Пример #1
0
class GenRulesUfwTestCase(MyBaseTest):

    def setUp(self):
        MyBaseTest.setUp(self)
        self.cmd = GenrulesCommand()

    @patch("fwadmin.management.commands.genrules.Command.OUTPUT",
           new_callable=StringIO)
    def test_gen_rules(self, mock_f):
        """ Test the ufw backend """
        ComplexRule.objects.create(
            host=self.host,
            name="complex", from_net="192.168.2.0/24", permit=False,
            ip_protocol="UDP", port=53)
        self.cmd.handle("ufw")
        self.assertEqual(
            mock_f.getvalue(),
            "\n".join(
                ["# fw rules for %s (%s) owned by %s created at %s" % (
                    self.host.name,
                    self.host.ip,
                    self.owner.username,
                    self.host.created_at),
                 "ufw deny proto udp from 192.168.2.0/24 to 192.168.1.1 "
                 "port 53",
             ])
        )
Пример #2
0
class GenRulesUfwTestCase(MyBaseTest):
    def setUp(self):
        MyBaseTest.setUp(self)
        self.cmd = GenrulesCommand()

    @patch("fwadmin.management.commands.genrules.Command.OUTPUT",
           new_callable=StringIO)
    def test_gen_rules(self, mock_f):
        """ Test the ufw backend """
        ComplexRule.objects.create(host=self.host,
                                   name="complex",
                                   from_net="192.168.2.0/24",
                                   permit=False,
                                   ip_protocol="UDP",
                                   port_range=53)
        self.cmd.handle("ufw")
        self.assertEqual(
            mock_f.getvalue(), "\n".join([
                "# fw rules for %s (%s) owned by %s created at %s" %
                (self.host.name, self.host.ip, self.owner.username,
                 self.host.created_at),
                "ufw deny proto udp from 192.168.2.0/24 to 192.168.1.1 "
                "port 53",
            ]))

    @patch("fwadmin.management.commands.genrules.Command.OUTPUT",
           new_callable=StringIO)
    def test_gen_rules_port_range(self, mock_f):
        """ Test the ufw backend port range """
        ComplexRule.objects.create(host=self.host,
                                   name="complex",
                                   from_net="192.168.2.0/24",
                                   permit=False,
                                   ip_protocol="UDP",
                                   port_range="6000-6100")
        self.cmd.handle("ufw")
        self.assertEqual(
            mock_f.getvalue(), "\n".join([
                "# fw rules for %s (%s) owned by %s created at %s" %
                (self.host.name, self.host.ip, self.owner.username,
                 self.host.created_at),
                "ufw deny proto udp from 192.168.2.0/24 to 192.168.1.1 "
                "port 6000:6100",
            ]))
Пример #3
0
class GenRulesUfwTestCase(MyBaseTest):

    def setUp(self):
        MyBaseTest.setUp(self)
        self.cmd = GenrulesCommand()
        self.writer = UfwRulesWriter()

    @patch("fwadmin.management.commands.genrules.Command._write_rules")
    def test_gen_rules(self, mock_f):
        """ Test the ufw backend """
        ComplexRule.objects.create(
            host=self.host,
            name="complex", from_net="192.168.2.0/24", permit=False,
            ip_protocol="UDP", port=53)
        self.cmd.print_firewall_rules(self.writer)
        mock_f.assert_called_with(
            ["# fw rules for %s (%s) owned by %s" % (
                    self.host.name, self.host.ip, self.owner.username),
             "ufw deny proto udp from 192.168.2.0/24 to 192.168.1.1 "
             "port 53",
             ])
Пример #4
0
class ManagementCommandsTestCase(MyBaseTest):

    def setUp(self):
        MyBaseTest.setUp(self)
        self.cmd = GenrulesCommand()
        self.writer = CiscoRulesWriter()

    @patch("fwadmin.management.commands.genrules.Command._write_rules")
    def test_no_gen_rules_unapproved(self, mock_f):
        """Ensure we do not write rules for unapproved hosts"""
        self.host.approved = False
        self.host.save()
        self.cmd.print_firewall_rules(self.writer)
        self.assertFalse(mock_f.called)
        self.assertEqual(mock_f.mock_calls, [])

    @patch("fwadmin.management.commands.genrules.Command._write_rules")
    def test_no_gen_rules_not_active(self, mock_f):
        """Ensure to not write rules for inactive hosts"""
        self.host.active = False
        self.host.save()
        self.cmd.print_firewall_rules(self.writer)
        self.assertEqual(mock_f.mock_calls, [])

    @patch("fwadmin.management.commands.genrules.Command._write_rules")
    def test_no_gen_rules_active_until_over(self, mock_f):
        """Ensure we do not write rules for hosts that are expired"""
        self.host.active_until = datetime.date.today()
        self.host.save()
        self.cmd.print_firewall_rules(self.writer)
        self.assertEqual(mock_f.mock_calls, [])

    @patch("fwadmin.management.commands.genrules.Command._write_rules")
    def test_gen_rules_complex(self, mock_f):
        """ Ensure complex rules are written """
        ComplexRule.objects.create(
            host=self.host,
            name="complex", from_net="192.168.2.0/24", permit=False,
            ip_protocol="UDP", port=53)
        self.cmd.print_firewall_rules(self.writer)
        mock_f.assert_called_with(
            ["! fw rules for %s (%s) owned by %s" % (
                    self.host.name, self.host.ip, self.owner.username),
             "access-list %s deny UDP 192.168.2.0/24 host 192.168.1.1 eq 53" %
                 FWADMIN_ACCESS_LIST_NR,
             ])
Пример #5
0
 def setUp(self):
     MyBaseTest.setUp(self)
     self.cmd = GenrulesCommand()
Пример #6
0
class ManagementCommandsTestCase(MyBaseTest):

    def setUp(self):
        MyBaseTest.setUp(self)
        self.cmd = GenrulesCommand()

    @patch("fwadmin.management.commands.genrules.Command.OUTPUT",
           new_callable=StringIO)
    def test_no_gen_rules_unapproved(self, mock_f):
        """Ensure we do not write rules for unapproved hosts"""
        self.host.approved = False
        self.host.save()
        self.cmd.handle()
        self.assertEqual(mock_f.getvalue(), "")

    @patch("fwadmin.management.commands.genrules.Command.OUTPUT",
           new_callable=StringIO)
    def test_no_gen_rules_not_active(self, mock_f):
        """Ensure to not write rules for inactive hosts"""
        self.host.active = False
        self.host.save()
        self.cmd.handle()
        self.assertEqual(mock_f.getvalue(), "")

    @patch("fwadmin.management.commands.genrules.Command.OUTPUT",
           new_callable=StringIO)
    def test_no_gen_rules_active_until_over(self, mock_f):
        """Ensure we do not write rules for hosts that are expired"""
        self.host.active_until = datetime.date.today()
        self.host.save()
        self.cmd.handle()
        self.assertEqual(mock_f.getvalue(), "")

    @patch("fwadmin.management.commands.genrules.Command.OUTPUT",
           new_callable=StringIO)
    def test_gen_rules_complex(self, mock_f):
        """ Ensure complex rules are written """
        ComplexRule.objects.create(
            host=self.host,
            name="complex", from_net="192.168.2.0/24", permit=False,
            ip_protocol="UDP", port_range=53)
        self.cmd.handle()
        self.assertEqual(
            mock_f.getvalue(),
            "\n".join(
                ["! fw rules for %s (%s) owned by %s created at %s" % (
                    self.host.name,
                    self.host.ip,
                    self.owner.username,
                    self.host.created_at),
                 "access-list %s deny UDP 192.168.2.0 0.0.0.255 "
                 "host 192.168.1.1 eq 53" % FWADMIN_ACCESS_LIST_NR,
             ])
        )

    @patch("fwadmin.management.commands.genrules.Command.OUTPUT",
           new_callable=StringIO)
    def test_gen_rules_complex_range(self, mock_f):
        """ Ensure complex rule with port range is written """
        ComplexRule.objects.create(
            host=self.host,
            name="complex", from_net="192.168.2.0/24", permit=False,
            ip_protocol="TCP", port_range="6000-6100")
        self.cmd.handle()
        self.assertEqual(
            mock_f.getvalue(),
            "\n".join(
                ["! fw rules for %s (%s) owned by %s created at %s" % (
                    self.host.name,
                    self.host.ip,
                    self.owner.username,
                    self.host.created_at),
                 "access-list %s deny TCP 192.168.2.0 0.0.0.255 "
                 "host 192.168.1.1 range 6000 6100" % FWADMIN_ACCESS_LIST_NR,
             ])
        )

    @patch("fwadmin.management.commands.genrules.Command.OUTPUT",
           new_callable=StringIO)
    def test_gen_rules_header(self, mock_f):
        """ Ensure complex rules are written """
        rule_header = "! my header"
        StaticRule.objects.create(
            type=StaticRule.HEADER,
            text=rule_header,
        )
        rule_footer = "! my footer"
        StaticRule.objects.create(
            type=StaticRule.FOOTER,
            text=rule_footer
        )
        ComplexRule.objects.create(
            host=self.host,
            name="complex", from_net="192.168.2.0/24", permit=False,
            ip_protocol="UDP", port_range=53)
        self.cmd.handle()
        rule_1_comment = "! fw rules for %s (%s) owned by %s created at %s" % (
            self.host.name,
            self.host.ip,
            self.owner.username,
            self.host.created_at)
        rule_1 = "access-list %s deny UDP 192.168.2.0 0.0.0.255 host "\
                 "192.168.1.1 eq 53" % FWADMIN_ACCESS_LIST_NR
        self.assertEqual(
            mock_f.getvalue(),
            "\n".join([rule_header,
                       rule_1_comment,
                       rule_1,
                       rule_footer,
                   ]))
Пример #7
0
 def setUp(self):
     MyBaseTest.setUp(self)
     self.cmd = GenrulesCommand()
     self.writer = UfwRulesWriter()
Пример #8
0
 def setUp(self):
     MyBaseTest.setUp(self)
     self.cmd = GenrulesCommand()
Пример #9
0
class ManagementCommandsTestCase(MyBaseTest):
    def setUp(self):
        MyBaseTest.setUp(self)
        self.cmd = GenrulesCommand()

    @patch("fwadmin.management.commands.genrules.Command.OUTPUT",
           new_callable=StringIO)
    def test_no_gen_rules_unapproved(self, mock_f):
        """Ensure we do not write rules for unapproved hosts"""
        self.host.approved = False
        self.host.save()
        self.cmd.handle()
        self.assertEqual(mock_f.getvalue(), "")

    @patch("fwadmin.management.commands.genrules.Command.OUTPUT",
           new_callable=StringIO)
    def test_no_gen_rules_not_active(self, mock_f):
        """Ensure to not write rules for inactive hosts"""
        self.host.active = False
        self.host.save()
        self.cmd.handle()
        self.assertEqual(mock_f.getvalue(), "")

    @patch("fwadmin.management.commands.genrules.Command.OUTPUT",
           new_callable=StringIO)
    def test_no_gen_rules_active_until_over(self, mock_f):
        """Ensure we do not write rules for hosts that are expired"""
        self.host.active_until = datetime.date.today()
        self.host.save()
        self.cmd.handle()
        self.assertEqual(mock_f.getvalue(), "")

    @patch("fwadmin.management.commands.genrules.Command.OUTPUT",
           new_callable=StringIO)
    def test_gen_rules_complex(self, mock_f):
        """ Ensure complex rules are written """
        ComplexRule.objects.create(host=self.host,
                                   name="complex",
                                   from_net="192.168.2.0/24",
                                   permit=False,
                                   ip_protocol="UDP",
                                   port_range=53)
        self.cmd.handle()
        self.assertEqual(
            mock_f.getvalue(), "\n".join([
                "! fw rules for %s (%s) owned by %s created at %s" %
                (self.host.name, self.host.ip, self.owner.username,
                 self.host.created_at),
                "access-list %s deny UDP 192.168.2.0 0.0.0.255 "
                "host 192.168.1.1 eq 53" % FWADMIN_ACCESS_LIST_NR,
            ]))

    @patch("fwadmin.management.commands.genrules.Command.OUTPUT",
           new_callable=StringIO)
    def test_gen_rules_complex_range(self, mock_f):
        """ Ensure complex rule with port range is written """
        ComplexRule.objects.create(host=self.host,
                                   name="complex",
                                   from_net="192.168.2.0/24",
                                   permit=False,
                                   ip_protocol="TCP",
                                   port_range="6000-6100")
        self.cmd.handle()
        self.assertEqual(
            mock_f.getvalue(), "\n".join([
                "! fw rules for %s (%s) owned by %s created at %s" %
                (self.host.name, self.host.ip, self.owner.username,
                 self.host.created_at),
                "access-list %s deny TCP 192.168.2.0 0.0.0.255 "
                "host 192.168.1.1 range 6000 6100" % FWADMIN_ACCESS_LIST_NR,
            ]))

    @patch("fwadmin.management.commands.genrules.Command.OUTPUT",
           new_callable=StringIO)
    def test_gen_rules_header(self, mock_f):
        """ Ensure complex rules are written """
        rule_header = "! my header"
        StaticRule.objects.create(
            type=StaticRule.HEADER,
            text=rule_header,
        )
        rule_footer = "! my footer"
        StaticRule.objects.create(type=StaticRule.FOOTER, text=rule_footer)
        ComplexRule.objects.create(host=self.host,
                                   name="complex",
                                   from_net="192.168.2.0/24",
                                   permit=False,
                                   ip_protocol="UDP",
                                   port_range=53)
        self.cmd.handle()
        rule_1_comment = "! fw rules for %s (%s) owned by %s created at %s" % (
            self.host.name, self.host.ip, self.owner.username,
            self.host.created_at)
        rule_1 = "access-list %s deny UDP 192.168.2.0 0.0.0.255 host "\
                 "192.168.1.1 eq 53" % FWADMIN_ACCESS_LIST_NR
        self.assertEqual(
            mock_f.getvalue(), "\n".join([
                rule_header,
                rule_1_comment,
                rule_1,
                rule_footer,
            ]))