110 lines
4.0 KiB
Python
110 lines
4.0 KiB
Python
import base64
|
|
from subprocess import CompletedProcess
|
|
|
|
|
|
pfctl_stdout_lines = b'''block drop quick proto tcp from <f2b-sendmail-auth> to any port = submission
|
|
block drop quick proto tcp from <f2b-sendmail-auth> to any port = smtps
|
|
block drop quick proto tcp from <f2b-sendmail-auth> to any port = smtp
|
|
block drop quick proto tcp from <f2b-sshd> to any port = ssh
|
|
block drop quick proto tcp from <f2b-recidive> to any
|
|
'''
|
|
|
|
|
|
def test_register_unauth(client):
|
|
json_payload = {"port":
|
|
"any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
|
|
"name": "dovecot", "protocol": "tcp"}
|
|
response = client.put("/register", json=json_payload)
|
|
|
|
assert response.json['error'] == 'Access Denied'
|
|
|
|
|
|
def test_unregister_valid(client, mocker):
|
|
def noop():
|
|
pass
|
|
run_res = CompletedProcess(args=['true'], returncode=0)
|
|
run_res.stdout = pfctl_stdout_lines
|
|
run_res.check_returncode = noop
|
|
|
|
mocker.patch('jail2ban.pfctl.run', return_value=run_res)
|
|
|
|
valid_credentials = base64.b64encode(b"test.example.com:testpassword").decode("utf-8")
|
|
json_payload = {"port":
|
|
"any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
|
|
"name": "dovecot", "protocol": "tcp"}
|
|
|
|
response = client.delete("/register",
|
|
json=json_payload,
|
|
headers={"Authorization": "Basic " + valid_credentials})
|
|
|
|
assert response.json['action'] == 'stop'
|
|
|
|
|
|
def test_register_valid(client, mocker):
|
|
def noop():
|
|
pass
|
|
run_res = CompletedProcess(args=['true'], returncode=0)
|
|
run_res.stdout = pfctl_stdout_lines
|
|
run_res.check_returncode = noop
|
|
|
|
pfctl_run = mocker.patch('jail2ban.pfctl.run', return_value=run_res)
|
|
|
|
valid_credentials = base64.b64encode(b"test.example.com:testpassword").decode("utf-8")
|
|
json_payload = {"port":
|
|
"any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
|
|
"name": "dovecot", "protocol": "tcp"}
|
|
|
|
response = client.put("/register",
|
|
json=json_payload,
|
|
headers={"Authorization": "Basic " + valid_credentials})
|
|
|
|
pfctl_run_input_arg = pfctl_run.call_args_list[1][1]['input']
|
|
for existing_line in pfctl_stdout_lines.splitlines():
|
|
assert existing_line in pfctl_run_input_arg.splitlines()
|
|
|
|
assert response.json['action'] == 'start'
|
|
|
|
def test_register_valid_from_scratch(client, mocker):
|
|
def noop():
|
|
pass
|
|
run_res = CompletedProcess(args=['true'], returncode=0)
|
|
run_res.stdout = b''
|
|
run_res.check_returncode = noop
|
|
|
|
pfctl_run = mocker.patch('jail2ban.pfctl.run', return_value=run_res)
|
|
|
|
valid_credentials = base64.b64encode(b"test.example.com:testpassword").decode("utf-8")
|
|
json_payload = {"port":
|
|
"any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
|
|
"name": "dovecot", "protocol": "tcp"}
|
|
|
|
response = client.put("/register",
|
|
json=json_payload,
|
|
headers={"Authorization": "Basic " + valid_credentials})
|
|
|
|
pfctl_run_input_arg = pfctl_run.call_args_list[1][1]['input']
|
|
assert pfctl_run_input_arg == b'table <f2b-dovecot> persist counters\nblock quick proto tcp from <f2b-dovecot> to any port {pop3,pop3s,imap,imaps,submission,465,sieve}\n'
|
|
|
|
assert response.json['action'] == 'start'
|
|
|
|
|
|
def test_register_invalid(client, mocker):
|
|
def noop():
|
|
pass
|
|
run_res = CompletedProcess(args=['true'], returncode=0)
|
|
run_res.stdout = pfctl_stdout_lines
|
|
run_res.check_returncode = noop
|
|
|
|
mocker.patch('jail2ban.pfctl.run', return_value=run_res)
|
|
|
|
valid_credentials = base64.b64encode(b"test.example.com:testpassword").decode("utf-8")
|
|
json_payload = {"port":
|
|
"not a pf statement",
|
|
"name": "dovecot", "protocol": "tcp"}
|
|
|
|
response = client.put("/register",
|
|
json=json_payload,
|
|
headers={"Authorization": "Basic " + valid_credentials})
|
|
|
|
assert response.json['error'] == '"not a pf statement" is tainted'
|