From 187c2091b0735f531e505462ea92a284de59846b Mon Sep 17 00:00:00 2001 From: cyBerta Date: Sun, 14 Nov 2021 18:23:45 +0100 Subject: implement IPv4 address check based on regex --- .../bitmaskclient/base/utils/ConfigHelperTest.java | 48 ++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 app/src/test/java/se/leap/bitmaskclient/base/utils/ConfigHelperTest.java (limited to 'app/src/test') diff --git a/app/src/test/java/se/leap/bitmaskclient/base/utils/ConfigHelperTest.java b/app/src/test/java/se/leap/bitmaskclient/base/utils/ConfigHelperTest.java new file mode 100644 index 00000000..75552226 --- /dev/null +++ b/app/src/test/java/se/leap/bitmaskclient/base/utils/ConfigHelperTest.java @@ -0,0 +1,48 @@ +package se.leap.bitmaskclient.base.utils; + +import com.tngtech.java.junit.dataprovider.DataProvider; +import com.tngtech.java.junit.dataprovider.DataProviderRunner; +import com.tngtech.java.junit.dataprovider.UseDataProvider; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.powermock.modules.junit4.PowerMockRunner; +import org.powermock.modules.junit4.PowerMockRunnerDelegate; + +import static org.junit.Assert.assertEquals; + +@RunWith(PowerMockRunner.class) +@PowerMockRunnerDelegate(DataProviderRunner.class) +public class ConfigHelperTest { + + @DataProvider + public static Object[][] dataProviderIPs() { + // @formatter:off + return new Object[][] { + { "0.0.0.0", true }, + { "1.1.1.1", true }, + { "8.8.8.8", true }, + { "127.0.0.1", true }, + { "255.255.255.255", true }, + { "200.50.20.10", true }, + { "97.72.15.12", true }, + {"02.0.0.0", false}, + {"10.000.1.1", false}, + {"256.256.256.256", false}, + {"127..0.1", false}, + {"127.0..1", false}, + {"127.0.0.", false}, + {"127.0.0", false}, + {"255.255.255.255.255", false}, + {"", false}, + {null, false}, + }; + } + + + @Test + @UseDataProvider("dataProviderIPs") + public void testisIPv4_validIPs_returnsTrue(String ip, boolean isValidExpected) { + assertEquals(isValidExpected, ConfigHelper.isIPv4(ip)); + } +} \ No newline at end of file -- cgit v1.2.3 From a48c6c1c719247e4663d946e4ee56bfada98b5e6 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Sun, 14 Nov 2021 18:27:48 +0100 Subject: allow ipv6 only openvpn gateways --- .../bitmaskclient/eip/VpnConfigGeneratorTest.java | 9 +++ .../test/resources/ptdemo_misconfigured_ipv6.json | 64 ++++++++++++++++++++++ 2 files changed, 73 insertions(+) create mode 100644 app/src/test/resources/ptdemo_misconfigured_ipv6.json (limited to 'app/src/test') diff --git a/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java b/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java index ad6f5d7b..2f2266cb 100644 --- a/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java +++ b/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java @@ -1140,5 +1140,14 @@ public class VpnConfigGeneratorTest { assertTrue(vpnProfiles.get(OPENVPN).getConfigFile(context, false).trim().equals(expectedVPNConfig_v4_ovpn_udp_tcp.trim())); } + @Test + public void testGenerateVpnProfile_v3_ipv6only_allowOpenvpnIPv6Only() throws Exception { + gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv6.json"))).getJSONArray("gateways").getJSONObject(0); + generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv6.json"))).getJSONObject(OPENVPN_CONFIGURATION); + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3); + HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); + assertTrue(vpnProfiles.containsKey(OPENVPN)); + } + } \ No newline at end of file diff --git a/app/src/test/resources/ptdemo_misconfigured_ipv6.json b/app/src/test/resources/ptdemo_misconfigured_ipv6.json new file mode 100644 index 00000000..736dbb8f --- /dev/null +++ b/app/src/test/resources/ptdemo_misconfigured_ipv6.json @@ -0,0 +1,64 @@ +{ + "gateways":[ + { + "capabilities":{ + "adblock":false, + "filter_dns":false, + "limited":false, + "transport":[ + { + "type":"obfs4", + "protocols":[ + "tcp" + ], + "ports":[ + "23049" + ], + "options": { + "cert": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "iatMode": "0" + } + }, + { + "type":"openvpn", + "protocols":[ + "tcp" + ], + "ports":[ + "1195" + ] + } + ], + "user_ips":false + }, + "host":"pt.demo.bitmask.net", + "ip_address6":"2001:db8:123::1058", + "location":"Amsterdam" + } + ], + "locations":{ + "Amsterdam":{ + "country_code":"NL", + "hemisphere":"N", + "name":"Amsterdam", + "timezone":"-1" + } + }, + "openvpn_configuration":{ + "auth":"SHA1", + "cipher":"AES-256-CBC", + "keepalive":"10 30", + "tls-cipher":"DHE-RSA-AES128-SHA", + "tun-ipv6":true, + "dev" : "tun", + "sndbuf" : "0", + "rcvbuf" : "0", + "nobind" : true, + "persist-key" : true, + "comp-lzo" : true, + "key-direction" : "1", + "verb" : "3" + }, + "serial":2, + "version":3 +} \ No newline at end of file -- cgit v1.2.3 From f18a85e4cd95f938c9ed78b31b8d27b2a02994c7 Mon Sep 17 00:00:00 2001 From: cyBerta Date: Sun, 14 Nov 2021 18:34:04 +0100 Subject: skip obfs4 connections using either ipv6 addresses or UDP --- .../bitmaskclient/eip/VpnConfigGeneratorTest.java | 42 ++++++++++++++ .../resources/ptdemo_misconfigured_ipv4ipv6.json | 65 +++++++++++++++++++++ .../test/resources/ptdemo_misconfigured_udp.json | 65 +++++++++++++++++++++ .../resources/ptdemo_misconfigured_udptcp.json | 66 ++++++++++++++++++++++ 4 files changed, 238 insertions(+) create mode 100644 app/src/test/resources/ptdemo_misconfigured_ipv4ipv6.json create mode 100644 app/src/test/resources/ptdemo_misconfigured_udp.json create mode 100644 app/src/test/resources/ptdemo_misconfigured_udptcp.json (limited to 'app/src/test') diff --git a/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java b/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java index 2f2266cb..56575556 100644 --- a/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java +++ b/app/src/test/java/se/leap/bitmaskclient/eip/VpnConfigGeneratorTest.java @@ -1149,5 +1149,47 @@ public class VpnConfigGeneratorTest { assertTrue(vpnProfiles.containsKey(OPENVPN)); } + @Test + public void testGenerateVpnProfile_v3_obfs4IPv6_skip() throws Exception { + gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv6.json"))).getJSONArray("gateways").getJSONObject(0); + generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv6.json"))).getJSONObject(OPENVPN_CONFIGURATION); + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3); + HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); + assertFalse(vpnProfiles.containsKey(OBFS4)); + } + + @Test + public void testGenerateVpnProfile_v3_obfs4IPv4AndIPv6_skipIPv6() throws Exception { + gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv4ipv6.json"))).getJSONArray("gateways").getJSONObject(0); + generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_ipv4ipv6.json"))).getJSONObject(OPENVPN_CONFIGURATION); + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3); + HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); + assertTrue(vpnProfiles.containsKey(OBFS4)); + assertTrue(vpnProfiles.containsKey(OPENVPN)); + assertEquals(1, vpnProfiles.get(OBFS4).mConnections.length); + assertEquals("37.218.247.60/32", vpnProfiles.get(OBFS4).mExcludedRoutes.trim()); + } + + @Test + public void testGenerateVpnProfile_v3_obfs4udp_skip() throws Exception { + gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udp.json"))).getJSONArray("gateways").getJSONObject(0); + generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udp.json"))).getJSONObject(OPENVPN_CONFIGURATION); + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3); + HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); + assertFalse(vpnProfiles.containsKey(OBFS4)); + assertTrue(vpnProfiles.containsKey(OPENVPN)); + } + + @Test + public void testGenerateVpnProfile_v3_obfs4UDPAndTCP_skipUDP() throws Exception { + gateway = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udptcp.json"))).getJSONArray("gateways").getJSONObject(0); + generalConfig = new JSONObject(TestSetupHelper.getInputAsString(getClass().getClassLoader().getResourceAsStream("ptdemo_misconfigured_udptcp.json"))).getJSONObject(OPENVPN_CONFIGURATION); + vpnConfigGenerator = new VpnConfigGenerator(generalConfig, secrets, gateway, 3); + HashMap vpnProfiles = vpnConfigGenerator.generateVpnProfiles(); + assertTrue(vpnProfiles.containsKey(OBFS4)); + assertTrue(vpnProfiles.containsKey(OPENVPN)); + assertEquals(1, vpnProfiles.get(OBFS4).mConnections.length); + assertFalse(vpnProfiles.get(OBFS4).mConnections[0].isUseUdp()); + } } \ No newline at end of file diff --git a/app/src/test/resources/ptdemo_misconfigured_ipv4ipv6.json b/app/src/test/resources/ptdemo_misconfigured_ipv4ipv6.json new file mode 100644 index 00000000..5c913c14 --- /dev/null +++ b/app/src/test/resources/ptdemo_misconfigured_ipv4ipv6.json @@ -0,0 +1,65 @@ +{ + "gateways":[ + { + "capabilities":{ + "adblock":false, + "filter_dns":false, + "limited":false, + "transport":[ + { + "type":"obfs4", + "protocols":[ + "tcp" + ], + "ports":[ + "23049" + ], + "options": { + "cert": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "iatMode": "0" + } + }, + { + "type":"openvpn", + "protocols":[ + "tcp" + ], + "ports":[ + "1195" + ] + } + ], + "user_ips":false + }, + "host":"pt.demo.bitmask.net", + "ip_address6":"2001:db8:123::1058", + "ip_address":"37.218.247.60", + "location":"Amsterdam" + } + ], + "locations":{ + "Amsterdam":{ + "country_code":"NL", + "hemisphere":"N", + "name":"Amsterdam", + "timezone":"-1" + } + }, + "openvpn_configuration":{ + "auth":"SHA1", + "cipher":"AES-256-CBC", + "keepalive":"10 30", + "tls-cipher":"DHE-RSA-AES128-SHA", + "tun-ipv6":true, + "dev" : "tun", + "sndbuf" : "0", + "rcvbuf" : "0", + "nobind" : true, + "persist-key" : true, + "comp-lzo" : true, + "key-direction" : "1", + "verb" : "3" + }, + "serial":2, + "version":3 +} \ No newline at end of file diff --git a/app/src/test/resources/ptdemo_misconfigured_udp.json b/app/src/test/resources/ptdemo_misconfigured_udp.json new file mode 100644 index 00000000..aa9a0d33 --- /dev/null +++ b/app/src/test/resources/ptdemo_misconfigured_udp.json @@ -0,0 +1,65 @@ +{ + "gateways":[ + { + "capabilities":{ + "adblock":false, + "filter_dns":false, + "limited":false, + "transport":[ + { + "type":"obfs4", + "protocols":[ + "udp" + ], + "ports":[ + "23049" + ], + "options": { + "cert": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "iatMode": "0" + } + }, + { + "type":"openvpn", + "protocols":[ + "tcp" + ], + "ports":[ + "1195" + ] + } + ], + "user_ips":false + }, + "host":"pt.demo.bitmask.net", + "ip_address6":"2001:db8:123::1058", + "ip_address":"37.218.247.60", + "location":"Amsterdam" + } + ], + "locations":{ + "Amsterdam":{ + "country_code":"NL", + "hemisphere":"N", + "name":"Amsterdam", + "timezone":"-1" + } + }, + "openvpn_configuration":{ + "auth":"SHA1", + "cipher":"AES-256-CBC", + "keepalive":"10 30", + "tls-cipher":"DHE-RSA-AES128-SHA", + "tun-ipv6":true, + "dev" : "tun", + "sndbuf" : "0", + "rcvbuf" : "0", + "nobind" : true, + "persist-key" : true, + "comp-lzo" : true, + "key-direction" : "1", + "verb" : "3" + }, + "serial":2, + "version":3 +} \ No newline at end of file diff --git a/app/src/test/resources/ptdemo_misconfigured_udptcp.json b/app/src/test/resources/ptdemo_misconfigured_udptcp.json new file mode 100644 index 00000000..42d55de9 --- /dev/null +++ b/app/src/test/resources/ptdemo_misconfigured_udptcp.json @@ -0,0 +1,66 @@ +{ + "gateways":[ + { + "capabilities":{ + "adblock":false, + "filter_dns":false, + "limited":false, + "transport":[ + { + "type":"obfs4", + "protocols":[ + "udp", + "tcp" + ], + "ports":[ + "23049" + ], + "options": { + "cert": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", + "iatMode": "0" + } + }, + { + "type":"openvpn", + "protocols":[ + "tcp" + ], + "ports":[ + "1195" + ] + } + ], + "user_ips":false + }, + "host":"pt.demo.bitmask.net", + "ip_address6":"2001:db8:123::1058", + "ip_address":"37.218.247.60", + "location":"Amsterdam" + } + ], + "locations":{ + "Amsterdam":{ + "country_code":"NL", + "hemisphere":"N", + "name":"Amsterdam", + "timezone":"-1" + } + }, + "openvpn_configuration":{ + "auth":"SHA1", + "cipher":"AES-256-CBC", + "keepalive":"10 30", + "tls-cipher":"DHE-RSA-AES128-SHA", + "tun-ipv6":true, + "dev" : "tun", + "sndbuf" : "0", + "rcvbuf" : "0", + "nobind" : true, + "persist-key" : true, + "comp-lzo" : true, + "key-direction" : "1", + "verb" : "3" + }, + "serial":2, + "version":3 +} \ No newline at end of file -- cgit v1.2.3