gfwleak/tsg-tsg-diagnose
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1、删除tsg-diagnose rpm包 的preinstall 2、修改unittest_self.py 为tsg_diagnose.py 3、变更tsg_diagnose 生成目录 4、增加定时删除tsg_diagnose结果的定时任务 5、新增安装CIUnitTest python 包

Browse Source
This commit is contained in:
fumingwei
2020-08-28 14:34:18 +08:00
parent 0a648267e2
commit 30f56b252b
6 changed files with 81 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
cmake/Package.cmake
View File

@@ -17,7 +17,6 @@ set(CPACK_RPM_PACKAGE_AUTOREQPROV "no")
set(CPACK_RPM_PACKAGE_RELEASE_DIST on) set(CPACK_RPM_PACKAGE_RELEASE_DIST on)
set(CPACK_RPM_DEBUGINFO_PACKAGE on) set(CPACK_RPM_DEBUGINFO_PACKAGE on)
set(CPACK_RPM_PRE_INSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PreInstall.in)
set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PostInstall.in) set(CPACK_RPM_POST_INSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PostInstall.in)
set(CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PreunInstall.in) set(CPACK_RPM_PRE_UNINSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PreunInstall.in)
set(CPACK_RPM_POST_UNINSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PostunInstall.in) set(CPACK_RPM_POST_UNINSTALL_SCRIPT_FILE ${CMAKE_SOURCE_DIR}/cmake/PostunInstall.in)

4
cmake/PreInstall.in
View File

@@ -1,4 +0,0 @@
systemctl stop tsg-diagnose
docker rmi -f badssl-tsg-diagnose
docker rmi -f unittest-tsg-diagnose
docker rmi -f wpr-tsg-diagnose

10
docker-compose/docker-compose.yml
View File

@@ -63,7 +63,7 @@ services:
ipv4_address: 192.51.100.4 ipv4_address: 192.51.100.4
volumes: volumes:
- /opt/tsg/tsg-diagnose/.badssl_cert_dict:/root/cafile_dict - /opt/tsg/tsg-diagnose/.badssl_cert_dict:/root/cafile_dict
- /opt/tsg/tsg-diagnose/log:/root/result_self_test - /opt/tsg/tsg-diagnose/result:/root/result_tsg_diagnose
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
command: command:
- /bin/sh - /bin/sh
@@ -74,13 +74,13 @@ services:
ifconfig eth0 hw ether 02:42:C0:A8:FD:03 ifconfig eth0 hw ether 02:42:C0:A8:FD:03
arp -i eth0 -s 192.0.2.130 02:42:c0:a8:fd:82 arp -i eth0 -s 192.0.2.130 02:42:c0:a8:fd:82
arp -i eth0 -s 192.0.2.131 02:42:C0:A8:FD:83 arp -i eth0 -s 192.0.2.131 02:42:C0:A8:FD:83
mkdir -p /root/result_self_test/unittest mkdir -p /root/result_tsg_diagnose/unittest
mkdir -p /root/result_self_test/con_traffic_inject mkdir -p /root/result_tsg_diagnose/con_traffic_inject
cp -rf /root/cafile_dict/certs/sets/current/gen/crt/ca-root.crt /usr/local/share/ca-certificates cp -rf /root/cafile_dict/certs/sets/current/gen/crt/ca-root.crt /usr/local/share/ca-certificates
update-ca-certificates update-ca-certificates
cat /root/unittest/badssl.test.hosts >> /etc/hosts cat /root/unittest/badssl.test.hosts >> /etc/hosts
python /root/unittest/unittest_self.py & crond
tail -f /dev/null python /root/unittest/tsg_diagnose.py -l
networks: networks:

4
unittest_python/Dockerfile
View File

@@ -8,7 +8,9 @@ RUN sed -i s@/dl-cdn.alpinelinux.org/@/mirrors.ustc.edu.cn/@g /etc/apk/repositor
&& apk update \ && apk update \
&& apk add curl-dev gcc libc-dev curl gzip \ && apk add curl-dev gcc libc-dev curl gzip \
&& pip3 install pycurl \ && pip3 install pycurl \
&& pip3 install httpstat && pip3 install httpstat \
&& pip3 install CIUnitTest \
&& echo '0 2 * * * /usr/local/bin/python /root/unittest/clear_file_timeout.py' > /etc/crontabs/root
WORKDIR /root/unittest WORKDIR /root/unittest

43
unittest_python/unittest/clear_file_timeout.py Normal file
View File

@@ -0,0 +1,43 @@
import os
import sys
import time
import argparse
def get_suite_option():
parser = argparse.ArgumentParser(description="Tsg diagnose Tools - clear tsg diagnose result file", epilog = "Example:help")
parser.add_argument('-t','--timeout', type = int, default = 604800,help='Specify the time to delete files that are not accessed in seconds ,the default is 604800 (7 days)')
parser.add_argument('-d','--dictpath', type = str, default = '/root/result_tsg_diagnose/unittest', help='Specify the folder to delete files, the default is /root/result_tsg_diagnose/unittest')
args = parser.parse_args()
return args
def clear_dict_file(dictpath, timeout):
try:
files = os.listdir(dictpath)
if not files:
print("The directory not exist, the process will exit")
sys.exit(0)
for file in files:
filePath = dictpath + "/" + file
if os.path.isfile(filePath):
last = int(os.stat(filePath).st_mtime)
now = int(time.time())
if (now - last >= timeout):
os.remove(filePath)
print(filePath + " was removed!")
elif os.path.isdir(filePath):
clear_dict_file(filePath,timeout)
if not os.listdir(filePath):
os.rmdir(filePath)
except Exception as ex:
print("Process get an exception, will exit, Exception info: ", ex)
sys.stdout.write(str(ex))
sys.exit(1)
if __name__ == '__main__':
args = get_suite_option()
timeout = args.timeout
dictpath = args.dictpath
clear_dict_file(dictpath, timeout)

57
unittest_python/unittest/unittest_self.py → unittest_python/unittest/tsg_diagnose.py
View File

@@ -8,7 +8,6 @@ import time
from io import BytesIO from io import BytesIO
import getopt import getopt
import ciunittest import ciunittest
import xmlrunner
import argparse import argparse
@@ -49,8 +48,8 @@ URLdictConTrafficInject = {
"64M":"https://downloadfile.self-test.geedge.net/64M"} "64M":"https://downloadfile.self-test.geedge.net/64M"}
ssl_bypass_info_re = "ssl bypass ok" ssl_bypass_info_re = "Ssl connection bypass success"
ssl_intercept_info_re = "ssl intercept ok" ssl_intercept_info_re = "Ssl connection intercept success"
https_exprired_info_re = "https exprired ok" https_exprired_info_re = "https exprired ok"
https_wrong_host_info_re = "https wrong host ok" https_wrong_host_info_re = "https wrong host ok"
https_self_signed_info_re = "https self signed ok" https_self_signed_info_re = "https self signed ok"
@@ -86,13 +85,13 @@ class SSLCheckRequestBuild:
issuer = cert_info issuer = cert_info
break break
if len(issuer) <= 0: if len(issuer) <= 0:
raise Exception("Error: get Certificate info error") raise Exception("Error: Get certificate info error, certificate's length is %s" % len(issuer))
if re.search(r'\bCN[\s]*=[\s]*BadSSL\b',issuer[1],0): if re.search(r'\bCN[\s]*=[\s]*BadSSL\b',issuer[1],0):
raise Exception(ssl_bypass_info_re) raise Exception(ssl_bypass_info_re)
elif re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0): elif re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0):
raise Exception("Error:Ssl link is intercepted") raise Exception("Error:Ssl connection is intercepted, not bypass")
else: else:
raise Exception("Error:Got other error certificate information") raise Exception("Error:Got other error certificate information, ssl connection's packages may loss")
def ssl_intercept(self): def ssl_intercept(self):
self.conn.setopt(self.conn.URL,URLIntercept) self.conn.setopt(self.conn.URL,URLIntercept)
@@ -101,17 +100,17 @@ class SSLCheckRequestBuild:
self.conn.close() self.conn.close()
issuer = () issuer = ()
for cert_info in certs[0]: for cert_info in certs[0]:
if cert_info[0] == "Issuer": if cert_info[0].lower() == "issuer":
issuer = cert_info issuer = cert_info
break break
if len(issuer) <= 0: if len(issuer) <= 0:
raise Exception("Error: get Certificate info error") raise Exception("Error: Get certificate info error, certificate's length is %s" % len(issuer))
if re.search(r'CN = Tango[\s\S]*UNTRUST',issuer[1],0): if re.search(r'CN = Tango[\s\S]*UNTRUST',issuer[1],0):
raise Exception(ssl_intercept_info_re) raise Exception(ssl_intercept_info_re)
elif re.search(r'\bCN[\s]*=[\s]*BadSSL\b',issuer[1],0): elif re.search(r'\bCN[\s]*=[\s]*BadSSL\b',issuer[1],0):
raise Exception("Error:Ssl link is intercepted") raise Exception("Error: Ssl connection is bypass, not intercept")
else: else:
raise Exception("Error:Got other error certificate information") raise Exception("Error: Got other error certificate information, ssl connection's packages may loss")
class SslInterceptRequestBuild: class SslInterceptRequestBuild:
@@ -133,14 +132,14 @@ class SslInterceptRequestBuild:
issuer = cert_info issuer = cert_info
break break
if len(issuer) <= 0: if len(issuer) <= 0:
raise Exception("Error: get Certificate info error") raise Exception("Error: Get certificate info error, certificate's length is %s" % len(issuer))
if re.search(r'\bCN[\s]*=[\s]*Tango\b',issuer[1],0): if re.search(r'\bCN[\s]*=[\s]*Tango\b',issuer[1],0):
if re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0): if re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0):
raise Exception(https_exprired_info_re) raise Exception(https_exprired_info_re)
else: else:
raise Exception("Fail:ssl intercept cert is trust") raise Exception("Error: get error certificate, Possible tsg certificate verification error")
else: else:
raise Exception("Error:Got other error certificate information") raise Exception("Error: Got other error certificate information, ssl connection's packages may loss")
def ssl_intercept_certerrWrong_host(self): def ssl_intercept_certerrWrong_host(self):
@@ -155,14 +154,14 @@ class SslInterceptRequestBuild:
issuer = cert_info issuer = cert_info
break break
if len(issuer) <= 0: if len(issuer) <= 0:
raise Exception("Error: get Certificate info error") raise Exception("Error: Get certificate info error, certificate's length is %s" % len(issuer))
if re.search(r'\bCN[\s]*=[\s]*Tango\b',issuer[1],0): if re.search(r'\bCN[\s]*=[\s]*Tango\b',issuer[1],0):
if re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0): if re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0):
raise Exception(https_wrong_host_info_re ) raise Exception(https_wrong_host_info_re)
else: else:
raise Exception("Fail:ssl intercept cert is trust") raise Exception("Error: get error certificate, Possible tsg certificate verification error")
else: else:
raise Exception("Error:Got other error certificate information") raise Exception("Error: Got other error certificate information, ssl connection's packages may loss")
def ssl_intercept_certerrSelf_signed(self): def ssl_intercept_certerrSelf_signed(self):
self.conn.setopt(self.conn.URL,URLSselfsigned) self.conn.setopt(self.conn.URL,URLSselfsigned)
@@ -175,14 +174,14 @@ class SslInterceptRequestBuild:
issuer = cert_info issuer = cert_info
break break
if len(issuer) <= 0: if len(issuer) <= 0:
raise Exception("Error: get Certificate info error") raise Exception("Error: Get certificate info error, certificate's length is %s" % len(issuer))
if re.search(r'\bCN[\s]*=[\s]*Tango\b',issuer[1],0): if re.search(r'\bCN[\s]*=[\s]*Tango\b',issuer[1],0):
if re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0): if re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0):
raise Exception(https_self_signed_info_re) raise Exception(https_self_signed_info_re)
else: else:
raise Exception("Fail:ssl intercept cert is trust") raise Exception("Error: get error certificate, Possible tsg certificate verification error")
else: else:
raise Exception("Error:Got other error certificate information") raise Exception("Error: Got other error certificate information, ssl connection's packages may loss")
def ssl_intercept_certerrUntrusted_root(self): def ssl_intercept_certerrUntrusted_root(self):
self.conn.setopt(self.conn.URL,URLSuntrustedroot) self.conn.setopt(self.conn.URL,URLSuntrustedroot)
@@ -195,14 +194,14 @@ class SslInterceptRequestBuild:
issuer = cert_info issuer = cert_info
break break
if len(issuer) <= 0: if len(issuer) <= 0:
raise Exception("Error: get Certificate info error") raise Exception("Error: Get certificate info error, certificate's length is %s" % len(issuer))
if re.search(r'\bCN[\s]*=[\s]*Tango\b',issuer[1],0): if re.search(r'\bCN[\s]*=[\s]*Tango\b',issuer[1],0):
if re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0): if re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0):
raise Exception(https_untrusted_root_info_re) raise Exception(https_untrusted_root_info_re)
else: else:
raise Exception("Fail:ssl intercept cert is trust") raise Exception("Error: get error certificate, Possible tsg certificate verification error")
else: else:
raise Exception("Error:Got other error certificate information") raise Exception("Error: Got other error certificate information, ssl connection's packages may loss")
def ssl_intercept_certerrRevoked(self): def ssl_intercept_certerrRevoked(self):
@@ -217,14 +216,14 @@ class SslInterceptRequestBuild:
issuer = cert_info issuer = cert_info
break break
if len(issuer) <= 0: if len(issuer) <= 0:
raise Exception("Error: get Certificate info error") raise Exception("Error: Get certificate info error, certificate's length is %s" % len(issuer))
if re.search(r'\bCN[\s]*=[\s]*Tango\b',issuer[1],0): if re.search(r'\bCN[\s]*=[\s]*Tango\b',issuer[1],0):
if re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0): if re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0):
raise Exception(https_revoked_info_re) raise Exception(https_revoked_info_re)
else: else:
raise Exception("Fail:ssl intercept cert is trust") raise Exception("Error: get error certificate, Possible tsg certificate verification error")
else: else:
raise Exception("Error:Got other error certificate information") raise Exception("Error: Got other error certificate information, ssl connection's packages may loss")
def ssl_intercept_certerrPinning_test(self): def ssl_intercept_certerrPinning_test(self):
@@ -239,14 +238,14 @@ class SslInterceptRequestBuild:
issuer = cert_info issuer = cert_info
break break
if len(issuer) <= 0: if len(issuer) <= 0:
raise Exception("Error: get Certificate info error") raise Exception("Error: Get certificate info error, certificate's length is %s" % len(issuer))
if re.search(r'\bCN[\s]*=[\s]*Tango\b',issuer[1],0): if re.search(r'\bCN[\s]*=[\s]*Tango\b',issuer[1],0):
if re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0): if re.search(r'\bCN = Tango[\s\S]*UNTRUST\b',issuer[1],0):
raise Exception(https_pinning_test_info_re) raise Exception(https_pinning_test_info_re)
else: else:
raise Exception("Fail:ssl intercept cert is trust") raise Exception("Error: get error certificate, Possible tsg certificate verification error")
else: else:
raise Exception("Error:Got other error certificate information") raise Exception("Error: Got other error certificate information, ssl connection's packages may loss")
class SslHttpRequestBuild: class SslHttpRequestBuild: