def test_mixed_private_policy(self):
policy = get_config_policy('accept *:80, reject private:1-65533, accept *:*')
for rule in policy:
self.assertTrue(rule.is_accept != rule.is_private()) # only reject rules are the private ones
self.assertEqual(get_config_policy('accept *:80, accept *:*'), policy.strip_private())
def test_get_config_policy_with_ipv6(self):
# ensure our constructor accepts addresses both with and without brackets
self.assertTrue(
get_config_policy('reject private:80',
'fe80:0000:0000:0000:0202:b3ff:fe1e:8329').
is_exiting_allowed())
self.assertTrue(
get_config_policy('reject private:80',
'[fe80:0000:0000:0000:0202:b3ff:fe1e:8329]').
is_exiting_allowed())
def test_mixed_private_policy(self):
policy = get_config_policy(
'accept *:80, reject private:1-65533, accept *:*')
for rule in policy:
self.assertTrue(
rule.is_accept !=
rule.is_private()) # only reject rules are the private ones
self.assertEqual(get_config_policy('accept *:80, accept *:*'),
policy.strip_private())
def test_all_private_policy(self):
for port in ('*', '80', '1-1024'):
private_policy = get_config_policy('reject private:%s' % port, '12.34.56.78')
for rule in private_policy:
self.assertTrue(rule.is_private())
self.assertEqual(ExitPolicy(), private_policy.strip_private())
# though not commonly done, technically private policies can be accept rules too
private_policy = get_config_policy('accept private:*')
self.assertEqual(ExitPolicy(), private_policy.strip_private())
def test_all_private_policy(self):
for port in ('*', '80', '1-1024'):
private_policy = get_config_policy('reject private:%s' % port)
for rule in private_policy:
self.assertTrue(rule.is_private())
self.assertEqual(ExitPolicy(), private_policy.strip_private())
# though not commonly done, technically private policies can be accept rules too
private_policy = get_config_policy('accept private:*')
self.assertEqual(ExitPolicy(), private_policy.strip_private())
def test_without_port(self):
policy = get_config_policy('accept 216.58.193.78, reject *')
self.assertEqual([
ExitPolicyRule('accept 216.58.193.78:*'),
ExitPolicyRule('reject *:*')
], list(policy))
policy = get_config_policy(
'reject6 [2a00:1450:4001:081e:0000:0000:0000:200e]')
self.assertEqual([
ExitPolicyRule(
'reject [2a00:1450:4001:081e:0000:0000:0000:200e]:*')
], list(policy))
def test_mixed_default_policy(self):
policy = ExitPolicy('accept *:80', 'accept 127.0.0.1:1-65533', *DEFAULT_POLICY_RULES)
for rule in policy:
# only accept-all and reject rules are the default ones
self.assertTrue(rule.is_accept != rule.is_default() or (rule.is_accept and rule.is_address_wildcard() and rule.is_port_wildcard()))
self.assertEqual(get_config_policy('accept *:80, accept 127.0.0.1:1-65533'), policy.strip_default())
def test_non_private_non_default_policy(self):
policy = get_config_policy('reject *:80-65535, accept *:1-65533, reject *:*')
for rule in policy:
self.assertFalse(rule.is_private())
self.assertFalse(rule.is_default())
self.assertFalse(policy.has_private())
self.assertFalse(policy.has_default())
self.assertEqual(policy, policy.strip_private())
self.assertEqual(policy, policy.strip_default())
def test_mixed_default_policy(self):
policy = ExitPolicy('accept *:80', 'accept 127.0.0.1:1-65533',
*DEFAULT_POLICY_RULES)
for rule in policy:
# only accept-all and reject rules are the default ones
self.assertTrue(rule.is_accept != rule.is_default()
or (rule.is_accept and rule.is_address_wildcard()
and rule.is_port_wildcard()))
self.assertEqual(
get_config_policy('accept *:80, accept 127.0.0.1:1-65533'),
policy.strip_default())
def test_non_private_non_default_policy(self):
policy = get_config_policy(
'reject *:80-65535, accept *:1-65533, reject *:*')
for rule in policy:
self.assertFalse(rule.is_private())
self.assertFalse(rule.is_default())
self.assertFalse(policy.has_private())
self.assertFalse(policy.has_default())
self.assertEqual(policy, policy.strip_private())
self.assertEqual(policy, policy.strip_default())
def test_get_config_policy(self):
test_inputs = {
'':
ExitPolicy(),
'reject *':
ExitPolicy('reject *:*'),
'reject *:*':
ExitPolicy('reject *:*'),
'reject private':
ExitPolicy(
'reject 0.0.0.0/8:*',
'reject 169.254.0.0/16:*',
'reject 127.0.0.0/8:*',
'reject 192.168.0.0/16:*',
'reject 10.0.0.0/8:*',
'reject 172.16.0.0/12:*',
'reject 12.34.56.78:*',
),
'accept *:80, reject *':
ExitPolicy(
'accept *:80',
'reject *:*',
),
' accept *:80, reject * ':
ExitPolicy(
'accept *:80',
'reject *:*',
),
}
for test_input, expected in test_inputs.items():
self.assertEqual(expected,
get_config_policy(test_input, '12.34.56.78'))
test_inputs = (
'blarg',
'accept *:*:*',
'acceptt *:80',
'accept 257.0.0.1:80',
'accept *:999999',
)
for test_input in test_inputs:
self.assertRaises(ValueError, get_config_policy, test_input)
def test_get_config_policy(self):
test_inputs = {
"":
ExitPolicy(),
"reject *":
ExitPolicy('reject *:*'),
"reject *:*":
ExitPolicy('reject *:*'),
"reject private":
ExitPolicy(
'reject 0.0.0.0/8:*',
'reject 169.254.0.0/16:*',
'reject 127.0.0.0/8:*',
'reject 192.168.0.0/16:*',
'reject 10.0.0.0/8:*',
'reject 172.16.0.0/12:*',
),
"accept *:80, reject *":
ExitPolicy(
'accept *:80',
'reject *:*',
),
" accept *:80, reject * ":
ExitPolicy(
'accept *:80',
'reject *:*',
),
}
for test_input, expected in test_inputs.items():
self.assertEqual(expected, get_config_policy(test_input))
test_inputs = (
"blarg",
"accept *:*:*",
"acceptt *:80",
"accept 257.0.0.1:80",
"accept *:999999",
)
for test_input in test_inputs:
self.assertRaises(ValueError, get_config_policy, test_input)
def test_get_config_policy(self):
test_inputs = {
'': ExitPolicy(),
'reject *': ExitPolicy('reject *:*'),
'reject *:*': ExitPolicy('reject *:*'),
'reject private': ExitPolicy(
'reject 0.0.0.0/8:*',
'reject 169.254.0.0/16:*',
'reject 127.0.0.0/8:*',
'reject 192.168.0.0/16:*',
'reject 10.0.0.0/8:*',
'reject 172.16.0.0/12:*',
'reject 12.34.56.78:*',
),
'accept *:80, reject *': ExitPolicy(
'accept *:80',
'reject *:*',
),
' accept *:80, reject * ': ExitPolicy(
'accept *:80',
'reject *:*',
),
}
for test_input, expected in test_inputs.items():
self.assertEqual(expected, get_config_policy(test_input, '12.34.56.78'))
test_inputs = (
'blarg',
'accept *:*:*',
'acceptt *:80',
'accept 257.0.0.1:80',
'accept *:999999',
)
for test_input in test_inputs:
self.assertRaises(ValueError, get_config_policy, test_input)
def test_get_config_policy(self):
test_inputs = {
"": ExitPolicy(),
"reject *": ExitPolicy("reject *:*"),
"reject *:*": ExitPolicy("reject *:*"),
"reject private": ExitPolicy(
"reject 0.0.0.0/8:*",
"reject 169.254.0.0/16:*",
"reject 127.0.0.0/8:*",
"reject 192.168.0.0/16:*",
"reject 10.0.0.0/8:*",
"reject 172.16.0.0/12:*",
),
"accept *:80, reject *": ExitPolicy("accept *:80", "reject *:*"),
" accept *:80, reject * ": ExitPolicy("accept *:80", "reject *:*"),
}
for test_input, expected in test_inputs.items():
self.assertEqual(expected, get_config_policy(test_input))
test_inputs = ("blarg", "accept *:*:*", "acceptt *:80", "accept 257.0.0.1:80", "accept *:999999")
for test_input in test_inputs:
self.assertRaises(ValueError, get_config_policy, test_input)
def test_get_config_policy_with_ipv6(self):
# ensure our constructor accepts addresses both with and without brackets
self.assertTrue(get_config_policy('reject private:80', 'fe80:0000:0000:0000:0202:b3ff:fe1e:8329').is_exiting_allowed())
self.assertTrue(get_config_policy('reject private:80', '[fe80:0000:0000:0000:0202:b3ff:fe1e:8329]').is_exiting_allowed())
def test_all_private_policy_without_network(self):
for rule in get_config_policy('reject private:80, accept *:80'):
# all rules except the ending accept are part of the private policy
self.assertEqual(str(rule) != 'accept *:80', rule.is_private())
def test_all_private_policy_without_network(self):
for rule in get_config_policy('reject private:80, accept *:80'):
# all rules except the ending accept are part of the private policy
self.assertEqual(str(rule) != 'accept *:80', rule.is_private())
def test_without_port(self):
policy = get_config_policy('accept 216.58.193.78, reject *')
self.assertEqual([ExitPolicyRule('accept 216.58.193.78:*'), ExitPolicyRule('reject *:*')], list(policy))
policy = get_config_policy('reject6 [2a00:1450:4001:081e:0000:0000:0000:200e]')
self.assertEqual([ExitPolicyRule('reject [2a00:1450:4001:081e:0000:0000:0000:200e]:*')], list(policy))
