-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Samuli Leivo <[email protected]>
- Loading branch information
1 parent
eab6735
commit 4859c53
Showing
7 changed files
with
170 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| # SPDX-FileCopyrightText: 2022-2024 Technology Innovation Institute (TII) | ||
| # SPDX-License-Identifier: Apache-2.0 | ||
|
|
||
| *** Settings *** | ||
| Documentation Security tests | ||
| Resource ../../resources/ssh_keywords.resource | ||
| Resource ../../resources/common_keywords.resource | ||
| Suite Setup Common Setup | ||
| Suite Teardown Common Teardown | ||
|
|
||
| *** Variables *** | ||
|
|
||
| ${connection} ${NONE} | ||
|
|
||
| *** Keywords *** | ||
|
|
||
| Common Setup | ||
| Set Variables ${DEVICE} | ||
| Run Keyword If "${DEVICE_IP_ADDRESS}" == "NONE" Get ethernet IP address | ||
| ${port_22_is_available} Check if ssh is ready on device timeout=60 | ||
| IF ${port_22_is_available} == False | ||
| FAIL Failed because port 22 of device was not available, tests can not be run. | ||
| END | ||
| ${connection} Connect | ||
| ${out} Execute Command hostname | ||
| Log ${out} | ||
| Set Suite Variable ${connection} ${connection} | ||
| Log versions | ||
| Run journalctl recording | ||
|
|
||
| Common Teardown | ||
| IF ${connection} | ||
| Connect | ||
| Log journctl | ||
| END | ||
| Close All Connections |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| # ip_server=192.168.100.4 | ||
|
|
||
| for i in {1..35} | ||
| do | ||
| echo " ---- packet $i " | nc -w 1 ${ip_server} 5201 | ||
| sleep 1.5 | ||
| done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| sudo iptables -F | ||
|
|
||
| echo "" > /tmp/server_received.txt | ||
|
|
||
| for i in {1..30} | ||
| do | ||
| echo "" >> /tmp/server_received.txt | ||
| echo "iteration $i - $(date)" >> /tmp/server_received.txt | ||
| timeout 1.7 nc -l 5201 >> /tmp/server_received.txt 2>&1 | ||
| sleep 0.5 | ||
| done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| # ip_server=192.168.100.4 | ||
| # ip_stealer=192.168.100.6 | ||
|
|
||
| sudo iptables -F | ||
|
|
||
| echo "" > /tmp/stolen.txt | ||
|
|
||
| for i in {1..30} | ||
| do | ||
| echo "" >> /tmp/stolen.txt | ||
| echo "iteration $i - $(date)" >> /tmp/stolen.txt | ||
| sudo ifconfig ethint0 ${ip_server} netmask 255.255.255.0 up | ||
| sleep 0.3 | ||
| sudo ifconfig ethint0 ${ip_server} netmask 255.255.255.0 up | ||
| sleep 0.3 | ||
| timeout 1 nc -l 5201 >> /tmp/stolen.txt 2>&1 | ||
| sudo ifconfig ethint0 ${ip_stealer} netmask 255.255.255.0 up | ||
| sleep 0.3 | ||
| done |
81 changes: 81 additions & 0 deletions
81
Robot-Framework/test-suites/security-tests/security_tests.robot
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,81 @@ | ||
| # SPDX-FileCopyrightText: 2022-2024 Technology Innovation Institute (TII) | ||
| # SPDX-License-Identifier: Apache-2.0 | ||
|
|
||
| *** Settings *** | ||
| Force Tags security | ||
| Resource ../../resources/ssh_keywords.resource | ||
| Resource ../../config/variables.robot | ||
| Resource ../../resources/common_keywords.resource | ||
| Suite Teardown Close All Connections | ||
|
|
||
|
|
||
| *** Variables *** | ||
| ${connection} | ||
|
|
||
|
|
||
| *** Test Cases *** | ||
|
|
||
| Test IP spoofing | ||
| [Documentation] Test if it's possible to steal packets via ip spoofing | ||
| [Tags] SP-T128 lenovo-x1 | ||
| # Prepare netcat server script | ||
| Connect to netvm | ||
| Check if ssh is ready on vm ${GALA_VM} | ||
| Connect to VM ${GALA_VM} | ||
| ${ip_gala} Get Virtual Network Interface IP | ||
| Put File security-tests/nc_server /tmp | ||
| Execute Command chmod 777 /tmp/nc_server | ||
|
|
||
| # Prepare netcat client script | ||
| Connect to netvm | ||
| Check if ssh is ready on vm ${COMMS_VM} | ||
| Connect to VM ${COMMS_VM} | ||
| Put File security-tests/nc_client /tmp | ||
| Execute Command echo 'ip_server=${ip_gala}' > /tmp/tmp_file | ||
| Execute Command cat /tmp/nc_client >> /tmp/tmp_file | ||
| Execute Command cp /tmp/tmp_file /tmp/nc_client | ||
| Execute Command chmod 777 /tmp/nc_client | ||
|
|
||
| # Prepare netcat stealer script | ||
| Connect to netvm | ||
| Check if ssh is ready on vm ${CHROME_VM} | ||
| Connect to VM ${CHROME_VM} | ||
| ${ip_chrome} Get Virtual Network Interface IP | ||
| Put File security-tests/nc_stealer /tmp | ||
| Execute Command echo 'ip_server=${ip_gala}\nip_stealer=${ip_chrome}' > /tmp/tmp_file | ||
| Execute Command cat /tmp/nc_stealer >> /tmp/tmp_file | ||
| Execute Command cp /tmp/tmp_file /tmp/nc_stealer | ||
| Execute Command chmod 777 /tmp/nc_stealer | ||
|
|
||
| # Launch the test scripts | ||
| Connect to VM ${GALA_VM} | ||
| Run Keyword And Ignore Error Execute Command -b /tmp/nc_server sudo=True sudo_password=${PASSWORD} timeout=3 | ||
| Connect to VM ${COMMS_VM} | ||
| Run Keyword And Ignore Error Execute Command -b /tmp/nc_client sudo=True sudo_password=${PASSWORD} timeout=3 | ||
| Connect to VM ${CHROME_VM} | ||
| Run Keyword And Ignore Error Execute Command -b /tmp/nc_stealer sudo=True sudo_password=${PASSWORD} timeout=3 | ||
| Log To Console Waiting 40 sec for the test to finish | ||
| Sleep 40 | ||
| Close All Connections | ||
|
|
||
| # Check the result files | ||
| Connect | ||
| Connect to netvm | ||
| Check if ssh is ready on vm ${CHROME_VM} | ||
| Connect to VM ${CHROME_VM} | ||
| ${stolen} Execute Command cat /tmp/stolen.txt | grep packet | ||
| Log ${stolen} | ||
| ${stealer_log} Execute Command cat /tmp/stolen.txt | ||
| Log ${stealer_log} | ||
| Connect to VM ${GALA_VM} | ||
| ${server} Execute Command cat /tmp/server_received.txt | grep packet | ||
| Log ${server} | ||
| ${server_log} Execute Command cat /tmp/server_received.txt | ||
| Log ${server_log} | ||
| IF $stolen != '${EMPTY}' | ||
| FAIL Stealer VM managed to receive packets via ip spoofing | ||
| END | ||
| IF $server == '${EMPTY}' and $stolen == '${EMPTY}' | ||
| FAIL No packets received by server or stealer VM | ||
| END |