def test_set_permit(self, generic_rule: RuleGeneric):
generic_rule.permit = False
assert generic_rule.permit is False
with pytest.raises(TypeError):
generic_rule.permit = "bullshit"
with pytest.raises(TypeError):
generic_rule.permit = None
def test_set_active(self, generic_rule: RuleGeneric):
generic_rule.active = False
assert generic_rule.active is False
with pytest.raises(TypeError):
generic_rule.active = "bullshit"
with pytest.raises(TypeError):
generic_rule.active = None
def test_set_logging(self, generic_rule: RuleGeneric):
generic_rule.logging = RuleLogging()
assert generic_rule.logging.interval == 300
assert generic_rule.logging.level == LogLevel.DEFAULT
generic_rule.logging = None
assert generic_rule.logging.interval == 300
assert generic_rule.logging.level == LogLevel.DEFAULT
with pytest.raises(TypeError):
generic_rule.logging = 6
def test_set_dst(self, generic_rule: RuleGeneric):
generic_rule.dst = Address("10.4.5.6")
assert generic_rule.dst == Address("10.4.5.6")
generic_rule.dst = IPNetwork("10.1.2.0/24")
assert generic_rule.dst == Address("10.1.2.0/24")
with pytest.raises(ValueError):
generic_rule.dst = "something strange"
with pytest.raises(TypeError):
generic_rule.dst = None
def test_set_position(self, generic_rule: RuleGeneric):
generic_rule.position = 53
assert generic_rule.position == 53
with pytest.raises(ValueError):
generic_rule.position = -1
with pytest.raises(ValueError):
generic_rule.position = None
with pytest.raises(ValueError):
generic_rule.position = "5"
def test_set_is_access_rule(self, generic_rule: RuleGeneric):
generic_rule.is_access_rule = False
assert generic_rule.is_access_rule is False
with pytest.raises(ValueError):
generic_rule.is_access_rule = None
with pytest.raises(ValueError):
generic_rule.is_access_rule = 5
with pytest.raises(ValueError):
generic_rule.is_access_rule = "testing"
def test_set_objectid(self, generic_rule: RuleGeneric):
generic_rule.objectid = 55
assert generic_rule.objectid == 55
with pytest.raises(ValueError):
generic_rule.objectid = -1
with pytest.raises(ValueError):
generic_rule.objectid = None
with pytest.raises(ValueError):
generic_rule.objectid = "test"
def test_set_remark(self, generic_rule: RuleGeneric):
generic_rule.remark = "Test"
assert generic_rule.remark == ["Test"]
generic_rule.remark = ["Line 1", "Line 2"]
assert generic_rule.remark == ["Line 1", "Line 2"]
generic_rule.remark = None
assert generic_rule.remark == []
with pytest.raises(TypeError):
generic_rule.remark = 6
with pytest.raises(TypeError):
generic_rule.remark = {1: "Line", 2: "Line"}
def test_to_dict(self, generic_rule: RuleGeneric):
data = {'permit': True, 'sourceAddress': {'kind': 'IPv4Network', 'value': '192.168.23.0/24'},
'destinationAddress': {'kind': 'IPv4Network', 'value': '192.168.24.0/24'},
'sourceService': {'kind': 'NetworkProtocol', 'value': 'eigrp'},
'destinationService': {'kind': 'NetworkProtocol', 'value': 'eigrp'}, 'active': False,
'remarks': ['EIGRP Test Rule'], 'ruleLogging': {'logStatus': 'Debugging', 'logInterval': 60},
'position': 17, 'isAccessRule': True, 'objectId': 1234567}
assert generic_rule.to_dict() == data
def test_contains(self, generic_rule: RuleGeneric):
rule = generic_rule.clone()
assert rule in generic_rule
generic_rule.protocol = 0
assert rule in generic_rule
rule.is_access_rule = False
assert rule in generic_rule
rule.remark = None
assert rule in generic_rule
rule.position = 0
assert rule in generic_rule
generic_rule.src = "192.168.22.0/23"
assert rule in generic_rule
generic_rule.src = "192.168.22.0/24"
assert rule not in generic_rule
rule.src = "192.168.22.17"
assert rule in generic_rule
rule.permit = False
assert rule not in generic_rule
rule.permit = True
rule.active = True
assert rule not in generic_rule
def test_contains_tcpudp(self, generic_rule: RuleGeneric):
ruletcpudp = RuleTCPUDP()
ruletcpudp.src = "192.168.23.1"
ruletcpudp.dst = "192.168.24.1"
ruletcpudp.permit = True
ruletcpudp.active = False
ruletcpudp.objectid = 1234567
ruletcpudp.is_access_rule = True
ruletcpudp.logging.interval = 60
ruletcpudp.logging.level = "Debugging"
ruletcpudp.remark = "EIGRP Test Rule"
ruletcpudp.position = 17
assert ruletcpudp not in generic_rule
generic_rule.protocol = 0
assert ruletcpudp in generic_rule
def append_rule(self, acl: str, rule: RuleGeneric):
"""
Append rule to ACL.
Uses position of rule object if position > 0, else appends to end of ACL.
Args:
acl: name of ACL to which rule is to be appended
rule: rule object to append
"""
if not isinstance(acl, str):
raise ValueError(f"{type(acl)} is not a valid acl argument type")
if not isinstance(rule, RuleGeneric):
raise ValueError(f"{type(rule)} is not a valid rule argument type")
response = self._caller.post(f"objects/extendedacls/{acl}/aces", rule.to_dict())
if response.status_code == requests.codes.bad_request and "messages" in response.json() and "code" in \
response.json()["messages"] and response.json()["messages"]["code"] == "DUPLICATE":
raise ValueError(
f"Rule creation denied because rule is duplicate of rule object {response.json()['messages']['details']}")
elif response.status_code != requests.codes.created:
raise RuntimeError(
f"Appending rule to ACL {acl} failed with HTTP {response.status_code}: {response.json()}")
def test_set_protocol(self, generic_rule: RuleGeneric):
generic_rule.protocol = "5"
assert generic_rule.protocol == 5
with pytest.raises(ValueError):
generic_rule.protocol = "icmp"
with pytest.raises(ValueError):
generic_rule.protocol = "icmp6"
with pytest.raises(ValueError):
generic_rule.protocol = "tcp"
with pytest.raises(ValueError):
generic_rule.protocol = "udp"
with pytest.raises(ValueError):
generic_rule.protocol = "something wrong"
with pytest.raises(ValueError):
generic_rule.protocol = 1
with pytest.raises(ValueError):
generic_rule.protocol = 6
with pytest.raises(ValueError):
generic_rule.protocol = 17
with pytest.raises(ValueError):
generic_rule.protocol = 58
with pytest.raises(ValueError):
generic_rule.protocol = -37
with pytest.raises(TypeError):
generic_rule.protocol = None
def test_contains_other(self, generic_rule: RuleICMP):
rule = RuleGeneric()
rule.src = "192.168.23.31"
rule.dst = "192.168.24.1"
rule.permit = True
rule.active = False
assert rule not in generic_rule
rule = RuleTCPUDP()
rule.src = "192.168.23.31"
rule.dst = "192.168.24.1"
rule.permit = True
rule.active = False
assert rule not in generic_rule
rule.icmp_type = "echo"
rule.icmp_code = 5
assert rule not in generic_rule
def test_get_protocol_alias(self, generic_rule: RuleGeneric):
assert generic_rule.protocol_alias == "eigrp"
generic_rule.protocol = 237
assert generic_rule.protocol_alias == "237"
def test_parse_protocol_json(self):
assert RuleGeneric._parse_protocol_json("eigrp") == 88
assert RuleGeneric._parse_protocol_json("64") == 64
with pytest.raises(ValueError):
RuleGeneric._parse_protocol_json("echo")
def test_to_cli(self, generic_rule: RuleGeneric):
assert generic_rule.to_cli() == "extended permit eigrp 192.168.23.0 255.255.255.0 192.168.24.0 255.255.255.0 log debugging interval 60 inactive"
assert generic_rule.to_cli("TEST") == "access-list TEST extended permit eigrp 192.168.23.0 255.255.255.0 192.168.24.0 255.255.255.0 log debugging interval 60 inactive"
def test_equals(self, generic_rule: RuleGeneric):
assert generic_rule is not None
assert not generic_rule == "Bla"
assert not generic_rule == 6
assert not generic_rule == RuleGeneric()
def generic_rule(self):
rule = RuleGeneric()
rule.src = "192.168.23.0/24"
rule.dst = "192.168.24.0/24"
rule.permit = True
rule.active = False
rule.objectid = 1234567
rule.is_access_rule = True
rule.logging.interval = 60
rule.logging.level = "Debugging"
rule.protocol = 88
rule.remark = "EIGRP Test Rule"
rule.position = 17
return rule
