pi-hole/test/test_automated_install.py

507 lines
22 KiB
Python
Raw Normal View History

import pytest
from textwrap import dedent
SETUPVARS = {
'PIHOLE_INTERFACE' : 'eth99',
'IPV4_ADDRESS' : '1.1.1.1',
'IPV6_ADDRESS' : 'FE80::240:D0FF:FE48:4672',
'PIHOLE_DNS_1' : '4.2.2.1',
'PIHOLE_DNS_2' : '4.2.2.2'
}
def test_setupVars_are_sourced_to_global_scope(Pihole):
''' currently update_dialogs sources setupVars with a dot,
then various other functions use the variables.
This confirms the sourced variables are in scope between functions '''
setup_var_file = 'cat <<EOF> /etc/pihole/setupVars.conf\n'
for k,v in SETUPVARS.iteritems():
setup_var_file += "{}={}\n".format(k, v)
setup_var_file += "EOF\n"
Pihole.run(setup_var_file)
script = dedent('''\
set -e
printSetupVars() {
# Currently debug test function only
echo "Outputting sourced variables"
echo "PIHOLE_INTERFACE=${PIHOLE_INTERFACE}"
echo "IPV4_ADDRESS=${IPV4_ADDRESS}"
echo "IPV6_ADDRESS=${IPV6_ADDRESS}"
echo "PIHOLE_DNS_1=${PIHOLE_DNS_1}"
echo "PIHOLE_DNS_2=${PIHOLE_DNS_2}"
}
update_dialogs() {
. /etc/pihole/setupVars.conf
}
update_dialogs
printSetupVars
''')
output = run_script(Pihole, script).stdout
for k,v in SETUPVARS.iteritems():
assert "{}={}".format(k, v) in output
def test_setupVars_saved_to_file(Pihole):
''' confirm saved settings are written to a file for future updates to re-use '''
set_setup_vars = '\n' # dedent works better with this and padding matching script below
for k,v in SETUPVARS.iteritems():
set_setup_vars += " {}={}\n".format(k, v)
Pihole.run(set_setup_vars).stdout
script = dedent('''\
set -e
echo start
TERM=xterm
source /opt/pihole/basic-install.sh
{}
finalExports
cat /etc/pihole/setupVars.conf
'''.format(set_setup_vars))
output = run_script(Pihole, script).stdout
for k,v in SETUPVARS.iteritems():
assert "{}={}".format(k, v) in output
2017-01-24 02:59:48 +00:00
def test_configureFirewall_firewalld_running_no_errors(Pihole):
''' confirms firewalld rules are applied when firewallD is running '''
# firewallD returns 'running' as status
mock_command('firewall-cmd', {'*':('running', 0)}, Pihole)
# Whiptail dialog returns Ok for user prompt
mock_command('whiptail', {'*':('', 0)}, Pihole)
configureFirewall = Pihole.run('''
source /opt/pihole/basic-install.sh
configureFirewall
''')
expected_stdout = 'Configuring FirewallD for httpd and dnsmasq.'
assert expected_stdout in configureFirewall.stdout
firewall_calls = Pihole.run('cat /var/log/firewall-cmd').stdout
assert 'firewall-cmd --state' in firewall_calls
assert 'firewall-cmd --permanent --add-service=http --add-service=dns' in firewall_calls
assert 'firewall-cmd --reload' in firewall_calls
def test_configureFirewall_firewalld_disabled_no_errors(Pihole):
''' confirms firewalld rules are not applied when firewallD is not running '''
# firewallD returns non-running status
mock_command('firewall-cmd', {'*':('not running', '1')}, Pihole)
configureFirewall = Pihole.run('''
source /opt/pihole/basic-install.sh
configureFirewall
''')
expected_stdout = 'No active firewall detected.. skipping firewall configuration.'
assert expected_stdout in configureFirewall.stdout
def test_configureFirewall_firewalld_enabled_declined_no_errors(Pihole):
''' confirms firewalld rules are not applied when firewallD is running, user declines ruleset '''
# firewallD returns running status
mock_command('firewall-cmd', {'*':('running', 0)}, Pihole)
# Whiptail dialog returns Cancel for user prompt
mock_command('whiptail', {'*':('', 1)}, Pihole)
configureFirewall = Pihole.run('''
source /opt/pihole/basic-install.sh
configureFirewall
''')
expected_stdout = 'Not installing firewall rulesets.'
assert expected_stdout in configureFirewall.stdout
2017-01-24 20:04:45 +00:00
def test_configureFirewall_no_firewall(Pihole):
''' confirms firewall skipped no daemon is running '''
configureFirewall = Pihole.run('''
source /opt/pihole/basic-install.sh
configureFirewall
''')
2017-01-24 20:04:45 +00:00
expected_stdout = 'No active firewall detected'
assert expected_stdout in configureFirewall.stdout
def test_configureFirewall_IPTables_enabled_declined_no_errors(Pihole):
''' confirms IPTables rules are not applied when IPTables is running, user declines ruleset '''
# iptables command exists
mock_command('iptables', {'*':('', '0')}, Pihole)
# modinfo returns always true (ip_tables module check)
mock_command('modinfo', {'*':('', '0')}, Pihole)
# Whiptail dialog returns Cancel for user prompt
mock_command('whiptail', {'*':('', '1')}, Pihole)
configureFirewall = Pihole.run('''
source /opt/pihole/basic-install.sh
configureFirewall
''')
expected_stdout = 'Not installing firewall rulesets.'
assert expected_stdout in configureFirewall.stdout
def test_configureFirewall_IPTables_enabled_rules_exist_no_errors(Pihole):
''' confirms IPTables rules are not applied when IPTables is running and rules exist '''
# iptables command exists and returns 0 on calls (should return 0 on iptables -C)
mock_command('iptables', {'-S':('-P INPUT DENY', '0')}, Pihole)
# modinfo returns always true (ip_tables module check)
mock_command('modinfo', {'*':('', '0')}, Pihole)
# Whiptail dialog returns Cancel for user prompt
mock_command('whiptail', {'*':('', '0')}, Pihole)
configureFirewall = Pihole.run('''
source /opt/pihole/basic-install.sh
configureFirewall
''')
expected_stdout = 'Installing new IPTables firewall rulesets'
assert expected_stdout in configureFirewall.stdout
firewall_calls = Pihole.run('cat /var/log/iptables').stdout
assert 'iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT' not in firewall_calls
assert 'iptables -I INPUT 1 -p tcp -m tcp --dport 53 -j ACCEPT' not in firewall_calls
assert 'iptables -I INPUT 1 -p udp -m udp --dport 53 -j ACCEPT' not in firewall_calls
def test_configureFirewall_IPTables_enabled_not_exist_no_errors(Pihole):
''' confirms IPTables rules are applied when IPTables is running and rules do not exist '''
# iptables command and returns 0 on calls (should return 1 on iptables -C)
mock_command('iptables', {'-S':('-P INPUT DENY', '0'), '-C':('', 1), '-I':('', 0)}, Pihole)
# modinfo returns always true (ip_tables module check)
mock_command('modinfo', {'*':('', '0')}, Pihole)
# Whiptail dialog returns Cancel for user prompt
mock_command('whiptail', {'*':('', '0')}, Pihole)
configureFirewall = Pihole.run('''
source /opt/pihole/basic-install.sh
configureFirewall
''')
expected_stdout = 'Installing new IPTables firewall rulesets'
assert expected_stdout in configureFirewall.stdout
firewall_calls = Pihole.run('cat /var/log/iptables').stdout
assert 'iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT' in firewall_calls
assert 'iptables -I INPUT 1 -p tcp -m tcp --dport 53 -j ACCEPT' in firewall_calls
assert 'iptables -I INPUT 1 -p udp -m udp --dport 53 -j ACCEPT' in firewall_calls
2017-01-28 04:24:20 +00:00
def test_installPiholeWeb_fresh_install_no_errors(Pihole):
''' confirms all web page assets from Core repo are installed on a fresh build '''
installWeb = Pihole.run('''
source /opt/pihole/basic-install.sh
installPiholeWeb
''')
assert 'Installing pihole custom index page...' in installWeb.stdout
assert 'No default index.lighttpd.html file found... not backing up' in installWeb.stdout
web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
assert 'index.php' in web_directory
assert 'index.js' in web_directory
assert 'blockingpage.css' in web_directory
def test_installPiholeWeb_empty_directory_no_errors(Pihole):
''' confirms all web page assets from Core repo are installed in an emtpy directory '''
installWeb = Pihole.run('''
source /opt/pihole/basic-install.sh
mkdir -p /var/www/html/pihole
installPiholeWeb
''')
assert 'Installing pihole custom index page...' in installWeb.stdout
assert 'No default index.lighttpd.html file found... not backing up' not in installWeb.stdout
assert 'index.php missing, replacing...' in installWeb.stdout
assert 'index.js missing, replacing...' in installWeb.stdout
assert 'blockingpage.css missing, replacing...' in installWeb.stdout
web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
assert 'index.php' in web_directory
assert 'index.js' in web_directory
assert 'blockingpage.css' in web_directory
def test_installPiholeWeb_index_php_no_errors(Pihole):
2017-01-28 05:23:49 +00:00
''' confirms all web page assets from Core repo are installed when necessary '''
installWeb = Pihole.run('''
source /opt/pihole/basic-install.sh
mkdir -p /var/www/html/pihole
2017-01-28 05:23:49 +00:00
touch /var/www/html/pihole/index.php
installPiholeWeb
''')
assert 'Installing pihole custom index page...' in installWeb.stdout
assert 'No default index.lighttpd.html file found... not backing up' not in installWeb.stdout
assert 'Existing index.php detected, not overwriting' in installWeb.stdout
assert 'index.js missing, replacing...' in installWeb.stdout
assert 'blockingpage.css missing, replacing...' in installWeb.stdout
web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
2017-01-28 04:24:20 +00:00
assert 'index.php' in web_directory
assert 'index.js' in web_directory
assert 'blockingpage.css' in web_directory
2017-01-28 05:23:49 +00:00
def test_installPiholeWeb_index_js_no_errors(Pihole):
''' confirms all web page assets from Core repo are installed when necessary '''
installWeb = Pihole.run('''
source /opt/pihole/basic-install.sh
mkdir -p /var/www/html/pihole
touch /var/www/html/pihole/index.js
installPiholeWeb
''')
assert 'Installing pihole custom index page...' in installWeb.stdout
assert 'No default index.lighttpd.html file found... not backing up' not in installWeb.stdout
assert 'index.php missing, replacing...' in installWeb.stdout
assert 'Existing index.js detected, not overwriting' in installWeb.stdout
assert 'blockingpage.css missing, replacing...' in installWeb.stdout
web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
assert 'index.php' in web_directory
assert 'index.js' in web_directory
assert 'blockingpage.css' in web_directory
def test_installPiholeWeb_blockingpage_css_no_errors(Pihole):
''' confirms all web page assets from Core repo are installed when necessary '''
installWeb = Pihole.run('''
source /opt/pihole/basic-install.sh
mkdir -p /var/www/html/pihole
touch /var/www/html/pihole/blockingpage.css
installPiholeWeb
''')
assert 'Installing pihole custom index page...' in installWeb.stdout
assert 'No default index.lighttpd.html file found... not backing up' not in installWeb.stdout
assert 'index.php missing, replacing...' in installWeb.stdout
assert 'index.js missing, replacing...' in installWeb.stdout
assert 'Existing blockingpage.css detected, not overwriting' in installWeb.stdout
web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
2017-01-28 05:29:17 +00:00
assert 'index.php' in web_directory
assert 'index.js' in web_directory
assert 'blockingpage.css' in web_directory
def test_installPiholeWeb_already_populated_no_errors(Pihole):
''' confirms all web page assets from Core repo are installed when necessary '''
installWeb = Pihole.run('''
source /opt/pihole/basic-install.sh
mkdir -p /var/www/html/pihole
touch /var/www/html/pihole/index.php
touch /var/www/html/pihole/index.js
touch /var/www/html/pihole/blockingpage.css
installPiholeWeb
''')
assert 'Installing pihole custom index page...' in installWeb.stdout
assert 'No default index.lighttpd.html file found... not backing up' not in installWeb.stdout
assert 'Existing index.php detected, not overwriting' in installWeb.stdout
assert 'index.php missing, replacing...' not in installWeb.stdout
assert 'Existing index.js detected, not overwriting' in installWeb.stdout
assert 'index.js missing, replacing...' not in installWeb.stdout
assert 'Existing blockingpage.css detected, not overwriting' in installWeb.stdout
assert 'blockingpage.css missing, replacing... ' not in installWeb.stdout
web_directory = Pihole.run('ls -r /var/www/html/pihole').stdout
2017-01-28 05:23:49 +00:00
assert 'index.php' in web_directory
assert 'index.js' in web_directory
assert 'blockingpage.css' in web_directory
2017-01-28 04:24:20 +00:00
2017-01-28 23:44:31 +00:00
def test_update_package_cache_success_no_errors(Pihole):
''' confirms package cache was updated without any errors'''
updateCache = Pihole.run('''
source /opt/pihole/basic-install.sh
distro_check
2017-01-28 23:44:31 +00:00
update_package_cache
''')
assert 'Updating local cache of available packages...' in updateCache.stdout
2017-01-29 00:47:53 +00:00
assert 'ERROR' not in updateCache.stdout
2017-01-28 23:44:31 +00:00
assert 'done!' in updateCache.stdout
2017-01-28 23:49:28 +00:00
def test_update_package_cache_failure_no_errors(Pihole):
2017-01-29 00:33:40 +00:00
''' confirms package cache was not updated'''
mock_command('apt-get', {'update':('', '1')}, Pihole)
2017-01-28 23:49:28 +00:00
updateCache = Pihole.run('''
source /opt/pihole/basic-install.sh
distro_check
2017-01-28 23:49:28 +00:00
update_package_cache
''')
assert 'Updating local cache of available packages...' in updateCache.stdout
2017-01-29 00:33:40 +00:00
assert 'ERROR' in updateCache.stdout
2017-01-28 23:49:28 +00:00
assert 'done!' not in updateCache.stdout
def test_FTL_detect_aarch64_no_errors(Pihole):
''' confirms only aarch64 package is downloaded for FTL engine '''
# mock uname to return aarch64 platform
mock_command('uname', {'-m':('aarch64', '0')}, Pihole)
# mock ldd to respond with aarch64 shared library
mock_command('ldd', {'/bin/ls':('/lib/ld-linux-aarch64.so.1', '0')}, Pihole)
detectPlatform = Pihole.run('''
source /opt/pihole/basic-install.sh
FTLdetect
''')
expected_stdout = 'Detected ARM-aarch64 architecture'
assert expected_stdout in detectPlatform.stdout
def test_FTL_detect_armv6l_no_errors(Pihole):
''' confirms only armv6l package is downloaded for FTL engine '''
# mock uname to return armv6l platform
mock_command('uname', {'-m':('armv6l', '0')}, Pihole)
# mock ldd to respond with aarch64 shared library
mock_command('ldd', {'/bin/ls':('/lib/ld-linux-armhf.so.3', '0')}, Pihole)
detectPlatform = Pihole.run('''
source /opt/pihole/basic-install.sh
FTLdetect
''')
expected_stdout = 'Detected ARM-hf architecture (armv6 or lower)'
assert expected_stdout in detectPlatform.stdout
def test_FTL_detect_armv7l_no_errors(Pihole):
''' confirms only armv7l package is downloaded for FTL engine '''
# mock uname to return armv7l platform
mock_command('uname', {'-m':('armv7l', '0')}, Pihole)
# mock ldd to respond with aarch64 shared library
mock_command('ldd', {'/bin/ls':('/lib/ld-linux-armhf.so.3', '0')}, Pihole)
detectPlatform = Pihole.run('''
source /opt/pihole/basic-install.sh
FTLdetect
''')
expected_stdout = 'Detected ARM-hf architecture (armv7+)'
assert expected_stdout in detectPlatform.stdout
def test_FTL_detect_x86_64_no_errors(Pihole):
''' confirms only x86_64 package is downloaded for FTL engine '''
detectPlatform = Pihole.run('''
source /opt/pihole/basic-install.sh
FTLdetect
''')
expected_stdout = 'Detected x86_64 architecture'
assert expected_stdout in detectPlatform.stdout
def test_FTL_detect_unknown_no_errors(Pihole):
''' confirms only generic package is downloaded for FTL engine '''
# mock uname to return generic platform
mock_command('uname', {'-m':('mips', '0')}, Pihole)
detectPlatform = Pihole.run('''
source /opt/pihole/basic-install.sh
FTLdetect
''')
expected_stdout = 'Not able to detect architecture (unknown: mips)'
assert expected_stdout in detectPlatform.stdout
def test_FTL_download_aarch64_no_errors(Pihole):
''' confirms only aarch64 package is downloaded for FTL engine '''
# mock uname to return generic platform
download_binary = Pihole.run('''
source /opt/pihole/basic-install.sh
FTLinstall pihole-FTL-aarch64-linux-gnu
''')
expected_stdout = 'done'
assert expected_stdout in download_binary.stdout
assert 'failed' not in download_binary.stdout
def test_FTL_download_unknown_fails_no_errors(Pihole):
''' confirms unknown binary is not downloaded for FTL engine '''
# mock uname to return generic platform
download_binary = Pihole.run('''
source /opt/pihole/basic-install.sh
FTLinstall pihole-FTL-mips
''')
expected_stdout = 'failed'
assert expected_stdout in download_binary.stdout
assert 'done' not in download_binary.stdout
def test_FTL_binary_installed_and_responsive_no_errors(Pihole):
''' confirms FTL binary is copied and functional in installed location '''
installed_binary = Pihole.run('''
source /opt/pihole/basic-install.sh
FTLdetect
pihole-FTL version
''')
expected_stdout = 'v'
assert expected_stdout in installed_binary.stdout
# def test_FTL_support_files_installed(Pihole):
# ''' confirms FTL support files are installed '''
# support_files = Pihole.run('''
# source /opt/pihole/basic-install.sh
# FTLdetect
# stat -c '%a %n' /var/log/pihole-FTL.log
# stat -c '%a %n' /run/pihole-FTL.port
# stat -c '%a %n' /run/pihole-FTL.pid
# ls -lac /run
# ''')
# assert '644 /run/pihole-FTL.port' in support_files.stdout
# assert '644 /run/pihole-FTL.pid' in support_files.stdout
# assert '644 /var/log/pihole-FTL.log' in support_files.stdout
[Staging] 3.1 (#1502) * Fix handling of wildcard help text * Rewrite help text for better handling of params * Replace misleading letter variable * stash changes on branch switch, else it fails if any changes have been made. * Make changes according to comment in #1384 * Update queryFunc() * Allow scanList() to search files using a wildcard by removing quotes wrapped around `${list}` * scanList() will not provide a domain ouput on each string if exact is specified (`grep -l`) * Remove unused processWildcards() function * Return a message if no domain is specified * IDN domains are converted to punycode when running a `pihole -q` search if the `python` package is available, otherwise will revert to current behaviour * Scan Blacklist & Wildcards first, exiting from search if a match is found (Fixes #1330) * Use one `grep` subshell to search for all "*.domains" lists at once (opposed to looping to get every matching file name, and then spawning a `grep` instance for every matching file) * queryFunc() will not return "(0 results)" output from files where no match is found * Sort results based off list number * Return a message if no results are found * Update basic-install.sh * Update block page. Allow for setupVars setting of CUSTOMBLOCKPAGE (bool) to prevent it being overwritten * simplify * further simplify * fix inteliJ IDEA complaints * even further simplify * tidy up output * revert line, looks tidyer * clarify * Revert "Ensure any changes to blocking page are updated." * We test for dpkg lock on line 830 directly, no need for the check also in the template section. Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net> * Display FTL version & version.sh rewrite While testing to make sure `pihole -v` would output `pihole-FTL version`, I noticed some options didn't work how I expected them to. For example, if I use `pihole -v -p`, I would expect to see the version output of Pi-hole Core. Instead, I'm informed that it's an invalid option. I've had the following things in mind while rewriting this: * I'm operating under the assumption that FTL is only installed if the Admin Console is (Line 113 exit 0) * I have modified the help text to only output with `pihole -v --help` * I have modified all output to be more similar to the output style of `grep` and `curl` (Ditching ":::") Testing output: ``` w3k@MCT:~$ pihole -v Pi-hole version is v3.0.1-14-ga928cd3 (Latest: v3.0.1) Admin Console version is v3.0-9-g3760482 (Latest: v3.0.1) FTL version is v2.6.2 (Latest: v2.6.2) w3k@MCT:~$ pihole -v -c Current Pi-hole version is v3.0.1-14-ga928cd3 Current Admin Console version is v3.0-9-g3760482 Current FTL version is v2.6.2 w3k@MCT:~$ pihole -v -l Latest Pi-hole version is v3.0.1 Latest Admin Console version is v3.0.1 Latest FTL version is v2.6.2 w3k@MCT:~$ pihole -v -p --hash Current Pi-hole hash is a928cd3 w3k@MCT:~$ pihole -v -a --hash Current Admin Console hash is 3760482 w3k@MCT:~$ pihole -v --help Usage: pihole -v [REPO | OPTION] [OPTION] Show Pi-hole, Web Admin & FTL versions <Shows all Repositories and Options> w3k@MCT:~$ pihole -v -foo Invalid Option! ``` * Update -h to work as --hash Also provide error output as per https://github.com/pi-hole/pi-hole/pull/1447#issuecomment-300600093 * Perform EXACT searches on HOSTS lists correctly `\s` on the end may be overkill, but it is the existing scanList() behaviour. * Fixed indentation * Minimise string duplication & other minor changes Instead of duplicating output strings, rewrite core/web/ftlOutput() into one neat versionOutput(). * Modified syntax to be valid for Shellcheck * Log and echo gateway responses * Update queryFunc() to search Whitelist If there is a match in Whitelist/Blacklist/Wildcards, `[ ! -t 1 ]` will cause the search to end if the terminal is closed when the script is called. This has the intended effect of allowing a user to search for a W/B/W domain (as well as all the adlists it's found in) using `pihole -q` via Terminal, but the script will stop searching after a W/B/W match when called by the block page. * Wrap in double brackets * Provide remote hashes for version.sh * Provide remote hashes for comparison * Use double braces for all conditions (for consistency) * Suppress potential "cd" error output * Provide "not applicable" output upon any hash request for FTL * whitelist on website blocked doesnt work (#1452) Since Pi-hole redirects ad domains to itself, accessing the script via de.ign.com is the same as pi.hole in this case. The fix should be as simple as adding a / before admin on this line. * Solve piholeLogFlush.sh having to be issued 2 x to clear logs (#1460) Simplified the command -v syntax, and added a sleep 3 timer to the first execution of the log rotation. The second execution was being issued while the first was still running, thus it would fail and you would have to issue the "Flush Logs" command a second time. * Use `echo "ABC" | pihole tricorder` to upload to Pi-hole's medical tricorder. Uses SSL if available. * Update list.sh I believe this has feature parity with `sed /foo/ Id` but also supports busybox, and my alpine docker ;) * Document `sed` substitution for user readability Comment the oneliner with explanations of what each step does. * Update Help Output (#1467) * File consistency * Tabs to 2 spaces * Corrected indenting * Double braced conditionals * Quoted variables within conditionals * Standardise core help text * Added help text for disable command * Added help text for logging command * Clean up * Fixed certain new lines and spaces * Sync with development branch * Formatting consistency * Tabs to 2 spaces * Corrected indenting * Double braced conditionals * Quoted variables within conditionals * Fixed certain newlines and spaces * Admin help text * Added help text for interface command * Sync with development branch * Formatting consistency * Tabs to 2 spaces * Fixed some wording * Fixed certain spaces * Formatting consistency * Minor wording changes * Tabs to 2 spaces * Corrected indenting * Double braced conditionals * Quoted variables within conditionals * Fixed certain newlines and spaces * Blacklist help text * Formatting consistency * Tabs to 2 spaces * Corrected indenting * Cronometer help text * Formatting consistency * Fixed certain newlines and spaces * Corrected indenting * Checkout warning alteration * Add checkout help text * Corrected help output * Show help for "pihole -a -i --help" * Fix "pihole disable --help" and "pihole -l --help" * Show help for "pihole -v -h" * Indent output text * Minor help text change * Show help for "pihole checkout --help" * Tricorder: Insecure Opt-out * Check to see if Tricorder is being called directly * Provide opt-out for insecure transmission of debug log * Remove mention of internal function from help menu * :taco: is the new :shipit: squirrel * Wording changes and bug fix * Fix wildcard help text * -wild is not a valid option since we're already using -wild * Fix logrotation: manual flushing should be done twice, but automated rotation at midnight should only be done *once*! * Print echos only when manual flushing is requested * Add "quiet" mode + update comments in the cron file * Confirm Tricorder is online * Scan port 9998 to confirm the availability of "tricorder.pi-hole.net" * Exit codes for upload process * Formatting consistency * Add link to Windows DNS Swapper See #1400 * Install loopback firewall rules for FTL (#1419) * Install loopback firewall rules for FTL * FirewallD FTL ports Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net> * Remove firewallD FTL local rules. Local rules should not be blocked in firewallD, not requred for internal service FTD> * Reinstate https rules, and delete FTL rules Fixes earlier commit. * Retrieve local repos on repair (#1481) * Retrieve local repos on repair * Change conditional to check for repair * Change wording of Update/Reconfigure message * Fixed indenting * Perform "git reset --hard" on reconfigure * Change directory before trying to reset repository. Fixes #1489 * No need to `cd $PWD` as it doesn't affect flow of caller script. Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net> * Refine output of password status in basic-install.sh:displayFinalMessage(). Fixes #1488 (#1490) * Rewrite Chronometer to output more stats * Fix output IPv4 addr when removing CIDR notation (#1498) * Move wildcards file if blocking is disabled (#1495) * Move wildcards file if blocking is diabled * Delete newline * Roll back merge #1417 (#1494) * Update ISSUE_TEMPLATE.md * Remove Question option * Prefer ULA over GUA addresses [IPv6] (#1508) * On installs with GUA and ULA's we should prefer ULA's as it's been demonstrated that GUA's can and often are rotated by ISPs. Fixes #1473 * Add test for link-local address detection * Add ULA-only and GUA-only tests * Add test_IPv6_GUA_ULA_test and test_IPv6_ULA_GUA_test * Add "" * Add mock_command_2 command that can mock a command with more than one argument (as "ip -6 address") and result multiple lines of results * Make mock_command_2 more similar to the original mock_command * Correct comments * Fixed remaining comments * Fixed one last comment... * Fixed a comment... * Add weekly logrotation of FTL's log (#1509) * Update LICENSE of the project to EUPL v1.2 * Make clear that NO is the default if the user just hits return (#1514) * Add tricorderFunc back as usable function (#1515) As per #1464 * Don't update FTL when there is a core update (as this will update FTL a second time). Fixes #1516 * Add FTL tests to the test suite (#1510) * Add first version of FTL tests * Wait one second to allow FTL to start up and analyze our mock log * Add test_FTL_telnet_statistics * Added test_FTL_telnet_top_clients * Add test_FTL_telnet_top_domains * Revert "Add FTL tests to the test suite (#1510)" (#1519) This reverts commit cf6a1ac9adb4e26570cc5da7c8be628080f37e0f. * Trim version output when update is successful (#1527) * Change ownership of /etc/pihole to user/group pihole. Fixes #1529 (#1530) * Delete temporary files after installing the FTL binary. Fixes #1525 * Change from admin to approvers teams * Introduce new file black.list for blacklist content * Add "pihole -g -b" to *only* update black.list (saves a bunch of time when adding/changing only blacklisted files - won'tdownload lal lists, but only processes the blacklist and restars dnsmasq) * Remove useless cat * Improve displayed messages and overall logic * Disable black.list on "pihole disable" * cp + rm === mv (well, almost)
2017-06-20 21:17:41 +00:00
def test_IPv6_only_link_local(Pihole):
''' confirms IPv6 blocking is disabled for Link-local address '''
# mock ip -6 address to return Link-local address
mock_command_2('ip', {'-6 address':('inet6 fe80::d210:52fa:fe00:7ad7/64 scope link', '0')}, Pihole)
detectPlatform = Pihole.run('''
source /opt/pihole/basic-install.sh
useIPv6dialog
''')
expected_stdout = 'Found neither IPv6 ULA nor GUA address, blocking IPv6 ads will not be enabled'
assert expected_stdout in detectPlatform.stdout
def test_IPv6_only_ULA(Pihole):
''' confirms IPv6 blocking is enabled for ULA addresses '''
# mock ip -6 address to return ULA address
mock_command_2('ip', {'-6 address':('inet6 fda2:2001:5555:0:d210:52fa:fe00:7ad7/64 scope global', '0')}, Pihole)
detectPlatform = Pihole.run('''
source /opt/pihole/basic-install.sh
useIPv6dialog
''')
expected_stdout = 'Found IPv6 ULA address, using it for blocking IPv6 ads'
assert expected_stdout in detectPlatform.stdout
def test_IPv6_only_GUA(Pihole):
''' confirms IPv6 blocking is enabled for GUA addresses '''
# mock ip -6 address to return GUA address
mock_command_2('ip', {'-6 address':('inet6 2003:12:1e43:301:d210:52fa:fe00:7ad7/64 scope global', '0')}, Pihole)
detectPlatform = Pihole.run('''
source /opt/pihole/basic-install.sh
useIPv6dialog
''')
expected_stdout = 'Found IPv6 GUA address, using it for blocking IPv6 ads'
assert expected_stdout in detectPlatform.stdout
def test_IPv6_GUA_ULA_test(Pihole):
''' confirms IPv6 blocking is enabled for GUA and ULA addresses '''
# mock ip -6 address to return GUA and ULA addresses
mock_command_2('ip', {'-6 address':('inet6 2003:12:1e43:301:d210:52fa:fe00:7ad7/64 scope global\ninet6 fda2:2001:5555:0:d210:52fa:fe00:7ad7/64 scope global', '0')}, Pihole)
detectPlatform = Pihole.run('''
source /opt/pihole/basic-install.sh
useIPv6dialog
''')
expected_stdout = 'Found IPv6 ULA address, using it for blocking IPv6 ads'
assert expected_stdout in detectPlatform.stdout
def test_IPv6_ULA_GUA_test(Pihole):
''' confirms IPv6 blocking is enabled for GUA and ULA addresses '''
# mock ip -6 address to return ULA and GUA addresses
mock_command_2('ip', {'-6 address':('inet6 fda2:2001:5555:0:d210:52fa:fe00:7ad7/64 scope global\ninet6 2003:12:1e43:301:d210:52fa:fe00:7ad7/64 scope global', '0')}, Pihole)
detectPlatform = Pihole.run('''
source /opt/pihole/basic-install.sh
useIPv6dialog
''')
expected_stdout = 'Found IPv6 ULA address, using it for blocking IPv6 ads'
assert expected_stdout in detectPlatform.stdout
# Helper functions
def mock_command(script, args, container):
''' Allows for setup of commands we don't really want to have to run for real in unit tests '''
full_script_path = '/usr/local/bin/{}'.format(script)
mock_script = dedent('''\
#!/bin/bash -e
echo "\$0 \$@" >> /var/log/{script}
case "\$1" in'''.format(script=script))
for k, v in args.iteritems():
case = dedent('''
{arg})
echo {res}
exit {retcode}
;;'''.format(arg=k, res=v[0], retcode=v[1]))
mock_script += case
mock_script += dedent('''
esac''')
2017-01-24 02:21:50 +00:00
container.run('''
cat <<EOF> {script}\n{content}\nEOF
chmod +x {script}
rm -f /var/log/{scriptlog}'''.format(script=full_script_path, content=mock_script, scriptlog=script))
[Staging] 3.1 (#1502) * Fix handling of wildcard help text * Rewrite help text for better handling of params * Replace misleading letter variable * stash changes on branch switch, else it fails if any changes have been made. * Make changes according to comment in #1384 * Update queryFunc() * Allow scanList() to search files using a wildcard by removing quotes wrapped around `${list}` * scanList() will not provide a domain ouput on each string if exact is specified (`grep -l`) * Remove unused processWildcards() function * Return a message if no domain is specified * IDN domains are converted to punycode when running a `pihole -q` search if the `python` package is available, otherwise will revert to current behaviour * Scan Blacklist & Wildcards first, exiting from search if a match is found (Fixes #1330) * Use one `grep` subshell to search for all "*.domains" lists at once (opposed to looping to get every matching file name, and then spawning a `grep` instance for every matching file) * queryFunc() will not return "(0 results)" output from files where no match is found * Sort results based off list number * Return a message if no results are found * Update basic-install.sh * Update block page. Allow for setupVars setting of CUSTOMBLOCKPAGE (bool) to prevent it being overwritten * simplify * further simplify * fix inteliJ IDEA complaints * even further simplify * tidy up output * revert line, looks tidyer * clarify * Revert "Ensure any changes to blocking page are updated." * We test for dpkg lock on line 830 directly, no need for the check also in the template section. Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net> * Display FTL version & version.sh rewrite While testing to make sure `pihole -v` would output `pihole-FTL version`, I noticed some options didn't work how I expected them to. For example, if I use `pihole -v -p`, I would expect to see the version output of Pi-hole Core. Instead, I'm informed that it's an invalid option. I've had the following things in mind while rewriting this: * I'm operating under the assumption that FTL is only installed if the Admin Console is (Line 113 exit 0) * I have modified the help text to only output with `pihole -v --help` * I have modified all output to be more similar to the output style of `grep` and `curl` (Ditching ":::") Testing output: ``` w3k@MCT:~$ pihole -v Pi-hole version is v3.0.1-14-ga928cd3 (Latest: v3.0.1) Admin Console version is v3.0-9-g3760482 (Latest: v3.0.1) FTL version is v2.6.2 (Latest: v2.6.2) w3k@MCT:~$ pihole -v -c Current Pi-hole version is v3.0.1-14-ga928cd3 Current Admin Console version is v3.0-9-g3760482 Current FTL version is v2.6.2 w3k@MCT:~$ pihole -v -l Latest Pi-hole version is v3.0.1 Latest Admin Console version is v3.0.1 Latest FTL version is v2.6.2 w3k@MCT:~$ pihole -v -p --hash Current Pi-hole hash is a928cd3 w3k@MCT:~$ pihole -v -a --hash Current Admin Console hash is 3760482 w3k@MCT:~$ pihole -v --help Usage: pihole -v [REPO | OPTION] [OPTION] Show Pi-hole, Web Admin & FTL versions <Shows all Repositories and Options> w3k@MCT:~$ pihole -v -foo Invalid Option! ``` * Update -h to work as --hash Also provide error output as per https://github.com/pi-hole/pi-hole/pull/1447#issuecomment-300600093 * Perform EXACT searches on HOSTS lists correctly `\s` on the end may be overkill, but it is the existing scanList() behaviour. * Fixed indentation * Minimise string duplication & other minor changes Instead of duplicating output strings, rewrite core/web/ftlOutput() into one neat versionOutput(). * Modified syntax to be valid for Shellcheck * Log and echo gateway responses * Update queryFunc() to search Whitelist If there is a match in Whitelist/Blacklist/Wildcards, `[ ! -t 1 ]` will cause the search to end if the terminal is closed when the script is called. This has the intended effect of allowing a user to search for a W/B/W domain (as well as all the adlists it's found in) using `pihole -q` via Terminal, but the script will stop searching after a W/B/W match when called by the block page. * Wrap in double brackets * Provide remote hashes for version.sh * Provide remote hashes for comparison * Use double braces for all conditions (for consistency) * Suppress potential "cd" error output * Provide "not applicable" output upon any hash request for FTL * whitelist on website blocked doesnt work (#1452) Since Pi-hole redirects ad domains to itself, accessing the script via de.ign.com is the same as pi.hole in this case. The fix should be as simple as adding a / before admin on this line. * Solve piholeLogFlush.sh having to be issued 2 x to clear logs (#1460) Simplified the command -v syntax, and added a sleep 3 timer to the first execution of the log rotation. The second execution was being issued while the first was still running, thus it would fail and you would have to issue the "Flush Logs" command a second time. * Use `echo "ABC" | pihole tricorder` to upload to Pi-hole's medical tricorder. Uses SSL if available. * Update list.sh I believe this has feature parity with `sed /foo/ Id` but also supports busybox, and my alpine docker ;) * Document `sed` substitution for user readability Comment the oneliner with explanations of what each step does. * Update Help Output (#1467) * File consistency * Tabs to 2 spaces * Corrected indenting * Double braced conditionals * Quoted variables within conditionals * Standardise core help text * Added help text for disable command * Added help text for logging command * Clean up * Fixed certain new lines and spaces * Sync with development branch * Formatting consistency * Tabs to 2 spaces * Corrected indenting * Double braced conditionals * Quoted variables within conditionals * Fixed certain newlines and spaces * Admin help text * Added help text for interface command * Sync with development branch * Formatting consistency * Tabs to 2 spaces * Fixed some wording * Fixed certain spaces * Formatting consistency * Minor wording changes * Tabs to 2 spaces * Corrected indenting * Double braced conditionals * Quoted variables within conditionals * Fixed certain newlines and spaces * Blacklist help text * Formatting consistency * Tabs to 2 spaces * Corrected indenting * Cronometer help text * Formatting consistency * Fixed certain newlines and spaces * Corrected indenting * Checkout warning alteration * Add checkout help text * Corrected help output * Show help for "pihole -a -i --help" * Fix "pihole disable --help" and "pihole -l --help" * Show help for "pihole -v -h" * Indent output text * Minor help text change * Show help for "pihole checkout --help" * Tricorder: Insecure Opt-out * Check to see if Tricorder is being called directly * Provide opt-out for insecure transmission of debug log * Remove mention of internal function from help menu * :taco: is the new :shipit: squirrel * Wording changes and bug fix * Fix wildcard help text * -wild is not a valid option since we're already using -wild * Fix logrotation: manual flushing should be done twice, but automated rotation at midnight should only be done *once*! * Print echos only when manual flushing is requested * Add "quiet" mode + update comments in the cron file * Confirm Tricorder is online * Scan port 9998 to confirm the availability of "tricorder.pi-hole.net" * Exit codes for upload process * Formatting consistency * Add link to Windows DNS Swapper See #1400 * Install loopback firewall rules for FTL (#1419) * Install loopback firewall rules for FTL * FirewallD FTL ports Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net> * Remove firewallD FTL local rules. Local rules should not be blocked in firewallD, not requred for internal service FTD> * Reinstate https rules, and delete FTL rules Fixes earlier commit. * Retrieve local repos on repair (#1481) * Retrieve local repos on repair * Change conditional to check for repair * Change wording of Update/Reconfigure message * Fixed indenting * Perform "git reset --hard" on reconfigure * Change directory before trying to reset repository. Fixes #1489 * No need to `cd $PWD` as it doesn't affect flow of caller script. Signed-off-by: Dan Schaper <dan.schaper@pi-hole.net> * Refine output of password status in basic-install.sh:displayFinalMessage(). Fixes #1488 (#1490) * Rewrite Chronometer to output more stats * Fix output IPv4 addr when removing CIDR notation (#1498) * Move wildcards file if blocking is disabled (#1495) * Move wildcards file if blocking is diabled * Delete newline * Roll back merge #1417 (#1494) * Update ISSUE_TEMPLATE.md * Remove Question option * Prefer ULA over GUA addresses [IPv6] (#1508) * On installs with GUA and ULA's we should prefer ULA's as it's been demonstrated that GUA's can and often are rotated by ISPs. Fixes #1473 * Add test for link-local address detection * Add ULA-only and GUA-only tests * Add test_IPv6_GUA_ULA_test and test_IPv6_ULA_GUA_test * Add "" * Add mock_command_2 command that can mock a command with more than one argument (as "ip -6 address") and result multiple lines of results * Make mock_command_2 more similar to the original mock_command * Correct comments * Fixed remaining comments * Fixed one last comment... * Fixed a comment... * Add weekly logrotation of FTL's log (#1509) * Update LICENSE of the project to EUPL v1.2 * Make clear that NO is the default if the user just hits return (#1514) * Add tricorderFunc back as usable function (#1515) As per #1464 * Don't update FTL when there is a core update (as this will update FTL a second time). Fixes #1516 * Add FTL tests to the test suite (#1510) * Add first version of FTL tests * Wait one second to allow FTL to start up and analyze our mock log * Add test_FTL_telnet_statistics * Added test_FTL_telnet_top_clients * Add test_FTL_telnet_top_domains * Revert "Add FTL tests to the test suite (#1510)" (#1519) This reverts commit cf6a1ac9adb4e26570cc5da7c8be628080f37e0f. * Trim version output when update is successful (#1527) * Change ownership of /etc/pihole to user/group pihole. Fixes #1529 (#1530) * Delete temporary files after installing the FTL binary. Fixes #1525 * Change from admin to approvers teams * Introduce new file black.list for blacklist content * Add "pihole -g -b" to *only* update black.list (saves a bunch of time when adding/changing only blacklisted files - won'tdownload lal lists, but only processes the blacklist and restars dnsmasq) * Remove useless cat * Improve displayed messages and overall logic * Disable black.list on "pihole disable" * cp + rm === mv (well, almost)
2017-06-20 21:17:41 +00:00
def mock_command_2(script, args, container):
''' Allows for setup of commands we don't really want to have to run for real in unit tests '''
full_script_path = '/usr/local/bin/{}'.format(script)
mock_script = dedent('''\
#!/bin/bash -e
echo "\$0 \$@" >> /var/log/{script}
case "\$1 \$2" in'''.format(script=script))
for k, v in args.iteritems():
case = dedent('''
\"{arg}\")
echo \"{res}\"
exit {retcode}
;;'''.format(arg=k, res=v[0], retcode=v[1]))
mock_script += case
mock_script += dedent('''
esac''')
container.run('''
cat <<EOF> {script}\n{content}\nEOF
chmod +x {script}
rm -f /var/log/{scriptlog}'''.format(script=full_script_path, content=mock_script, scriptlog=script))
def run_script(Pihole, script):
result = Pihole.run(script)
assert result.rc == 0
return result