diff options
Diffstat (limited to '')
| -rw-r--r-- | tests/deckard/tools/divide_tests.sh | 77 | ||||
| -rw-r--r-- | tests/deckard/tools/invalid_dsa.py | 83 | ||||
| -rw-r--r-- | tests/deckard/tools/parse.py | 21 |
3 files changed, 181 insertions, 0 deletions
diff --git a/tests/deckard/tools/divide_tests.sh b/tests/deckard/tools/divide_tests.sh new file mode 100644 index 0000000..1856610 --- /dev/null +++ b/tests/deckard/tools/divide_tests.sh @@ -0,0 +1,77 @@ +#!/bin/bash + +# Sorts .rpl tests into several categories. +# Takes a diretory with the tests as an argument and moves the test to its subdirectories. +# Env variable SCRIPT= sets *_run.sh script for finding working tests, default script is kresd_run.sh +# Env variable DEST= sets output directory where the tests will be copied and divided into subfolders. Default value is working directory. + +set -o nounset +set -o errexit + +SOURCE="$1" + +SCRIPT=${SCRIPT:-"./../kresd_run.sh"} +DEST=${DEST:-"."} + +rm -rf "$DEST/sorted_tests" +mkdir "$DEST/sorted_tests" +for TEST in "$SOURCE/"*.rpl +do + cp "$TEST" "$DEST/sorted_tests" +done + +# Test with the same name is already imported in deckard/sets/resolver +echo Already imported: +mkdir -p "$DEST/sorted_tests/imported" +for TEST in `comm -12 <(ls -F ../sets/resolver/*.rpl | xargs -n 1 basename) <(ls -F "$DEST/sorted_tests" | xargs -n 1 basename)` +do + echo -e '\t' "$TEST" + mv "$DEST/sorted_tests/$TEST" "$DEST/sorted_tests/imported" +done + +# Parse failed +echo Parse failed: +mkdir -p "$DEST/sorted_tests/parsefail" +for TEST in "$DEST/sorted_tests/"*.rpl +do + if ! python3 parse.py "$TEST" >/dev/null 2>/dev/null + then + echo -e '\t' $(basename "$TEST") + mv "$TEST" "$DEST/sorted_tests/parsefail" + fi +done + + +# Invalid DSA signatures (common in old testbound tests) +echo Invalid DSA signatures: +mkdir -p "$DEST/sorted_tests/invaliddsa" +for TEST in "$DEST/sorted_tests/"*.rpl +do + if ! python3 invalid_dsa.py "$TEST" >/dev/null 2>/dev/null + then + echo -e '\t' $(basename "$TEST") + mv "$TEST" "$DEST/sorted_tests/invaliddsa" + fi +done + + +# Working in selected script +echo Working in $SCRIPT: +mkdir -p "$DEST/sorted_tests/working" +for TEST in "$DEST/sorted_tests/"*.rpl +do + if TESTS="$(readlink -m $TEST)" $SCRIPT >/dev/null 2>/dev/null + then + echo -e '\t' $(basename "$TEST") + mv "$TEST" "$DEST/sorted_tests/working" + fi +done + +echo Others: +mkdir -p "$DEST/sorted_tests/others" +for TEST in "$DEST/sorted_tests/"*.rpl +do + echo -e '\t' $(basename "$TEST") + mv "$TEST" "$DEST/sorted_tests/others" +done + diff --git a/tests/deckard/tools/invalid_dsa.py b/tests/deckard/tools/invalid_dsa.py new file mode 100644 index 0000000..fd1c845 --- /dev/null +++ b/tests/deckard/tools/invalid_dsa.py @@ -0,0 +1,83 @@ +"""Returns 1 if there is a DNSSEC DSA signature which is not 41 bytes long.\ +0 otherwise. +""" + +import os +import sys +import argparse +import dns +import pydnstest +import pydnstest.scenario +import pydnstest.augwrap + + +def parse(test): + """ Parse the test""" + _, config = pydnstest.scenario.parse_file(os.path.realpath(test)) + aug = pydnstest.augwrap.AugeasWrapper( + confpath=os.path.realpath(test), + lens='Deckard', loadpath="../pydnstest") + node = aug.tree + return config, node + + +def get_dsakeys(config, node): + """ Make list of all DSA keys in the test""" + dsakeys = [] + for conf in config: + if conf[0] == "trust-anchor": + conf[1] = conf[1][1:-1] + trust_anchor = conf[1].split() + for i, word in enumerate(trust_anchor): + if word == "DS": + algorithm = trust_anchor[i + 2] + if algorithm in ("3", "DSA"): + dsakeys.append(trust_anchor[i + 1]) + + for entry in node.match("/scenario/range/entry"): + records = list(entry.match("/section/answer/record")) + records.extend(list(entry.match("/section/authority/record"))) + records.extend(list(entry.match("/section/additional/record"))) + + for record in records: + if record["/type"].value == "DS": + if record["/data"].value[1] in ["3", "DSA"]: + dsakeys.append(record["/data"].value[2]) + return dsakeys + + +def check_rrsig(node, dsakeys): + """ Find records with wrong lenght of rrsig""" + for key in dsakeys: # pylint: disable=too-many-nested-blocks + for entry in node.match("/scenario/range/entry"): + records = list(entry.match("/section/answer/record")) + records.extend(list(entry.match("/section/authority/record"))) + records.extend(list(entry.match("/section/additional/record"))) + + for record in records: + if record["/type"].value == "RRSIG": + rrset = dns.rrset.from_text(record["/domain"].value, 300, + 1, dns.rdatatype.RRSIG, + record["/data"].value) + if rrset.items[0].key_tag == int(key): + if len(rrset.items[0].signature) != 41: + return True + return False + + +def main(): + """Returns 1 if there is a DNSSEC DSA signature which is not 41 bytes long. \ + 0 otherwise.""" + argparser = argparse.ArgumentParser() + argparser.add_argument("file") + args = argparser.parse_args() + config, node = parse(args.file) + dsakeys = get_dsakeys(config, node) + bad_rrsig = check_rrsig(node, dsakeys) + if bad_rrsig: + sys.exit(1) + else: + sys.exit(0) + + +main() diff --git a/tests/deckard/tools/parse.py b/tests/deckard/tools/parse.py new file mode 100644 index 0000000..139b284 --- /dev/null +++ b/tests/deckard/tools/parse.py @@ -0,0 +1,21 @@ +"""Returns 0 if the test is parsed, 1 if not.""" + +import sys +import os +import argparse +import pydnstest +import pydnstest.scenario + + +def main(): + """Returns 0 if the test is parsed, 1 if not.""" + argparser = argparse.ArgumentParser() + argparser.add_argument("file") + args = argparser.parse_args() + if pydnstest.scenario.parse_file(os.path.realpath(args.file)): + sys.exit(0) + else: + sys.exit(1) + + +main() |