def test_conditional_blocks(self):
sentry = Sentry({
'rules' : [
'block ^(.*).xxx if type is TXT',
'block ^(.*).xxx if type is MX and class is ANY',
'block ^(.*).xxx if class is ANY'
]
})
message = dns.message.make_query('foo.xxx', 'TXT')
r = sentry.process(message.to_wire(), self.context)
response = dns.message.from_wire(r)
assert len(response.answer) is 0
message = dns.message.make_query('foo.xxx', 'MX', rdclass=dns.rdataclass.ANY)
r = sentry.process(message.to_wire(), self.context)
response = dns.message.from_wire(r)
assert len(response.answer) is 0
message = dns.message.make_query('foo.xxx', 'A', rdclass=dns.rdataclass.ANY)
r = sentry.process(message.to_wire(), self.context)
response = dns.message.from_wire(r)
assert len(response.answer) is 0
def test_block_rule(self):
sentry = Sentry({
'rules' : [
'block ^(.*).xxx'
]
})
message = dns.message.make_query('foo.xxx', 'A')
r = sentry.process(message.to_wire(), self.context)
response = dns.message.from_wire(r)
assert len(response.answer) is 0
def test_do_not_block_rule(self):
sentry = Sentry({
'rules' : [
'block ^(.*).xxx',
'resolve ^(.*) using 8.8.4.4, 8.8.8.8'
]
})
message = dns.message.make_query('foo.com', 'A')
r = sentry.process(message.to_wire(), self.context)
response = dns.message.from_wire(r)
assert len(response.answer) is not 0
def test_resolve(self):
sentry = Sentry({
'rules' : [
'resolve ^(.*) using 8.8.4.4, 8.8.8.8'
]
})
message = dns.message.make_query('google.com', 'MX')
r = sentry.process(message.to_wire(), self.context)
response = dns.message.from_wire(r)
assert len(response.answer) is not 0
def test_redirect(self):
sentry = Sentry({
'rules' : [
'redirect ^(.*)nytimes.com to google.com',
]
})
message = dns.message.make_query('nytimes.com', 'A')
r = sentry.process(message.to_wire(), self.context)
response = dns.message.from_wire(r)
assert response.answer[0].rdtype is dns.rdatatype.CNAME
assert response.answer[0].rdclass is dns.rdataclass.IN
self.assertEqual(response.answer[0].to_text(),'nytimes.com. 300 IN CNAME google.com.')
def test_mix_blocks(self):
sentry = Sentry({
'rules' : [
'block ^(.*).xxx',
'block ^(.*).edu if type is MX and class is ANY',
'block ^(.*).biz if class is ANY',
'resolve ^(.*) using 8.8.4.4, 8.8.8.8'
]
})
# should get blocked
message = dns.message.make_query('foo.xxx', 'A')
r = sentry.process(message.to_wire(), self.context)
response = dns.message.from_wire(r)
assert len(response.answer) is 0
# should get blocked
message = dns.message.make_query('foo.xxx', 'MX')
r = sentry.process(message.to_wire(), self.context)
response = dns.message.from_wire(r)
assert len(response.answer) is 0
# should not get blocked
message = dns.message.make_query('asu.edu', 'TXT')
r = sentry.process(message.to_wire(), self.context)
response = dns.message.from_wire(r)
assert len(response.answer) is not 0
# should not get blocked
message = dns.message.make_query('google.biz', 'TXT')
r = sentry.process(message.to_wire(), self.context)
response = dns.message.from_wire(r)
assert len(response.answer) is not 0
# should not get blocked
message = dns.message.make_query('asu.edu', 'A')
r = sentry.process(message.to_wire(), self.context)
response = dns.message.from_wire(r)
assert len(response.answer) is not 0
# should get blocked
message = dns.message.make_query('asu.edu', 'MX', rdclass=dns.rdataclass.ANY )
r = sentry.process(message.to_wire(), self.context)
response = dns.message.from_wire(r)
assert len(response.answer) is 0
