jail2ban/tests/test_register.py

import base64
from subprocess import CompletedProcess

pfctl_stdout_lines = b'''block drop quick proto tcp from <f2b-sendmail-auth> to any port = submission
block drop quick proto tcp from <f2b-sendmail-auth> to any port = smtps
block drop quick proto tcp from <f2b-sendmail-auth> to any port = smtp
block drop quick proto tcp from <f2b-sshd> to any port = ssh
block drop quick proto tcp from <f2b-recidive> to any
'''


def test_register_unauth(client):
    json_payload = {"port":
                    "any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
                    "name": "dovecot", "protocol": "tcp"}
    response = client.put("/register", json=json_payload)

    assert response.json['error'] == 'Access Denied'


def test_unregister_valid(client, mocker):
    def noop():
        pass
    run_res = CompletedProcess(args=['true'], returncode=0)
    run_res.stdout = pfctl_stdout_lines
    run_res.check_returncode = noop

    mocker.patch('jail2ban.pfctl.run', return_value=run_res)

    valid_credentials = base64.b64encode(b"test.example.com:testpassword").decode("utf-8")
    json_payload = {"port":
                    "any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
                    "name": "dovecot", "protocol": "tcp"}

    response = client.delete("/register",
                             json=json_payload,
                             headers={"Authorization": "Basic " + valid_credentials})

    assert response.json['action'] == 'stop'


def test_register_valid(client, mocker):
    def noop():
        pass
    run_res = CompletedProcess(args=['true'], returncode=0)
    run_res.stdout = pfctl_stdout_lines
    run_res.check_returncode = noop

    pfctl_run = mocker.patch('jail2ban.pfctl.run', return_value=run_res)

    valid_credentials = base64.b64encode(b"test.example.com:testpassword").decode("utf-8")
    json_payload = {"port":
                    "any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
                    "name": "dovecot", "protocol": "tcp"}

    response = client.put("/register",
                          json=json_payload,
                          headers={"Authorization": "Basic " + valid_credentials})

    pfctl_run_input_arg = pfctl_run.call_args_list[1][1]['input']
    for existing_line in pfctl_stdout_lines.splitlines():
        assert existing_line in pfctl_run_input_arg.splitlines()

    assert response.json['action'] == 'start'


def test_register_invalid(client, mocker):
    def noop():
        pass
    run_res = CompletedProcess(args=['true'], returncode=0)
    run_res.stdout = pfctl_stdout_lines
    run_res.check_returncode = noop

    mocker.patch('jail2ban.pfctl.run', return_value=run_res)

    valid_credentials = base64.b64encode(b"test.example.com:testpassword").decode("utf-8")
    json_payload = {"port":
                    "not a pf statement",
                    "name": "dovecot", "protocol": "tcp"}

    response = client.put("/register",
                          json=json_payload,
                          headers={"Authorization": "Basic " + valid_credentials})

    assert response.json['error'] == '"not a pf statement" is tainted'