def test_no_dns_entries(self): """When the resolver doesn't have the DNS entries there it shouldn't error. This is considered just an unknown person trying to get in. """ result = whitelist.filter_factory(self.conf)(self.app) m_addr = self.create_patch(self.addr_path) resp = result.__call__.request('/widget', method='POST') self.assertTrue(m_addr.called_once) self.assertTrue(isinstance(resp, webob.exc.HTTPForbidden))
def test_match_ok(self): result = whitelist.filter_factory(self.conf)(self.app) m_addr = self.create_patch(self.addr_path) m_addr.return_value = self.good_ip m_resolve = self.create_patch(self.resolver_path) m_resolve.return_value = FakeResolver() m_dns_rname = self.create_patch(self.dns_reverse) m_dns_rname.side_effect = ['omg.widget.com'] resp = result.__call__.request('/widget', method='POST') self.assertTrue(m_dns_rname.called_once) self.assertTrue(m_resolve.called_once) self.assertFalse(isinstance(resp, webob.exc.HTTPForbidden))
def test_no_fail_match_unknown_address_while_testing(self): result = whitelist.filter_factory(self.testconf)(self.app) m_addr = self.create_patch(self.addr_path) m_addr.return_value = self.good_ip m_resolve = self.create_patch(self.resolver_path) m_resolve.return_value = FakeResolver() m_dns_rname = self.create_patch(self.dns_reverse) m_dns_rname.side_effect = [dns.exception.DNSException] resp = result.__call__.request('/widget', method='POST') self.assertTrue(m_dns_rname.called_once) self.assertTrue(m_resolve.called_once) self.assertFalse(isinstance(resp, webob.exc.HTTPForbidden))
def test_match_ok(self): result = whitelist.filter_factory(self.conf)(self.app) m_addr = self.create_patch(self.addr_path) m_addr.return_value = self.good_ip m_resolve = self.create_patch(self.resolver_path) m_resolve.return_value = FakeResolver() m_dns_rname = self.create_patch(self.dns_reverse) m_dns_rname.side_effect = ['omg.widget.com'] resp = result.__call__.request('/widget', method='POST') self.assertEqual(1, m_addr.call_count) self.assertEqual(1, m_dns_rname.call_count) self.assertEqual(1, m_resolve.call_count) self.assertFalse(isinstance(resp, webob.exc.HTTPForbidden))
def test_no_fail_match_bad_name_while_testing(self): result = whitelist.filter_factory(self.testconf)(self.app) m_addr = self.create_patch(self.addr_path) m_addr.return_value = self.good_ip m_resolve = self.create_patch(self.resolver_path) m_resolve.return_value = FakeResolver() m_dns_rname = self.create_patch(self.dns_reverse) m_dns_rname.side_effect = ['something.bad.com'] resp = result.__call__.request('/widget', method='POST') self.assertEqual(1, m_addr.call_count) self.assertEqual(1, m_dns_rname.call_count) self.assertEqual(1, m_resolve.call_count) self.assertFalse(isinstance(resp, webob.exc.HTTPForbidden))
def test_no_fail_match_unknown_address_while_testing(self): result = whitelist.filter_factory(self.testconf)(self.app) m_addr = self.create_patch(self.addr_path) m_addr.return_value = self.good_ip m_resolve = self.create_patch(self.resolver_path) m_resolve.return_value = FakeResolver() m_dns_rname = self.create_patch(self.dns_reverse) m_dns_rname.side_effect = [dns.exception.DNSException] resp = result.__call__.request('/widget', method='POST') self.assertEqual(1, m_addr.call_count) self.assertEqual(1, m_dns_rname.call_count) self.assertEqual(1, m_resolve.call_count) self.assertFalse(isinstance(resp, webob.exc.HTTPForbidden))
def test_fail_with_empty_forwarded_header(self): result = whitelist.filter_factory(self.conf)(self.app) m_addr = self.create_patch(self.addr_path) m_addr.return_value = self.bad_ip m_resolve = self.create_patch(self.resolver_path) m_resolve.return_value = FakeResolver() m_dns_rname = self.create_patch(self.dns_reverse) m_dns_rname.side_effect = ['omg.widget.com'] headers = {'X-Forwarded-For': ''} resp = result.__call__.request('/widget', method='POST', headers=headers) self.assertTrue(m_dns_rname.called_once) self.assertTrue(m_resolve.called_once) self.assertTrue(isinstance(resp, webob.exc.HTTPForbidden))
def test_runtime_overrides(self): self.set_reconfigure() result = whitelist.filter_factory(self.conf)(self.app) m_addr = self.create_patch(self.addr_path) m_addr.return_value = self.good_ip m_resolve = self.create_patch(self.resolver_path) m_resolve.return_value = FakeResolver() m_dns_rname = self.create_patch(self.dns_reverse) m_dns_rname.side_effect = ['omg.widget.com'] headers = {'X_WAFFLEHAUS_DNSWHITELIST_ENABLED': False} result.__call__.request('/widget', method='POST', headers=headers) self.assertEqual(0, m_addr.call_count) self.assertEqual(0, m_dns_rname.call_count) self.assertEqual(0, m_resolve.call_count)
def test_match_ok_with_forwarded_header(self): result = whitelist.filter_factory(self.conf)(self.app) m_addr = self.create_patch(self.addr_path) m_addr.return_value = self.bad_ip m_resolve = self.create_patch(self.resolver_path) m_resolve.return_value = FakeResolver() m_dns_rname = self.create_patch(self.dns_reverse) m_dns_rname.side_effect = ['omg.widget.com'] ip_list = [self.good_ip, self.bad_ip] headers = {'X-Forwarded-For': ','.join(ip_list)} resp = result.__call__.request('/widget', method='POST', headers=headers) self.assertEqual(1, m_addr.call_count) self.assertEqual(1, m_dns_rname.call_count) self.assertEqual(1, m_resolve.call_count) self.assertFalse(isinstance(resp, webob.exc.HTTPForbidden))
def test_fail_with_empty_forwarded_header(self): result = whitelist.filter_factory(self.conf)(self.app) m_addr = self.create_patch(self.addr_path) m_addr.return_value = self.bad_ip m_resolve = self.create_patch(self.resolver_path) m_resolve.return_value = FakeResolver() m_dns_rname = self.create_patch(self.dns_reverse) m_dns_rname.side_effect = ['omg.widget.com'] headers = {'X-Forwarded-For': ''} resp = result.__call__.request('/widget', method='POST', headers=headers) self.assertEqual(1, m_addr.call_count) self.assertEqual(1, m_dns_rname.call_count) self.assertEqual(1, m_resolve.call_count) self.assertTrue(isinstance(resp, webob.exc.HTTPForbidden))
def test_create_dns_filter(self): result = whitelist.filter_factory(self.conf)(self.app) self.assertIsNotNone(result)
def test_create_dns_filter_not_enabled_by_default(self): result = whitelist.filter_factory(self.conf_disabled)(self.app) self.assertIsNotNone(result) self.assertFalse(result.enabled)
def test_no_fail_no_dns_entries_while_testing(self): result = whitelist.filter_factory(self.testconf)(self.app) m_addr = self.create_patch(self.addr_path) resp = result.__call__.request('/widget', method='POST') self.assertEqual(1, m_addr.call_count) self.assertFalse(isinstance(resp, webob.exc.HTTPForbidden))
def test_no_whitelist_error(self): result = whitelist.filter_factory({'enabled': 'true'})(self.app) resp = result.__call__.request('/widget', method='POST') self.assertTrue(isinstance(resp, webob.exc.HTTPInternalServerError))
def test_no_dns_entries(self): result = whitelist.filter_factory(self.conf)(self.app) m_addr = self.create_patch(self.addr_path) resp = result.__call__.request('/widget', method='POST') self.assertTrue(m_addr.called_once) self.assertTrue(isinstance(resp, webob.exc.HTTPForbidden))