def test_is_match_port(self): test_inputs = { 'reject *:80': { ('192.168.0.50', 80): True, ('192.168.0.50', 81): False, ('192.168.0.50', 79): False, (None, 80): True, ('192.168.0.50', None, False): True, ('192.168.0.50', None, True): False, }, 'reject *:80-85': { ('192.168.0.50', 79): False, ('192.168.0.50', 80): True, ('192.168.0.50', 83): True, ('192.168.0.50', 85): True, ('192.168.0.50', 86): False, (None, 83): True, ('192.168.0.50', None, False): True, ('192.168.0.50', None, True): False, }, } for rule_arg, matches in test_inputs.items(): rule = ExitPolicyRule(rule_arg) for match_args, expected_result in matches.items(): self.assertEqual(expected_result, rule.is_match(*match_args))
def test_is_match_ipv4(self): test_inputs = { 'reject 192.168.0.50:*': { ('192.168.0.50', 80): True, ('192.168.0.51', 80): False, ('192.168.0.49', 80): False, (None, 80, False): True, (None, 80, True): False, ('192.168.0.50', None): True, }, 'reject 0.0.0.0/24:*': { ('0.0.0.0', 80): True, ('0.0.0.1', 80): True, ('0.0.0.255', 80): True, ('0.0.1.0', 80): False, ('0.1.0.0', 80): False, ('1.0.0.0', 80): False, (None, 80, False): True, (None, 80, True): False, ('0.0.0.0', None): True, }, } for rule_arg, matches in test_inputs.items(): rule = ExitPolicyRule(rule_arg) for match_args, expected_result in matches.items(): self.assertEqual(expected_result, rule.is_match(*match_args))
def test_is_match_ipv6(self): test_inputs = { 'reject [FE80:0000:0000:0000:0202:B3FF:FE1E:8329]:*': { ('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): True, ('fe80:0000:0000:0000:0202:b3ff:fe1e:8329', 80): True, ('[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]', 80): True, ('FE80:0000:0000:0000:0202:B3FF:FE1E:8330', 80): False, ('FE80:0000:0000:0000:0202:B3FF:FE1E:8328', 80): False, (None, 80, False): True, (None, 80, True): False, ('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', None): True, }, 'reject [FE80:0000:0000:0000:0202:B3FF:FE1E:8329]/112:*': { ('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): True, ('FE80:0000:0000:0000:0202:B3FF:FE1E:0000', 80): True, ('FE80:0000:0000:0000:0202:B3FF:FE1E:FFFF', 80): True, ('FE80:0000:0000:0000:0202:B3FF:FE1F:8329', 80): False, ('FE81:0000:0000:0000:0202:B3FF:FE1E:8329', 80): False, (None, 80, False): True, (None, 80, True): False, ('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', None, False): True, ('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', None, True): True, }, } for rule_arg, matches in test_inputs.items(): rule = ExitPolicyRule(rule_arg) for match_args, expected_result in matches.items(): self.assertEqual(expected_result, rule.is_match(*match_args))
def test_is_match_ipv6(self): test_inputs = { 'reject [FE80:0000:0000:0000:0202:B3FF:FE1E:8329]:*': { ('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): True, ('fe80:0000:0000:0000:0202:b3ff:fe1e:8329', 80): True, ('[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]', 80): True, ('FE80:0000:0000:0000:0202:B3FF:FE1E:8330', 80): False, ('FE80:0000:0000:0000:0202:B3FF:FE1E:8328', 80): False, (None, 80, False): False, (None, 80, True): True, ('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', None): True, }, 'reject [FE80:0000:0000:0000:0202:B3FF:FE1E:8329]/112:*': { ('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): True, ('FE80:0000:0000:0000:0202:B3FF:FE1E:0000', 80): True, ('FE80:0000:0000:0000:0202:B3FF:FE1E:FFFF', 80): True, ('FE80:0000:0000:0000:0202:B3FF:FE1F:8329', 80): False, ('FE81:0000:0000:0000:0202:B3FF:FE1E:8329', 80): False, (None, 80, False): False, (None, 80, True): True, ('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', None, False): True, ('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', None, True): True, }, } for rule_arg, matches in test_inputs.items(): rule = ExitPolicyRule(rule_arg) for match_args, expected_result in matches.items(): self.assertEqual(expected_result, rule.is_match(*match_args))
def test_is_match_port(self): test_inputs = { 'reject *:80': { ('192.168.0.50', 80): True, ('192.168.0.50', 81): False, ('192.168.0.50', 79): False, (None, 80): True, ('192.168.0.50', None, False): False, ('192.168.0.50', None, True): True, }, 'reject *:80-85': { ('192.168.0.50', 79): False, ('192.168.0.50', 80): True, ('192.168.0.50', 83): True, ('192.168.0.50', 85): True, ('192.168.0.50', 86): False, (None, 83): True, ('192.168.0.50', None, False): False, ('192.168.0.50', None, True): True, }, } for rule_arg, matches in test_inputs.items(): rule = ExitPolicyRule(rule_arg) for match_args, expected_result in matches.items(): self.assertEqual(expected_result, rule.is_match(*match_args))
def test_is_match_ipv6(self): test_inputs = { "reject [FE80:0000:0000:0000:0202:B3FF:FE1E:8329]:*": { ("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", 80): True, ("fe80:0000:0000:0000:0202:b3ff:fe1e:8329", 80): True, ("[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]", 80): True, ("FE80:0000:0000:0000:0202:B3FF:FE1E:8330", 80): False, ("FE80:0000:0000:0000:0202:B3FF:FE1E:8328", 80): False, (None, 80, False): True, (None, 80, True): False, ("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", None): True, }, "reject [FE80:0000:0000:0000:0202:B3FF:FE1E:8329]/112:*": { ("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", 80): True, ("FE80:0000:0000:0000:0202:B3FF:FE1E:0000", 80): True, ("FE80:0000:0000:0000:0202:B3FF:FE1E:FFFF", 80): True, ("FE80:0000:0000:0000:0202:B3FF:FE1F:8329", 80): False, ("FE81:0000:0000:0000:0202:B3FF:FE1E:8329", 80): False, (None, 80, False): True, (None, 80, True): False, ("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", None, False): True, ("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", None, True): True, }, } for rule_arg, matches in test_inputs.items(): rule = ExitPolicyRule(rule_arg) for match_args, expected_result in matches.items(): self.assertEquals(expected_result, rule.is_match(*match_args))
def test_is_match_ipv4(self): test_inputs = { 'reject 192.168.0.50:*': { ('192.168.0.50', 80): True, ('192.168.0.51', 80): False, ('192.168.0.49', 80): False, (None, 80, False): False, (None, 80, True): True, ('192.168.0.50', None): True, }, 'reject 0.0.0.0/24:*': { ('0.0.0.0', 80): True, ('0.0.0.1', 80): True, ('0.0.0.255', 80): True, ('0.0.1.0', 80): False, ('0.1.0.0', 80): False, ('1.0.0.0', 80): False, (None, 80, False): False, (None, 80, True): True, ('0.0.0.0', None): True, }, } for rule_arg, matches in test_inputs.items(): rule = ExitPolicyRule(rule_arg) for match_args, expected_result in matches.items(): self.assertEqual(expected_result, rule.is_match(*match_args))
def test_is_match_wildcard(self): test_inputs = { "reject *:*": { ("192.168.0.1", 80): True, ("0.0.0.0", 80): True, ("255.255.255.255", 80): True, ("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", 80): True, ("[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]", 80): True, ("192.168.0.1", None): True, (None, 80): True, (None, None): True, }, "reject 255.255.255.255/0:*": { ("192.168.0.1", 80): True, ("0.0.0.0", 80): True, ("255.255.255.255", 80): True, ("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", 80): False, ("[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]", 80): False, ("192.168.0.1", None): True, (None, 80): False, (None, None): False, }, } for rule_arg, matches in test_inputs.items(): rule = ExitPolicyRule(rule_arg) for match_args, expected_result in matches.items(): self.assertEquals(expected_result, rule.is_match(*match_args)) # port zero is special in that exit policies can include it, but it's not # something that we can match against rule = ExitPolicyRule("reject *:*") self.assertRaises(ValueError, rule.is_match, "127.0.0.1", 0)
def test_is_match_ipv4(self): test_inputs = { "reject 192.168.0.50:*": { ("192.168.0.50", 80): True, ("192.168.0.51", 80): False, ("192.168.0.49", 80): False, (None, 80, False): True, (None, 80, True): False, ("192.168.0.50", None): True, }, "reject 0.0.0.0/24:*": { ("0.0.0.0", 80): True, ("0.0.0.1", 80): True, ("0.0.0.255", 80): True, ("0.0.1.0", 80): False, ("0.1.0.0", 80): False, ("1.0.0.0", 80): False, (None, 80, False): True, (None, 80, True): False, ("0.0.0.0", None): True, }, } for rule_arg, matches in test_inputs.items(): rule = ExitPolicyRule(rule_arg) for match_args, expected_result in matches.items(): self.assertEquals(expected_result, rule.is_match(*match_args))
def test_is_match_ipv6(self): test_inputs = { "reject [FE80:0000:0000:0000:0202:B3FF:FE1E:8329]:*": { ("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", 80): True, ("fe80:0000:0000:0000:0202:b3ff:fe1e:8329", 80): True, ("[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]", 80): True, ("FE80:0000:0000:0000:0202:B3FF:FE1E:8330", 80): False, ("FE80:0000:0000:0000:0202:B3FF:FE1E:8328", 80): False, (None, 80): False, ("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", None): True, }, "reject [FE80:0000:0000:0000:0202:B3FF:FE1E:8329]/112:*": { ("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", 80): True, ("FE80:0000:0000:0000:0202:B3FF:FE1E:0000", 80): True, ("FE80:0000:0000:0000:0202:B3FF:FE1E:FFFF", 80): True, ("FE80:0000:0000:0000:0202:B3FF:FE1F:8329", 80): False, ("FE81:0000:0000:0000:0202:B3FF:FE1E:8329", 80): False, (None, 80): False, ("FE80:0000:0000:0000:0202:B3FF:FE1E:8329", None): True, }, } for rule_arg, matches in test_inputs.items(): rule = ExitPolicyRule(rule_arg) for match_args, expected_result in matches.items(): self.assertEquals(expected_result, rule.is_match(*match_args))
def test_is_match_ipv4(self): test_inputs = { "reject 192.168.0.50:*": { ("192.168.0.50", 80): True, ("192.168.0.51", 80): False, ("192.168.0.49", 80): False, (None, 80): False, ("192.168.0.50", None): True, }, "reject 0.0.0.0/24:*": { ("0.0.0.0", 80): True, ("0.0.0.1", 80): True, ("0.0.0.255", 80): True, ("0.0.1.0", 80): False, ("0.1.0.0", 80): False, ("1.0.0.0", 80): False, (None, 80): False, ("0.0.0.0", None): True, }, } for rule_arg, matches in test_inputs.items(): rule = ExitPolicyRule(rule_arg) for match_args, expected_result in matches.items(): self.assertEquals(expected_result, rule.is_match(*match_args))
def test_ipv6_only_entries(self): # accept6/reject6 shouldn't match anything when given an ipv4 addresses rule = ExitPolicyRule('accept6 192.168.0.1/0:*') self.assertTrue(rule._skip_rule) self.assertFalse(rule.is_match('192.168.0.1')) self.assertFalse(rule.is_match('FE80:0000:0000:0000:0202:B3FF:FE1E:8329')) self.assertFalse(rule.is_match()) rule = ExitPolicyRule('accept6 *4:*') self.assertTrue(rule._skip_rule) # wildcards match all ipv6 but *not* ipv4 rule = ExitPolicyRule('accept6 *:*') self.assertTrue(rule.is_match('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 443)) self.assertFalse(rule.is_match('192.168.0.1', 443))
def test_ipv6_only_entries(self): # accept6/reject6 shouldn't match anything when given an ipv4 addresses rule = ExitPolicyRule('accept6 192.168.0.1/0:*') self.assertTrue(rule._skip_rule) self.assertFalse(rule.is_match('192.168.0.1')) self.assertFalse( rule.is_match('FE80:0000:0000:0000:0202:B3FF:FE1E:8329')) self.assertFalse(rule.is_match()) rule = ExitPolicyRule('accept6 *4:*') self.assertTrue(rule._skip_rule) # wildcards match all ipv6 but *not* ipv4 rule = ExitPolicyRule('accept6 *:*') self.assertTrue( rule.is_match('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 443)) self.assertFalse(rule.is_match('192.168.0.1', 443))
def test_is_match_wildcard(self): test_inputs = { 'reject *:*': { ('192.168.0.1', 80): True, ('0.0.0.0', 80): True, ('255.255.255.255', 80): True, ('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): True, ('[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]', 80): True, ('192.168.0.1', None): True, (None, 80, False): True, (None, 80, True): True, (None, None, False): True, (None, None, True): True, }, 'reject 255.255.255.255/0:*': { ('192.168.0.1', 80): True, ('0.0.0.0', 80): True, ('255.255.255.255', 80): True, ('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): False, ('[FE80:0000:0000:0000:0202:B3FF:FE1E:8329]', 80): False, ('192.168.0.1', None): True, (None, 80, False): False, (None, 80, True): True, (None, None, False): False, (None, None, True): True, }, 'reject *4:*': { ('192.168.0.1', 80): True, ('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): False, }, 'reject *6:*': { ('192.168.0.1', 80): False, ('FE80:0000:0000:0000:0202:B3FF:FE1E:8329', 80): True, }, } for rule_arg, matches in test_inputs.items(): rule = ExitPolicyRule(rule_arg) rule._submask_wildcard = False for match_args, expected_result in matches.items(): self.assertEqual(expected_result, rule.is_match(*match_args)) # port zero is special in that exit policies can include it, but it's not # something that we can match against rule = ExitPolicyRule('reject *:*') self.assertRaises(ValueError, rule.is_match, '127.0.0.1', 0)