def testRuleArrayInit(self):
""" Test Rule Array Initialization. """
ssh_client = R.Rule(ipv=4, chain="OUTPUT", tcp={'dport': 22})
http_client = R.Rule(ipv=4, chain="OUTPUT", tcp={'dport': 80})
rarr = R.RuleArray(ssh_client, http_client)
self.assertEqual(rarr[0], ssh_client)
self.assertEqual(rarr[1], http_client)
with self.assertRaises(TypeError):
R.RuleArray(1, 2)
def testRuleArrayMatMul(self):
""" Tests RuleArray Matrix Multiplication. """
route_lo = R.RuleArray(
R.Rule(ipv=4,
chain="OUTPUT",
params={
'src': '127.0.0.1',
'dst': '127.0.0.1'
}))
route_wifi = R.RuleArray(
R.Rule(ipv=4,
chain="OUTPUT",
params={
'src': '192.168.1.0/24',
'dst': '192.168.1.0/24'
}))
app_ssh = R.RuleArray(
R.Rule(ipv=4,
chain="OUTPUT",
params={'protocol': 'tcp'},
tcp={'dport': 22}))
app_http = R.RuleArray(
R.Rule(ipv=4,
chain="OUTPUT",
params={'protocol': 'tcp'},
tcp={'dport': 80}))
rarr_lo_http = route_lo * app_http
rarr_lo_ssh = route_lo * app_ssh
rarr_wifi_http = route_wifi * app_http
rarr_wifi_ssh = route_wifi * app_ssh
rule_list = [
rarr_lo_http[0], rarr_lo_ssh[0], rarr_wifi_http[0],
rarr_wifi_ssh[0]
]
route_all = route_lo + route_wifi
app_all = app_ssh + app_http
rarr = route_all * app_all
self.assertEqual(len(rarr), 4)
for rule in rule_list:
self.assertIn(rule, rarr)
def testRuleMultiplication(self):
""" Test Rule Array Multiplication. """
ssh_client = R.Rule(ipv=4, chain="OUTPUT", tcp={'dport': 22})
http_client = R.Rule(ipv=4, chain="OUTPUT", tcp={'dport': 80})
rarr = R.RuleArray(ssh_client, http_client)
lo_route = R.Rule(ipv=4,
chain="OUTPUT",
params={
'src': '127.0.0.1',
'dst': '127.0.0.1'
})
rarr_lo = rarr * lo_route
for rule in rarr:
for key in ['src', 'dst']:
self.assertEqual(rule.params[key],
ipaddress.ip_network("0.0.0.0/0"))
for rule in rarr_lo:
for key in ['src', 'dst']:
self.assertEqual(rule.params[key], lo_route.params[key])
with self.assertRaises(TypeError):
rarr * list()
def testGetItem(self):
""" Test __getitem__ with Rules. """
rule = R.RuleArray(R.Rule(chain="OUTPUT"))
rule_flip = R.RuleArray(R.Rule(chain="INPUT"))
topo = T.Topology(rule, rule_flip)
self.assertEqual(topo[0], rule[0])
self.assertEqual(topo[1], rule_flip[0])
with self.assertRaises(IndexError):
topo[2]
with self.assertRaises(TypeError):
topo['string']
def testMul(self):
""" Test __mul__ with Rules"""
rule = R.RuleArray(R.Rule(chain="OUTPUT"))
rule_flip = R.RuleArray(R.Rule(chain="INPUT"))
topo = T.Topology(rule, rule_flip)
route = R.Rule(params={'src': '192.168.1.10',
'dst': '192.168.1.1'})
app = R.Rule(tcp={'dport': 22})
combo = route * app * rule[0]
flip = combo.copy()
flip.flip()
rarr = topo * (route * app)
self.assertEqual(rarr[0].dict(), combo.dict())
self.assertEqual(rarr[1].dict(), flip.dict())
self.assertEqual(len(rarr), 2)
def testMulTopology(self):
rule = R.RuleArray(R.Rule(chain="OUTPUT"))
rule_flip = R.RuleArray(R.Rule(chain="INPUT"))
topo1 = T.Topology(rule, rule_flip)
topo2 = T.Topology(
R.RuleArray(
R.Rule(
params={'protocol': 'tcp'},
tcp={'dport': 54921})),
# Scanner (server) connection to client
R.RuleArray(
R.Rule(
params={'protocol': 'udp'},
udp={'dport': 54925})))
topo3 = (topo1 * topo2)
self.assertEqual(topo3[0].dict()['chain'], "OUTPUT")
self.assertEqual(topo3[0].dict()['tcp']['dport'], 54921)
self.assertEqual(topo3[1].dict()['chain'], "OUTPUT")
self.assertEqual(topo3[1].dict()['udp']['sport'], 54925)
self.assertEqual(topo3[2].dict()['chain'], "INPUT")
self.assertEqual(topo3[2].dict()['tcp']['sport'], 54921)
self.assertEqual(topo3[3].dict()['chain'], "INPUT")
self.assertEqual(topo3[3].dict()['udp']['dport'], 54925)
# for r in topo3:
# print('{}, {}, src: {}, dst: {}'.format(
# r.dict()['chain'],
# r.dict()['tcp'] if 'tcp' in r.dict() else r.dict()['udp'],
# r.dict()['']['src'],
# r.dict()['']['dst'],
# ))
rule = R.RuleArray(R.Rule(chain="OUTPUT"))
rule_flip = R.RuleArray(R.Rule(chain="INPUT"))
topo = T.Topology(rule, rule_flip)
route = R.Rule(params={'src': '192.168.1.10',
'dst': '192.168.1.1'})
app = R.Rule(tcp={'dport': 22})
combo = route * app * rule[0]
flip = combo.copy()
flip.flip()
rarr = (route * app) * topo
self.assertEqual(rarr[0].dict(), combo.dict())
self.assertEqual(rarr[1].dict(), flip.dict())
def testRuleMultiplicationOverride(self):
""" Tests Rule Multiplication LHS precedence. """
ssh_client = R.Rule(ipv=4,
chain="OUTPUT",
params={
'src': '10.1.1.1',
'dst': '10.1.1.2'
},
tcp={'dport': 22})
http_client = R.Rule(ipv=4,
chain="OUTPUT",
params={
'src': '10.1.1.1',
'dst': '10.1.1.2'
},
tcp={'dport': 80})
rarr = R.RuleArray(ssh_client, http_client)
lo_route = R.Rule(ipv=4,
chain="OUTPUT",
params={
'src': '127.0.0.1',
'dst': '127.0.0.1'
},
tcp={'dport': 443})
rarr_no = rarr * lo_route
rarr_lo = lo_route * rarr
for rule_lo, rule_no in zip(rarr_lo, rarr_no):
for key in ['src', 'dst']:
self.assertEqual(rule_lo.params[key], lo_route.params[key])
self.assertNotEqual(rule_no.params[key], lo_route.params[key])
self.assertEqual(rule_lo.kwargs['tcp']['dport'], 443)
self.assertNotEqual(rule_no.kwargs['tcp']['dport'], 443)
with self.assertRaises(TypeError):
list() * rarr