diff options
Diffstat (limited to 'deluge/tests/test_security.py')
-rw-r--r-- | deluge/tests/test_security.py | 184 |
1 files changed, 184 insertions, 0 deletions
diff --git a/deluge/tests/test_security.py b/deluge/tests/test_security.py new file mode 100644 index 0000000..3794049 --- /dev/null +++ b/deluge/tests/test_security.py @@ -0,0 +1,184 @@ +# -*- coding: utf-8 -*- +# +# This file is part of Deluge and is licensed under GNU General Public License 3.0, or later, with +# the additional special exception to link portions of this program with the OpenSSL library. +# See LICENSE for more details. +# + +from __future__ import print_function, unicode_literals + +import os + +import pytest +from twisted.internet.utils import getProcessOutputAndValue + +import deluge.component as component +import deluge.ui.web.server +from deluge import configmanager +from deluge.common import windows_check +from deluge.ui.web.server import DelugeWeb + +from .basetest import BaseTestCase +from .common import get_test_data_file +from .common_web import WebServerTestBase +from .daemon_base import DaemonBase + +SECURITY_TESTS = bool(os.getenv('SECURITY_TESTS', False)) + + +class SecurityBaseTestCase(object): + if windows_check(): + skip = 'windows can`t run .sh files' + elif not SECURITY_TESTS: + skip = 'Skipping security tests' + + http_err = 'can\'t run http tests on daemon' + + def __init__(self): + self.home_dir = os.path.expanduser('~') + self.port = 8112 + + def _run_test(self, test): + d = getProcessOutputAndValue( + 'bash', + [ + get_test_data_file('testssl.sh'), + '--quiet', + '--nodns', + '--color', + '0', + test, + '127.0.0.1:%d' % self.port, + ], + ) + + def on_result(results): + + if test == '-e': + results = results[0].split('\n')[7:-6] + self.assertTrue(len(results) > 3) + else: + self.assertIn('OK', results[0]) + self.assertNotIn('NOT ok', results[0]) + + d.addCallback(on_result) + return d + + def test_secured_webserver_protocol(self): + return self._run_test('-p') + + def test_secured_webserver_standard_ciphers(self): + return self._run_test('-s') + + def test_secured_webserver_heartbleed_vulnerability(self): + return self._run_test('-H') + + def test_secured_webserver_css_injection_vulnerability(self): + return self._run_test('-I') + + def test_secured_webserver_ticketbleed_vulnerability(self): + return self._run_test('-T') + + def test_secured_webserver_renegotiation_vulnerabilities(self): + return self._run_test('-R') + + def test_secured_webserver_crime_vulnerability(self): + return self._run_test('-C') + + def test_secured_webserver_breach_vulnerability(self): + return self._run_test('-B') + + def test_secured_webserver_poodle_vulnerability(self): + return self._run_test('-O') + + def test_secured_webserver_tls_fallback_scsv_mitigation_vulnerability(self): + return self._run_test('-Z') + + def test_secured_webserver_sweet32_vulnerability(self): + return self._run_test('-W') + + def test_secured_webserver_beast_vulnerability(self): + return self._run_test('-A') + + def test_secured_webserver_lucky13_vulnerability(self): + return self._run_test('-L') + + def test_secured_webserver_freak_vulnerability(self): + return self._run_test('-F') + + def test_secured_webserver_logjam_vulnerability(self): + return self._run_test('-J') + + def test_secured_webserver_drown_vulnerability(self): + return self._run_test('-D') + + def test_secured_webserver_forward_secrecy_settings(self): + return self._run_test('-f') + + def test_secured_webserver_rc4_ciphers(self): + return self._run_test('-4') + + def test_secured_webserver_preference(self): + return self._run_test('-P') + + def test_secured_webserver_headers(self): + return self._run_test('-h') + + def test_secured_webserver_ciphers(self): + return self._run_test('-e') + + +@pytest.mark.security +class DaemonSecurityTestCase(BaseTestCase, DaemonBase, SecurityBaseTestCase): + + if windows_check(): + skip = 'windows can\'t start_core not enough arguments for format string' + + def __init__(self, testname): + super(DaemonSecurityTestCase, self).__init__(testname) + DaemonBase.__init__(self) + SecurityBaseTestCase.__init__(self) + + def setUp(self): + skip = False + for not_http_test in ('breach', 'headers', 'ticketbleed'): + if not_http_test in self.id().split('.')[-1]: + self.skipTest(SecurityBaseTestCase.http_err) + skip = True + if not skip: + super(DaemonSecurityTestCase, self).setUp() + + def set_up(self): + d = self.common_set_up() + self.port = self.listen_port + d.addCallback(self.start_core) + d.addErrback(self.terminate_core) + return d + + def tear_down(self): + d = component.shutdown() + d.addCallback(self.terminate_core) + return d + + +@pytest.mark.security +class WebUISecurityTestBase(WebServerTestBase, SecurityBaseTestCase): + def __init__(self, testname): + super(WebUISecurityTestBase, self).__init__(testname) + SecurityBaseTestCase.__init__(self) + + def start_webapi(self, arg): + self.port = self.webserver_listen_port = 8999 + + config_defaults = deluge.ui.web.server.CONFIG_DEFAULTS.copy() + config_defaults['port'] = self.webserver_listen_port + config_defaults['https'] = True + self.config = configmanager.ConfigManager('web.conf', config_defaults) + + self.deluge_web = DelugeWeb(daemon=False) + + host = list(self.deluge_web.web_api.hostlist.config['hosts'][0]) + host[2] = self.listen_port + self.deluge_web.web_api.hostlist.config['hosts'][0] = tuple(host) + self.host_id = host[0] + self.deluge_web.start() |