2022-03-10 23:29:14 +01:00
|
|
|
from subprocess import CompletedProcess
|
2022-03-10 11:22:04 +01:00
|
|
|
|
2022-03-14 16:39:24 +01:00
|
|
|
pfctl_stdout_lines = b'''
|
|
|
|
|
block drop quick proto tcp from <f2b-sendmail-auth> to any port = submission
|
2022-03-10 11:22:04 +01:00
|
|
|
block drop quick proto tcp from <f2b-sendmail-auth> to any port = smtps
|
|
|
|
|
block drop quick proto tcp from <f2b-sendmail-auth> to any port = smtp
|
|
|
|
|
block drop quick proto tcp from <f2b-sshd> to any port = ssh
|
|
|
|
|
block drop quick proto tcp from <f2b-recidive> to any
|
2022-03-14 16:39:24 +01:00
|
|
|
'''.strip() + b'\n'
|
|
|
|
|
|
|
|
|
|
pfctl_stdout_lines_scratch = b'table <f2b-dovecot> persist counters\n' \
|
|
|
|
|
b'block quick proto tcp from <f2b-dovecot>' \
|
|
|
|
|
b' to any port ' \
|
|
|
|
|
b'{pop3,pop3s,imap,imaps,submission,465,sieve}\n'
|
2022-03-10 11:22:04 +01:00
|
|
|
|
|
|
|
|
|
2022-03-10 21:39:07 +01:00
|
|
|
def test_register_unauth(client):
|
2022-03-10 14:03:09 +01:00
|
|
|
json_payload = {"port":
|
|
|
|
|
"any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
|
|
|
|
|
"name": "dovecot", "protocol": "tcp"}
|
2022-03-10 11:22:04 +01:00
|
|
|
response = client.put("/register", json=json_payload)
|
|
|
|
|
|
|
|
|
|
assert response.json['error'] == 'Access Denied'
|
|
|
|
|
|
|
|
|
|
|
2022-03-14 16:39:24 +01:00
|
|
|
def test_unregister_valid(client, mocker, valid_credentials):
|
2022-03-10 21:39:07 +01:00
|
|
|
def noop():
|
|
|
|
|
pass
|
2022-03-10 23:29:14 +01:00
|
|
|
run_res = CompletedProcess(args=['true'], returncode=0)
|
2022-03-10 21:39:07 +01:00
|
|
|
run_res.stdout = pfctl_stdout_lines
|
|
|
|
|
run_res.check_returncode = noop
|
|
|
|
|
|
|
|
|
|
mocker.patch('jail2ban.pfctl.run', return_value=run_res)
|
|
|
|
|
|
|
|
|
|
json_payload = {"port":
|
|
|
|
|
"any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
|
|
|
|
|
"name": "dovecot", "protocol": "tcp"}
|
|
|
|
|
|
|
|
|
|
response = client.delete("/register",
|
|
|
|
|
json=json_payload,
|
2022-03-14 16:39:24 +01:00
|
|
|
headers={"Authorization":
|
|
|
|
|
"Basic " + valid_credentials})
|
2022-03-10 21:39:07 +01:00
|
|
|
|
2022-03-10 23:29:14 +01:00
|
|
|
assert response.json['action'] == 'stop'
|
2022-03-10 21:39:07 +01:00
|
|
|
|
|
|
|
|
|
2022-03-14 16:39:24 +01:00
|
|
|
def test_register_valid(client, mocker, valid_credentials):
|
2022-03-10 11:22:04 +01:00
|
|
|
def noop():
|
|
|
|
|
pass
|
2022-03-10 23:29:14 +01:00
|
|
|
run_res = CompletedProcess(args=['true'], returncode=0)
|
2022-03-10 11:22:04 +01:00
|
|
|
run_res.stdout = pfctl_stdout_lines
|
|
|
|
|
run_res.check_returncode = noop
|
|
|
|
|
|
2022-03-14 16:00:31 +01:00
|
|
|
pfctl_run = mocker.patch('jail2ban.pfctl.run', return_value=run_res)
|
2022-03-10 11:22:04 +01:00
|
|
|
|
2022-03-10 14:03:09 +01:00
|
|
|
json_payload = {"port":
|
|
|
|
|
"any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
|
|
|
|
|
"name": "dovecot", "protocol": "tcp"}
|
|
|
|
|
|
2022-03-10 11:22:04 +01:00
|
|
|
response = client.put("/register",
|
|
|
|
|
json=json_payload,
|
2022-03-14 16:39:24 +01:00
|
|
|
headers={"Authorization":
|
|
|
|
|
"Basic " + valid_credentials})
|
2022-03-10 11:22:04 +01:00
|
|
|
|
2022-03-14 16:00:31 +01:00
|
|
|
pfctl_run_input_arg = pfctl_run.call_args_list[1][1]['input']
|
|
|
|
|
for existing_line in pfctl_stdout_lines.splitlines():
|
|
|
|
|
assert existing_line in pfctl_run_input_arg.splitlines()
|
|
|
|
|
|
2022-03-10 21:39:07 +01:00
|
|
|
assert response.json['action'] == 'start'
|
2022-03-10 21:12:24 +01:00
|
|
|
|
2022-03-14 16:39:24 +01:00
|
|
|
|
|
|
|
|
def test_register_valid_from_scratch(client, mocker, valid_credentials):
|
2022-03-14 16:06:50 +01:00
|
|
|
def noop():
|
|
|
|
|
pass
|
|
|
|
|
run_res = CompletedProcess(args=['true'], returncode=0)
|
|
|
|
|
run_res.stdout = b''
|
|
|
|
|
run_res.check_returncode = noop
|
|
|
|
|
|
|
|
|
|
pfctl_run = mocker.patch('jail2ban.pfctl.run', return_value=run_res)
|
|
|
|
|
|
|
|
|
|
json_payload = {"port":
|
|
|
|
|
"any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
|
|
|
|
|
"name": "dovecot", "protocol": "tcp"}
|
|
|
|
|
|
|
|
|
|
response = client.put("/register",
|
|
|
|
|
json=json_payload,
|
2022-03-14 16:39:24 +01:00
|
|
|
headers={"Authorization":
|
|
|
|
|
"Basic " + valid_credentials})
|
2022-03-14 16:06:50 +01:00
|
|
|
|
|
|
|
|
pfctl_run_input_arg = pfctl_run.call_args_list[1][1]['input']
|
2022-03-14 16:39:24 +01:00
|
|
|
assert pfctl_run_input_arg == pfctl_stdout_lines_scratch
|
2022-03-14 16:06:50 +01:00
|
|
|
assert response.json['action'] == 'start'
|
|
|
|
|
|
2022-03-10 21:12:24 +01:00
|
|
|
|
2022-03-14 16:39:24 +01:00
|
|
|
def test_register_invalid(client, mocker, valid_credentials):
|
2022-03-10 21:12:24 +01:00
|
|
|
def noop():
|
|
|
|
|
pass
|
2022-03-10 23:29:14 +01:00
|
|
|
run_res = CompletedProcess(args=['true'], returncode=0)
|
2022-03-10 21:12:24 +01:00
|
|
|
run_res.stdout = pfctl_stdout_lines
|
|
|
|
|
run_res.check_returncode = noop
|
|
|
|
|
|
|
|
|
|
mocker.patch('jail2ban.pfctl.run', return_value=run_res)
|
|
|
|
|
|
|
|
|
|
json_payload = {"port":
|
|
|
|
|
"not a pf statement",
|
|
|
|
|
"name": "dovecot", "protocol": "tcp"}
|
|
|
|
|
|
|
|
|
|
response = client.put("/register",
|
|
|
|
|
json=json_payload,
|
2022-03-14 16:39:24 +01:00
|
|
|
headers={"Authorization":
|
|
|
|
|
"Basic " + valid_credentials})
|
2022-03-10 21:12:24 +01:00
|
|
|
|
|
|
|
|
assert response.json['error'] == '"not a pf statement" is tainted'
|
