jail2ban/tests/test_ban.py

import base64
from types import SimpleNamespace


def test_ban_ipv6(client, mocker):
    def noop():
        pass
    run_res = SimpleNamespace()
    run_res.stdout = b''
    run_res.stderr = b'1/1 addresses added.\n'
    run_res.returncode = 0
    run_res.check_returncode = noop

    mocker.patch('jail2ban.pfctl.run', return_value=run_res)

    valid_credentials = base64.b64encode(b"test.example.com:testpassword").decode("utf-8")
    json_payload = {"name": "sshd", "ip": "2001:db8::abad:cafe"}
    response = client.put("/ban",
                          json=json_payload,
                          headers={"Authorization": "Basic " + valid_credentials})

    assert response.json['operation'] == 'add'


def test_ban_ipv4(client, mocker):
    def noop():
        pass
    run_res = SimpleNamespace()
    run_res.stdout = b''
    run_res.stderr = b'1/1 addresses added.\n'
    run_res.returncode = 0
    run_res.check_returncode = noop

    mocker.patch('jail2ban.pfctl.run', return_value=run_res)

    valid_credentials = base64.b64encode(b"test.example.com:testpassword").decode("utf-8")
    json_payload = {"name": "sshd", "ip": "192.0.2.42"}
    response = client.put("/ban",
                          json=json_payload,
                          headers={"Authorization": "Basic " + valid_credentials})

    assert response.json['operation'] == 'add'

def test_ban_invalid(client, mocker):
    def noop():
        pass
    run_res = SimpleNamespace()
    run_res.stdout = b''
    run_res.stderr = b'1/1 addresses added.\n'
    run_res.returncode = 0
    run_res.check_returncode = noop

    mocker.patch('jail2ban.pfctl.run', return_value=run_res)

    valid_credentials = base64.b64encode(b"test.example.com:testpassword").decode("utf-8")
    json_payload = {"name": "sshd", "ip": "not:an::addr:ess"}
    response = client.put("/ban",
                          json=json_payload,
                          headers={"Authorization": "Basic " + valid_credentials})

    assert response.json['error'] == "'not:an::addr:ess' does not appear to be an IPv4 or IPv6 address"


def test_unban_ipv6(client, mocker):
    def noop():
        pass
    run_res = SimpleNamespace()
    run_res.stdout = b''
    run_res.stderr = b'1/1 addresses added.\n'
    run_res.returncode = 0
    run_res.check_returncode = noop

    mocker.patch('jail2ban.pfctl.run', return_value=run_res)

    valid_credentials = base64.b64encode(b"test.example.com:testpassword").decode("utf-8")
    json_payload = {"name": "sshd", "ip": "2001:db8::abad:cafe"}
    response = client.delete("/ban",
                             json=json_payload,
                             headers={"Authorization": "Basic " + valid_credentials})

    assert response.json['operation'] == 'delete'


def test_unban_ipv4(client, mocker):
    def noop():
        pass
    run_res = SimpleNamespace()
    run_res.stdout = b''
    run_res.stderr = b'1/1 addresses added.\n'
    run_res.returncode = 0
    run_res.check_returncode = noop

    mocker.patch('jail2ban.pfctl.run', return_value=run_res)

    valid_credentials = base64.b64encode(b"test.example.com:testpassword").decode("utf-8")
    json_payload = {"name": "sshd", "ip": "192.0.2.42"}
    response = client.delete("/ban",
                          json=json_payload,
                          headers={"Authorization": "Basic " + valid_credentials})

    assert response.json['operation'] == 'delete'