diff --git a/images_build/client/dign_client/bin/client.py b/images_build/client/dign_client/bin/client.py index bb07bdd..af71ab9 100644 --- a/images_build/client/dign_client/bin/client.py +++ b/images_build/client/dign_client/bin/client.py @@ -30,22 +30,19 @@ from urllib.parse import urlparse, parse_qs class ConfigLoader: DEFAULT_CONFIGS = { - 'test_firewallBypass_ssl': { - 'conn_timeout': 1,'max_recv_speed_large': 6553600 - }, - 'test_firewallDenyDrop_dns': { + 'Firewall_DenyDrop_DNS': { 'conn_timeout': 3,'max_recv_speed_large': 6553600 }, - 'test_firewallDenyRedirectA_dns': { + 'Firewall_DenyRedirect_A_DNS': { 'conn_timeout': 3,'max_recv_speed_large': 6553600 }, - 'test_firewallDenyRedirectAAAA_dns': { + 'Firewall_DenyRedirect_AAAA_DNS': { 'conn_timeout': 3,'max_recv_speed_large': 6553600 }, - 'test_firewallDenyRedirectARangeTTL_dns': { + 'Firewall_DenyRedirect_ARangeTTL_DNS': { 'conn_timeout': 3,'max_recv_speed_large': 6553600 }, - 'test_firewallDenyRedirectAAAARangeTTL_dns': { + 'Firewall_DenyRedirect_AAAARangeTTL_DNS': { 'conn_timeout': 3,'max_recv_speed_large': 6553600 }, 'test_dnsRequest_allow_rdtype_a': { @@ -57,118 +54,118 @@ class ConfigLoader: 'test_dnsRequest_allow_rdtype_cname': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_firewallIntercept_ssl': { + 'Proxy_Intercept_HTTPS': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_firewallIntercept_sslCerterrExpired': { + 'Proxy_Intercept_HTTPS_CertExpired': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_firewallIntercept_sslCerterrSelfsigned': { + 'Proxy_Intercept_HTTPS_CertSelfSigned': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_firewallIntercept_sslCerterrUntrustedroot': { + 'Proxy_Intercept_HTTPS_CertUntrustedRoot': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_proxyRedirect_ssl': { + 'Proxy_Manipulation_Redirect_HTTPS': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_proxyBlock_ssl': { + 'Proxy_Manipulation_Deny_HTTPS': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_proxyReplace_ssl': { + 'Proxy_Manipulation_Replace_HTTPS': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_proxyHijack_ssl': { + 'Proxy_Manipulation_Hijack_HTTPS': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_proxyInsert_ssl': { + 'Proxy_Manipulation_Insert_HTTPS': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_proxyRedirect_http': { + 'Proxy_Manipulation_Redirect_HTTP': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_proxyBlock_http': { + 'Proxy_Manipulation_Deny_HTTP': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_proxyReplace_http': { + 'Proxy_Manipulation_Replace_HTTP': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_proxyHijack_http': { + 'Proxy_Manipulation_Hijack_HTTP': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_proxyInsert_http': { + 'Proxy_Manipulation_Insert_HTTP': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_firewallIntercept_sslDownloadSize1k': { + 'Proxy_Intercept_HTTPS_Response_1k': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_firewallIntercept_sslDownloadSize4k': { + 'Proxy_Intercept_HTTPS_Response_4k': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_firewallIntercept_sslDownloadSize16k': { + 'Proxy_Intercept_HTTPS_Response_16k': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_firewallIntercept_sslDownloadSize64k': { + 'Proxy_Intercept_HTTPS_Response_64k': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_firewallIntercept_sslDownloadSize256k': { + 'Proxy_Intercept_HTTPS_Response_256k': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_firewallIntercept_sslDownloadSize1M': { + 'Proxy_Intercept_HTTPS_Response_1M': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_firewallIntercept_sslDownloadSize4M': { + 'Proxy_Intercept_HTTPS_Response_4M': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_firewallIntercept_sslDownloadSize16M': { + 'Proxy_Intercept_HTTPS_Response_16M': { 'conn_timeout': 4,'max_recv_speed_large': 6553600 }, - 'test_firewallIntercept_sslDownloadSize64M': { + 'Proxy_Intercept_HTTPS_Response_64M': { 'conn_timeout': 12,'max_recv_speed_large': 6553600 }, - 'test_firewallAllow_http': { + 'Firewall_Allow_HTTP': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_firewallDenyDrop_http': { + 'Firewall_DenyDrop_HTTP': { 'conn_timeout': 4,'max_recv_speed_large': 6553600 }, - 'test_firewallDenyReset_http': { + 'Firewall_DenyReset_HTTP': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_firewallDenyBlock_http': { + 'Firewall_DenyBlock_HTTP': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_firewallAllow_ssl': { + 'Firewall_Allow_HTTPS': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_firewallDenyDrop_ssl': { + 'Firewall_DenyDrop_HTTPS': { 'conn_timeout': 4,'max_recv_speed_large': 6553600 }, - 'test_firewallDenyReset_ssl': { + 'Firewall_DenyReset_HTTPS': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_firewallDenyResetFilterHost_http': { + 'Firewall_DenyReset_FilterHost_HTTP': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_firewallDenyResetFilterURL_http': { + 'Firewall_DenyReset_FilterURL_HTTP': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_proxyDenyFilterHost_http': { + 'Proxy_Manipulation_Deny_FilterHost_HTTP': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_proxyDenyFilterURL_http': { + 'Proxy_Manipulation_Deny_FilterURL_HTTP': { 'conn_timeout': 1,'max_recv_speed_large': 6553600 }, - 'test_shaping_ratelimit_0bps_http': { + 'Shaping_RateLimit0bps_HTTP': { 'conn_timeout': 4,'max_recv_speed_large': 6553600 }, - 'test_shaping_ratelimit_0bps_https': { + 'Shaping_RateLimit0bps_HTTPS': { 'conn_timeout': 4,'max_recv_speed_large': 6553600 }, - 'test_shaping_ratelimit_1000gbps_http': { + 'Shaping_RateLimit1000gbps_HTTP': { 'conn_timeout': 4,'max_recv_speed_large': 6553600 }, - 'test_shaping_ratelimit_1000gbps_https': { + 'Shaping_RateLimit1000gbps_HTTPS': { 'conn_timeout': 4,'max_recv_speed_large': 6553600 } } @@ -668,6 +665,69 @@ class ProxyCasesRunner: def __init__(self) -> None: self._analyzer = URLTransferResponseAnalyzer() + def action_intercept_protocol_https(self, url, resolves, conn_timeout, max_recv_speed_large): + conn = HttpsURLTransferBuilder(url, resolves, conn_timeout, max_recv_speed_large) + conn.connect() + is_error_none = self._analyzer.is_pycurl_error_none(conn.error_info) + if not is_error_none[0]: + return False, is_error_none[1] + is_cert_matched = self._analyzer.is_cert_issuer_matched(conn.cert_issuer, r'\bCN[\s]*=[\s]*Tango Secure Gateway CA\b') + if not is_cert_matched[0]: + return False, is_cert_matched[1] + return True, None + + def action_intercept_protocol_https_cert_error(self, url, resolves, conn_timeout, max_recv_speed_large): + conn = HttpsURLTransferBuilder(url, resolves, conn_timeout, max_recv_speed_large) + conn.connect() + is_error_none = self._analyzer.is_pycurl_error_none(conn.error_info) + if not is_error_none[0]: + return False, is_error_none[1] + is_cert_matched = self._analyzer.is_cert_issuer_matched(conn.cert_issuer, r'\bCN[\s]*=[\s]*TSG CA Untrusted\b') + if not is_cert_matched[0]: + return False, is_cert_matched[1] + return True, None + + def action_intercept_protocol_https_download_size_1k(self, url, resolves, conn_timeout, max_recv_speed_large): + return self._action_intercept_protocol_ssl_by_download_size(url, resolves, conn_timeout, max_recv_speed_large, 1024) + + def action_intercept_protocol_https_download_size_4k(self, url, resolves, conn_timeout, max_recv_speed_large): + return self._action_intercept_protocol_ssl_by_download_size(url, resolves, conn_timeout, max_recv_speed_large, 1024 * 4) + + def action_intercept_protocol_https_download_size_16k(self, url, resolves, conn_timeout, max_recv_speed_large): + return self._action_intercept_protocol_ssl_by_download_size(url, resolves, conn_timeout, max_recv_speed_large, 1024 * 16) + + def action_intercept_protocol_https_download_size_64k(self, url, resolves, conn_timeout, max_recv_speed_large): + return self._action_intercept_protocol_ssl_by_download_size(url, resolves, conn_timeout, max_recv_speed_large, 1024 * 64) + + def action_intercept_protocol_https_download_size_256k(self, url, resolves, conn_timeout, max_recv_speed_large): + return self._action_intercept_protocol_ssl_by_download_size(url, resolves, conn_timeout, max_recv_speed_large, 1024 * 256) + + def action_intercept_protocol_https_download_size_1M(self, url, resolves, conn_timeout, max_recv_speed_large): + return self._action_intercept_protocol_ssl_by_download_size(url, resolves, conn_timeout, max_recv_speed_large, 1024 * 1024) + + def action_intercept_protocol_https_download_size_4M(self, url, resolves, conn_timeout, max_recv_speed_large): + return self._action_intercept_protocol_ssl_by_download_size(url, resolves, conn_timeout, max_recv_speed_large, 1024 * 1024 * 4) + + def action_intercept_protocol_https_download_size_16M(self, url, resolves, conn_timeout, max_recv_speed_large): + return self._action_intercept_protocol_ssl_by_download_size(url, resolves, conn_timeout, max_recv_speed_large, 1024 * 1024 * 16) + + def action_intercept_protocol_https_download_size_64M(self, url, resolves, conn_timeout, max_recv_speed_large): + return self._action_intercept_protocol_ssl_by_download_size(url, resolves, conn_timeout, max_recv_speed_large, 1024 * 1024 * 64) + + def _action_intercept_protocol_ssl_by_download_size(self, url, resolves, conn_timeout, max_recv_speed_large, download_size): + conn = HttpsURLTransferBuilder(url, resolves, conn_timeout, max_recv_speed_large) + conn.connect() + is_error_none = self._analyzer.is_pycurl_error_none(conn.error_info) + if not is_error_none[0]: + return False, is_error_none[1] + is_cert_matched = self._analyzer.is_cert_issuer_matched(conn.cert_issuer, r'\bCN[\s]*=[\s]*Tango Secure Gateway CA\b') + if not is_cert_matched[0]: + return False, is_cert_matched[1] + is_download_size_equal = self._analyzer.is_download_size_equal(conn.size_download, download_size) + if not is_download_size_equal[0]: + return False, is_download_size_equal[1] + return True, None + def action_redirect_protocol_https(self, url, resolves, conn_timeout, max_recv_speed_large): conn = HttpsURLTransferBuilder(url, resolves, conn_timeout, max_recv_speed_large) conn.connect() @@ -933,28 +993,6 @@ class FirewallCasesRunner: return False, is_cert_matched[1] return True, None - def action_intercept_protocol_https(self, url, resolves, conn_timeout, max_recv_speed_large): - conn = HttpsURLTransferBuilder(url, resolves, conn_timeout, max_recv_speed_large) - conn.connect() - is_error_none = self._analyzer.is_pycurl_error_none(conn.error_info) - if not is_error_none[0]: - return False, is_error_none[1] - is_cert_matched = self._analyzer.is_cert_issuer_matched(conn.cert_issuer, r'\bCN[\s]*=[\s]*Tango Secure Gateway CA\b') - if not is_cert_matched[0]: - return False, is_cert_matched[1] - return True, None - - def action_intercept_protocol_https_cert_error(self, url, resolves, conn_timeout, max_recv_speed_large): - conn = HttpsURLTransferBuilder(url, resolves, conn_timeout, max_recv_speed_large) - conn.connect() - is_error_none = self._analyzer.is_pycurl_error_none(conn.error_info) - if not is_error_none[0]: - return False, is_error_none[1] - is_cert_matched = self._analyzer.is_cert_issuer_matched(conn.cert_issuer, r'\bCN[\s]*=[\s]*TSG CA Untrusted\b') - if not is_cert_matched[0]: - return False, is_cert_matched[1] - return True, None - def action_allow_protocol_http(self, url, resolves, conn_timeout, max_recv_speed_large): conn = HttpURLTransferBuilder(url, resolves, conn_timeout, max_recv_speed_large) conn.connect() @@ -1032,48 +1070,6 @@ class FirewallCasesRunner: return False, is_error_type_equal[1] return True, None - - def action_intercept_protocol_https_download_size_1k(self, url, resolves, conn_timeout, max_recv_speed_large): - return self._action_intercept_protocol_ssl_by_download_size(url, resolves, conn_timeout, max_recv_speed_large, 1024) - - def action_intercept_protocol_https_download_size_4k(self, url, resolves, conn_timeout, max_recv_speed_large): - return self._action_intercept_protocol_ssl_by_download_size(url, resolves, conn_timeout, max_recv_speed_large, 1024 * 4) - - def action_intercept_protocol_https_download_size_16k(self, url, resolves, conn_timeout, max_recv_speed_large): - return self._action_intercept_protocol_ssl_by_download_size(url, resolves, conn_timeout, max_recv_speed_large, 1024 * 16) - - def action_intercept_protocol_https_download_size_64k(self, url, resolves, conn_timeout, max_recv_speed_large): - return self._action_intercept_protocol_ssl_by_download_size(url, resolves, conn_timeout, max_recv_speed_large, 1024 * 64) - - def action_intercept_protocol_https_download_size_256k(self, url, resolves, conn_timeout, max_recv_speed_large): - return self._action_intercept_protocol_ssl_by_download_size(url, resolves, conn_timeout, max_recv_speed_large, 1024 * 256) - - def action_intercept_protocol_https_download_size_1M(self, url, resolves, conn_timeout, max_recv_speed_large): - return self._action_intercept_protocol_ssl_by_download_size(url, resolves, conn_timeout, max_recv_speed_large, 1024 * 1024) - - def action_intercept_protocol_https_download_size_4M(self, url, resolves, conn_timeout, max_recv_speed_large): - return self._action_intercept_protocol_ssl_by_download_size(url, resolves, conn_timeout, max_recv_speed_large, 1024 * 1024 * 4) - - def action_intercept_protocol_https_download_size_16M(self, url, resolves, conn_timeout, max_recv_speed_large): - return self._action_intercept_protocol_ssl_by_download_size(url, resolves, conn_timeout, max_recv_speed_large, 1024 * 1024 * 16) - - def action_intercept_protocol_https_download_size_64M(self, url, resolves, conn_timeout, max_recv_speed_large): - return self._action_intercept_protocol_ssl_by_download_size(url, resolves, conn_timeout, max_recv_speed_large, 1024 * 1024 * 64) - - def _action_intercept_protocol_ssl_by_download_size(self, url, resolves, conn_timeout, max_recv_speed_large, download_size): - conn = HttpsURLTransferBuilder(url, resolves, conn_timeout, max_recv_speed_large) - conn.connect() - is_error_none = self._analyzer.is_pycurl_error_none(conn.error_info) - if not is_error_none[0]: - return False, is_error_none[1] - is_cert_matched = self._analyzer.is_cert_issuer_matched(conn.cert_issuer, r'\bCN[\s]*=[\s]*Tango Secure Gateway CA\b') - if not is_cert_matched[0]: - return False, is_cert_matched[1] - is_download_size_equal = self._analyzer.is_download_size_equal(conn.size_download, download_size) - if not is_download_size_equal[0]: - return False, is_download_size_equal[1] - return True, None - def action_deny_subaction_drop_protocol_dns(self, domain, nameservers, conn_timeout): request = DNSQueryTypeABuilder(domain, nameservers, conn_timeout) request.query() @@ -1216,265 +1212,259 @@ class DiagnoseCasesRunner: self._shaping_case = ShapingCaseRunner() self._cases_info = [ { - "name": "test_firewallBypass_ssl", - "protocol_type": "https", - "test_function": self._firewall_case.action_bypass_protocol_https, - "request_content": "https://sha384.badssl.selftest.gdnt-cloud.website" - }, - { - "name": "test_firewallIntercept_ssl", - "protocol_type": "https", - "test_function": self._firewall_case.action_intercept_protocol_https, - "request_content": "https://sha256.badssl.selftest.gdnt-cloud.website" - }, - { - "name": "test_firewallIntercept_sslCerterrExpired", - "protocol_type": "https", - "test_function": self._firewall_case.action_intercept_protocol_https_cert_error, - "request_content": "https://expired.badssl.selftest.gdnt-cloud.website" - }, - { - "name": "test_firewallIntercept_sslCerterrSelfsigned", - "protocol_type": "https", - "test_function": self._firewall_case.action_intercept_protocol_https_cert_error, - "request_content": "https://self-signed.badssl.selftest.gdnt-cloud.website" - }, - { - "name": "test_firewallIntercept_sslCerterrUntrustedroot", - "protocol_type": "https", - "test_function": self._firewall_case.action_intercept_protocol_https_cert_error, - "request_content": "https://untrusted-root.badssl.selftest.gdnt-cloud.website" - }, - { - "name": "test_proxyRedirect_ssl", - "protocol_type": "https", - "test_function": self._proxy_case.action_redirect_protocol_https, - "request_content": "https://web-replay.badssl.selftest.gdnt-cloud.website/resources/proxyRedirect.js" - }, - { - "name": "test_proxyBlock_ssl", - "protocol_type": "https", - "test_function": self._proxy_case.action_block_protocol_https, - "request_content": "https://web-replay.badssl.selftest.gdnt-cloud.website/resources/proxyBlock.js" - }, - { - "name": "test_proxyReplace_ssl", - "protocol_type": "https", - "test_function": self._proxy_case.action_replace_protocol_https, - "request_content": "https://web-replay.badssl.selftest.gdnt-cloud.website/resources/proxyReplace.js" - }, - { - "name": "test_proxyHijack_ssl", - "protocol_type": "https", - "test_function": self._proxy_case.action_hijack_protocol_https, - "request_content": "https://web-replay.badssl.selftest.gdnt-cloud.website/resources/proxyHijack.js" - }, - { - "name": "test_proxyInsert_ssl", - "protocol_type": "https", - "test_function": self._proxy_case.action_insert_protocol_https, - "request_content": "https://web-replay.badssl.selftest.gdnt-cloud.website/resources/proxyInsert.html" - }, - { - "name": "test_proxyRedirect_http", - "protocol_type": "http", - "test_function": self._proxy_case.action_redirect_protocol_http, - "request_content": "http://web-replay.badssl.selftest.gdnt-cloud.website/resources/proxyRedirect.js" - }, - { - "name": "test_proxyBlock_http", - "protocol_type": "http", - "test_function": self._proxy_case.action_block_protocol_http, - "request_content": "http://web-replay.badssl.selftest.gdnt-cloud.website/resources/proxyBlock.js" - }, - { - "name": "test_proxyReplace_http", - "protocol_type": "http", - "test_function": self._proxy_case.action_replace_protocol_http, - "request_content": "http://web-replay.badssl.selftest.gdnt-cloud.website/resources/proxyReplace.js" - }, - { - "name": "test_proxyHijack_http", - "protocol_type": "http", - "test_function": self._proxy_case.action_hijack_protocol_http, - "request_content": "http://web-replay.badssl.selftest.gdnt-cloud.website/resources/proxyHijack.js" - }, - { - "name": "test_proxyInsert_http", - "protocol_type": "http", - "test_function": self._proxy_case.action_insert_protocol_http, - "request_content": "http://web-replay.badssl.selftest.gdnt-cloud.website/resources/proxyInsert.html" - }, - { - "name": "test_firewallAllow_http", + "name": "Firewall_Allow_HTTP", "protocol_type": "http", "test_function": self._firewall_case.action_allow_protocol_http, "request_content": "http://http.badssl.selftest.gdnt-cloud.website" }, { - "name": "test_firewallDenyDrop_http", - "protocol_type": "http", - "test_function": self._firewall_case.action_deny_subaction_drop_protocol_http, - "request_content": "http://http-credit-card.badssl.selftest.gdnt-cloud.website" - }, - { - "name": "test_firewallDenyReset_http", - "protocol_type": "http", - "test_function": self._firewall_case.action_deny_subaction_reset_protocol_http, - "request_content": "http://http-dynamic-login.badssl.selftest.gdnt-cloud.website" - }, - { - "name": "test_firewallDenyBlock_http", - "protocol_type": "http", - "test_function": self._firewall_case.action_deny_subaction_block_protocol_http, - "request_content": "http://http-login.badssl.selftest.gdnt-cloud.website" - }, - { - "name": "test_firewallAllow_ssl", + "name": "Firewall_Allow_HTTPS", "protocol_type": "https", "test_function": self._firewall_case.action_allow_protocol_https, "request_content": "https://sha512.badssl.selftest.gdnt-cloud.website" }, { - "name": "test_firewallDenyDrop_ssl", - "protocol_type": "https", - "test_function": self._firewall_case.action_deny_subaction_drop_protocol_https, - "request_content": "https://rsa2048.badssl.selftest.gdnt-cloud.website" + "name": "Firewall_DenyReset_HTTP", + "protocol_type": "http", + "test_function": self._firewall_case.action_deny_subaction_reset_protocol_http, + "request_content": "http://http-dynamic-login.badssl.selftest.gdnt-cloud.website" }, { - "name": "test_firewallDenyReset_ssl", + "name": "Firewall_DenyReset_HTTPS", "protocol_type": "https", "test_function": self._firewall_case.action_deny_subaction_reset_protocol_https, "request_content": "https://rsa4096.badssl.selftest.gdnt-cloud.website" }, { - "name": "test_firewallDenyDrop_dns", - "protocol_type": "dns", - "test_function": self._firewall_case.action_deny_subaction_drop_protocol_dns, - "request_content": "dnstest.deny-drop-ipv4.selftest.gdnt-cloud.website" - }, - { - "name": "test_firewallDenyRedirectA_dns", - "protocol_type": "dns", - "test_function": self._firewall_case.action_deny_subaction_redirect_protocol_dns_type_a, - "request_content": "dnstest.deny-redirect-a-ipv4.selftest.gdnt-cloud.website" - }, - { - "name": "test_firewallDenyRedirectAAAA_dns", - "protocol_type": "dns", - "test_function": self._firewall_case.action_deny_subaction_redirect_protocol_dns_type_aaaa, - "request_content": "dnstest.deny-redirect-4a-ipv6.selftest.gdnt-cloud.website" - }, - { - "name": "test_firewallDenyRedirectARangeTTL_dns", - "protocol_type": "dns", - "test_function": self._firewall_case.action_deny_subaction_redirect_protocol_dns_type_a_range_ttl, - "request_content": "dnstest.deny-redirect-a-rttl-ipv4.selftest.gdnt-cloud.website" - }, - { - "name": "test_firewallDenyRedirectAAAARangeTTL_dns", - "protocol_type": "dns", - "test_function": self._firewall_case.action_deny_subaction_redirect_protocol_dns_type_aaaa_range_ttl, - "request_content": "dnstest.deny-redirect-4a-rttl-ipv6.selftest.gdnt-cloud.website" - }, - { - "name": "test_firewallIntercept_sslDownloadSize1k", - "protocol_type": "https", - "test_function": self._firewall_case.action_intercept_protocol_https_download_size_1k, - "request_content": "https://testing-download.badssl.selftest.gdnt-cloud.website/resources/1k" - }, - { - "name": "test_firewallIntercept_sslDownloadSize4k", - "protocol_type": "https", - "test_function": self._firewall_case.action_intercept_protocol_https_download_size_4k, - "request_content": "https://testing-download.badssl.selftest.gdnt-cloud.website/resources/4k" - }, - { - "name": "test_firewallIntercept_sslDownloadSize16k", - "protocol_type": "https", - "test_function": self._firewall_case.action_intercept_protocol_https_download_size_16k, - "request_content": "https://testing-download.badssl.selftest.gdnt-cloud.website/resources/16k" - }, - { - "name": "test_firewallIntercept_sslDownloadSize64k", - "protocol_type": "https", - "test_function": self._firewall_case.action_intercept_protocol_https_download_size_64k, - "request_content": "https://testing-download.badssl.selftest.gdnt-cloud.website/resources/64k" - }, - { - "name": "test_firewallIntercept_sslDownloadSize256k", - "protocol_type": "https", - "test_function": self._firewall_case.action_intercept_protocol_https_download_size_256k, - "request_content": "https://testing-download.badssl.selftest.gdnt-cloud.website/resources/256k" - }, - { - "name": "test_firewallIntercept_sslDownloadSize1M", - "protocol_type": "https", - "test_function": self._firewall_case.action_intercept_protocol_https_download_size_1M, - "request_content": "https://testing-download.badssl.selftest.gdnt-cloud.website/resources/1M" - }, - { - "name": "test_firewallIntercept_sslDownloadSize4M", - "protocol_type": "https", - "test_function": self._firewall_case.action_intercept_protocol_https_download_size_4M, - "request_content": "https://testing-download.badssl.selftest.gdnt-cloud.website/resources/4M" - }, - { - "name": "test_firewallIntercept_sslDownloadSize16M", - "protocol_type": "https", - "test_function": self._firewall_case.action_intercept_protocol_https_download_size_16M, - "request_content": "https://testing-download.badssl.selftest.gdnt-cloud.website/resources/16M" - }, - { - "name": "test_firewallIntercept_sslDownloadSize64M", - "protocol_type": "https", - "test_function": self._firewall_case.action_intercept_protocol_https_download_size_64M, - "request_content": "https://testing-download.badssl.selftest.gdnt-cloud.website/resources/64M" - }, - { - "name": "test_firewallDenyResetFilterHost_http", + "name": "Firewall_DenyReset_FilterHost_HTTP", "protocol_type": "http", "test_function": self._firewall_case.action_deny_subaction_reset_protocol_http_filter_host, "request_content": "http://testing-firewall-filter-host.badssl.selftest.gdnt-cloud.website" }, { - "name": "test_firewallDenyResetFilterURL_http", + "name": "Firewall_DenyReset_FilterURL_HTTP", "protocol_type": "http", "test_function": self._firewall_case.action_deny_subaction_reset_protocol_http_filter_url, "request_content": "http://testing-firewall-filter-url.badssl.selftest.gdnt-cloud.website" }, { - "name": "test_proxyDenyFilterHost_http", + "name": "Firewall_DenyBlock_HTTP", + "protocol_type": "http", + "test_function": self._firewall_case.action_deny_subaction_block_protocol_http, + "request_content": "http://http-login.badssl.selftest.gdnt-cloud.website" + }, + { + "name": "Firewall_DenyDrop_HTTP", + "protocol_type": "http", + "test_function": self._firewall_case.action_deny_subaction_drop_protocol_http, + "request_content": "http://http-credit-card.badssl.selftest.gdnt-cloud.website" + }, + { + "name": "Firewall_DenyDrop_HTTPS", + "protocol_type": "https", + "test_function": self._firewall_case.action_deny_subaction_drop_protocol_https, + "request_content": "https://rsa2048.badssl.selftest.gdnt-cloud.website" + }, + { + "name": "Firewall_DenyDrop_DNS", + "protocol_type": "dns", + "test_function": self._firewall_case.action_deny_subaction_drop_protocol_dns, + "request_content": "dnstest.deny-drop-ipv4.selftest.gdnt-cloud.website" + }, + { + "name": "Firewall_DenyRedirect_A_DNS", + "protocol_type": "dns", + "test_function": self._firewall_case.action_deny_subaction_redirect_protocol_dns_type_a, + "request_content": "dnstest.deny-redirect-a-ipv4.selftest.gdnt-cloud.website" + }, + { + "name": "Firewall_DenyRedirect_AAAA_DNS", + "protocol_type": "dns", + "test_function": self._firewall_case.action_deny_subaction_redirect_protocol_dns_type_aaaa, + "request_content": "dnstest.deny-redirect-4a-ipv6.selftest.gdnt-cloud.website" + }, + { + "name": "Firewall_DenyRedirect_ARangeTTL_DNS", + "protocol_type": "dns", + "test_function": self._firewall_case.action_deny_subaction_redirect_protocol_dns_type_a_range_ttl, + "request_content": "dnstest.deny-redirect-a-rttl-ipv4.selftest.gdnt-cloud.website" + }, + { + "name": "Firewall_DenyRedirect_AAAARangeTTL_DNS", + "protocol_type": "dns", + "test_function": self._firewall_case.action_deny_subaction_redirect_protocol_dns_type_aaaa_range_ttl, + "request_content": "dnstest.deny-redirect-4a-rttl-ipv6.selftest.gdnt-cloud.website" + }, + { + "name": "Proxy_Intercept_HTTPS", + "protocol_type": "https", + "test_function": self._proxy_case.action_intercept_protocol_https, + "request_content": "https://sha256.badssl.selftest.gdnt-cloud.website" + }, + { + "name": "Proxy_Intercept_HTTPS_CertExpired", + "protocol_type": "https", + "test_function": self._proxy_case.action_intercept_protocol_https_cert_error, + "request_content": "https://expired.badssl.selftest.gdnt-cloud.website" + }, + { + "name": "Proxy_Intercept_HTTPS_CertSelfSigned", + "protocol_type": "https", + "test_function": self._proxy_case.action_intercept_protocol_https_cert_error, + "request_content": "https://self-signed.badssl.selftest.gdnt-cloud.website" + }, + { + "name": "Proxy_Intercept_HTTPS_CertUntrustedRoot", + "protocol_type": "https", + "test_function": self._proxy_case.action_intercept_protocol_https_cert_error, + "request_content": "https://untrusted-root.badssl.selftest.gdnt-cloud.website" + }, + { + "name": "Proxy_Intercept_HTTPS_Response_1k", + "protocol_type": "https", + "test_function": self._proxy_case.action_intercept_protocol_https_download_size_1k, + "request_content": "https://testing-download.badssl.selftest.gdnt-cloud.website/resources/1k" + }, + { + "name": "Proxy_Intercept_HTTPS_Response_4k", + "protocol_type": "https", + "test_function": self._proxy_case.action_intercept_protocol_https_download_size_4k, + "request_content": "https://testing-download.badssl.selftest.gdnt-cloud.website/resources/4k" + }, + { + "name": "Proxy_Intercept_HTTPS_Response_16k", + "protocol_type": "https", + "test_function": self._proxy_case.action_intercept_protocol_https_download_size_16k, + "request_content": "https://testing-download.badssl.selftest.gdnt-cloud.website/resources/16k" + }, + { + "name": "Proxy_Intercept_HTTPS_Response_64k", + "protocol_type": "https", + "test_function": self._proxy_case.action_intercept_protocol_https_download_size_64k, + "request_content": "https://testing-download.badssl.selftest.gdnt-cloud.website/resources/64k" + }, + { + "name": "Proxy_Intercept_HTTPS_Response_256k", + "protocol_type": "https", + "test_function": self._proxy_case.action_intercept_protocol_https_download_size_256k, + "request_content": "https://testing-download.badssl.selftest.gdnt-cloud.website/resources/256k" + }, + { + "name": "Proxy_Intercept_HTTPS_Response_1M", + "protocol_type": "https", + "test_function": self._proxy_case.action_intercept_protocol_https_download_size_1M, + "request_content": "https://testing-download.badssl.selftest.gdnt-cloud.website/resources/1M" + }, + { + "name": "Proxy_Intercept_HTTPS_Response_4M", + "protocol_type": "https", + "test_function": self._proxy_case.action_intercept_protocol_https_download_size_4M, + "request_content": "https://testing-download.badssl.selftest.gdnt-cloud.website/resources/4M" + }, + { + "name": "Proxy_Intercept_HTTPS_Response_16M", + "protocol_type": "https", + "test_function": self._proxy_case.action_intercept_protocol_https_download_size_16M, + "request_content": "https://testing-download.badssl.selftest.gdnt-cloud.website/resources/16M" + }, + { + "name": "Proxy_Intercept_HTTPS_Response_64M", + "protocol_type": "https", + "test_function": self._proxy_case.action_intercept_protocol_https_download_size_64M, + "request_content": "https://testing-download.badssl.selftest.gdnt-cloud.website/resources/64M" + }, + { + "name": "Proxy_Manipulation_Redirect_HTTP", + "protocol_type": "http", + "test_function": self._proxy_case.action_redirect_protocol_http, + "request_content": "http://web-replay.badssl.selftest.gdnt-cloud.website/resources/proxyRedirect.js" + }, + { + "name": "Proxy_Manipulation_Redirect_HTTPS", + "protocol_type": "https", + "test_function": self._proxy_case.action_redirect_protocol_https, + "request_content": "https://web-replay.badssl.selftest.gdnt-cloud.website/resources/proxyRedirect.js" + }, + { + "name": "Proxy_Manipulation_Replace_HTTP", + "protocol_type": "http", + "test_function": self._proxy_case.action_replace_protocol_http, + "request_content": "http://web-replay.badssl.selftest.gdnt-cloud.website/resources/proxyReplace.js" + }, + { + "name": "Proxy_Manipulation_Replace_HTTPS", + "protocol_type": "https", + "test_function": self._proxy_case.action_replace_protocol_https, + "request_content": "https://web-replay.badssl.selftest.gdnt-cloud.website/resources/proxyReplace.js" + }, + { + "name": "Proxy_Manipulation_Deny_HTTP", + "protocol_type": "http", + "test_function": self._proxy_case.action_block_protocol_http, + "request_content": "http://web-replay.badssl.selftest.gdnt-cloud.website/resources/proxyBlock.js" + }, + { + "name": "Proxy_Manipulation_Deny_HTTPS", + "protocol_type": "https", + "test_function": self._proxy_case.action_block_protocol_https, + "request_content": "https://web-replay.badssl.selftest.gdnt-cloud.website/resources/proxyBlock.js" + }, + { + "name": "Proxy_Manipulation_Deny_FilterHost_HTTP", "protocol_type": "http", "test_function": self._proxy_case.action_deny_protocol_http_filter_host, "request_content": "http://testing-proxy-filter-host.badssl.selftest.gdnt-cloud.website" }, { - "name": "test_proxyDenyFilterURL_http", + "name": "Proxy_Manipulation_Deny_FilterURL_HTTP", "protocol_type": "http", "test_function": self._proxy_case.action_deny_protocol_http_filter_url, "request_content": "http://testing-proxy-filter-url.badssl.selftest.gdnt-cloud.website" }, { - "name": "test_shaping_ratelimit_0bps_http", + "name": "Proxy_Manipulation_Hijack_HTTP", + "protocol_type": "http", + "test_function": self._proxy_case.action_hijack_protocol_http, + "request_content": "http://web-replay.badssl.selftest.gdnt-cloud.website/resources/proxyHijack.js" + }, + { + "name": "Proxy_Manipulation_Hijack_HTTPS", + "protocol_type": "https", + "test_function": self._proxy_case.action_hijack_protocol_https, + "request_content": "https://web-replay.badssl.selftest.gdnt-cloud.website/resources/proxyHijack.js" + }, + { + "name": "Proxy_Manipulation_Insert_HTTP", + "protocol_type": "http", + "test_function": self._proxy_case.action_insert_protocol_http, + "request_content": "http://web-replay.badssl.selftest.gdnt-cloud.website/resources/proxyInsert.html" + }, + { + "name": "Proxy_Manipulation_Insert_HTTPS", + "protocol_type": "https", + "test_function": self._proxy_case.action_insert_protocol_https, + "request_content": "https://web-replay.badssl.selftest.gdnt-cloud.website/resources/proxyInsert.html" + }, + { + "name": "Shaping_RateLimit0bps_HTTP", "protocol_type": "http", "test_function": self._shaping_case.rate_limit_0bps_protocol_http, "request_content": "http://testing-rate-limit-0bps.badssl.selftest.gdnt-cloud.website/resources/16M" }, { - "name": "test_shaping_ratelimit_0bps_https", + "name": "Shaping_RateLimit0bps_HTTPS", "protocol_type": "https", "test_function": self._shaping_case.rate_limit_0bps_protocol_https, "request_content": "https://testing-rate-limit-0bps.badssl.selftest.gdnt-cloud.website/resources/16M" }, { - "name": "test_shaping_ratelimit_1000gbps_http", + "name": "Shaping_RateLimit1000gbps_HTTP", "protocol_type": "http", "test_function": self._shaping_case.rate_limit_1000gbps_protocol_http, "request_content": "http://testing-rate-limit-1000gbps.badssl.selftest.gdnt-cloud.website/resources/16M" }, { - "name": "test_shaping_ratelimit_1000gbps_https", + "name": "Shaping_RateLimit1000gbps_HTTPS", "protocol_type": "https", "test_function": self._shaping_case.rate_limit_1000gbps_protocol_https, "request_content": "https://testing-rate-limit-1000gbps.badssl.selftest.gdnt-cloud.website/resources/16M" diff --git a/images_build/client/dign_client/etc/client.conf b/images_build/client/dign_client/etc/client.conf index 052f2de..52a5d13 100644 --- a/images_build/client/dign_client/etc/client.conf +++ b/images_build/client/dign_client/etc/client.conf @@ -1,32 +1,27 @@ -[test_firewallBypass_ssl] # enabled = 1 run this case -enabled = 1 #Connection TIMEOUT, in seconds -conn_timeout = 1 #max_recv_speed_large byte/s -max_recv_speed_large = 6553600 - -[test_firewallDenyDrop_dns] +[Firewall_DenyDrop_DNS] enabled = 1 conn_timeout = 3 max_recv_speed_large = 6553600 -[test_firewallDenyRedirectA_dns] +[Firewall_DenyRedirect_A_DNS] enabled = 1 conn_timeout = 3 max_recv_speed_large = 6553600 -[test_firewallDenyRedirectAAAA_dns] +[Firewall_DenyRedirect_AAAA_DNS] enabled = 1 conn_timeout = 3 max_recv_speed_large = 6553600 -[test_firewallDenyRedirectARangeTTL_dns] +[Firewall_DenyRedirect_ARangeTTL_DNS] enabled = 1 conn_timeout = 3 max_recv_speed_large = 6553600 -[test_firewallDenyRedirectAAAARangeTTL_dns] +[Firewall_DenyRedirect_AAAARangeTTL_DNS] enabled = 1 conn_timeout = 3 max_recv_speed_large = 6553600 @@ -47,192 +42,192 @@ max_recv_speed_large = 6553600 #conn_timeout = 3 #max_recv_speed_large = 6553600 -[test_firewallIntercept_ssl] +[Proxy_Intercept_HTTPS] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_firewallIntercept_sslCerterrExpired] +[Proxy_Intercept_HTTPS_CertExpired] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_firewallIntercept_sslCerterrSelfsigned] +[Proxy_Intercept_HTTPS_CertSelfSigned] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_firewallIntercept_sslCerterrUntrustedroot] +[Proxy_Intercept_HTTPS_CertUntrustedRoot] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_proxyRedirect_ssl] +[Proxy_Manipulation_Redirect_HTTPS] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_proxyBlock_ssl] +[Proxy_Manipulation_Deny_HTTPS] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_proxyReplace_ssl] +[Proxy_Manipulation_Replace_HTTPS] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_proxyHijack_ssl] +[Proxy_Manipulation_Hijack_HTTPS] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_proxyInsert_ssl] +[Proxy_Manipulation_Insert_HTTPS] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_proxyRedirect_http] +[Proxy_Manipulation_Redirect_HTTP] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_proxyBlock_http] +[Proxy_Manipulation_Deny_HTTP] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_proxyReplace_http] +[Proxy_Manipulation_Replace_HTTP] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_proxyHijack_http] +[Proxy_Manipulation_Hijack_HTTP] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_proxyInsert_http] +[Proxy_Manipulation_Insert_HTTP] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_firewallIntercept_sslDownloadSize1k] +[Proxy_Intercept_HTTPS_Response_1k] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_firewallIntercept_sslDownloadSize4k] +[Proxy_Intercept_HTTPS_Response_4k] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_firewallIntercept_sslDownloadSize16k] +[Proxy_Intercept_HTTPS_Response_16k] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_firewallIntercept_sslDownloadSize64k] +[Proxy_Intercept_HTTPS_Response_64k] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_firewallIntercept_sslDownloadSize256k] +[Proxy_Intercept_HTTPS_Response_256k] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_firewallIntercept_sslDownloadSize1M] +[Proxy_Intercept_HTTPS_Response_1M] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_firewallIntercept_sslDownloadSize4M] +[Proxy_Intercept_HTTPS_Response_4M] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_firewallIntercept_sslDownloadSize16M] +[Proxy_Intercept_HTTPS_Response_16M] enabled = 1 conn_timeout = 4 max_recv_speed_large = 6553600 -[test_firewallIntercept_sslDownloadSize64M] +[Proxy_Intercept_HTTPS_Response_64M] enabled = 1 conn_timeout = 12 max_recv_speed_large = 6553600 -[test_firewallAllow_http] +[Firewall_Allow_HTTP] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_firewallDenyDrop_http] +[Firewall_DenyDrop_HTTP] enabled = 1 conn_timeout = 4 max_recv_speed_large = 6553600 -[test_firewallDenyReset_http] +[Firewall_DenyReset_HTTP] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_firewallDenyBlock_http] +[Firewall_DenyBlock_HTTP] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_firewallAllow_ssl] +[Firewall_Allow_HTTPS] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_firewallDenyDrop_ssl] +[Firewall_DenyDrop_HTTPS] enabled = 1 conn_timeout = 4 max_recv_speed_large = 6553600 -[test_firewallDenyReset_ssl] +[Firewall_DenyReset_HTTPS] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_firewallDenyResetFilterHost_http] +[Firewall_DenyReset_FilterHost_HTTP] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_firewallDenyResetFilterURL_http] +[Firewall_DenyReset_FilterURL_HTTP] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_proxyDenyFilterHost_http] +[Proxy_Manipulation_Deny_FilterHost_HTTP] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_proxyDenyFilterURL_http] +[Proxy_Manipulation_Deny_FilterURL_HTTP] enabled = 1 conn_timeout = 1 max_recv_speed_large = 6553600 -[test_shaping_ratelimit_0bps_http] +[Shaping_RateLimit0bps_HTTP] enabled = 1 conn_timeout = 4 max_recv_speed_large = 6553600 -[test_shaping_ratelimit_0bps_https] +[Shaping_RateLimit0bps_HTTPS] enabled = 1 conn_timeout = 4 max_recv_speed_large = 6553600 -[test_shaping_ratelimit_1000gbps_http] +[Shaping_RateLimit1000gbps_HTTP] enabled = 1 conn_timeout = 4 max_recv_speed_large = 6553600 -[test_shaping_ratelimit_1000gbps_https] +[Shaping_RateLimit1000gbps_HTTPS] enabled = 1 conn_timeout = 4 max_recv_speed_large = 6553600