1#!/usr/bin/python3 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14import os 15import pathlib 16import subprocess 17 18import pytest 19 20 21def is_pid_alive(pid): 22 try: 23 os.kill(pid, 0) 24 return True 25 except OSError: 26 return False 27 28 29def run_sslyze_in_a_loop(executable, port, log_file_prefix): 30 # Determine the PID of ns1. 31 with open(pathlib.Path("ns1", "named.pid"), encoding="utf-8") as pidfile: 32 pid = int(pidfile.read()) 33 34 # Ensure ns1 is alive before starting the loop below to avoid reporting 35 # false positives. 36 if not is_pid_alive(pid): 37 pytest.skip(f"ns1 (PID: {pid}) is not running") 38 39 # Run sslyze on ns1 in a loop with a limit of 30 iterations. Interrupt the 40 # test as soon as ns1 is determined to not be running any more. Log sslyze 41 # output. 42 sslyze_args = [executable, f"10.53.0.1:{port}"] 43 for i in range(0, 30): 44 log_file = f"{log_file_prefix}.ns1.{port}.{i + 1}" 45 with open(log_file, "wb") as sslyze_log: 46 # Run sslyze, logging stdout+stderr. Ignore the exit code since 47 # sslyze is only used for triggering crashes here rather than 48 # actual TLS analysis. 49 subprocess.run( 50 sslyze_args, 51 stdout=sslyze_log, 52 stderr=subprocess.STDOUT, 53 timeout=30, 54 check=False, 55 ) 56 # Ensure ns1 is still alive after each sslyze run. 57 assert is_pid_alive(pid), f"ns1 (PID: {pid}) exited prematurely" 58 59 60def test_sslyze_doh(sslyze_executable, named_httpsport): 61 run_sslyze_in_a_loop(sslyze_executable, named_httpsport, "sslyze.log.doh") 62 63 64def test_sslyze_dot(sslyze_executable, named_tlsport): 65 run_sslyze_in_a_loop(sslyze_executable, named_tlsport, "sslyze.log.dot") 66