_transfer_test([small_port_ftp_227, small_port_ftp_227_data])) | |
msg = "Transferred data over a passive FTP (227) connection that sends a multi-line 227 request" | |
run_test(data_transfer_test([multiline_ftp_227, multiline_ftp_227_data])) | |
- | |
+ | |
# 229 | |
msg = "Transferred data over a passive FTP (229) connection" | |
run_test(data_transfer_test([typical_ftp_229, typical_ftp_229_data])) | |
@@ -477,20 +477,20 @@ | |
run_test(data_transfer_test([small_port_ftp_229, small_port_ftp_229_data])) | |
msg = "Transferred data over a passive FTP (229) connection that sends a multi-line 229 request" | |
run_test(data_transfer_test([multiline_ftp_229, multiline_ftp_229_data])) | |
- | |
- # Different servers and clients | |
+ | |
+ # Different servers and clients | |
msg = "Denied data transfer from a different client (2.2.2.2) than the one that initiated the FTP connection (1.1.1.1)" | |
- | |
+ | |
run_test(data_transfer_test([different_client_ip, different_client_ip_data], [True, False])) | |
msg = "Denied data transfer to a different server (6.6.6.6) than the server of the initial FTP connection (123.4.5.6)" | |
run_test(data_transfer_test([different_server_ip, different_server_ip_data], [True, False])) | |
msg = "Denied data transfer to the server (11.11.12.13) than the server advertised by the initial FTP connection (5.8.8.8) even though the initial server was (11.11.12.13)" | |
run_test(data_transfer_test([shady_ftp_227, shady_ftp_227_data], [True, False])) | |
- | |
+ | |
# //========================================================================================= | |
# Malformed Responses | |
# //========================================================================================= | |
- | |
+ | |
# 227 | |
msg = "Denied data transfer to a server that sends a malformed 227 response (too few numbers)" | |
run_test(data_transfer_test([too_few_numbers_ftp_227, too_few_numbers_ftp_227_data], [True, False])) | |
@@ -500,7 +500,7 @@ | |
run_test(data_transfer_test([too_big_ip_ftp_227, too_big_ip_ftp_227_data], [True, False])) | |
msg = "Denied data transfer to a server that sends a malformed 227 response (too big port)" | |
run_test(data_transfer_test([too_big_port_ftp_227, too_big_port_ftp_227_data], [True, False])) | |
- | |
+ | |
# 229 | |
msg = "Denied data transfer to a server that sends a malformed 229 response (too few numbers)" | |
run_test(data_transfer_test([too_few_numbers_ftp_229, too_few_numbers_ftp_229_data], [True, False])) | |
@@ -508,8 +508,8 @@ | |
run_test(data_transfer_test([too_many_numbers_ftp_229, too_many_numbers_ftp_229_data], [True, False])) | |
msg = "Denied data transfer to a server that sends a malformed 229 response (too big port)" | |
run_test(data_transfer_test([too_big_port_ftp_229, too_big_port_ftp_229_data], [True, False])) | |
- | |
- # //========================================================================================= | |
+ | |
+ # //========================================================================================= | |
# Split packets | |
# //========================================================================================= | |
""" TIP: also make sure to test with alternative end of line characters, specifically \r\n. (CTRL+F \n below) """ | |
@@ -518,7 +518,7 @@ | |
run_test(data_transfer_test([split_ftp_227, split_ftp_227_data], packet_size=3)) | |
msg = "Transferred data over a passive FTP (response type 229) connection split over multiple packets (size = 3)" | |
run_test(data_transfer_test([split_ftp_229, split_ftp_229_data], packet_size=3)) | |
- | |
+ | |
msg = "Transferred data over a passive FTP (227) connection that sends a multi-line 227 request with (size = 2)" | |
run_test(data_transfer_test([split_multiline_ftp_227, split_multiline_ftp_227_data], packet_size=2)) | |
msg = "Transferred data over a passive FTP (229) connection that sends a multi-line 229 request with (size = 2)" | |
@@ -527,8 +527,8 @@ | |
# //========================================================================================= | |
# Timers/delays (to make sure connections persist long enough, but not too long | |
# Assume timeout of 10 | |
- # //========================================================================================= | |
- | |
+ # //========================================================================================= | |
+ | |
# 227 | |
msg = "Transferred data over a passive FTP (227) connection, then allowed data over that connection after 6 seconds" | |
run_test(data_transfer_test([short_delayed_ftp_227, short_delayed_ftp_227_data_delayed], [True, True], [0,6])) | |
@@ -553,7 +553,7 @@ | |
run_test(data_transfer_test([simultaneous_ftp_227_data_short_delay, simultaneous_ftp_227_data_long_delay], [True, False], [0,12], 2)) | |
#run_test(deny_delayed_data_transfer_test(simultaneous_ftp_227_data_short_delay, simultaneous_ftp_227_data_long_delay, 6, 6, 2), msg + "(PHASE 2: connection should be closed by now)") | |
""" | |
- | |
+ | |
# 229 | |
msg = "Transferred data over a passive FTP (229) connection, then allowed data over that connection after 6 seconds" | |
run_test(data_transfer_test([short_delayed_ftp_229, short_delayed_ftp_229_data_delayed], [True, True], [0,6])) | |
@@ -578,23 +578,23 @@ | |
run_test(data_transfer_test([simultaneous_ftp_229_data_short_delay, simultaneous_ftp_229_data_long_delay], [True, False], [0,12], 2)) | |
#run_test(deny_delayed_data_transfer_test(simultaneous_ftp_229_data_short_delay, simultaneous_ftp_229_data_long_delay, 6, 6, 2), msg + "(PHASE 2: connection should be closed by now)") | |
""" | |
- | |
- | |
+ | |
+ | |
# //========================================================================================= | |
# New tests | |
# //========================================================================================= | |
- | |
- | |
- | |
- | |
- | |
- | |
- | |
- | |
+ | |
+ | |
+ | |
+ | |
+ | |
+ | |
+ | |
+ | |
# //========================================================================================= | |
# Basic connection tests (test that basic behavior wasn't corrupted by FTP connections) | |
# //========================================================================================= | |
- | |
+ | |
print "" | |
print "Waiting for ~10 seconds to pass (all unused FTP ports closing...)" | |
print "UNIMPLEMENTED. DECOMMENT TO DO SO." | |
@@ -603,11 +603,11 @@ | |
run_test(connection_test(unsafe_port, allowed=False)) | |
msg = "Allowed connections within port range (0, 1023)" | |
run_test(connection_test(safe_port, allowed=True)) | |
- | |
- | |
+ | |
+ | |
time.sleep(1) | |
print "FTP Test Suite Passed!" | |
- | |
+ | |
#def run_test(test_expr, message): | |
# success(message) if test_expr else fail(message) | |
def run_test(test_expr): | |
@@ -628,7 +628,7 @@ | |
#exit() | |
print "" | |
os._exit(1) | |
- | |
+ | |
def send_packets(message_list, packet_size, should_allow): | |
listOfLists = [] | |
for connect in message_list: | |
@@ -636,7 +636,7 @@ | |
flow = generateFlow() | |
SYNpacket = generatePacket("", reverse=False) | |
event = frameworkCall(None, flow, SYNpacket, reverse=False) | |
- | |
+ | |
# Verify correctness (connection) | |
if should_allow: | |
if event.action.deny or not event.action.forward: | |
@@ -646,14 +646,14 @@ | |
if (event.action.defer or event.action.forward) or not event.action.deny: | |
print "Test_"+str(subtest_num)+" failed! Connection mistakenly allowed: "+str(flow) | |
return False | |
- | |
+ | |
# Add a newline character to each packet | |
message_list[connect][False] += '\n' | |
message_list[connect][True] += '\n' | |
# message_list[connect][False] += '\r\n' # test an alternative newline character | |
# message_list[connect][True] += '\r\n' # test an alternative newline character | |
- | |
- # Data Packets | |
+ | |
+ # Data Packets | |
listA = generateSizedPackets(message_list[connect][False], reverse=False, maxSize=packet_size, isRandom=False) | |
listB = generateSizedPackets(message_list[connect][True], reverse=True, maxSize=packet_size, isRandom=False) | |
DATApacket = listA.pop(0) | |
@@ -661,7 +661,7 @@ | |
listOfLists.append((listA, event, flow, False)) | |
listOfLists.append((listB, event, flow, True)) | |
event = frameworkCall(event, flow, DATApacket, reverse=False) | |
- | |
+ | |
# Verify correctness (data) | |
if should_allow: | |
if event.action.deny or not event.action.forward: | |
@@ -671,11 +671,11 @@ | |
if (event.action.defer or event.action.forward) or not event.action.deny: | |
print "Test_"+str(subtest_num)+" failed! Connection mistakenly allowed: "+str(flow) | |
return False | |
- | |
+ | |
DATApacket, event, flow, reverse, listOfLists = pickRandomlyFromLists(listOfLists) | |
while DATApacket != None: | |
event = frameworkCall(event, flow, DATApacket, reverse) | |
- | |
+ | |
# Verify correctness (data) | |
if should_allow: | |
if event.action.deny or not event.action.forward: | |
@@ -685,9 +685,9 @@ | |
if (event.action.defer or event.action.forward) or not event.action.deny: | |
print "Test_"+str(subtest_num)+" failed! Connection mistakenly allowed: "+str(flow) | |
return False | |
- | |
+ | |
DATApacket, event, flow, reverse, listOfLists = pickRandomlyFromLists(listOfLists) | |
- | |
+ | |
time.sleep(0.1) | |
for timer in allTimers: | |
print "Execute: "+str(timer) | |
@@ -695,8 +695,8 @@ | |
timer._callback(*timer._args,**timer._kw) | |
for timer in allTimers: | |
timer.cancel() | |
- | |
- | |
+ | |
+ | |
return True | |
@@ -713,14 +713,14 @@ | |
# for er in range(30): | |
# print "THIS IS TESTING INCORRECTLY! COMMAND NOT ALLOWED! CHECK AGAIN!!!" | |
# return | |
- | |
+ | |
#time.sleep(command_delay) | |
- #data_passed = send_packets(command_message_list, packet_size, True) | |
- | |
+ #data_passed = send_packets(command_message_list, packet_size, True) | |
+ | |
for i in range(len(delay_array)): | |
time.sleep(delay_array[i]) | |
test_passed = test_passed and send_packets(message_list_array[i], packet_size, allow_deny_array[i]) | |
- | |
+ | |
return test_passed | |
@@ -738,8 +738,8 @@ | |
if (event.action.defer or event.action.forward) or not event.action.deny: # this line changed | |
print "Test_"+str(subtest_num)+" failed! Connection mistakenly allowed: "+str(flow) | |
return False | |
- return True | |
- | |
+ return True | |
+ | |
""" | |
#--------------------------------------------------------------------------------- | |
#--------------------------------------------------------------------------------- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment