[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Continuous Integration for testing application proxy leaks?



> Has anyone tried using continuous integration tools like Travis CI to
> find proxy leaks in applications? The rough idea I had was to run all
> the existing unit/integration tests for the application, wrapped in
> something like:
>
> strace -f -e
> trace=socket,getsockopt,setsockopt,getsockname,connect,bind,send,sendto,
> sendmsg,recv,recvfrom,recvmsg
> ./run_tests.sh
>
> and use grep on the resulting output to find any results that connect
> to anything other than the configured proxy. (This assumes that the
> application has good test coverage already.) I'm curious if someone
> has already tried to tackle this, or if there's a better way.
>
> (H/t to pabouk at https://tor.stackexchange.com/a/118 for the idea of
> using strace.)

Assuming you're not going to read the code to find such instances
and test mode is nice but not covering real world usage, caveats,
threats and exploits, nor does strace block anything,
better to packet filter and log everything default deny.
Run all the tests and real world you want inside that.
-- 
tor-talk mailing list - tor-talk AT lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk