From de4f1c7d35a764618d8419a67d964ef2ed6a7864 Mon Sep 17 00:00:00 2001
From: kladkogex <13399135+kladkogex@users.noreply.github.com>
Date: Fri, 5 Aug 2022 20:17:30 +0100
Subject: [PATCH 1/2] 430_firewall_self_analysis

---
 docker/check_firewall.py | 44 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 docker/check_firewall.py

diff --git a/docker/check_firewall.py b/docker/check_firewall.py
new file mode 100644
index 00000000..926fb69a
--- /dev/null
+++ b/docker/check_firewall.py
@@ -0,0 +1,44 @@
+#! /usr/bin/python
+
+import requests
+import re
+import torpy
+
+from torpy import TorClient
+
+
+def get_my_external_ip():
+    try:
+        res = requests.get("http://checkip.dyndns.org/")
+        myIp = re.compile('(\d{1,3}\.){3}\d{1,3}').search(res.text).group()
+        return myIp
+    except:
+        return ""
+
+print("Analyzing firewall security.")
+print("Determining external IP address")
+
+ip = get_my_external_ip()
+
+if (ip == ""):
+    print("sgxwallet does not have an external IP")
+    print("No firewall problems detected.")
+    exit(0)
+
+print("sgxwallet has the following external IP: " + ip)
+
+try:
+    with TorClient() as tor:
+        # Choose random guard node and create 3-hops circuit
+        print("Connecting to TOR network ...");
+        with tor.create_circuit(1) as circuit:
+            print("Connected to TOR network. Connecting to sgxwallet from a random external IP."
+                  " This may take up to a minute.")
+            # Create tor stream to host
+            with circuit.create_stream((ip, 1027)) as stream:
+                print("SECURITY PROBLEM: Could connect to port 1027 of sgxwallet " + ip + " from a random external IP")
+                print("Firewall is not working properly. Fix the firewall and then start sgx wallet")
+                exit(1)
+except:
+    print("Analysis complete. No firewall problems detected.")
+    exit(0)

From a6469fb5c3947b5899c2b5451bb65f4bdd980555 Mon Sep 17 00:00:00 2001
From: kladkogex <13399135+kladkogex@users.noreply.github.com>
Date: Fri, 5 Aug 2022 20:57:45 +0100
Subject: [PATCH 2/2] Added firewall check

---
 Dockerfile           | 1 +
 DockerfileRelease    | 1 +
 DockerfileSimulation | 1 +
 docker/start.sh      | 2 +-
 4 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 49ab8e28..2a113f12 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,6 +10,7 @@ RUN bash -c "make -j$(nproc)"
 RUN ccache -sz
 RUN mkdir -p /usr/src/sdk/sgx_data
 COPY docker/start.sh ./
+COPY docker/check_firewall.py ./
 RUN rm -rf /usr/src/sdk/sgx-sdk-build/
 RUN rm  /opt/intel/sgxsdk/lib64/*_sim.so
 ENTRYPOINT ["/usr/src/sdk/start.sh"]
diff --git a/DockerfileRelease b/DockerfileRelease
index 3fa72652..dbdd314c 100644
--- a/DockerfileRelease
+++ b/DockerfileRelease
@@ -12,6 +12,7 @@ RUN ccache -sz
 RUN cd scripts && ./sign_enclave.bash
 RUN mkdir -p /usr/src/sdk/sgx_data
 COPY docker/start.sh ./
+COPY docker/check_firewall.py ./
 RUN rm -rf /usr/src/sdk/sgx-sdk-build/
 RUN rm /opt/intel/sgxsdk/lib64/*_sim.so
 RUN rm /usr/src/sdk/secure_enclave/secure_enclave*.so
diff --git a/DockerfileSimulation b/DockerfileSimulation
index cb92bce8..2c5e367e 100644
--- a/DockerfileSimulation
+++ b/DockerfileSimulation
@@ -15,6 +15,7 @@ RUN ./autoconf.bash && \
     mkdir -p /usr/src/sdk/sgx_data
 
 COPY docker/start.sh ./
+COPY docker/check_firewall.py ./
 RUN rm -rf /usr/src/sdk/sgx-sdk-build/
 
 ENTRYPOINT ["/usr/src/sdk/start.sh"]
diff --git a/docker/start.sh b/docker/start.sh
index cd8eeffe..49307ff6 100755
--- a/docker/start.sh
+++ b/docker/start.sh
@@ -46,7 +46,7 @@ echo "Test run requested"
 sleep 5
 ./testw.py
 else
-sleep 3
+/usr/src/sdk/check_firewall.py
 ./sgxwallet $1 $2 $3 $4 $5 $6
 fi