def test_valid_wildcard(self):
test_inputs = {
'reject *:*': (True, True),
'reject *:80': (True, False),
'accept 192.168.0.1:*': (False, True),
'accept 192.168.0.1:80': (False, False),
'reject *4:*': (False, True),
'reject *6:*': (False, True),
'reject6 *4:*': (False, True),
'reject6 *6:*': (False, True),
'reject 127.0.0.1/0:*': (False, True),
'reject 127.0.0.1/0.0.0.0:*': (False, True),
'reject 127.0.0.1/16:*': (False, True),
'reject 127.0.0.1/32:*': (False, True),
'reject [0000:0000:0000:0000:0000:0000:0000:0000]/0:80':
(False, False),
'reject [0000:0000:0000:0000:0000:0000:0000:0000]/64:80':
(False, False),
'reject [0000:0000:0000:0000:0000:0000:0000:0000]/128:80':
(False, False),
'reject6 *:*': (False, True),
'reject6 *:80': (False, False),
'reject6 [0000:0000:0000:0000:0000:0000:0000:0000]/128:80':
(False, False),
'accept 192.168.0.1:0-65535': (False, True),
'accept 192.168.0.1:1-65535': (False, True),
'accept 192.168.0.1:2-65535': (False, False),
'accept 192.168.0.1:1-65534': (False, False),
}
for rule_arg, attr in test_inputs.items():
is_address_wildcard, is_port_wildcard = attr
rule = ExitPolicyRule(rule_arg)
self.assertEqual(
is_address_wildcard, rule.is_address_wildcard(),
'%s (wildcard expected %s and actually %s)' %
(rule_arg, is_address_wildcard, rule.is_address_wildcard()))
self.assertEqual(is_port_wildcard, rule.is_port_wildcard())
# check that when appropriate a /0 is reported as *not* being a wildcard
rule = ExitPolicyRule('reject 127.0.0.1/0:*')
rule._submask_wildcard = False
self.assertEqual(False, rule.is_address_wildcard())
rule = ExitPolicyRule(
'reject [0000:0000:0000:0000:0000:0000:0000:0000]/0:80')
rule._submask_wildcard = False
self.assertEqual(False, rule.is_address_wildcard())
def test_valid_wildcard(self):
test_inputs = {
'reject *:*': (True, True),
'reject *:80': (True, False),
'accept 192.168.0.1:*': (False, True),
'accept 192.168.0.1:80': (False, False),
'reject *4:*': (False, True),
'reject *6:*': (False, True),
'reject6 *4:*': (False, True),
'reject6 *6:*': (False, True),
'reject 127.0.0.1/0:*': (False, True),
'reject 127.0.0.1/0.0.0.0:*': (False, True),
'reject 127.0.0.1/16:*': (False, True),
'reject 127.0.0.1/32:*': (False, True),
'reject [0000:0000:0000:0000:0000:0000:0000:0000]/0:80': (False, False),
'reject [0000:0000:0000:0000:0000:0000:0000:0000]/64:80': (False, False),
'reject [0000:0000:0000:0000:0000:0000:0000:0000]/128:80': (False, False),
'reject6 *:*': (False, True),
'reject6 *:80': (False, False),
'reject6 [0000:0000:0000:0000:0000:0000:0000:0000]/128:80': (False, False),
'accept 192.168.0.1:0-65535': (False, True),
'accept 192.168.0.1:1-65535': (False, True),
'accept 192.168.0.1:2-65535': (False, False),
'accept 192.168.0.1:1-65534': (False, False),
}
for rule_arg, attr in test_inputs.items():
is_address_wildcard, is_port_wildcard = attr
rule = ExitPolicyRule(rule_arg)
self.assertEqual(is_address_wildcard, rule.is_address_wildcard(), '%s (wildcard expected %s and actually %s)' % (rule_arg, is_address_wildcard, rule.is_address_wildcard()))
self.assertEqual(is_port_wildcard, rule.is_port_wildcard())
# check that when appropriate a /0 is reported as *not* being a wildcard
rule = ExitPolicyRule('reject 127.0.0.1/0:*')
rule._submask_wildcard = False
self.assertEqual(False, rule.is_address_wildcard())
rule = ExitPolicyRule('reject [0000:0000:0000:0000:0000:0000:0000:0000]/0:80')
rule._submask_wildcard = False
self.assertEqual(False, rule.is_address_wildcard())
def test_valid_wildcard(self):
test_inputs = {
"reject *:*": (True, True),
"reject *:80": (True, False),
"accept 192.168.0.1:*": (False, True),
"accept 192.168.0.1:80": (False, False),
"reject 127.0.0.1/0:*": (True, True),
"reject 127.0.0.1/0.0.0.0:*": (True, True),
"reject 127.0.0.1/16:*": (False, True),
"reject 127.0.0.1/32:*": (False, True),
"reject [0000:0000:0000:0000:0000:0000:0000:0000]/0:80":
(True, False),
"reject [0000:0000:0000:0000:0000:0000:0000:0000]/64:80":
(False, False),
"reject [0000:0000:0000:0000:0000:0000:0000:0000]/128:80":
(False, False),
"accept 192.168.0.1:0-65535": (False, True),
"accept 192.168.0.1:1-65535": (False, True),
"accept 192.168.0.1:2-65535": (False, False),
"accept 192.168.0.1:1-65534": (False, False),
}
for rule_arg, attr in test_inputs.items():
is_address_wildcard, is_port_wildcard = attr
rule = ExitPolicyRule(rule_arg)
self.assertEquals(is_address_wildcard, rule.is_address_wildcard())
self.assertEquals(is_port_wildcard, rule.is_port_wildcard())
# check that when appropriate a /0 is reported as *not* being a wildcard
rule = ExitPolicyRule("reject 127.0.0.1/0:*")
rule._submask_wildcard = False
self.assertEquals(False, rule.is_address_wildcard())
rule = ExitPolicyRule(
"reject [0000:0000:0000:0000:0000:0000:0000:0000]/0:80")
rule._submask_wildcard = False
self.assertEquals(False, rule.is_address_wildcard())
def test_valid_wildcard(self):
test_inputs = {
"reject *:*": (True, True),
"reject *:80": (True, False),
"accept 192.168.0.1:*": (False, True),
"accept 192.168.0.1:80": (False, False),
"reject 127.0.0.1/0:*": (True, True),
"reject 127.0.0.1/0.0.0.0:*": (True, True),
"reject 127.0.0.1/16:*": (False, True),
"reject 127.0.0.1/32:*": (False, True),
"reject [0000:0000:0000:0000:0000:0000:0000:0000]/0:80": (True, False),
"reject [0000:0000:0000:0000:0000:0000:0000:0000]/64:80": (False, False),
"reject [0000:0000:0000:0000:0000:0000:0000:0000]/128:80": (False, False),
"accept 192.168.0.1:0-65535": (False, True),
"accept 192.168.0.1:1-65535": (False, True),
"accept 192.168.0.1:2-65535": (False, False),
"accept 192.168.0.1:1-65534": (False, False),
}
for rule_arg, attr in test_inputs.items():
is_address_wildcard, is_port_wildcard = attr
rule = ExitPolicyRule(rule_arg)
self.assertEquals(is_address_wildcard, rule.is_address_wildcard())
self.assertEquals(is_port_wildcard, rule.is_port_wildcard())
# check that when appropriate a /0 is reported as *not* being a wildcard
rule = ExitPolicyRule("reject 127.0.0.1/0:*")
rule._submask_wildcard = False
self.assertEquals(False, rule.is_address_wildcard())
rule = ExitPolicyRule("reject [0000:0000:0000:0000:0000:0000:0000:0000]/0:80")
rule._submask_wildcard = False
self.assertEquals(False, rule.is_address_wildcard())
def test_is_match_wildcard(self):
test_inputs = {
'reject *:*': {
('192.168.0.1', 80): True,
('0.0.0.0', 80): True,
('255.255.255.255', 80): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): True,
('[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]', 80): True,
('192.168.0.1', None): True,
(None, 80, False): True,
(None, 80, True): True,
(None, None, False): True,
(None, None, True): True,
},
'reject 255.255.255.255/0:*': {
('192.168.0.1', 80): True,
('0.0.0.0', 80): True,
('255.255.255.255', 80): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): False,
('[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]', 80): False,
('192.168.0.1', None): True,
(None, 80, False): False,
(None, 80, True): True,
(None, None, False): False,
(None, None, True): True,
},
'reject *4:*': {
('192.168.0.1', 80): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): False,
},
'reject *6:*': {
('192.168.0.1', 80): False,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): True,
},
}
for rule_arg, matches in test_inputs.items():
rule = ExitPolicyRule(rule_arg)
rule._submask_wildcard = False
for match_args, expected_result in matches.items():
self.assertEqual(expected_result, rule.is_match(*match_args))
# port zero is special in that exit policies can include it, but it's not
# something that we can match against
rule = ExitPolicyRule('reject *:*')
self.assertRaises(ValueError, rule.is_match, '127.0.0.1', 0)
def test_is_match_wildcard(self):
test_inputs = {
'reject *:*': {
('192.168.0.1', 80): True,
('0.0.0.0', 80): True,
('255.255.255.255', 80): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): True,
('[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]', 80): True,
('192.168.0.1', None): True,
(None, 80, False): True,
(None, 80, True): True,
(None, None, False): True,
(None, None, True): True,
},
'reject 255.255.255.255/0:*': {
('192.168.0.1', 80): True,
('0.0.0.0', 80): True,
('255.255.255.255', 80): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): False,
('[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]', 80): False,
('192.168.0.1', None): True,
(None, 80, False): False,
(None, 80, True): True,
(None, None, False): False,
(None, None, True): True,
},
'reject *4:*': {
('192.168.0.1', 80): True,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): False,
},
'reject *6:*': {
('192.168.0.1', 80): False,
('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): True,
},
}
for rule_arg, matches in test_inputs.items():
rule = ExitPolicyRule(rule_arg)
rule._submask_wildcard = False
for match_args, expected_result in matches.items():
self.assertEqual(expected_result, rule.is_match(*match_args))
# port zero is special in that exit policies can include it, but it's not
# something that we can match against
rule = ExitPolicyRule('reject *:*')
self.assertRaises(ValueError, rule.is_match, '127.0.0.1', 0)
def test_is_match_wildcard(self):
test_inputs = {
"reject *:*": {
("192.168.0.1", 80): True,
("0.0.0.0", 80): True,
("255.255.255.255", 80): True,
("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", 80): True,
("[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]", 80): True,
("192.168.0.1", None): True,
(None, 80, False): True,
(None, 80, True): True,
(None, None, False): True,
(None, None, True): True,
},
"reject 255.255.255.255/0:*": {
("192.168.0.1", 80): True,
("0.0.0.0", 80): True,
("255.255.255.255", 80): True,
("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", 80): False,
("[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]", 80): False,
("192.168.0.1", None): True,
(None, 80, False): True,
(None, 80, True): False,
(None, None, False): True,
(None, None, True): False,
},
}
for rule_arg, matches in test_inputs.items():
rule = ExitPolicyRule(rule_arg)
rule._submask_wildcard = False
for match_args, expected_result in matches.items():
self.assertEquals(expected_result, rule.is_match(*match_args))
# port zero is special in that exit policies can include it, but it's not
# something that we can match against
rule = ExitPolicyRule("reject *:*")
self.assertRaises(ValueError, rule.is_match, "127.0.0.1", 0)
def test_is_match_wildcard(self):
test_inputs = {
"reject *:*": {
("192.168.0.1", 80): True,
("0.0.0.0", 80): True,
("255.255.255.255", 80): True,
("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", 80): True,
("[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]", 80): True,
("192.168.0.1", None): True,
(None, 80, False): True,
(None, 80, True): True,
(None, None, False): True,
(None, None, True): True,
},
"reject 255.255.255.255/0:*": {
("192.168.0.1", 80): True,
("0.0.0.0", 80): True,
("255.255.255.255", 80): True,
("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", 80): False,
("[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]", 80): False,
("192.168.0.1", None): True,
(None, 80, False): True,
(None, 80, True): False,
(None, None, False): True,
(None, None, True): False,
},
}
for rule_arg, matches in test_inputs.items():
rule = ExitPolicyRule(rule_arg)
rule._submask_wildcard = False
for match_args, expected_result in matches.items():
self.assertEquals(expected_result, rule.is_match(*match_args))
# port zero is special in that exit policies can include it, but it's not
# something that we can match against
rule = ExitPolicyRule("reject *:*")
self.assertRaises(ValueError, rule.is_match, "127.0.0.1", 0)