wget/tests/Test-ftp-pasv-not-supported.px

#!/usr/bin/env perl

use strict;
use warnings;

use FTPTest;

# This test checks whether Wget *does not* fall back from passive mode to
# active mode using a PORT command. Wget <= 1.16.3 made a fallback exposing
# the client's real IP address to the remote FTP server.
#
# This behavior circumvents expected privacy when using a proxy / proxy network (e.g. Tor).
#
# Wget >= 1.16.4 does it right. This test checks it.

###############################################################################

# From bug report 10.08.2015 from tomtidaly@sigaint.org
my $afile = <<EOF;
FTP PORT command code in v1.16.3?

In the past it could be possible for a site over http connection to
redirect wget to FPT using FTP PORT command so the site gets the real IP
of the computer even when wget proxy command is in use I believe:
https://lists.torproject.org/pipermail/tor-talk/2012-April/024040.html

Is that code still present in wget v1.16.3? It was present in v1.13.4.
EOF

$afile =~ s/\n/\r\n/g;


# code, msg, headers, content
my %urls = (
    '/afile.txt' => {
        content => $afile,
    },
);

my $cmdline = $WgetTest::WGETPATH . " -S ftp://localhost:{{port}}/afile.txt";

my $expected_error_code = 8;

my %expected_downloaded_files = ();

###############################################################################

my $the_test = FTPTest->new (
                             server_behavior => {pasv_not_supported => 1},
                             input => \%urls,
                             cmdline => $cmdline,
                             errcode => $expected_error_code,
                             output => \%expected_downloaded_files);
exit $the_test->run();

# vim: et ts=4 sw=4
Fix IP address exposure in FTP code * src/ftp.c (getftp): Do not use PORT when PASV fails. * tests/FTPServer.px: Add pasv_not_supported server flag. * tests/Makefile.am: Add Test-ftp-pasv-not-supported.px * tests/Test-ftp-pasv-not-supported.px: New test Fix IP address exposure when automatically falling back from passive mode to active mode (using the PORT command). A behavior that may be used to expose a client's privacy even when using a proxy. 2015-08-11 10:48:08 -04:00			`#!/usr/bin/env perl`

			`use strict;`
			`use warnings;`

			`use FTPTest;`

			`# This test checks whether Wget does not fall back from passive mode to`
			`# active mode using a PORT command. Wget <= 1.16.3 made a fallback exposing`
			`# the client's real IP address to the remote FTP server.`
			`#`
			`# This behavior circumvents expected privacy when using a proxy / proxy network (e.g. Tor).`
			`#`
			`# Wget >= 1.16.4 does it right. This test checks it.`

			`###############################################################################`

			`# From bug report 10.08.2015 from tomtidaly@sigaint.org`
			`my $afile = <<EOF;`
			`FTP PORT command code in v1.16.3?`

			`In the past it could be possible for a site over http connection to`
			`redirect wget to FPT using FTP PORT command so the site gets the real IP`
			`of the computer even when wget proxy command is in use I believe:`
			`https://lists.torproject.org/pipermail/tor-talk/2012-April/024040.html`

			`Is that code still present in wget v1.16.3? It was present in v1.13.4.`
			`EOF`

			`$afile =~ s/\n/\r\n/g;`


			`# code, msg, headers, content`
			`my %urls = (`
			`'/afile.txt' => {`
			`content => $afile,`
			`},`
			`);`

			`my $cmdline = $WgetTest::WGETPATH . " -S ftp://localhost:{{port}}/afile.txt";`

			`my $expected_error_code = 8;`

Fix Test-ftp-pasv-not-supported.px * tests/Test-ftp-pasv-not-supported.px: We do NOT expect any downloaded files. Also, do not negate the Test response. The test originally expected a downloaded file, but this is not true. As a result, the test would fail and return exit code 1. This was presumably the reason why the test result was negated before returning to the shell. Fix this issue, so that the test runs correctly without any hacks. 2015-10-10 15:07:01 -04:00			`my %expected_downloaded_files = ();`
Fix IP address exposure in FTP code * src/ftp.c (getftp): Do not use PORT when PASV fails. * tests/FTPServer.px: Add pasv_not_supported server flag. * tests/Makefile.am: Add Test-ftp-pasv-not-supported.px * tests/Test-ftp-pasv-not-supported.px: New test Fix IP address exposure when automatically falling back from passive mode to active mode (using the PORT command). A behavior that may be used to expose a client's privacy even when using a proxy. 2015-08-11 10:48:08 -04:00
			`###############################################################################`

			`my $the_test = FTPTest->new (`
			`server_behavior => {pasv_not_supported => 1},`
			`input => \%urls,`
			`cmdline => $cmdline,`
			`errcode => $expected_error_code,`
			`output => \%expected_downloaded_files);`
Fix Test-ftp-pasv-not-supported.px * tests/Test-ftp-pasv-not-supported.px: We do NOT expect any downloaded files. Also, do not negate the Test response. The test originally expected a downloaded file, but this is not true. As a result, the test would fail and return exit code 1. This was presumably the reason why the test result was negated before returning to the shell. Fix this issue, so that the test runs correctly without any hacks. 2015-10-10 15:07:01 -04:00			`exit $the_test->run();`
Fix IP address exposure in FTP code * src/ftp.c (getftp): Do not use PORT when PASV fails. * tests/FTPServer.px: Add pasv_not_supported server flag. * tests/Makefile.am: Add Test-ftp-pasv-not-supported.px * tests/Test-ftp-pasv-not-supported.px: New test Fix IP address exposure when automatically falling back from passive mode to active mode (using the PORT command). A behavior that may be used to expose a client's privacy even when using a proxy. 2015-08-11 10:48:08 -04:00
			`# vim: et ts=4 sw=4`