def test_firewall_block_packet(self): """Verify firewall blocks a packet that doesn't match a rule.""" fw = Firewall() fw.add_fw_rule( FirewallRule(direction="inbound", protocol="tcp", port="80", ip_address="192.168.1.2")) self.assertFalse( fw.accept_packet(direction="outbound", protocol="tcp", port=80, ip_address="192.168.1.2")) self.assertFalse( fw.accept_packet(direction="inbound", protocol="udp", port=80, ip_address="192.168.1.2")) self.assertFalse( fw.accept_packet(direction="inbound", protocol="udp", port=81, ip_address="192.168.1.2")) self.assertFalse( fw.accept_packet(direction="outbound", protocol="tcp", port=80, ip_address="192.168.1.3"))
def testAcceptPacketFalse(self): firewall = Firewall('allow_rules.csv') self.assertEqual( firewall.accept_packet("inbound", "tcp", 81, "192.168.1.2"), False) self.assertEqual( firewall.accept_packet("inbound", "udp", 24, "52.12.48.92"), False)
def test_firewall_allow_range_ipaddr_packet(self): """ Verify firewall allows a packet that matches a rule with ranged IP addresses. """ fw = Firewall() fw.add_fw_rule( FirewallRule(direction="inbound", protocol="tcp", port="80", ip_address="0.0.0.0-255.255.255.255")) self.assertTrue( fw.accept_packet(direction="inbound", protocol="tcp", port=80, ip_address="0.0.0.0")) self.assertTrue( fw.accept_packet(direction="inbound", protocol="tcp", port=80, ip_address="255.255.255.255")) self.assertTrue( fw.accept_packet(direction="inbound", protocol="tcp", port=80, ip_address="192.168.1.2"))
def test_firewall_allow_range_port_packet(self): """ Verify firewall allows a packet that matches a rule with ranged port numbers. """ fw = Firewall() fw.add_fw_rule( FirewallRule(direction="inbound", protocol="tcp", port="1-65535", ip_address="192.168.1.2")) self.assertTrue( fw.accept_packet(direction="inbound", protocol="tcp", port=1, ip_address="192.168.1.2")) self.assertTrue( fw.accept_packet(direction="inbound", protocol="tcp", port=65535, ip_address="192.168.1.2")) self.assertTrue( fw.accept_packet(direction="inbound", protocol="tcp", port=30000, ip_address="192.168.1.2"))
def test_tcp(self): path = "rules.csv" firewall = Firewall(path) assert firewall.accept_packet("inbound", "tcp", 80, "192.168.1.2") == True assert firewall.accept_packet("outbound", "tcp", 10234, "192.168.10.11") == True assert firewall.accept_packet("inbound", "tcp", 81, "192.168.1.2") == False assert firewall.accept_packet("outbound", "tcp", 20000, "192.168.10.11") == True assert firewall.accept_packet("inbound", "tcp", 800, "192.168.1.2") == False
def test_udp(self): path = "rules.csv" firewall = Firewall(path) assert firewall.accept_packet("inbound", "udp", 53, "192.168.2.1") == True assert firewall.accept_packet("inbound", "udp", 24, "52.12.48.92") == False assert firewall.accept_packet("inbound", "udp", 57, "192.168.1.1") == False assert firewall.accept_packet("outbound", "udp", 1000, "52.12.48.92") == True assert firewall.accept_packet("outbound", "udp", 1500, "52.12.48.93") == False
def common_cases(): f = Firewall('test_input.csv') assert f.accept_packet("inbound", "tcp", 80, "192.168.1.2") assert f.accept_packet("inbound", "udp", 53, "192.168.2.1") assert not f.accept_packet("inbound", "tcp", 81, "192.168.1.2") assert not f.accept_packet("inbound", "udp", 24, "52.12.48.92") print('Base Cases Passed')
def test_sample_small(): print('Test firewall with', sample_small) fw = Firewall(sample_small) print(fw.accept_packet("inbound", "tcp", 80, "192.168.1.2") == True) print(fw.accept_packet("inbound", "udp", 53, "192.168.2.1") == True) print(fw.accept_packet("outbound", "tcp", 10234, "192.168.10.11") == True) print(fw.accept_packet("inbound", "tcp", 81, "192.168.1.2") == False) print(fw.accept_packet("inbound", "udp", 24, "52.12.48.92") == False) print(fw.accept_packet("inbound", "tcp", 80, "192.168.1.3") == False)
def testAcceptPacketTrue(self): firewall = Firewall('allow_rules.csv') self.assertEqual( firewall.accept_packet("inbound", "udp", 53, "192.168.2.5"), True) self.assertEqual( firewall.accept_packet("inbound", "tcp", 20, "192.168.1.101"), True) self.assertEqual( firewall.accept_packet("inbound", "udp", 53, "192.168.2.1"), True) self.assertEqual( firewall.accept_packet("outbound", "tcp", 10234, "192.168.10.11"), True)
def large_set(): f = Firewall('large_set.csv') start = time.time() # test overlap in part of ip range does not affect port validity for i in range(100): assert not f.accept_packet('inbound','tcp',1,'192.168.1.2') end = time.time() assert end-start<TIME_REQ print('Large Set Passed')
def test_firewall_block_range_ipaddr_packet(self): """ Verify firewall blocks a packet that doesn't match a rule with ranged IP addresses. """ fw = Firewall() fw.add_fw_rule( FirewallRule(direction="inbound", protocol="tcp", port="80", ip_address="192.168.1.2-192.168.2.1")) self.assertFalse( fw.accept_packet(direction="inbound", protocol="tcp", port=80, ip_address="192.168.1.1")) self.assertFalse( fw.accept_packet(direction="inbound", protocol="tcp", port=91, ip_address="192.168.2.2"))
def edge_cases(): f = Firewall('edge_case.csv') # test overlap in part of ip range does not affect port validity assert not f.accept_packet("inbound", "tcp", 89, "192.168.2.3") # test present ip range overlap does not affect port validity assert f.accept_packet("inbound", "tcp", 80, "192.168.1.9") # test port range is inclusive assert f.accept_packet("inbound", "tcp", 53, "192.168.1.2") assert f.accept_packet("inbound", "tcp", 79, "192.168.1.2") # test ip address range is inclusive assert f.accept_packet("inbound", "tcp", 80, "192.168.2.5") assert f.accept_packet("inbound", "tcp", 80, "192.168.1.1") # test out of ip range by one. assert not f.accept_packet("inbound", "tcp", 88, "192.168.2.0") # test packet is only tested against applicable rules assert not f.accept_packet("outbound", "tcp", 80, "192.168.2.0") print('Edge Cases Passed')
# testing/executable file from firewall import Firewall import time FILE_PATH = 'rules.csv' if __name__ == '__main__': x = time.time() fw = Firewall(FILE_PATH) print(time.time()-x) print(fw.accept_packet("inbound", "tcp", 80, "192.168.1.2")) # matches first rule print(fw.accept_packet("inbound", "udp", 53, "192.168.2.1")) # matches third rule print(fw.accept_packet("outbound", "tcp", 10234, "192.168.10.11")) # matches second rule print(fw.accept_packet("inbound", "tcp", 81, "192.168.1.2")) print(fw.accept_packet("inbound", "udp", 24, "52.12.48.92")) print(fw.accept_packet("outbound", "tcp", 550, "192.229.0.0")) print(fw.accept_packet("inbound", "tcp", 1000, "10.89.228.24")) print(fw.accept_packet("inbound", "udp", 65535, "255.255.255.255")) print(time.time()-x)
cur = 1 while os.path.isfile("tests/fw" + str(cur) + ".csv") and os.path.isfile("tests/test" + str(cur) + ".csv"): print("TEST: " + str(cur)) # Construct Firewall Class fw = Firewall("tests/fw" + str(cur) + ".csv") # Parse each line of test csv file with open("tests/test" + str(cur) + ".csv", 'r') as f: reader = csv.reader(f) for line in reader: if 5 != len(line): print("Invalid format in input") print(line) sys.exit() transaction = line[0] transport = line[1] port = int(line[2]) ip = line[3] expected = line[4] if expected == "True": expected = True else: expected = False # Check if expected value matches with actual response of firewall if expected == fw.accept_packet(transaction, transport, port, ip): print(" PASS: "******" " + transport + " Port:" + str(port) + " IP:" + ip + " Expected:" + str(expected)) else: print(" FAIL: " + transaction + " " + transport + " Port:" + str(port) + " IP:" + ip + " Expected:" + str(expected)) cur += 1
from firewall import Firewall fw = Firewall('./test_files/sample_small.csv') print(fw.accept_packet("inbound", "tcp", 80, "192.168.1.2"))
for num in range(0, num_combo): rules.append(self.__generate_combo_rule()) # Shuffle the rules to mix them up! random.shuffle(rules) return rules if __name__ == '__main__': # Initialize a new test rules generator generator = RuleGenerator() generator.generate_and_write_rules('./generated_rules.csv', 1000000, 100000, 100000, 5000) print('Created test generator with 1000000 rules') # Create a new Firewall instance with the generated rules firewall = Firewall('./generated_rules.csv') # Generate some rules now request_list = generator.generate_test_requests(1000) print('Created test case with 1000 requests') # Evaluate the time taken to process the n requests start = default_timer() for request in request_list: firewall.accept_packet(request[0], request[1], int(request[2]), request[3]) end = default_timer() print(len(request_list), 'requests processed in', (end - start), 'seconds')
from firewall import Firewall import sys from time import time as timer if (len(sys.argv) == 1): print("Please include an input csv file as an argument") exit() csv_file = sys.argv[1] fw = Firewall(csv_file) begTime = timer() print(fw.accept_packet("inbound", "tcp", 80, "192.168.1.2")) print(fw.accept_packet("inbound", "udp", 53, "192.168.2.1")) print(fw.accept_packet("outbound", "tcp", 10234, "192.168.10.11")) print(fw.accept_packet("inbound", "tcp", 81, "192.168.1.2")) print(fw.accept_packet("inbound", "udp", 24, "52.12.48.92")) # 5 test cases, elapsed time: 0.00011086463928222656 sec elapsed_time = timer() - begTime print("Elapsed time: ") print(elapsed_time)
from firewall import Firewall # Check provided tests print("PROVIDED") fw_provided = Firewall('provided_example.csv') assert(fw_provided.accept_packet("inbound", "tcp", 80, "192.168.1.2")) # matches first rule assert(fw_provided.accept_packet("inbound", "udp", 53, "192.168.2.1")) # matches third rule assert(fw_provided.accept_packet("outbound", "tcp", 10234, "192.168.10.11")) # matches second rule true assert(fw_provided.accept_packet("inbound", "tcp", 81, "192.168.1.2")==False) #false assert(fw_provided.accept_packet("inbound", "udp", 24, "52.12.48.92")==False) #false # Check if a full range (always returns true) print("\nFULL RANGE") fw_full_range = Firewall('full_range.csv') assert(fw_full_range.accept_packet("inbound", "tcp", 1, "0.0.0.0")) assert(fw_full_range.accept_packet("inbound", "tcp", 22, "125.255.35.8")) assert(fw_full_range.accept_packet("inbound", "tcp", 65535, "255.255.255.255")) # Checks that values in one dir/protocol do NOT affect another # Also checks that functions work on empty lists assert(fw_full_range.accept_packet("inbound", "udp", 1, "0.0.0.0")==False) assert(fw_full_range.accept_packet("outbound", "tcp", 22, "125.255.35.8")==False) assert(fw_full_range.accept_packet("outbound", "udp", 65535, "255.255.255.255")==False) # Tests every input for a complex, overlapping rule structure print("\nOVERLAPS") fw_many_overlaps = Firewall('overlaps.csv')
from firewall import Firewall class TestFirewall(object): def __init__(self): pass def generate_test_cases(self): test_df = pd.read_csv('test_packets.csv') return test_df if __name__ == "__main__": firewall = Firewall('rules.csv') test = TestFirewall() packets_df = test.generate_test_cases() # Test firewall for all packets in the file for index, packet in packets_df.iterrows(): print( firewall.accept_packet(packet[0], packet[1], packet[2], packet[3]))
('outbound', 'udp', 100, '255.255.255.255'), ('outbound', 'udp', 100, '1.2.3.4'), ] false_inputs = [ ('inbound', 'udp', 9, '192.168.1.2'), ('outbound', 'tcp', 11, '192.168.1.2'), ('inbound', 'udp', 10, '192.168.1.1'), ('outbound', 'udp', 10, '192.168.1.3'), ('inbound', 'tcp', 19, '192.168.1.5'), ('outbound', 'tcp', 20, '192.168.1.4'), ('inbound', 'udp', 25, '192.168.1.1'), ('outbound', 'udp', 25, '192.168.1.11'), ('inbound', 'tcp', 25, '192.168.2.6'), ('inbound', 'tcp', 29, '192.20.9.10'), ('outbound', 'tcp', 30, '192.19.100.100'), ('outbound', 'udp', 31, '192.200.2.0'), ('inbound', 'tcp', 58, '192.168.1.9'), ('outbound', 'udp', 99, '0.0.0.0'), ('outbound', 'udp', 99, '255.255.255.254'), ] fw = Firewall('./test1.csv') for args in true_inputs: if not fw.accept_packet(*args): print("Failed! VALID arg {} returned FALSE".format(args)) for args in false_inputs: if fw.accept_packet(*args): print("Failed! INVALID arg {} returned TRUE".format(args))
from firewall import Firewall import sys from time import time as timer if (len(sys.argv) == 1): print("Please include an input csv file as an argument") exit() csv_file = sys.argv[1] fw = Firewall(csv_file) begTime = timer() print(fw.accept_packet("inbound", "tcp", 81, "192.168.1.2")) print(fw.accept_packet("inbound", "tcp", 53, "192.168.2.1")) print(fw.accept_packet("outbound", "tcp", 20000, "192.168.10.11")) print(fw.accept_packet("outbound", "udp", 1021, "52.12.48.92")) for i in range(1, 500000): # 500004 test cases, elapsed time: 17.200738191604614 sec print(fw.accept_packet("inbound", "tcp", i, "192.168.1.1")) # print time: elapsed_time = timer() - begTime print("Elapsed time: ") print(elapsed_time)
# Sample test from firewall import Firewall fw = Firewall('rule1.csv') print(fw.accept_packet("inbound", "tcp", 80, "192.168.1.2")) # return True print(fw.accept_packet("inbound", "udp", 53, "192.168.2.1")) # return True print(fw.accept_packet("outbound", "tcp", 10234, "192.168.10.11")) # return True print(fw.accept_packet("inbound", "tcp", 81, "192.168.1.2")) # return False print(fw.accept_packet("inbound", "udp", 24, "52.12.48.92")) # return False