Commit 2244deb3 authored by Stéphane Bortzmeyer's avatar Stéphane Bortzmeyer
Browse files

Merge branch 'catch_exceptions' into 'master'

Catch exceptions

See merge request bortzmeyer/homer!10
parents a58301ef fae9fc92
......@@ -223,8 +223,15 @@ class Request:
class RequestDoT(Request):
def check_response(self):
ok = self.ok
if not self.rcode:
self.ok = False
return False
if self.response.id != self.message.id:
raise Exception("The ID in the answer does not match the one in the query")
self.response = "The ID in the answer does not match the one in the query"
self.ok = False
return False
return self.ok
class RequestDoH(Request):
......@@ -287,6 +294,7 @@ class Connection:
self.dot = dot
self.verbose = verbose
self.insecure = insecure
self.connect_to = connect
def __str__(self):
return self.server
......@@ -377,6 +385,10 @@ class ConnectionDoT(Connection):
if self.verbose:
print("Cannot connect")
return False
except OpenSSL.SSL.Error as e:
if self.verbose:
print(f"OpenSSL error: {', '.join(err[0][2] for err in e.args)}")
return False
# RFC 7858, section 4.2 and appendix A
self.cert = self.session.get_peer_certificate()
self.publickey = self.cert.get_pubkey()
......@@ -567,7 +579,7 @@ def print_result(connection, request, prefix=None, display_err=True):
ok = False
print("%s Cannot find \"%s\" in response" % (server, expect))
sys.exit(STATE_CRITICAL)
if size is not None and size > 0:
if ok and size is not None and size > 0:
print("%s OK - %s" % (server, "No error for %s/%s, %i bytes received" % (name, rtype, size)))
else:
print("%s OK - %s" % (server, "No error"))
......@@ -575,6 +587,8 @@ def print_result(connection, request, prefix=None, display_err=True):
else:
if not monitoring:
if display_err:
if check:
print(connection.connect_to, end=': ', file=sys.stderr)
if prefix:
print(prefix, end=': ', file=sys.stderr)
if dot:
......@@ -695,9 +709,22 @@ def run_check_trunc(connection):
error(e)
except OpenSSL.SSL.ZeroReturnError: # This is acceptable
return ok
request.check_response()
if print_result(connection, request, prefix=test_name, display_err=False): # The test must fail, or returns FORMERR.
ok = (request.rcode == dns.rcode.FORMERR)
except dns.exception.FormError: # This is also acceptable
# Some DSN resolvers will echo mangled requests with
# the RCODE set to FORMERR
# so response can not be parsed in this case
return ok
if request.check_response(): # FORMERR is expected
if dot:
ok = request.rcode == dns.rcode.FORMERR
else:
ok = (request.response.rcode() == dns.rcode.FORMERR)
else:
if dot:
ok = False
else: # a 400 response's status is acceptable
ok = (request.rcode >= 400 and request.rcode < 500)
print_result(connection, request, prefix=test_name, display_err=not ok)
return ok
def run_check_additionals(connection):
......
......@@ -9,6 +9,8 @@ config:
- "check: test related to the compliance option --check"
- "forceIPv4: test using the option -4"
- "forceIPv6: test using the option -6"
- "fail: mark test with a resolver currently failing our tests"
- "slow: test that need time to run"
tests:
- exe: './homer.py'
......@@ -65,7 +67,6 @@ tests:
- 'https://doh.bortzmeyer.fr/'
- 'ressources-pedagogiques.org'
retcode: 0
stderr: ''
stdout: "OK\n"
- exe: './homer.py'
......@@ -93,7 +94,7 @@ tests:
- 'https://doh.42l.fr/dns-query'
- 'ressources-pedagogiques.org'
retcode: 1
stderr: "Test HEAD: HTTP error 405: [No details]\n"
partstderr: "Test HEAD: HTTP error 405: [No details]\n"
stdout: "KO\n"
- exe: './homer.py'
......@@ -110,6 +111,33 @@ tests:
stderr: ''
stdout: "OK\n"
- exe: './homer.py'
name: "[doh][check] Successcul check"
markers:
- 'doh'
- 'check'
args:
- '--check'
- 'https://dns.google/dns-query'
- 'framagit.org'
stderr: ''
stdout: "OK\n"
- exe: './homer.py'
name: "[doh][fail][check] 502 Bad Gateway"
markers:
- 'doh'
- 'check'
- 'fail'
- 'slow'
timeout: 10
args:
- '--check'
- 'https://doh.42l.fr/dns-query'
- 'framagit.org'
partstderr: 'Test truncated data: HTTP error 502'
stdout: "KO\n"
- exe: './homer.py'
name: '[doh][check] Test that all the resolved IPs are tried, try a first IP'
markers:
......@@ -282,6 +310,7 @@ tests:
markers:
- 'dot'
- 'check'
- 'slow'
args:
- '-k'
- '--check'
......@@ -296,6 +325,7 @@ tests:
markers:
- 'dot'
- 'check'
- 'slow'
args:
- '-k'
- '--check'
......@@ -428,6 +458,7 @@ tests:
name: '[dot] Loop on all ips on connection error (brok.sources.org)'
markers:
- 'dot'
- 'slow'
timeout: 6
args:
- '--dot'
......@@ -443,6 +474,7 @@ tests:
markers:
- 'dot'
- 'forceIPv6'
- 'slow'
timeout: 6
args:
- '-6'
......@@ -495,6 +527,34 @@ tests:
retcode: 1
partstderr: 'Key error'
- exe: './homer.py'
name: '[dot][check] Resolver returning a malformed DNS message'
markers:
- 'dot'
- 'check'
- 'exception'
args:
- '--dot'
- '--check'
- 'dns.digitale-gesellschaft.ch'
- 'framagit.org'
retcode: 0
stderr: ''
stdout: "OK\n"
- exe: './homer.py'
name: '[dot][fail] Resolver with an invalid certificate'
markers:
- 'dot'
- 'fail'
args:
- '--dot'
- '-v'
- 'ns0.ldn-fai.net'
- 'framagit.org'
retcode: 1
partstdout: 'certificate verify failed'
################################################################################
# check_dot
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment