diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml index fe30074..94f42d2 100644 --- a/compose/docker-compose.yml +++ b/compose/docker-compose.yml @@ -16,7 +16,6 @@ services: volumes: - /opt/tsg/tsg-diagnose/etc/.certs_import:/badssl.com/certs_import - /etc/localtime:/etc/localtime:ro - - /etc/timezone:/etc/timezone:ro command: > bash -c "ifconfig eth0 hw ether 02:42:c0:a8:fd:82 && arp -i eth0 -s 192.0.2.3 02:42:C0:A8:FD:03 @@ -40,7 +39,6 @@ services: volumes: - /opt/tsg/tsg-diagnose/etc/dnsmasq.conf:/etc/dnsmasq.conf - /etc/localtime:/etc/localtime:ro - - /etc/timezone:/etc/timezone:ro entrypoint: /bin/sh command: - -c @@ -70,7 +68,6 @@ services: - /opt/tsg/tsg-diagnose/log:/opt/dign_client/log - /opt/tsg/tsg-diagnose/etc/client.conf:/opt/dign_client/etc/client.conf - /etc/localtime:/etc/localtime:ro - - /etc/timezone:/etc/timezone:ro command: - /bin/sh - -c diff --git a/images_build/client/dign_client/bin/client.py b/images_build/client/dign_client/bin/client.py index 63eeb02..8642a60 100644 --- a/images_build/client/dign_client/bin/client.py +++ b/images_build/client/dign_client/bin/client.py @@ -99,41 +99,41 @@ ssl_firewall_deny_drop_re = "ssl firewall action deny subaction drop success" ssl_firewall_deny_rst_re = "ssl firewall action deny subaction rst success" -URLBypass = 'https://sha384.badssl.self-test.geedge.net' -URLIntercept = 'https://sha256.badssl.self-test.geedge.net' -URLSslExpired = 'https://expired.badssl.self-test.geedge.net' -URLSslSelfsigned = 'https://self-signed.badssl.self-test.geedge.net' -URLSslSuntrustedroot = 'https://untrusted-root.badssl.self-test.geedge.net' +URLBypass = 'https://sha384.badssl.self-test.gdnt-cloud.website' +URLIntercept = 'https://sha256.badssl.self-test.gdnt-cloud.website' +URLSslExpired = 'https://expired.badssl.self-test.gdnt-cloud.website' +URLSslSelfsigned = 'https://self-signed.badssl.self-test.gdnt-cloud.website' +URLSslSuntrustedroot = 'https://untrusted-root.badssl.self-test.gdnt-cloud.website' -URLSslRedirect = 'https://cn.bing.com/rs/2V/pE/cj,nj/b1392357/d94c45f4.js' -URLSslReplace = 'https://cn.bing.com/rs/5j/1pF/cj,nj/2213d9b6/b50738ca.js' -URLSslInsert = 'https://cn.bing.com/?FORM=BEHPTB' -URLSslHijack = 'https://cn.bing.com/rs/31/2n/cj,nj/4c7364c5/40e1b425.js' -URLSslBlock = 'https://cn.bing.com/rs/31/22/cj,nj/3f1e2270/f8c6dd44.js' +URLSslRedirect = 'https://web-replay.badssl.self-test.gdnt-cloud.website/resources/proxyRedirect.js' +URLSslReplace = 'https://web-replay.badssl.self-test.gdnt-cloud.website/resources/proxyReplace.js' +URLSslInsert = 'https://web-replay.badssl.self-test.gdnt-cloud.website/resources/proxyInsert' +URLSslHijack = 'https://web-replay.badssl.self-test.gdnt-cloud.website/resources/proxyHijack.js' +URLSslBlock = 'https://web-replay.badssl.self-test.gdnt-cloud.website/resources/proxyBlock.js' -URLHttpRedirect = 'http://cn.bing.com/rs/2V/pE/cj,nj/b1392357/d94c45f4.js' -URLHttpReplace = 'http://cn.bing.com/rs/5j/1pF/cj,nj/2213d9b6/b50738ca.js' -URLHttpInsert = 'http://cn.bing.com/?FORM=BEHPTB' -URLHttpHijack = 'http://cn.bing.com/rs/31/2n/cj,nj/4c7364c5/40e1b425.js' -URLHttpBlock = 'http://cn.bing.com/rs/31/22/cj,nj/3f1e2270/f8c6dd44.js' +URLHttpRedirect = 'http://web-replay.badssl.self-test.gdnt-cloud.website/resources/proxyRedirect.js' +URLHttpReplace = 'http://web-replay.badssl.self-test.gdnt-cloud.website/resources/proxyReplace.js' +URLHttpInsert = 'http://web-replay.badssl.self-test.gdnt-cloud.website/resources/proxyInsert' +URLHttpHijack = 'http://web-replay.badssl.self-test.gdnt-cloud.website/resources/proxyHijack.js' +URLHttpBlock = 'http://web-replay.badssl.self-test.gdnt-cloud.website/resources/proxyBlock.js' -URLConTraffic_1k = "https://downloadfile.self-test.geedge.net/1k" -URLConTraffic_4k = "https://downloadfile.self-test.geedge.net/4k" -URLConTraffic_16k = "https://downloadfile.self-test.geedge.net/16k" -URLConTraffic_64k = "https://downloadfile.self-test.geedge.net/64k" -URLConTraffic_256k = "https://downloadfile.self-test.geedge.net/256k" -URLConTraffic_1M = "https://downloadfile.self-test.geedge.net/1M" -URLConTraffic_4M = "https://downloadfile.self-test.geedge.net/4M" -URLConTraffic_16M = "https://downloadfile.self-test.geedge.net/16M" -URLConTraffic_64M = "https://downloadfile.self-test.geedge.net/64M" +URLConTraffic_1k = "https://testing-download.badssl.self-test.gdnt-cloud.website/resources/1k" +URLConTraffic_4k = "https://testing-download.badssl.self-test.gdnt-cloud.website/resources/4k" +URLConTraffic_16k = "https://testing-download.badssl.self-test.gdnt-cloud.website/resources/16k" +URLConTraffic_64k = "https://testing-download.badssl.self-test.gdnt-cloud.website/resources/64k" +URLConTraffic_256k = "https://testing-download.badssl.self-test.gdnt-cloud.website/resources/256k" +URLConTraffic_1M = "https://testing-download.badssl.self-test.gdnt-cloud.website/resources/1M" +URLConTraffic_4M = "https://testing-download.badssl.self-test.gdnt-cloud.website/resources/4M" +URLConTraffic_16M = "https://testing-download.badssl.self-test.gdnt-cloud.website/resources/16M" +URLConTraffic_64M = "https://testing-download.badssl.self-test.gdnt-cloud.website/resources/64M" -URLHttpFirewallAllow = "http://http.badssl.self-test.geedge.net" -URLHttpFirewallDenyDrop = "http://http-credit-card.badssl.self-test.geedge.net" -URLHttpFirewallDenyRst = "http://http-dynamic-login.badssl.self-test.geedge.net" -URLHttpFirewallDenyBlock = "http://http-login.badssl.self-test.geedge.net" -URLSslFirewallAllow = "https://sha512.badssl.self-test.geedge.net" -URLSslFirewallDenyDrop = "https://rsa2048.badssl.self-test.geedge.net" -URLSslFirewallDenyRst = "https://rsa4096.badssl.self-test.geedge.net" +URLHttpFirewallAllow = "http://http.badssl.self-test.gdnt-cloud.website" +URLHttpFirewallDenyDrop = "http://http-credit-card.badssl.self-test.gdnt-cloud.website" +URLHttpFirewallDenyRst = "http://http-dynamic-login.badssl.self-test.gdnt-cloud.website" +URLHttpFirewallDenyBlock = "http://http-login.badssl.self-test.gdnt-cloud.website" +URLSslFirewallAllow = "https://sha512.badssl.self-test.gdnt-cloud.website" +URLSslFirewallDenyDrop = "https://rsa2048.badssl.self-test.gdnt-cloud.website" +URLSslFirewallDenyRst = "https://rsa4096.badssl.self-test.gdnt-cloud.website" DNS_SERVER_ALLOW_TTL = 60 DNS_SERVER_REDIRECT_TTL = 333 @@ -284,9 +284,6 @@ class DignTextTestResult(unittest.result.TestResult): self.stream.writeln("%s" % err) self.dignStream.writeln("%s" % err) - - - def get_logger(logPath,enableConsole=True): logger = logging.getLogger() fileHandler = logging.FileHandler(logPath) diff --git a/images_build/client/dign_client/etc/hosts b/images_build/client/dign_client/etc/hosts index 8924c33..3355b56 100644 --- a/images_build/client/dign_client/etc/hosts +++ b/images_build/client/dign_client/etc/hosts @@ -1,90 +1,90 @@ -#### start of badssl.self-test.geedge.net hosts #### -192.0.2.130 10000-sans.badssl.self-test.geedge.net -192.0.2.130 1000-sans.badssl.self-test.geedge.net -192.0.2.130 3des.badssl.self-test.geedge.net -192.0.2.130 badssl.self-test.geedge.net -192.0.2.130 captive-portal.badssl.self-test.geedge.net -192.0.2.130 cbc.badssl.self-test.geedge.net -192.0.2.130 client.badssl.self-test.geedge.net -192.0.2.130 client-cert-missing.badssl.self-test.geedge.net -192.0.2.130 dh1024.badssl.self-test.geedge.net -192.0.2.130 dh2048.badssl.self-test.geedge.net -192.0.2.130 dh480.badssl.self-test.geedge.net -192.0.2.130 dh512.badssl.self-test.geedge.net -192.0.2.130 dh-composite.badssl.self-test.geedge.net -192.0.2.130 dh-small-subgroup.badssl.self-test.geedge.net -192.0.2.130 dsdtestprovider.badssl.self-test.geedge.net -192.0.2.130 ecc256.badssl.self-test.geedge.net -192.0.2.130 ecc384.badssl.self-test.geedge.net -192.0.2.130 edellroot.badssl.self-test.geedge.net -192.0.2.130 ev.badssl.self-test.geedge.net -192.0.2.130 expired.badssl.self-test.geedge.net -192.0.2.130 extended-validation.badssl.self-test.geedge.net -192.0.2.130 hsts.badssl.self-test.geedge.net -192.0.2.130 http.badssl.self-test.geedge.net -192.0.2.130 http-credit-card.badssl.self-test.geedge.net -192.0.2.130 http-dynamic-login.badssl.self-test.geedge.net -192.0.2.130 http-login.badssl.self-test.geedge.net -192.0.2.130 http-password.badssl.self-test.geedge.net -192.0.2.130 https-everywhere.badssl.self-test.geedge.net -192.0.2.130 http-textarea.badssl.self-test.geedge.net -192.0.2.130 incomplete-chain.badssl.self-test.geedge.net -192.0.2.130 invalid-expected-sct.badssl.self-test.geedge.net -192.0.2.130 lock-title.badssl.self-test.geedge.net -192.0.2.130 long-extended-subdomain-name-containing-many-letters-and-dashes.badssl.self-test.geedge.net -192.0.2.130 longextendedsubdomainnamewithoutdashesinordertotestwordwrapping.badssl.self-test.geedge.net -192.0.2.130 md5.badssl.self-test.geedge.net -192.0.2.130 mitm-software.badssl.self-test.geedge.net -192.0.2.130 mixed.badssl.self-test.geedge.net -192.0.2.130 mixed-favicon.badssl.self-test.geedge.net -192.0.2.130 mixed-form.badssl.self-test.geedge.net -192.0.2.130 mixed-script.badssl.self-test.geedge.net -192.0.2.130 mozilla-intermediate.badssl.self-test.geedge.net -192.0.2.130 mozilla-modern.badssl.self-test.geedge.net -192.0.2.130 mozilla-old.badssl.self-test.geedge.net -192.0.2.130 no-common-name.badssl.self-test.geedge.net -192.0.2.130 no-san.badssl.self-test.geedge.net -192.0.2.130 no-sct.badssl.self-test.geedge.net -192.0.2.130 no-subject.badssl.self-test.geedge.net -192.0.2.130 null.badssl.self-test.geedge.net -192.0.2.130 pinning-test.badssl.self-test.geedge.net -192.0.2.130 preact-cli.badssl.self-test.geedge.net -192.0.2.130 preloaded-expect-ct.badssl.self-test.geedge.net -192.0.2.130 preloaded-hsts.badssl.self-test.geedge.net -192.0.2.130 rc4.badssl.self-test.geedge.net -192.0.2.130 rc4-md5.badssl.self-test.geedge.net -192.0.2.130 revoked.badssl.self-test.geedge.net -192.0.2.130 rsa1024.badssl.self-test.geedge.net -192.0.2.130 rsa2048.badssl.self-test.geedge.net -192.0.2.130 rsa3072.badssl.self-test.geedge.net -192.0.2.130 rsa4096.badssl.self-test.geedge.net -192.0.2.130 rsa512.badssl.self-test.geedge.net -192.0.2.130 rsa8192.badssl.self-test.geedge.net -192.0.2.130 self-signed.badssl.self-test.geedge.net -192.0.2.130 sha1-2016.badssl.self-test.geedge.net -192.0.2.130 sha1-2017.badssl.self-test.geedge.net -192.0.2.130 sha1.badssl.self-test.geedge.net -192.0.2.130 sha1-intermediate.badssl.self-test.geedge.net -192.0.2.130 sha256.badssl.self-test.geedge.net -192.0.2.130 sha384.badssl.self-test.geedge.net -192.0.2.130 sha512.badssl.self-test.geedge.net -192.0.2.130 spoof.badssl.self-test.geedge.net -192.0.2.130 spoofed-favicon.badssl.self-test.geedge.net -192.0.2.130 ssl-v2.badssl.self-test.geedge.net -192.0.2.130 ssl-v3.badssl.self-test.geedge.net -192.0.2.130 static-rsa.badssl.self-test.geedge.net -192.0.2.130 subdomain.preloaded-hsts.badssl.self-test.geedge.net -192.0.2.130 superfish.badssl.self-test.geedge.net -192.0.2.130 tls-v1-0.badssl.self-test.geedge.net -192.0.2.130 tls-v1-1.badssl.self-test.geedge.net -192.0.2.130 tls-v1-2.badssl.self-test.geedge.net -192.0.2.130 untrusted-root.badssl.self-test.geedge.net -192.0.2.130 upgrade.badssl.self-test.geedge.net -192.0.2.130 very.badssl.self-test.geedge.net -192.0.2.130 webpack-dev-server.badssl.self-test.geedge.net -192.0.2.130 wrong.host.badssl.self-test.geedge.net -192.0.2.130 www.badssl.self-test.geedge.net -192.0.2.130 xn--n1aae7f7o.badssl.self-test.geedge.net -#### end of badssl.self-test.geedge.net hosts #### -192.0.2.130 web-replay.badssl.self-test.geedge.net -192.0.2.130 testing-download.badssl.self-test.geedge.net +#### start of badssl.self-test.gdnt-cloud.website hosts #### +192.0.2.130 10000-sans.badssl.self-test.gdnt-cloud.website +192.0.2.130 1000-sans.badssl.self-test.gdnt-cloud.website +192.0.2.130 3des.badssl.self-test.gdnt-cloud.website +192.0.2.130 badssl.self-test.gdnt-cloud.website +192.0.2.130 captive-portal.badssl.self-test.gdnt-cloud.website +192.0.2.130 cbc.badssl.self-test.gdnt-cloud.website +192.0.2.130 client.badssl.self-test.gdnt-cloud.website +192.0.2.130 client-cert-missing.badssl.self-test.gdnt-cloud.website +192.0.2.130 dh1024.badssl.self-test.gdnt-cloud.website +192.0.2.130 dh2048.badssl.self-test.gdnt-cloud.website +192.0.2.130 dh480.badssl.self-test.gdnt-cloud.website +192.0.2.130 dh512.badssl.self-test.gdnt-cloud.website +192.0.2.130 dh-composite.badssl.self-test.gdnt-cloud.website +192.0.2.130 dh-small-subgroup.badssl.self-test.gdnt-cloud.website +192.0.2.130 dsdtestprovider.badssl.self-test.gdnt-cloud.website +192.0.2.130 ecc256.badssl.self-test.gdnt-cloud.website +192.0.2.130 ecc384.badssl.self-test.gdnt-cloud.website +192.0.2.130 edellroot.badssl.self-test.gdnt-cloud.website +192.0.2.130 ev.badssl.self-test.gdnt-cloud.website +192.0.2.130 expired.badssl.self-test.gdnt-cloud.website +192.0.2.130 extended-validation.badssl.self-test.gdnt-cloud.website +192.0.2.130 hsts.badssl.self-test.gdnt-cloud.website +192.0.2.130 http.badssl.self-test.gdnt-cloud.website +192.0.2.130 http-credit-card.badssl.self-test.gdnt-cloud.website +192.0.2.130 http-dynamic-login.badssl.self-test.gdnt-cloud.website +192.0.2.130 http-login.badssl.self-test.gdnt-cloud.website +192.0.2.130 http-password.badssl.self-test.gdnt-cloud.website +192.0.2.130 https-everywhere.badssl.self-test.gdnt-cloud.website +192.0.2.130 http-textarea.badssl.self-test.gdnt-cloud.website +192.0.2.130 incomplete-chain.badssl.self-test.gdnt-cloud.website +192.0.2.130 invalid-expected-sct.badssl.self-test.gdnt-cloud.website +192.0.2.130 lock-title.badssl.self-test.gdnt-cloud.website +192.0.2.130 long-extended-subdomain-name-containing-many-letters-and-dashes.badssl.self-test.gdnt-cloud.website +192.0.2.130 longextendedsubdomainnamewithoutdashesinordertotestwordwrapping.badssl.self-test.gdnt-cloud.website +192.0.2.130 md5.badssl.self-test.gdnt-cloud.website +192.0.2.130 mitm-software.badssl.self-test.gdnt-cloud.website +192.0.2.130 mixed.badssl.self-test.gdnt-cloud.website +192.0.2.130 mixed-favicon.badssl.self-test.gdnt-cloud.website +192.0.2.130 mixed-form.badssl.self-test.gdnt-cloud.website +192.0.2.130 mixed-script.badssl.self-test.gdnt-cloud.website +192.0.2.130 mozilla-intermediate.badssl.self-test.gdnt-cloud.website +192.0.2.130 mozilla-modern.badssl.self-test.gdnt-cloud.website +192.0.2.130 mozilla-old.badssl.self-test.gdnt-cloud.website +192.0.2.130 no-common-name.badssl.self-test.gdnt-cloud.website +192.0.2.130 no-san.badssl.self-test.gdnt-cloud.website +192.0.2.130 no-sct.badssl.self-test.gdnt-cloud.website +192.0.2.130 no-subject.badssl.self-test.gdnt-cloud.website +192.0.2.130 null.badssl.self-test.gdnt-cloud.website +192.0.2.130 pinning-test.badssl.self-test.gdnt-cloud.website +192.0.2.130 preact-cli.badssl.self-test.gdnt-cloud.website +192.0.2.130 preloaded-expect-ct.badssl.self-test.gdnt-cloud.website +192.0.2.130 preloaded-hsts.badssl.self-test.gdnt-cloud.website +192.0.2.130 rc4.badssl.self-test.gdnt-cloud.website +192.0.2.130 rc4-md5.badssl.self-test.gdnt-cloud.website +192.0.2.130 revoked.badssl.self-test.gdnt-cloud.website +192.0.2.130 rsa1024.badssl.self-test.gdnt-cloud.website +192.0.2.130 rsa2048.badssl.self-test.gdnt-cloud.website +192.0.2.130 rsa3072.badssl.self-test.gdnt-cloud.website +192.0.2.130 rsa4096.badssl.self-test.gdnt-cloud.website +192.0.2.130 rsa512.badssl.self-test.gdnt-cloud.website +192.0.2.130 rsa8192.badssl.self-test.gdnt-cloud.website +192.0.2.130 self-signed.badssl.self-test.gdnt-cloud.website +192.0.2.130 sha1-2016.badssl.self-test.gdnt-cloud.website +192.0.2.130 sha1-2017.badssl.self-test.gdnt-cloud.website +192.0.2.130 sha1.badssl.self-test.gdnt-cloud.website +192.0.2.130 sha1-intermediate.badssl.self-test.gdnt-cloud.website +192.0.2.130 sha256.badssl.self-test.gdnt-cloud.website +192.0.2.130 sha384.badssl.self-test.gdnt-cloud.website +192.0.2.130 sha512.badssl.self-test.gdnt-cloud.website +192.0.2.130 spoof.badssl.self-test.gdnt-cloud.website +192.0.2.130 spoofed-favicon.badssl.self-test.gdnt-cloud.website +192.0.2.130 ssl-v2.badssl.self-test.gdnt-cloud.website +192.0.2.130 ssl-v3.badssl.self-test.gdnt-cloud.website +192.0.2.130 static-rsa.badssl.self-test.gdnt-cloud.website +192.0.2.130 subdomain.preloaded-hsts.badssl.self-test.gdnt-cloud.website +192.0.2.130 superfish.badssl.self-test.gdnt-cloud.website +192.0.2.130 tls-v1-0.badssl.self-test.gdnt-cloud.website +192.0.2.130 tls-v1-1.badssl.self-test.gdnt-cloud.website +192.0.2.130 tls-v1-2.badssl.self-test.gdnt-cloud.website +192.0.2.130 untrusted-root.badssl.self-test.gdnt-cloud.website +192.0.2.130 upgrade.badssl.self-test.gdnt-cloud.website +192.0.2.130 very.badssl.self-test.gdnt-cloud.website +192.0.2.130 webpack-dev-server.badssl.self-test.gdnt-cloud.website +192.0.2.130 wrong.host.badssl.self-test.gdnt-cloud.website +192.0.2.130 www.badssl.self-test.gdnt-cloud.website +192.0.2.130 xn--n1aae7f7o.badssl.self-test.gdnt-cloud.website +#### end of badssl.self-test.gdnt-cloud.website hosts #### +192.0.2.130 web-replay.badssl.self-test.gdnt-cloud.website +192.0.2.130 testing-download.badssl.self-test.gdnt-cloud.website diff --git a/images_build/server_web/Makefile b/images_build/server_web/Makefile index d4a3731..a86dc3a 100644 --- a/images_build/server_web/Makefile +++ b/images_build/server_web/Makefile @@ -1,7 +1,7 @@ ################ Definitions ################ export TEST_DOMAIN = badssl.test -export TEST_DOMAIN_SELF_TEST = badssl.self-test.geedge.net +export TEST_DOMAIN_SELF_TEST = badssl.self-test.gdnt-cloud.website export PROD_DOMAIN = badssl.com ################ Main ################ @@ -33,7 +33,7 @@ jekyll-prod: .PHONY: certs-test certs-test: - cd certs && make test O=sets/test D=badssl.self-test.geedge.net + cd certs && make test O=sets/test D=badssl.self-test.gdnt-cloud.website cd certs/sets && rm -rf current && cp -R test current rm -rf common/certs/*.crt @@ -123,10 +123,10 @@ nginx: .PHONY: list-hosts list-hosts: - @echo "#### start of badssl.self-test.geedge.net hosts ####" + @echo "#### start of badssl.self-test.gdnt-cloud.website hosts ####" @grep -r "server_name.*{{ site.domain }}" . \ - | sed "s/.*server_name \([^\{]*\).*/127.0.0.1 \1badssl.self-test.geedge.net/g" \ + | sed "s/.*server_name \([^\{]*\).*/127.0.0.1 \1badssl.self-test.gdnt-cloud.website/g" \ | sort \ | uniq \ | grep -v "\*" - @echo "#### end of badssl.self-test.geedge.net hosts ####" + @echo "#### end of badssl.self-test.gdnt-cloud.website hosts ####"