ruben/jail2ban
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lint fixes (tests)

Browse Source
This commit is contained in:
Ruben van Staveren 2024-07-31 16:30:43 +02:00
parent 63c8e39b59
commit f7cc4d9d4e
Signed by: ruben
GPG Key ID: 886F6BECD477A93F
5 changed files with 80 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
tests/conftest.py
View File

@ -1,5 +1,10 @@
import pytest '''
Test fixtures
'''
import base64 import base64
import pytest
from jail2ban import create_app from jail2ban import create_app
@ -21,14 +26,23 @@ def app():
@pytest.fixture() @pytest.fixture()
def client(app): def client(app):
'''
Create a synthetic client
'''
return app.test_client() return app.test_client()
@pytest.fixture() @pytest.fixture()
def runner(app): def runner(app):
'''
Create a synthetic runner
'''
return app.test_cli_runner() return app.test_cli_runner()
@pytest.fixture() @pytest.fixture()
def valid_credentials(): def valid_credentials():
'''
Mock authentication for the test
'''
return base64.b64encode(b"test.example.com:testpassword").decode("utf-8") return base64.b64encode(b"test.example.com:testpassword").decode("utf-8")

18
tests/test_ban.py
View File

@ -1,7 +1,13 @@
'''
Test banning
'''
from types import SimpleNamespace from types import SimpleNamespace
def test_ban_ipv6(client, mocker, valid_credentials): def test_ban_ipv6(client, mocker, valid_credentials):
'''
Test ban an IPv6 address
'''
def noop(): def noop():
pass pass
run_res = SimpleNamespace() run_res = SimpleNamespace()
@ -22,6 +28,9 @@ def test_ban_ipv6(client, mocker, valid_credentials):
def test_ban_ipv4(client, mocker, valid_credentials): def test_ban_ipv4(client, mocker, valid_credentials):
'''
Test ban an IPv4 address
'''
def noop(): def noop():
pass pass
run_res = SimpleNamespace() run_res = SimpleNamespace()
@ -42,6 +51,9 @@ def test_ban_ipv4(client, mocker, valid_credentials):
def test_ban_invalid(client, mocker, valid_credentials): def test_ban_invalid(client, mocker, valid_credentials):
'''
Test ban an invalid address
'''
def noop(): def noop():
pass pass
run_res = SimpleNamespace() run_res = SimpleNamespace()
@ -63,6 +75,9 @@ def test_ban_invalid(client, mocker, valid_credentials):
def test_unban_ipv6(client, mocker, valid_credentials): def test_unban_ipv6(client, mocker, valid_credentials):
'''
Test unbanning an IPv6 address
'''
def noop(): def noop():
pass pass
run_res = SimpleNamespace() run_res = SimpleNamespace()
@ -83,6 +98,9 @@ def test_unban_ipv6(client, mocker, valid_credentials):
def test_unban_ipv4(client, mocker, valid_credentials): def test_unban_ipv4(client, mocker, valid_credentials):
'''
Test unbanning an IPv4 address
'''
def noop(): def noop():
pass pass
run_res = SimpleNamespace() run_res = SimpleNamespace()

17
tests/test_flush.py
View File

@ -1,8 +1,14 @@
'''
Test flushing pf tables
'''
from types import SimpleNamespace from types import SimpleNamespace
from subprocess import CalledProcessError from subprocess import CalledProcessError
def test_flush(client, mocker, valid_credentials): def test_flush(client, mocker, valid_credentials):
'''
Test flushing existing entry
'''
def noop(): def noop():
pass pass
run_res = SimpleNamespace() run_res = SimpleNamespace()
@ -22,6 +28,9 @@ def test_flush(client, mocker, valid_credentials):
def test_flush_nonexistent(client, mocker, valid_credentials): def test_flush_nonexistent(client, mocker, valid_credentials):
'''
Test flushing non existing entry
'''
cmd = ['/usr/local/bin/sudo', cmd = ['/usr/local/bin/sudo',
'/sbin/pfctl', '-a', 'some/anchor', '/sbin/pfctl', '-a', 'some/anchor',
@ -42,6 +51,9 @@ def test_flush_nonexistent(client, mocker, valid_credentials):
def test_wrong_method(client, mocker, valid_credentials): def test_wrong_method(client, mocker, valid_credentials):
'''
Test invalid method
'''
cmd = ['/usr/local/bin/sudo', cmd = ['/usr/local/bin/sudo',
'/sbin/pfctl', '-a', 'some/anchor', '/sbin/pfctl', '-a', 'some/anchor',
@ -61,7 +73,10 @@ def test_wrong_method(client, mocker, valid_credentials):
assert response.status_code == 405 assert response.status_code == 405
def test_filenotfound(app, mocker, valid_credentials): def test_filenotfound(app, valid_credentials):
'''
Test for when AUTHFILE cannot be found
'''
app.config.update({ app.config.update({
"AUTHFILE": '../tests/nonexistent-users-test.txt' "AUTHFILE": '../tests/nonexistent-users-test.txt'

7
tests/test_ping.py
View File

@ -1,4 +1,9 @@
def test_ping(client, mocker, valid_credentials): '''
Test application health check
'''
def test_ping(client, valid_credentials):
''' '''
Test application health check Test application health check
''' '''

32
tests/test_register.py
View File

@ -1,6 +1,9 @@
'''
Test various registration scenarios
'''
from subprocess import CompletedProcess from subprocess import CompletedProcess
pfctl_stdout_lines = b''' PFCTL_STDOUT_LINES = b'''
block drop quick proto tcp from <f2b-sendmail-auth> to any port = submission block drop quick proto tcp from <f2b-sendmail-auth> to any port = submission
block drop quick proto tcp from <f2b-sendmail-auth> to any port = smtps block drop quick proto tcp from <f2b-sendmail-auth> to any port = smtps
block drop quick proto tcp from <f2b-sendmail-auth> to any port = smtp block drop quick proto tcp from <f2b-sendmail-auth> to any port = smtp
@ -8,13 +11,16 @@ block drop quick proto tcp from <f2b-sshd> to any port = ssh
block drop quick proto tcp from <f2b-recidive> to any block drop quick proto tcp from <f2b-recidive> to any
'''.strip() + b'\n' '''.strip() + b'\n'
pfctl_stdout_lines_scratch = b'table <f2b-dovecot> persist counters\n' \ PFCTL_STDOUT_LINES_SCRATCH = b'table <f2b-dovecot> persist counters\n' \
b'block quick proto tcp from <f2b-dovecot>' \ b'block quick proto tcp from <f2b-dovecot>' \
b' to any port ' \ b' to any port ' \
b'{pop3,pop3s,imap,imaps,submission,465,sieve}\n' b'{pop3,pop3s,imap,imaps,submission,465,sieve}\n'
def test_register_unauth(client): def test_register_unauth(client):
'''
Test a registration without being authorized
'''
json_payload = {"port": json_payload = {"port":
"any port {pop3,pop3s,imap,imaps,submission,465,sieve}", "any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
"name": "dovecot", "protocol": "tcp"} "name": "dovecot", "protocol": "tcp"}
@ -24,10 +30,13 @@ def test_register_unauth(client):
def test_unregister_valid(client, mocker, valid_credentials): def test_unregister_valid(client, mocker, valid_credentials):
'''
Test unregistration
'''
def noop(): def noop():
pass pass
run_res = CompletedProcess(args=['true'], returncode=0) run_res = CompletedProcess(args=['true'], returncode=0)
run_res.stdout = pfctl_stdout_lines run_res.stdout = PFCTL_STDOUT_LINES
run_res.check_returncode = noop run_res.check_returncode = noop
mocker.patch('jail2ban.pfctl.run', return_value=run_res) mocker.patch('jail2ban.pfctl.run', return_value=run_res)
@ -45,10 +54,13 @@ def test_unregister_valid(client, mocker, valid_credentials):
def test_register_valid(client, mocker, valid_credentials): def test_register_valid(client, mocker, valid_credentials):
'''
Test a registration of a rule
'''
def noop(): def noop():
pass pass
run_res = CompletedProcess(args=['true'], returncode=0) run_res = CompletedProcess(args=['true'], returncode=0)
run_res.stdout = pfctl_stdout_lines run_res.stdout = PFCTL_STDOUT_LINES
run_res.check_returncode = noop run_res.check_returncode = noop
pfctl_run = mocker.patch('jail2ban.pfctl.run', return_value=run_res) pfctl_run = mocker.patch('jail2ban.pfctl.run', return_value=run_res)
@ -63,13 +75,16 @@ def test_register_valid(client, mocker, valid_credentials):
"Basic " + valid_credentials}) "Basic " + valid_credentials})
pfctl_run_input_arg = pfctl_run.call_args_list[1][1]['input'] pfctl_run_input_arg = pfctl_run.call_args_list[1][1]['input']
for existing_line in pfctl_stdout_lines.splitlines(): for existing_line in PFCTL_STDOUT_LINES.splitlines():
assert existing_line in pfctl_run_input_arg.splitlines() assert existing_line in pfctl_run_input_arg.splitlines()
assert response.json['action'] == 'start' assert response.json['action'] == 'start'
def test_register_valid_from_scratch(client, mocker, valid_credentials): def test_register_valid_from_scratch(client, mocker, valid_credentials):
'''
Test from scratch point of view
'''
def noop(): def noop():
pass pass
run_res = CompletedProcess(args=['true'], returncode=0) run_res = CompletedProcess(args=['true'], returncode=0)
@ -88,15 +103,18 @@ def test_register_valid_from_scratch(client, mocker, valid_credentials):
"Basic " + valid_credentials}) "Basic " + valid_credentials})
pfctl_run_input_arg = pfctl_run.call_args_list[1][1]['input'] pfctl_run_input_arg = pfctl_run.call_args_list[1][1]['input']
assert pfctl_run_input_arg == pfctl_stdout_lines_scratch assert pfctl_run_input_arg == PFCTL_STDOUT_LINES_SCRATCH
assert response.json['action'] == 'start' assert response.json['action'] == 'start'
def test_register_invalid(client, mocker, valid_credentials): def test_register_invalid(client, mocker, valid_credentials):
'''
Test a bogus pf command
'''
def noop(): def noop():
pass pass
run_res = CompletedProcess(args=['true'], returncode=0) run_res = CompletedProcess(args=['true'], returncode=0)
run_res.stdout = pfctl_stdout_lines run_res.stdout = PFCTL_STDOUT_LINES
run_res.check_returncode = noop run_res.check_returncode = noop
mocker.patch('jail2ban.pfctl.run', return_value=run_res) mocker.patch('jail2ban.pfctl.run', return_value=run_res)