.onion and .i2p

galeksandrp · galeksandrp · commit 16645b5fd444 · 2017-02-22T15:59:33.000Z
diff --git a/.travis.yml b/.travis.yml
@@ -5,10 +5,6 @@ services:
 script:
   - test/travis.sh
 env:
-  - TEST=firefox FIREFOX=firefox-dev
-  - TEST=firefox FIREFOX=firefox-latest
-  - TEST=firefox FIREFOX=firefox-esr-latest
-  - TEST=chromium
   - TEST=rules
   - TEST=fetch
-  - TEST=preloaded
+
diff --git a/Dockerfile b/Dockerfile
@@ -6,6 +6,13 @@ ADD test/rules/requirements.txt test/rules/requirements.txt
 ADD test/chromium/requirements.txt test/chromium/requirements.txt
 RUN pip install -r test/rules/requirements.txt
 RUN pip install -r test/chromium/requirements.txt
+RUN apt-get update
+RUN apt-get install -y tor iptables sudo
+RUN echo VirtualAddrNetworkIPv4 10.192.0.0/10 >> /etc/tor/torrc
+RUN echo AutomapHostsOnResolve 1 >> /etc/tor/torrc
+RUN echo TransPort 9040 >> /etc/tor/torrc
+RUN echo DNSPort 53 >> /etc/tor/torrc
+RUN adduser --disabled-password --gecos "" test
 
 ENV FIREFOX /firefox-latest/firefox/firefox
 
diff --git a/src/chrome/content/rules/onion-flibusta.xml b/src/chrome/content/rules/onion-flibusta.xml
@@ -0,0 +1,13 @@
+<ruleset name="Flibusta Onion">
+	<target host="flibusta.net" />
+	<target host="www.flibusta.net" />
+	<target host="flibusta.is" />
+	<target host="www.flibusta.is" />
+	<target host="proxy.flibusta.net" />
+	<target host="www.proxy.flibusta.net" />
+	<rule from="^https?://(?:www\.)?(?:proxy\.)?flibusta\.(?:net|is)/" to="http://flibustahezeous3.onion/" />
+</ruleset>
+<!--
+* **Flibusta**
+	* Documented here: <http://flibusta.net/> ([A](https://archive.today/3DAe5))
+	-->
diff --git a/src/chrome/content/rules/onion-kickasstorrents.xml b/src/chrome/content/rules/onion-kickasstorrents.xml
@@ -0,0 +1,32 @@
+<ruleset name="KickassTorrents Onion" platform="mixedcontent">
+	<target host="kat.ph" />
+	<target host="www.kat.ph" />
+	<target host="kickass.to" />
+	<target host="www.kickass.to" />
+	<target host="kat.cr" />
+	<target host="www.kat.cr" />
+	<target host="kickasstorrents.to" />
+	<target host="www.kickasstorrents.to" />
+	<target host="kickass-torrents.to" />
+	<target host="www.kickass-torrents.to" />
+	<target host="kickasstorrents.eu" />
+	<target host="www.kickasstorrents.eu" />
+	<target host="kastatic.com" />
+	<target host="ka.tt" />
+	<target host="kickass.so" />
+	<target host="kickasstorrents.im" />
+	<target host="www.ka.tt" />
+	<target host="www.kickass.so" />
+	<target host="www.kickasstorrents.im" />
+	<target host="kickassto.co" />
+	<target host="kickass.ag" />
+	<target host="thekat.tv" />
+	<target host="kickass.ac" />
+	<target host="katproxy.is" />
+	<target host="www.kickassto.co" />
+	<target host="www.kickass.ag" />
+	<target host="www.thekat.tv" />
+	<target host="www.kickass.ac" />
+	<target host="www.katproxy.is" />
+	<rule from="^https?://(?:www\.)?(?:kat\.ph|kickass\.to|kat\.cr|kickasstorrents\.to|kickass-torrents\.to|kickasstorrents\.eu|kastatic\.com|kastatus\.com|ka\.tt|kickass\.so|kickasstorrents\.im|kickassto\.co|kickass\.ag|thekat\.tv|kickass\.ac|katproxy\.is)/" to="http://lsuzvpko6w6hzpnn.onion/" />
+</ruleset>
diff --git a/src/chrome/content/rules/onion-nnm-club.xml b/src/chrome/content/rules/onion-nnm-club.xml
@@ -0,0 +1,9 @@
+<ruleset name="NNM-Club Onion">
+	<target host="nnm-club.me" />
+	<target host="nnmclub.to" />
+	<target host="www.nnm-club.me" />
+	<target host="www.nnmclub.to" />
+	<target host="ipv6.nnm-club.me" />
+	<target host="ipv6.nnmclub.to" />
+	<rule from="^https?://(?:www\.|ipv6\.)?(?:nnm-club\.me|nnmclub\.to)/" to="http://nnmclub5toro7u65.onion/" />
+</ruleset>
diff --git a/src/chrome/content/rules/onion-rutor.xml b/src/chrome/content/rules/onion-rutor.xml
@@ -0,0 +1,9 @@
+<ruleset name="Rutor Onion">
+	<target host="rutor.org" />
+	<target host="rutor.info" />
+	<target host="rutor.is" />
+	<target host="www.rutor.org" />
+	<target host="www.rutor.info" />
+	<target host="www.rutor.is" />
+	<rule from="^http://(?:www\.)?rutor\.(?:org|info|is)/" to="http://rutorc6mqdinc4cz.onion/" />
+</ruleset>
diff --git a/test/fetch.sh b/test/fetch.sh
@@ -17,9 +17,18 @@ done
 
 if [ "$TO_BE_TESTED" ]; then
   # Do the actual test, using https-everywhere-checker.
+  TOR=$(xmllint --xpath 'string(//ruleset/@platform)' $TO_BE_TESTED | grep 'mixedcontent')
+  COMMAND='python'
+  if [ "$TOR" ]; then
+    service tor start
+    sleep 10
+    echo nameserver 127.0.0.1 > /etc/resolv.conf
+    iptables -t nat -A OUTPUT -m owner --uid-owner $(sudo -u test id -u) -p tcp --syn -j REDIRECT --to-ports 9040
+    COMMAND='sudo -u test python'
+  fi
   OUTPUT_FILE=`mktemp`
   trap 'rm "$OUTPUT_FILE"' EXIT
-  python $RULETESTFOLDER/src/https_everywhere_checker/check_rules.py $RULETESTFOLDER/http.checker.config $TO_BE_TESTED 2>&1 | tee $OUTPUT_FILE
+  $COMMAND $RULETESTFOLDER/src/https_everywhere_checker/check_rules.py $RULETESTFOLDER/http.checker.config $TO_BE_TESTED 2>&1 | tee $OUTPUT_FILE
   # Unfortunately, no specific exit codes are available for connection
   # failures, so we catch those with grep.
   if [[ `cat $OUTPUT_FILE | grep ERROR | wc -l` -ge 1 ]]; then
diff --git a/utils/trivial-validate.py b/utils/trivial-validate.py
@@ -92,13 +92,17 @@ def test_unescaped_dots_in_exclusion(tree, rulename, from_attrib, to):
     return True
 
 xpath_rule = etree.XPath("/ruleset/rule")
+xpath_ruleset_platform = etree.XPath("/ruleset/@platform")
+xpath_ruleset_default_off = etree.XPath("/ruleset/@default_off")
 def test_unencrypted_to(tree, rulename, from_attrib, to):
     # Rules that redirect to something other than https or http.
     # This used to test for http: but testing for lack of https: will
     # catch more kinds of mistakes.
     # Now warn if the rule author indicates they intended it, with the
     # downgrade attribute.  Error if this attribute is not present.
     """Rule redirects to something other than https."""
+    if len(xpath_ruleset_platform(tree)) != 0 or len(xpath_ruleset_default_off(tree)) != 0:
+        return True
     for rule in xpath_rule(tree):
         to, downgrade = rule.get("to"), rule.get("downgrade")
         if to[:6] != "https:" and to[:5] != "http:":
@@ -158,7 +162,6 @@ def nomes_all(where=sys.argv[1:]):
 
 xpath_ruleset = etree.XPath("/ruleset")
 xpath_ruleset_name = etree.XPath("/ruleset/@name")
-xpath_ruleset_platform = etree.XPath("/ruleset/@platform")
 xpath_host = etree.XPath("/ruleset/target/@host")
 xpath_from = etree.XPath("/ruleset/rule/@from")
 xpath_to = etree.XPath("/ruleset/rule/@to")
