Esempio n. 1
0
 def test_get_dst_port_alias(self, generic_rule: RuleTCPUDP):
     generic_rule.dst_port = -1
     assert generic_rule.dst_port_alias == "any"
     generic_rule.dst_port = 22
     assert generic_rule.dst_port_alias == "ssh"
     generic_rule.dst_port = 3859
     assert generic_rule.dst_port_alias == "3859"
Esempio n. 2
0
 def test_dst_comparator(self, generic_rule: RuleTCPUDP):
     assert generic_rule.dst_comp == ServiceComparator.EQUAL
     generic_rule.dst_comp = ServiceComparator.LESSER
     assert generic_rule.dst_comp == ServiceComparator.LESSER
     generic_rule.dst_comp = ">"
     assert generic_rule.dst_comp == ServiceComparator.GREATER
     with pytest.raises(ValueError):
         generic_rule.dst_comp = None
     with pytest.raises(ValueError):
         generic_rule.dst_comp = "<<"
Esempio n. 3
0
 def test_contains_tcpudp(self, generic_rule: RuleGeneric):
     ruletcpudp = RuleTCPUDP()
     ruletcpudp.src = "192.168.23.1"
     ruletcpudp.dst = "192.168.24.1"
     ruletcpudp.permit = True
     ruletcpudp.active = False
     ruletcpudp.objectid = 1234567
     ruletcpudp.is_access_rule = True
     ruletcpudp.logging.interval = 60
     ruletcpudp.logging.level = "Debugging"
     ruletcpudp.remark = "EIGRP Test Rule"
     ruletcpudp.position = 17
     assert ruletcpudp not in generic_rule
     generic_rule.protocol = 0
     assert ruletcpudp in generic_rule
Esempio n. 4
0
 def test_append_rules(self, asa):
     rules = []
     for i in range(1, 351):
         protocol = choice(["tcp", "udp"])
         if bool(getrandbits(1)):
             src = IPAddress(randint(0, 4294967295))
         else:
             src = IPNetwork(
                 f"{IPAddress(randint(0, 4294967295))}/{randint(0, 31)}"
             ).cidr
         if bool(getrandbits(1)):
             dst = IPAddress(randint(0, 4294967295))
         else:
             dst = IPNetwork(
                 f"{IPAddress(randint(0, 4294967295))}/{randint(0, 31)}"
             ).cidr
         dst_port = randint(1, 65535)
         src_comp = choice([comp for comp in ServiceComparator])
         dst_comp = choice([comp for comp in ServiceComparator])
         rule = RuleTCPUDP(protocol=protocol,
                           src=src,
                           dst=dst,
                           src_port=i,
                           dst_port=dst_port,
                           src_comp=src_comp,
                           dst_comp=dst_comp)
         rules.append(rule)
     asa.acl.append_rules(settings.test_acl, rules)
Esempio n. 5
0
 def test_to_dict(self, generic_rule: RuleTCPUDP):
     data = {'permit': True, 'sourceAddress': {'kind': 'IPv4Address', 'value': '192.168.23.31'},
             'destinationAddress': {'kind': 'IPv4Network', 'value': '192.168.24.0/24'},
             'sourceService': {'kind': 'NetworkProtocol', 'value': 'tcp'},
             'destinationService': {'kind': 'TcpUdpService', 'value': 'tcp/ssh'}, 'active': False,
             'remarks': ['SSH Test Rule'], 'ruleLogging': {'logStatus': 'Debugging', 'logInterval': 60},
             'position': 17, 'isAccessRule': True, 'objectId': 1234567}
     assert generic_rule.to_dict() == data
     generic_rule.src_port = 22
     generic_rule.dst_port = "any"
     data = {'permit': True, 'sourceAddress': {'kind': 'IPv4Address', 'value': '192.168.23.31'},
             'destinationAddress': {'kind': 'IPv4Network', 'value': '192.168.24.0/24'},
             'sourceService': {'kind': 'TcpUdpService', 'value': 'tcp/ssh'},
             'destinationService': {'kind': 'NetworkProtocol', 'value': 'tcp'}, 'active': False,
             'remarks': ['SSH Test Rule'], 'ruleLogging': {'logStatus': 'Debugging', 'logInterval': 60},
             'position': 17, 'isAccessRule': True, 'objectId': 1234567}
     assert generic_rule.to_dict() == data
Esempio n. 6
0
 def test_parse_port_json(self):
     data = {"kind": "NetworkProtocol", "value": "tcp"}
     assert RuleTCPUDP._parse_port_json(data) == ("tcp", "any", ServiceComparator.EQUAL)
     data = {"kind": "TcpUdpService", "value": ">udp/3456"}
     assert RuleTCPUDP._parse_port_json(data) == ("udp", 3456, ServiceComparator.GREATER)
     with pytest.raises(ValueError):
         RuleTCPUDP._parse_port_json({"kind": "TcpUdpService", "value": "udp/$%f!"})
     with pytest.raises(ValueError):
         RuleTCPUDP._parse_port_json({"kind": "TcpUdpService", "value": "<>tcp/ssh"})
     with pytest.raises(ValueError):
         RuleTCPUDP._parse_port_json({"kind": "TcpUdpService", "value": "tcp/!=22"})
Esempio n. 7
0
 def test_append_rule(self, asa):
     rule = RuleTCPUDP()
     rule.src = IPAddress(randint(0, 4294967295))
     rule.dst = IPAddress(randint(0, 4294967295))
     rule.src_port = randint(1, 65535)
     rule.dst_port = randint(1, 65535)
     asa.acl.append_rule(settings.test_acl, rule)
Esempio n. 8
0
 def test_set_dst_port(self, generic_rule: RuleTCPUDP):
     generic_rule.dst_port = "any"
     assert generic_rule.dst_port == -1
     generic_rule.dst_port = 53
     assert generic_rule.dst_port == 53
     generic_rule.dst_port = "any"
     assert generic_rule.dst_port == -1
     generic_rule.dst_port = "17"
     assert generic_rule.dst_port == 17
     with pytest.raises(ValueError):
         generic_rule.dst_port = "wrong"
     with pytest.raises(ValueError):
         generic_rule.dst_port = 0
     with pytest.raises(ValueError):
         generic_rule.dst_port = -2
     with pytest.raises(ValueError):
         generic_rule.dst_port = 65536
     with pytest.raises(TypeError):
         generic_rule.dst_port = None
Esempio n. 9
0
 def test_contains_other(self, generic_rule: RuleICMP):
     rule = RuleGeneric()
     rule.src = "192.168.23.31"
     rule.dst = "192.168.24.1"
     rule.permit = True
     rule.active = False
     assert rule not in generic_rule
     rule = RuleTCPUDP()
     rule.src = "192.168.23.31"
     rule.dst = "192.168.24.1"
     rule.permit = True
     rule.active = False
     assert rule not in generic_rule
     rule.icmp_type = "echo"
     rule.icmp_code = 5
     assert rule not in generic_rule
Esempio n. 10
0
 def test_contains(self, generic_rule: RuleTCPUDP):
     rule = generic_rule.clone()
     assert rule in generic_rule
     generic_rule.src = "any"
     assert rule in generic_rule
     rule.dst = "192.168.24.255"
     assert rule in generic_rule
     generic_rule.dst = "any4"
     assert rule in generic_rule
     rule.src_port = "80"
     assert rule in generic_rule
     rule.src_comp = ServiceComparator.NOT_EQUAL
     assert rule in generic_rule
     generic_rule.dst_port = 21
     assert rule not in generic_rule
     generic_rule.dst_comp = ServiceComparator.GREATER
     assert rule in generic_rule
     rule.dst_comp = ServiceComparator.LESSER
     assert rule not in generic_rule
     rule.dst_port = -1
     assert rule not in generic_rule
     rule.dst_port = 80
     assert rule not in generic_rule
     generic_rule.dst_port = "any"
     assert rule in generic_rule
     rule.dst_comp = ServiceComparator.NOT_EQUAL
     rule.dst_port = 17
     assert rule in generic_rule
     generic_rule.dst_comp = ServiceComparator.LESSER
     generic_rule.dst_port = 36
     assert rule not in generic_rule
     rule.dst_comp = ServiceComparator.EQUAL
     assert rule in generic_rule
     rule.objectid = 7654321
     rule.is_access_rule = False
     rule.logging.interval = 120
     rule.logging.level = LogLevel.ALERTS
     rule.remark = "other Test Rule"
     rule.position = 99
     assert rule in generic_rule
     rule.protocol = "udp"
     assert rule not in generic_rule
Esempio n. 11
0
 def test_to_cli(self, generic_rule: RuleTCPUDP):
     assert generic_rule.to_cli() == "extended permit tcp host 192.168.23.31 192.168.24.0 255.255.255.0 eq ssh log debugging interval 60 inactive"
     assert generic_rule.to_cli("TEST") == "access-list TEST extended permit tcp host 192.168.23.31 192.168.24.0 255.255.255.0 eq ssh log debugging interval 60 inactive"
Esempio n. 12
0
 def test_set_protocol(self, generic_rule: RuleTCPUDP):
     generic_rule.protocol = "17"
     assert generic_rule.protocol == 17
     with pytest.raises(ValueError):
         generic_rule.protocol = "icmp"
     with pytest.raises(ValueError):
         generic_rule.protocol = "icmp6"
     with pytest.raises(ValueError):
         generic_rule.protocol = "eigrp"
     with pytest.raises(ValueError):
         generic_rule.protocol = "ospf"
     with pytest.raises(ValueError):
         generic_rule.protocol = "something wrong"
     with pytest.raises(ValueError):
         generic_rule.protocol = 0
     with pytest.raises(ValueError):
         generic_rule.protocol = 9
     with pytest.raises(ValueError):
         generic_rule.protocol = 1
     with pytest.raises(ValueError):
         generic_rule.protocol = 58
     with pytest.raises(ValueError):
         generic_rule.protocol = -37
     with pytest.raises(ValueError):
         generic_rule.protocol = None
Esempio n. 13
0
 def generic_rule(self):
     rule = RuleTCPUDP()
     rule.src = "192.168.23.31"
     rule.dst = "192.168.24.0/24"
     rule.src_port = "any"
     rule.dst_port = "ssh"
     rule.permit = True
     rule.active = False
     rule.objectid = 1234567
     rule.is_access_rule = True
     rule.logging.interval = 60
     rule.logging.level = "Debugging"
     rule.protocol = "tcp"
     rule.remark = "SSH Test Rule"
     rule.position = 17
     return rule