1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
|
#
# Wireshark tests
# By Gerald Combs <gerald@wireshark.org>
#
# Ported from a set of Bash scripts which were copyright 2005 Ulf Lamping
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
'''Command line option tests'''
import json
import sys
import os.path
import subprocess
import subprocesstest
from subprocesstest import ExitCodes, grep_output, count_output
import shutil
import pytest
#glossaries = ('fields', 'protocols', 'values', 'decodes', 'defaultprefs', 'currentprefs')
glossaries = ('decodes', 'values')
testout_pcap = 'testout.pcap'
class TestDumpcapOptions:
# XXX Should we generate individual test functions instead of looping?
def test_dumpcap_invalid_chars(self, cmd_dumpcap, base_env):
'''Invalid dumpcap parameters'''
for char_arg in 'CEFGHJKNOQRTUVWXYejloxz':
process = subprocesstest.run((cmd_dumpcap, '-' + char_arg), env=base_env)
assert process.returncode == ExitCodes.COMMAND_LINE
# XXX Should we generate individual test functions instead of looping?
def test_dumpcap_valid_chars(self, cmd_dumpcap, base_env):
for char_arg in 'hv':
process = subprocesstest.run((cmd_dumpcap, '-' + char_arg), env=base_env)
assert process.returncode == ExitCodes.OK
# XXX Should we generate individual test functions instead of looping?
def test_dumpcap_interface_chars(self, cmd_dumpcap, base_env):
'''Valid dumpcap parameters requiring capture permissions'''
valid_returns = [ExitCodes.OK, ExitCodes.INVALID_INTERFACE]
for char_arg in 'DL':
process = subprocesstest.run((cmd_dumpcap, '-' + char_arg), env=base_env)
assert process.returncode in valid_returns
class TestDumpcapClopts:
def test_dumpcap_invalid_capfilter(self, cmd_dumpcap, capture_interface, result_file, base_env):
'''Invalid capture filter'''
invalid_filter = '__invalid_protocol'
# $DUMPCAP -f 'jkghg' -w './testout.pcap' > ./testout.txt 2>&1
testout_file = result_file(testout_pcap)
process = subprocesstest.run((cmd_dumpcap, '-f', invalid_filter, '-w', testout_file), capture_output=True, env=base_env)
assert grep_output(process.stderr, 'Invalid capture filter "' + invalid_filter + '" for interface')
def test_dumpcap_invalid_interface_name(self, cmd_dumpcap, capture_interface, result_file, base_env):
'''Invalid capture interface name'''
invalid_interface = '__invalid_interface'
# $DUMPCAP -i invalid_interface -w './testout.pcap' > ./testout.txt 2>&1
testout_file = result_file(testout_pcap)
process = subprocesstest.run((cmd_dumpcap, '-i', invalid_interface, '-w', testout_file), capture_output=True, env=base_env)
assert grep_output(process.stderr, 'There is no device named "__invalid_interface"') or \
grep_output(process.stderr, 'The capture session could not be initiated on capture device "__invalid_interface"')
def test_dumpcap_invalid_interface_index(self, cmd_dumpcap, capture_interface, result_file, base_env):
'''Invalid capture interface index'''
invalid_index = '0'
# $DUMPCAP -i 0 -w './testout.pcap' > ./testout.txt 2>&1
testout_file = result_file(testout_pcap)
process = subprocesstest.run((cmd_dumpcap, '-i', invalid_index, '-w', testout_file), capture_output=True, env=base_env)
assert grep_output(process.stderr, 'There is no interface with that adapter index')
class TestBasicClopts:
def test_existing_file(self, cmd_tshark, capture_file, test_env):
# $TSHARK -r "${CAPTURE_DIR}dhcp.pcap" > ./testout.txt 2>&1
process = subprocesstest.run((cmd_tshark, '-r', capture_file('dhcp.pcap')), env=test_env)
assert process.returncode == ExitCodes.OK
def test_nonexistent_file(self, cmd_tshark, capture_file, test_env):
# $TSHARK - r ThisFileDontExist.pcap > ./testout.txt 2 > &1
process = subprocesstest.run((cmd_tshark, '-r', capture_file('__ceci_nest_pas_une.pcap')), env=test_env)
assert process.returncode == ExitCodes.INVALID_FILE_ERROR
class TestTsharkOptions:
# XXX Should we generate individual test functions instead of looping?
def test_tshark_invalid_chars(self, cmd_tshark, test_env):
'''Invalid tshark parameters'''
for char_arg in 'ABCEFHJKMNORTUWXYZabcdefijkmorstuwyz':
process = subprocesstest.run((cmd_tshark, '-' + char_arg), env=test_env)
assert process.returncode == ExitCodes.COMMAND_LINE
# XXX Should we generate individual test functions instead of looping?
def test_tshark_valid_chars(self, cmd_tshark, test_env):
for char_arg in 'Ghv':
process = subprocesstest.run((cmd_tshark, '-' + char_arg), env=test_env)
assert process.returncode == ExitCodes.OK
# XXX Should we generate individual test functions instead of looping?
def test_tshark_interface_chars(self, cmd_tshark, cmd_dumpcap, test_env):
'''Valid tshark parameters requiring capture permissions'''
# These options require dumpcap, but may fail with a pacp error
# if WinPcap or Npcap are not present
valid_returns = [ExitCodes.OK, ExitCodes.PCAP_ERROR, ExitCodes.INVALID_CAPABILITY]
for char_arg in 'DL':
process = subprocesstest.run((cmd_tshark, '-' + char_arg), env=test_env)
assert process.returncode in valid_returns
def test_tshark_disable_protos(self, cmd_tshark, capture_file, test_env):
'''--disable-protocol/--enable-protocol from !16923'''
process = subprocesstest.run((cmd_tshark, "-r", capture_file("http.pcap"),
"--disable-protocol", "ALL",
"--enable-protocol", "eth,ip",
"-Tjson", "-eeth.type", "-eip.proto", "-ehttp.host",
), capture_output=True, env=test_env)
assert process.returncode == ExitCodes.OK
obj = json.loads(process.stdout)[0]['_source']['layers']
assert obj.get('eth.type', 'NOT FOUND') == ['0x0800']
assert obj.get('ip.proto', 'NOT FOUND') == ['6']
assert obj.get('http.host', 'NOT FOUND') == 'NOT FOUND'
class TestTsharkCaptureClopts:
def test_tshark_invalid_capfilter(self, cmd_tshark, capture_interface, result_file, test_env):
'''Invalid capture filter'''
invalid_filter = '__invalid_protocol'
# $TSHARK -f 'jkghg' -w './testout.pcap' > ./testout.txt 2>&1
testout_file = result_file(testout_pcap)
process = subprocesstest.run((cmd_tshark, '-f', invalid_filter, '-w', testout_file ), capture_output=True, env=test_env)
assert grep_output(process.stderr, 'Invalid capture filter "' + invalid_filter + '" for interface')
def test_tshark_invalid_interface_name(self, cmd_tshark, capture_interface, result_file, test_env):
'''Invalid capture interface name'''
invalid_interface = '__invalid_interface'
# $TSHARK -i invalid_interface -w './testout.pcap' > ./testout.txt 2>&1
testout_file = result_file(testout_pcap)
process = subprocesstest.run((cmd_tshark, '-i', invalid_interface, '-w', testout_file), capture_output=True, env=test_env)
assert grep_output(process.stderr, 'There is no device named "__invalid_interface"') or \
grep_output(process.stderr, 'The capture session could not be initiated on capture device "__invalid_interface"')
def test_tshark_invalid_interface_index(self, cmd_tshark, capture_interface, result_file, test_env):
'''Invalid capture interface index'''
invalid_index = '0'
# $TSHARK -i 0 -w './testout.pcap' > ./testout.txt 2>&1
testout_file = result_file(testout_pcap)
process = subprocesstest.run((cmd_tshark, '-i', invalid_index, '-w', testout_file), capture_output=True, env=test_env)
assert grep_output(process.stderr, 'There is no interface with that adapter index')
class TestTsharkNameResolutionClopts:
def test_tshark_valid_name_resolution(self, cmd_tshark, capture_file, test_env):
# $TSHARK -N mnNtdv -a duration:1 > ./testout.txt 2>&1
process = subprocesstest.run((cmd_tshark,
'-r', capture_file('empty.pcap'),
'-N', 'mnNtdv',
), env=test_env)
assert process.returncode == 0
# XXX Add invalid name resolution.
class TestTsharkUnicodeClopts:
def test_tshark_unicode_display_filter(self, cmd_tshark, capture_file, test_env):
'''Unicode (UTF-8) display filter'''
process = subprocesstest.run((cmd_tshark, '-r', capture_file('http.pcap'), '-Y', 'tcp.flags.str == "·······AP···"'), capture_output=True, env=test_env)
assert grep_output(process.stdout, 'HEAD.*/v4/iuident.cab')
class TestTsharkDumpGlossaries:
def test_tshark_dump_glossary(self, cmd_tshark, base_env):
for glossary in glossaries:
process = subprocesstest.run((cmd_tshark, '-G', glossary), capture_output=True, env=base_env)
assert not process.stderr, 'Found error output while printing glossary ' + glossary
def test_tshark_glossary_valid_utf8(self, cmd_tshark, base_env):
for glossary in glossaries:
env = base_env
env['LANG'] = 'en_US.UTF-8'
# subprocess.run() returns bytes here.
proc = subprocess.run((cmd_tshark, '-G', glossary), capture_output=True, env=env)
assert proc.returncode == 0
proc.stdout.decode('UTF-8')
def test_tshark_glossary_plugin_count(self, cmd_tshark, base_env, features):
if not features.have_plugins:
pytest.skip('Test requires binary plugin support.')
process = subprocesstest.run((cmd_tshark, '-G', 'plugins'), capture_output=True, env=base_env)
assert count_output(process.stdout, 'dissector') >= 10, 'Fewer than 10 dissector plugins found'
def test_tshark_elastic_mapping(self, cmd_tshark, dirs, base_env):
def get_ip_props(obj):
return obj['mappings']['properties']['layers']['properties']['ip']['properties']
baseline_file = os.path.join(dirs.baseline_dir, 'elastic-mapping-ip-subset.json')
with open(baseline_file) as f:
expected_obj = json.load(f)
keys_to_check = get_ip_props(expected_obj).keys()
proc = subprocesstest.run((cmd_tshark, '-G', 'elastic-mapping', '--elastic-mapping-filter', 'ip'), capture_output=True, env=base_env)
actual_obj = json.loads(proc.stdout)
ip_props = get_ip_props(actual_obj)
for key in list(ip_props.keys()):
if key not in keys_to_check:
del ip_props[key]
assert actual_obj == expected_obj
def test_tshark_unicode_folders(self, cmd_tshark, unicode_env, features):
'''Folders output with unicode'''
if not features.have_lua:
pytest.skip('Test requires Lua scripting support.')
if sys.platform == 'win32' and not features.have_lua_unicode:
pytest.skip('Test requires a patched Lua build with UTF-8 support.')
proc = subprocesstest.run((cmd_tshark, '-G', 'folders'), capture_output=True, env=unicode_env.env)
out = proc.stdout
pluginsdir = [x.split('\t', 1)[1] for x in out.splitlines() if x.startswith('Personal Lua Plugins:')]
assert [unicode_env.pluginsdir] == pluginsdir
class TestTsharkZExpert:
def test_tshark_z_expert_all(self, cmd_tshark, capture_file, test_env):
proc = subprocesstest.run((cmd_tshark, '-q', '-z', 'expert',
'-o', 'tcp.check_checksum:TRUE',
'-r', capture_file('http-ooo-fuzzed.pcapng')), capture_output=True, env=test_env)
# http2-data-reassembly.pcap has Errors, Warnings, Notes, and Chats
# when TCP checksum are verified.
assert grep_output(proc.stdout, 'Errors')
assert grep_output(proc.stdout, 'Warns')
assert grep_output(proc.stdout, 'Notes')
assert grep_output(proc.stdout, 'Chats')
def test_tshark_z_expert_error(self, cmd_tshark, capture_file, test_env):
proc = subprocesstest.run((cmd_tshark, '-q', '-z', 'expert,error',
'-o', 'tcp.check_checksum:TRUE',
'-r', capture_file('http-ooo-fuzzed.pcapng')), capture_output=True, env=test_env)
assert grep_output(proc.stdout, 'Errors')
assert not grep_output(proc.stdout, 'Warns')
assert not grep_output(proc.stdout, 'Notes')
assert not grep_output(proc.stdout, 'Chats')
def test_tshark_z_expert_warn(self, cmd_tshark, capture_file, test_env):
proc = subprocesstest.run((cmd_tshark, '-q', '-z', 'expert,warn',
'-o', 'tcp.check_checksum:TRUE',
'-r', capture_file('http-ooo-fuzzed.pcapng')), capture_output=True, env=test_env)
assert grep_output(proc.stdout, 'Errors')
assert grep_output(proc.stdout, 'Warns')
assert not grep_output(proc.stdout, 'Notes')
assert not grep_output(proc.stdout, 'Chats')
def test_tshark_z_expert_note(self, cmd_tshark, capture_file, test_env):
proc = subprocesstest.run((cmd_tshark, '-q', '-z', 'expert,note',
'-o', 'tcp.check_checksum:TRUE',
'-r', capture_file('http-ooo-fuzzed.pcapng')), capture_output=True, env=test_env)
assert grep_output(proc.stdout, 'Errors')
assert grep_output(proc.stdout, 'Warns')
assert grep_output(proc.stdout, 'Notes')
assert not grep_output(proc.stdout, 'Chats')
def test_tshark_z_expert_chat(self, cmd_tshark, capture_file, test_env):
proc = subprocesstest.run((cmd_tshark, '-q', '-z', 'expert,chat',
'-o', 'tcp.check_checksum:TRUE',
'-r', capture_file('http-ooo-fuzzed.pcapng')), capture_output=True, env=test_env)
assert grep_output(proc.stdout, 'Errors')
assert grep_output(proc.stdout, 'Warns')
assert grep_output(proc.stdout, 'Notes')
assert grep_output(proc.stdout, 'Chats')
def test_tshark_z_expert_comment(self, cmd_tshark, capture_file, test_env):
proc = subprocesstest.run((cmd_tshark, '-q', '-z', 'expert,comment',
'-r', capture_file('sip.pcapng')), capture_output=True, env=test_env)
assert grep_output(proc.stdout, 'Notes')
assert grep_output(proc.stdout, 'Comments')
def test_tshark_z_expert_invalid_filter(self, cmd_tshark, capture_file, test_env):
invalid_filter = '__invalid_protocol'
proc = subprocesstest.run((cmd_tshark, '-q', '-z', 'expert,' + invalid_filter,
'-r', capture_file('http-ooo.pcap')), capture_output=True, env=test_env)
assert proc.returncode == ExitCodes.COMMAND_LINE
assert grep_output(proc.stdout, 'Filter "' + invalid_filter + '" is invalid')
def test_tshark_z_expert_error_invalid_filter(self, cmd_tshark, capture_file, test_env):
invalid_filter = '__invalid_protocol'
proc = subprocesstest.run((cmd_tshark, '-q', '-z', 'expert,error,' + invalid_filter,
'-r', capture_file('http-ooo.pcap')), capture_output=True, env=test_env)
assert proc.returncode == ExitCodes.COMMAND_LINE
assert grep_output(proc.stdout, 'Filter "' + invalid_filter + '" is invalid')
def test_tshark_z_expert_filter(self, cmd_tshark, capture_file, test_env):
proc = subprocesstest.run((cmd_tshark, '-q', '-z', 'expert,udp',
'-o', 'tcp.check_checksum:TRUE',
'-r', capture_file('http-ooo-fuzzed.pcapng')), capture_output=True, env=test_env)
# Filtering for UDP should produce no expert infos.
assert not grep_output(proc.stdout, 'Errors')
assert not grep_output(proc.stdout, 'Warns')
assert not grep_output(proc.stdout, 'Notes')
assert not grep_output(proc.stdout, 'Chats')
def test_tshark_z_expert_error_filter(self, cmd_tshark, capture_file, test_env):
proc = subprocesstest.run((cmd_tshark, '-q', '-z', 'expert,note,http', # tls is a filter
'-o', 'tcp.check_checksum:TRUE',
'-r', capture_file('http-ooo-fuzzed.pcapng')), capture_output=True, env=test_env)
# Filtering for HTTP and Note level expert info should produce only
# Error and Warning level expert infos with checksumming turned on.
# The Note warnings on are packets with TCP but not HTTP, and we're
# filtering out the Chat level.
assert grep_output(proc.stdout, 'Errors')
assert grep_output(proc.stdout, 'Warns')
assert not grep_output(proc.stdout, 'Notes')
assert not grep_output(proc.stdout, 'Chats')
class TestTsharkExtcap:
# dumpcap dependency has been added to run this test only with capture support
def test_tshark_extcap_interfaces(self, cmd_tshark, cmd_dumpcap, test_env, home_path):
# Script extcaps don't work with the current code on windows.
# https://www.wireshark.org/docs/wsdg_html_chunked/ChCaptureExtcap.html
# TODO: skip this test until it will get fixed.
if sys.platform == 'win32':
pytest.skip('FIXME extcap .py scripts needs special treatment on Windows')
extcap_dir_path = os.path.join(home_path, 'extcap')
os.makedirs(extcap_dir_path)
test_env['WIRESHARK_EXTCAP_DIR'] = extcap_dir_path
source_file = os.path.join(os.path.dirname(__file__), 'sampleif.py')
shutil.copy2(source_file, extcap_dir_path)
# Ensure the test extcap_tool is properly loaded
proc = subprocesstest.run((cmd_tshark, '-D'), capture_output=True, env=test_env)
assert count_output(proc.stdout, 'sampleif') == 1
# Ensure tshark lists 2 interfaces in the preferences
proc = subprocesstest.run((cmd_tshark, '-G', 'currentprefs'), capture_output=True, env=test_env)
assert count_output(proc.stdout, 'extcap.sampleif.test') == 2
|