def test_udp_block_single_port_incoming(self): rules = Rules(block_single_port) binary_packet = BinaryPacket() binary_packet.udp_source = 52 # The rule shouldn't apply here packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_udp_packet(), geoDB=None) result = rules.result_for_pkt(packet) self.assertEqual(RULE_RESULT_PASS, result) binary_packet.udp_source = 53 # The rule should apply here packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_udp_packet(), geoDB=None) result = rules.result_for_pkt(packet) self.assertEqual(RULE_RESULT_DROP, result)
def test_dns_incoming_block_weird_spelling(self): rules = Rules(block_dns_weird_spelling_rules) binary_packet = BinaryPacket() binary_packet.dns_question = "www.google.com" binary_packet.udp_source = 53 packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_dns_packet(), geoDB=None) result = rules.result_for_pkt(packet) self.assertEqual(RULE_RESULT_DROP, result)
def test_udp_block_port_range_incoming(self): rules = Rules(block_port_range_rules) binary_packet = BinaryPacket() port_unblocked_range = range(0, 1000) + range(2001, 3001) port_blocked_range = range(1000, 2001) for port in port_unblocked_range: binary_packet.udp_source = port # The rule shouldn't apply here packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_udp_packet(), geoDB=None) result = rules.result_for_pkt(packet) self.assertEqual(RULE_RESULT_PASS, result) for port in port_blocked_range: binary_packet.udp_source = port # The rule should apply here packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_udp_packet(), geoDB=None) result = rules.result_for_pkt(packet) self.assertEqual(RULE_RESULT_DROP, result)
def test_dns_block_all(self): rules = Rules(block_all_dns_rules) binary_packet = BinaryPacket() binary_packet.udp_source = 53 questions = ["www.google.com", "www.facebook.com", "berkeley.edu"] for question in questions: binary_packet.dns_question = question packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_dns_packet(), geoDB=None) result = rules.result_for_pkt(packet) self.assertEqual(RULE_RESULT_DROP, result)
def test_dns_block_two_domain_name(self): rules = Rules(block_two_domain_name_rules) binary_packet = BinaryPacket() binary_packet.udp_source = 53 binary_packet.dns_question = 'fda.gov' # Should block packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_dns_packet(), geoDB=None) result = rules.result_for_pkt(packet) self.assertEqual(RULE_RESULT_DROP, result) binary_packet.dns_question = 'www.fda.gov' # Should block packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_dns_packet(), geoDB=None)
def test_dns_block_full_domain_name(self): rules = Rules(block_full_domain_name_rules) binary_packet = BinaryPacket() binary_packet.udp_source = 53 binary_packet.dns_question = 'images.google.com' # Shouldn't block packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_dns_packet(), geoDB=None) result = rules.result_for_pkt(packet) self.assertEqual(RULE_RESULT_PASS, result) binary_packet.dns_question = 'www.google.com' # Should block packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_dns_packet(), geoDB=None)
def test_dns_incoming_requires_qclass_one(self): rules = Rules(block_google_rules) binary_packet = BinaryPacket() binary_packet.dns_question = "www.google.com" binary_packet.udp_source = 53 # If the query type is 1 or 28 it should be okay for qclass in range(1, 256): binary_packet.dns_qclass = qclass packet = Packet(pkt_dir=PKT_DIR_INCOMING, pkt=binary_packet.get_dns_packet(), geoDB=None) result = rules.result_for_pkt(packet) if qclass == 1: self.assertEqual(RULE_RESULT_DROP, result) else: # The rule wont apply self.assertEqual(RULE_RESULT_PASS, result)