2022-03-10 11:22:04 +01:00
import base64
2022-03-10 23:29:14 +01:00
from subprocess import CompletedProcess
2022-03-10 11:22:04 +01:00
2022-03-14 16:06:50 +01:00
2022-03-14 16:00:31 +01:00
pfctl_stdout_lines = b ''' block drop quick proto tcp from <f2b-sendmail-auth> to any port = submission
2022-03-10 11:22:04 +01:00
block drop quick proto tcp from < f2b - sendmail - auth > to any port = smtps
block drop quick proto tcp from < f2b - sendmail - auth > to any port = smtp
block drop quick proto tcp from < f2b - sshd > to any port = ssh
block drop quick proto tcp from < f2b - recidive > to any
'''
2022-03-10 21:39:07 +01:00
def test_register_unauth ( client ) :
2022-03-10 14:03:09 +01:00
json_payload = { " port " :
" any port { pop3,pop3s,imap,imaps,submission,465,sieve} " ,
" name " : " dovecot " , " protocol " : " tcp " }
2022-03-10 11:22:04 +01:00
response = client . put ( " /register " , json = json_payload )
assert response . json [ ' error ' ] == ' Access Denied '
2022-03-14 15:45:03 +01:00
def test_unregister_valid ( client , mocker ) :
2022-03-10 21:39:07 +01:00
def noop ( ) :
pass
2022-03-10 23:29:14 +01:00
run_res = CompletedProcess ( args = [ ' true ' ] , returncode = 0 )
2022-03-10 21:39:07 +01:00
run_res . stdout = pfctl_stdout_lines
run_res . check_returncode = noop
mocker . patch ( ' jail2ban.pfctl.run ' , return_value = run_res )
valid_credentials = base64 . b64encode ( b " test.example.com:testpassword " ) . decode ( " utf-8 " )
json_payload = { " port " :
" any port { pop3,pop3s,imap,imaps,submission,465,sieve} " ,
" name " : " dovecot " , " protocol " : " tcp " }
response = client . delete ( " /register " ,
json = json_payload ,
headers = { " Authorization " : " Basic " + valid_credentials } )
2022-03-10 23:29:14 +01:00
assert response . json [ ' action ' ] == ' stop '
2022-03-10 21:39:07 +01:00
2022-03-14 15:45:03 +01:00
def test_register_valid ( client , mocker ) :
2022-03-10 11:22:04 +01:00
def noop ( ) :
pass
2022-03-10 23:29:14 +01:00
run_res = CompletedProcess ( args = [ ' true ' ] , returncode = 0 )
2022-03-10 11:22:04 +01:00
run_res . stdout = pfctl_stdout_lines
run_res . check_returncode = noop
2022-03-14 16:00:31 +01:00
pfctl_run = mocker . patch ( ' jail2ban.pfctl.run ' , return_value = run_res )
2022-03-10 11:22:04 +01:00
valid_credentials = base64 . b64encode ( b " test.example.com:testpassword " ) . decode ( " utf-8 " )
2022-03-10 14:03:09 +01:00
json_payload = { " port " :
" any port { pop3,pop3s,imap,imaps,submission,465,sieve} " ,
" name " : " dovecot " , " protocol " : " tcp " }
2022-03-10 11:22:04 +01:00
response = client . put ( " /register " ,
json = json_payload ,
headers = { " Authorization " : " Basic " + valid_credentials } )
2022-03-14 16:00:31 +01:00
pfctl_run_input_arg = pfctl_run . call_args_list [ 1 ] [ 1 ] [ ' input ' ]
for existing_line in pfctl_stdout_lines . splitlines ( ) :
assert existing_line in pfctl_run_input_arg . splitlines ( )
2022-03-10 21:39:07 +01:00
assert response . json [ ' action ' ] == ' start '
2022-03-10 21:12:24 +01:00
2022-03-14 16:06:50 +01:00
def test_register_valid_from_scratch ( client , mocker ) :
def noop ( ) :
pass
run_res = CompletedProcess ( args = [ ' true ' ] , returncode = 0 )
run_res . stdout = b ' '
run_res . check_returncode = noop
pfctl_run = mocker . patch ( ' jail2ban.pfctl.run ' , return_value = run_res )
valid_credentials = base64 . b64encode ( b " test.example.com:testpassword " ) . decode ( " utf-8 " )
json_payload = { " port " :
" any port { pop3,pop3s,imap,imaps,submission,465,sieve} " ,
" name " : " dovecot " , " protocol " : " tcp " }
response = client . put ( " /register " ,
json = json_payload ,
headers = { " Authorization " : " Basic " + valid_credentials } )
pfctl_run_input_arg = pfctl_run . call_args_list [ 1 ] [ 1 ] [ ' input ' ]
assert pfctl_run_input_arg == b ' table <f2b-dovecot> persist counters \n block quick proto tcp from <f2b-dovecot> to any port { pop3,pop3s,imap,imaps,submission,465,sieve} \n '
assert response . json [ ' action ' ] == ' start '
2022-03-10 21:12:24 +01:00
2022-03-10 21:39:07 +01:00
def test_register_invalid ( client , mocker ) :
2022-03-10 21:12:24 +01:00
def noop ( ) :
pass
2022-03-10 23:29:14 +01:00
run_res = CompletedProcess ( args = [ ' true ' ] , returncode = 0 )
2022-03-10 21:12:24 +01:00
run_res . stdout = pfctl_stdout_lines
run_res . check_returncode = noop
mocker . patch ( ' jail2ban.pfctl.run ' , return_value = run_res )
valid_credentials = base64 . b64encode ( b " test.example.com:testpassword " ) . decode ( " utf-8 " )
json_payload = { " port " :
" not a pf statement " ,
" name " : " dovecot " , " protocol " : " tcp " }
response = client . put ( " /register " ,
json = json_payload ,
headers = { " Authorization " : " Basic " + valid_credentials } )
assert response . json [ ' error ' ] == ' " not a pf statement " is tainted '
