def test_no_dns_entries(self):
"""When the resolver doesn't have the DNS entries there it shouldn't
error. This is considered just an unknown person trying to get in.
"""
result = whitelist.filter_factory(self.conf)(self.app)
m_addr = self.create_patch(self.addr_path)
resp = result.__call__.request('/widget', method='POST')
self.assertTrue(m_addr.called_once)
self.assertTrue(isinstance(resp, webob.exc.HTTPForbidden))
def test_match_ok(self):
result = whitelist.filter_factory(self.conf)(self.app)
m_addr = self.create_patch(self.addr_path)
m_addr.return_value = self.good_ip
m_resolve = self.create_patch(self.resolver_path)
m_resolve.return_value = FakeResolver()
m_dns_rname = self.create_patch(self.dns_reverse)
m_dns_rname.side_effect = ['omg.widget.com']
resp = result.__call__.request('/widget', method='POST')
self.assertTrue(m_dns_rname.called_once)
self.assertTrue(m_resolve.called_once)
self.assertFalse(isinstance(resp, webob.exc.HTTPForbidden))
def test_no_fail_match_unknown_address_while_testing(self):
result = whitelist.filter_factory(self.testconf)(self.app)
m_addr = self.create_patch(self.addr_path)
m_addr.return_value = self.good_ip
m_resolve = self.create_patch(self.resolver_path)
m_resolve.return_value = FakeResolver()
m_dns_rname = self.create_patch(self.dns_reverse)
m_dns_rname.side_effect = [dns.exception.DNSException]
resp = result.__call__.request('/widget', method='POST')
self.assertTrue(m_dns_rname.called_once)
self.assertTrue(m_resolve.called_once)
self.assertFalse(isinstance(resp, webob.exc.HTTPForbidden))
def test_match_ok(self):
result = whitelist.filter_factory(self.conf)(self.app)
m_addr = self.create_patch(self.addr_path)
m_addr.return_value = self.good_ip
m_resolve = self.create_patch(self.resolver_path)
m_resolve.return_value = FakeResolver()
m_dns_rname = self.create_patch(self.dns_reverse)
m_dns_rname.side_effect = ['omg.widget.com']
resp = result.__call__.request('/widget', method='POST')
self.assertEqual(1, m_addr.call_count)
self.assertEqual(1, m_dns_rname.call_count)
self.assertEqual(1, m_resolve.call_count)
self.assertFalse(isinstance(resp, webob.exc.HTTPForbidden))
def test_no_fail_match_bad_name_while_testing(self):
result = whitelist.filter_factory(self.testconf)(self.app)
m_addr = self.create_patch(self.addr_path)
m_addr.return_value = self.good_ip
m_resolve = self.create_patch(self.resolver_path)
m_resolve.return_value = FakeResolver()
m_dns_rname = self.create_patch(self.dns_reverse)
m_dns_rname.side_effect = ['something.bad.com']
resp = result.__call__.request('/widget', method='POST')
self.assertEqual(1, m_addr.call_count)
self.assertEqual(1, m_dns_rname.call_count)
self.assertEqual(1, m_resolve.call_count)
self.assertFalse(isinstance(resp, webob.exc.HTTPForbidden))
def test_no_fail_match_unknown_address_while_testing(self):
result = whitelist.filter_factory(self.testconf)(self.app)
m_addr = self.create_patch(self.addr_path)
m_addr.return_value = self.good_ip
m_resolve = self.create_patch(self.resolver_path)
m_resolve.return_value = FakeResolver()
m_dns_rname = self.create_patch(self.dns_reverse)
m_dns_rname.side_effect = [dns.exception.DNSException]
resp = result.__call__.request('/widget', method='POST')
self.assertEqual(1, m_addr.call_count)
self.assertEqual(1, m_dns_rname.call_count)
self.assertEqual(1, m_resolve.call_count)
self.assertFalse(isinstance(resp, webob.exc.HTTPForbidden))
def test_fail_with_empty_forwarded_header(self):
result = whitelist.filter_factory(self.conf)(self.app)
m_addr = self.create_patch(self.addr_path)
m_addr.return_value = self.bad_ip
m_resolve = self.create_patch(self.resolver_path)
m_resolve.return_value = FakeResolver()
m_dns_rname = self.create_patch(self.dns_reverse)
m_dns_rname.side_effect = ['omg.widget.com']
headers = {'X-Forwarded-For': ''}
resp = result.__call__.request('/widget', method='POST',
headers=headers)
self.assertTrue(m_dns_rname.called_once)
self.assertTrue(m_resolve.called_once)
self.assertTrue(isinstance(resp, webob.exc.HTTPForbidden))
def test_runtime_overrides(self):
self.set_reconfigure()
result = whitelist.filter_factory(self.conf)(self.app)
m_addr = self.create_patch(self.addr_path)
m_addr.return_value = self.good_ip
m_resolve = self.create_patch(self.resolver_path)
m_resolve.return_value = FakeResolver()
m_dns_rname = self.create_patch(self.dns_reverse)
m_dns_rname.side_effect = ['omg.widget.com']
headers = {'X_WAFFLEHAUS_DNSWHITELIST_ENABLED': False}
result.__call__.request('/widget', method='POST', headers=headers)
self.assertEqual(0, m_addr.call_count)
self.assertEqual(0, m_dns_rname.call_count)
self.assertEqual(0, m_resolve.call_count)
def test_runtime_overrides(self):
self.set_reconfigure()
result = whitelist.filter_factory(self.conf)(self.app)
m_addr = self.create_patch(self.addr_path)
m_addr.return_value = self.good_ip
m_resolve = self.create_patch(self.resolver_path)
m_resolve.return_value = FakeResolver()
m_dns_rname = self.create_patch(self.dns_reverse)
m_dns_rname.side_effect = ['omg.widget.com']
headers = {'X_WAFFLEHAUS_DNSWHITELIST_ENABLED': False}
result.__call__.request('/widget', method='POST',
headers=headers)
self.assertEqual(0, m_addr.call_count)
self.assertEqual(0, m_dns_rname.call_count)
self.assertEqual(0, m_resolve.call_count)
def test_match_ok_with_forwarded_header(self):
result = whitelist.filter_factory(self.conf)(self.app)
m_addr = self.create_patch(self.addr_path)
m_addr.return_value = self.bad_ip
m_resolve = self.create_patch(self.resolver_path)
m_resolve.return_value = FakeResolver()
m_dns_rname = self.create_patch(self.dns_reverse)
m_dns_rname.side_effect = ['omg.widget.com']
ip_list = [self.good_ip, self.bad_ip]
headers = {'X-Forwarded-For': ','.join(ip_list)}
resp = result.__call__.request('/widget', method='POST',
headers=headers)
self.assertEqual(1, m_addr.call_count)
self.assertEqual(1, m_dns_rname.call_count)
self.assertEqual(1, m_resolve.call_count)
self.assertFalse(isinstance(resp, webob.exc.HTTPForbidden))
def test_fail_with_empty_forwarded_header(self):
result = whitelist.filter_factory(self.conf)(self.app)
m_addr = self.create_patch(self.addr_path)
m_addr.return_value = self.bad_ip
m_resolve = self.create_patch(self.resolver_path)
m_resolve.return_value = FakeResolver()
m_dns_rname = self.create_patch(self.dns_reverse)
m_dns_rname.side_effect = ['omg.widget.com']
headers = {'X-Forwarded-For': ''}
resp = result.__call__.request('/widget',
method='POST',
headers=headers)
self.assertEqual(1, m_addr.call_count)
self.assertEqual(1, m_dns_rname.call_count)
self.assertEqual(1, m_resolve.call_count)
self.assertTrue(isinstance(resp, webob.exc.HTTPForbidden))
def test_create_dns_filter(self):
result = whitelist.filter_factory(self.conf)(self.app)
self.assertIsNotNone(result)
def test_create_dns_filter_not_enabled_by_default(self):
result = whitelist.filter_factory(self.conf_disabled)(self.app)
self.assertIsNotNone(result)
self.assertFalse(result.enabled)
def test_create_dns_filter(self):
result = whitelist.filter_factory(self.conf)(self.app)
self.assertIsNotNone(result)
def test_no_fail_no_dns_entries_while_testing(self):
result = whitelist.filter_factory(self.testconf)(self.app)
m_addr = self.create_patch(self.addr_path)
resp = result.__call__.request('/widget', method='POST')
self.assertEqual(1, m_addr.call_count)
self.assertFalse(isinstance(resp, webob.exc.HTTPForbidden))
def test_no_whitelist_error(self):
result = whitelist.filter_factory({'enabled': 'true'})(self.app)
resp = result.__call__.request('/widget', method='POST')
self.assertTrue(isinstance(resp, webob.exc.HTTPInternalServerError))
def test_no_dns_entries(self):
result = whitelist.filter_factory(self.conf)(self.app)
m_addr = self.create_patch(self.addr_path)
resp = result.__call__.request('/widget', method='POST')
self.assertTrue(m_addr.called_once)
self.assertTrue(isinstance(resp, webob.exc.HTTPForbidden))
def test_no_fail_no_dns_entries_while_testing(self):
result = whitelist.filter_factory(self.testconf)(self.app)
m_addr = self.create_patch(self.addr_path)
resp = result.__call__.request('/widget', method='POST')
self.assertEqual(1, m_addr.call_count)
self.assertFalse(isinstance(resp, webob.exc.HTTPForbidden))
def test_no_dns_entries(self):
result = whitelist.filter_factory(self.conf)(self.app)
m_addr = self.create_patch(self.addr_path)
resp = result.__call__.request('/widget', method='POST')
self.assertTrue(m_addr.called_once)
self.assertTrue(isinstance(resp, webob.exc.HTTPForbidden))
def test_create_dns_filter_not_enabled_by_default(self):
result = whitelist.filter_factory(self.conf_disabled)(self.app)
self.assertIsNotNone(result)
self.assertFalse(result.enabled)
def test_no_whitelist_error(self):
result = whitelist.filter_factory({'enabled': 'true'})(self.app)
resp = result.__call__.request('/widget', method='POST')
self.assertTrue(isinstance(resp, webob.exc.HTTPInternalServerError))
