def testRuleArrayInit(self): """ Test Rule Array Initialization. """ ssh_client = R.Rule(ipv=4, chain="OUTPUT", tcp={'dport': 22}) http_client = R.Rule(ipv=4, chain="OUTPUT", tcp={'dport': 80}) rarr = R.RuleArray(ssh_client, http_client) self.assertEqual(rarr[0], ssh_client) self.assertEqual(rarr[1], http_client) with self.assertRaises(TypeError): R.RuleArray(1, 2)
def testRuleArrayMatMul(self): """ Tests RuleArray Matrix Multiplication. """ route_lo = R.RuleArray( R.Rule(ipv=4, chain="OUTPUT", params={ 'src': '127.0.0.1', 'dst': '127.0.0.1' })) route_wifi = R.RuleArray( R.Rule(ipv=4, chain="OUTPUT", params={ 'src': '192.168.1.0/24', 'dst': '192.168.1.0/24' })) app_ssh = R.RuleArray( R.Rule(ipv=4, chain="OUTPUT", params={'protocol': 'tcp'}, tcp={'dport': 22})) app_http = R.RuleArray( R.Rule(ipv=4, chain="OUTPUT", params={'protocol': 'tcp'}, tcp={'dport': 80})) rarr_lo_http = route_lo * app_http rarr_lo_ssh = route_lo * app_ssh rarr_wifi_http = route_wifi * app_http rarr_wifi_ssh = route_wifi * app_ssh rule_list = [ rarr_lo_http[0], rarr_lo_ssh[0], rarr_wifi_http[0], rarr_wifi_ssh[0] ] route_all = route_lo + route_wifi app_all = app_ssh + app_http rarr = route_all * app_all self.assertEqual(len(rarr), 4) for rule in rule_list: self.assertIn(rule, rarr)
def testRuleMultiplication(self): """ Test Rule Array Multiplication. """ ssh_client = R.Rule(ipv=4, chain="OUTPUT", tcp={'dport': 22}) http_client = R.Rule(ipv=4, chain="OUTPUT", tcp={'dport': 80}) rarr = R.RuleArray(ssh_client, http_client) lo_route = R.Rule(ipv=4, chain="OUTPUT", params={ 'src': '127.0.0.1', 'dst': '127.0.0.1' }) rarr_lo = rarr * lo_route for rule in rarr: for key in ['src', 'dst']: self.assertEqual(rule.params[key], ipaddress.ip_network("0.0.0.0/0")) for rule in rarr_lo: for key in ['src', 'dst']: self.assertEqual(rule.params[key], lo_route.params[key]) with self.assertRaises(TypeError): rarr * list()
def testGetItem(self): """ Test __getitem__ with Rules. """ rule = R.RuleArray(R.Rule(chain="OUTPUT")) rule_flip = R.RuleArray(R.Rule(chain="INPUT")) topo = T.Topology(rule, rule_flip) self.assertEqual(topo[0], rule[0]) self.assertEqual(topo[1], rule_flip[0]) with self.assertRaises(IndexError): topo[2] with self.assertRaises(TypeError): topo['string']
def testMul(self): """ Test __mul__ with Rules""" rule = R.RuleArray(R.Rule(chain="OUTPUT")) rule_flip = R.RuleArray(R.Rule(chain="INPUT")) topo = T.Topology(rule, rule_flip) route = R.Rule(params={'src': '192.168.1.10', 'dst': '192.168.1.1'}) app = R.Rule(tcp={'dport': 22}) combo = route * app * rule[0] flip = combo.copy() flip.flip() rarr = topo * (route * app) self.assertEqual(rarr[0].dict(), combo.dict()) self.assertEqual(rarr[1].dict(), flip.dict()) self.assertEqual(len(rarr), 2)
def testMulTopology(self): rule = R.RuleArray(R.Rule(chain="OUTPUT")) rule_flip = R.RuleArray(R.Rule(chain="INPUT")) topo1 = T.Topology(rule, rule_flip) topo2 = T.Topology( R.RuleArray( R.Rule( params={'protocol': 'tcp'}, tcp={'dport': 54921})), # Scanner (server) connection to client R.RuleArray( R.Rule( params={'protocol': 'udp'}, udp={'dport': 54925}))) topo3 = (topo1 * topo2) self.assertEqual(topo3[0].dict()['chain'], "OUTPUT") self.assertEqual(topo3[0].dict()['tcp']['dport'], 54921) self.assertEqual(topo3[1].dict()['chain'], "OUTPUT") self.assertEqual(topo3[1].dict()['udp']['sport'], 54925) self.assertEqual(topo3[2].dict()['chain'], "INPUT") self.assertEqual(topo3[2].dict()['tcp']['sport'], 54921) self.assertEqual(topo3[3].dict()['chain'], "INPUT") self.assertEqual(topo3[3].dict()['udp']['dport'], 54925) # for r in topo3: # print('{}, {}, src: {}, dst: {}'.format( # r.dict()['chain'], # r.dict()['tcp'] if 'tcp' in r.dict() else r.dict()['udp'], # r.dict()['']['src'], # r.dict()['']['dst'], # )) rule = R.RuleArray(R.Rule(chain="OUTPUT")) rule_flip = R.RuleArray(R.Rule(chain="INPUT")) topo = T.Topology(rule, rule_flip) route = R.Rule(params={'src': '192.168.1.10', 'dst': '192.168.1.1'}) app = R.Rule(tcp={'dport': 22}) combo = route * app * rule[0] flip = combo.copy() flip.flip() rarr = (route * app) * topo self.assertEqual(rarr[0].dict(), combo.dict()) self.assertEqual(rarr[1].dict(), flip.dict())
def testRuleMultiplicationOverride(self): """ Tests Rule Multiplication LHS precedence. """ ssh_client = R.Rule(ipv=4, chain="OUTPUT", params={ 'src': '10.1.1.1', 'dst': '10.1.1.2' }, tcp={'dport': 22}) http_client = R.Rule(ipv=4, chain="OUTPUT", params={ 'src': '10.1.1.1', 'dst': '10.1.1.2' }, tcp={'dport': 80}) rarr = R.RuleArray(ssh_client, http_client) lo_route = R.Rule(ipv=4, chain="OUTPUT", params={ 'src': '127.0.0.1', 'dst': '127.0.0.1' }, tcp={'dport': 443}) rarr_no = rarr * lo_route rarr_lo = lo_route * rarr for rule_lo, rule_no in zip(rarr_lo, rarr_no): for key in ['src', 'dst']: self.assertEqual(rule_lo.params[key], lo_route.params[key]) self.assertNotEqual(rule_no.params[key], lo_route.params[key]) self.assertEqual(rule_lo.kwargs['tcp']['dport'], 443) self.assertNotEqual(rule_no.kwargs['tcp']['dport'], 443) with self.assertRaises(TypeError): list() * rarr