ruben/jail2ban
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
jail2ban/tests/test_register.py

132 lines
4.4 KiB
Python
Raw Blame History

'''
Test various registration scenarios
'''
from subprocess import CompletedProcess
PFCTL_STDOUT_LINES = b'''
block drop quick proto tcp from <f2b-sendmail-auth> to any port = submission
block drop quick proto tcp from <f2b-sendmail-auth> to any port = smtps
block drop quick proto tcp from <f2b-sendmail-auth> to any port = smtp
block drop quick proto tcp from <f2b-sshd> to any port = ssh
block drop quick proto tcp from <f2b-recidive> to any
'''.strip() + b'\n'
PFCTL_STDOUT_LINES_SCRATCH = b'table <f2b-dovecot> persist counters\n' \
b'block quick proto tcp from <f2b-dovecot>' \
b' to any port ' \
b'{pop3,pop3s,imap,imaps,submission,465,sieve}\n'
def test_register_unauth(client):
'''
Test a registration without being authorized
'''
json_payload = {"port":
"any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
"name": "dovecot", "protocol": "tcp"}
response = client.put("/register", json=json_payload)
assert response.json['error'] == 'Access Denied'
def test_unregister_valid(client, mocker, valid_credentials):
'''
Test unregistration
'''
def noop():
pass
run_res = CompletedProcess(args=['true'], returncode=0)
run_res.stdout = PFCTL_STDOUT_LINES
run_res.check_returncode = noop
mocker.patch('jail2ban.pfctl.run', return_value=run_res)
json_payload = {"port":
"any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
"name": "dovecot", "protocol": "tcp"}
response = client.delete("/register",
json=json_payload,
headers={"Authorization":
"Basic " + valid_credentials})
assert response.json['action'] == 'stop'
def test_register_valid(client, mocker, valid_credentials):
'''
Test a registration of a rule
'''
def noop():
pass
run_res = CompletedProcess(args=['true'], returncode=0)
run_res.stdout = PFCTL_STDOUT_LINES
run_res.check_returncode = noop
pfctl_run = mocker.patch('jail2ban.pfctl.run', return_value=run_res)
json_payload = {"port":
"any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
"name": "dovecot", "protocol": "tcp"}
response = client.put("/register",
json=json_payload,
headers={"Authorization":
"Basic " + valid_credentials})
pfctl_run_input_arg = pfctl_run.call_args_list[1][1]['input']
for existing_line in PFCTL_STDOUT_LINES.splitlines():
assert existing_line in pfctl_run_input_arg.splitlines()
assert response.json['action'] == 'start'
def test_register_valid_from_scratch(client, mocker, valid_credentials):
'''
Test from scratch point of view
'''
def noop():
pass
run_res = CompletedProcess(args=['true'], returncode=0)
run_res.stdout = b''
run_res.check_returncode = noop
pfctl_run = mocker.patch('jail2ban.pfctl.run', return_value=run_res)
json_payload = {"port":
"any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
"name": "dovecot", "protocol": "tcp"}
response = client.put("/register",
json=json_payload,
headers={"Authorization":
"Basic " + valid_credentials})
pfctl_run_input_arg = pfctl_run.call_args_list[1][1]['input']
assert pfctl_run_input_arg == PFCTL_STDOUT_LINES_SCRATCH
assert response.json['action'] == 'start'
def test_register_invalid(client, mocker, valid_credentials):
'''
Test a bogus pf command
'''
def noop():
pass
run_res = CompletedProcess(args=['true'], returncode=0)
run_res.stdout = PFCTL_STDOUT_LINES
run_res.check_returncode = noop
mocker.patch('jail2ban.pfctl.run', return_value=run_res)
json_payload = {"port":
"not a pf statement",
"name": "dovecot", "protocol": "tcp"}
response = client.put("/register",
json=json_payload,
headers={"Authorization":
"Basic " + valid_credentials})
assert response.json['error'] == '"not a pf statement" is tainted'
Reference in New Issue View Git Blame Copy Permalink