示例#1
0
    def test_cidr_match_validation(self):
        """Check that invalid CIDR addresses are detected."""
        hints = [
            types.dynamic(types.STRING),
            types.literal(types.STRING),
            types.literal(types.STRING),
            types.literal(types.STRING),
        ]
        arguments = [
            Field("ip"),
            String("10.0.0.0/8"),
            String("b"),
            String("192.168.1.0/24"),
        ]
        position, _, _ = CidrMatch.validate(arguments, hints)
        self.assertEqual(position, 2)

        # test that missing / causes failure
        arguments[2].value = "55.55.55.0"
        position, _, _ = CidrMatch.validate(arguments, hints)
        self.assertEqual(position, 2)

        # test for invalid ip
        arguments[2].value = "55.55.256.0/24"
        position, _, _ = CidrMatch.validate(arguments, hints)
        self.assertEqual(position, 2)

        arguments[2].value = "55.55.55.0/24"
        position, _, _ = CidrMatch.validate(arguments, hints)
        self.assertIsNone(position)
示例#2
0
    def test_cidr_match_validation(self):
        """Check that invalid CIDR addresses are detected."""
        arguments = [
            Field("ip"),
            String("10.0.0.0/8"),
            String("b"),
            String("192.168.1.0/24"),
        ]
        info = [types.NodeInfo(arg, types.TypeHint.String) for arg in arguments]

        position = CidrMatch.validate(info)
        self.assertEqual(position, 2)

        # test that missing / causes failure
        info[2].node.value = "55.55.55.0"
        position = CidrMatch.validate(info)
        self.assertEqual(position, 2)

        # test for invalid ip
        info[2].node.value = "55.55.256.0/24"
        position = CidrMatch.validate(info)
        self.assertEqual(position, 2)

        info[2].node.value = "55.55.55.0/24"
        position = CidrMatch.validate(info)
        self.assertIsNone(position)
示例#3
0
    def test_cidr_ranges(self):
        """Check that CIDR ranges are correctly identified."""
        cidr_range = CidrMatch.to_range("10.0.0.0/8")
        self.assertListEqual(list(cidr_range), [(10, 0, 0, 0),
                                                (10, 255, 255, 255)])
        cidr_range = CidrMatch.to_range("123.45.67.189/32")
        self.assertListEqual(list(cidr_range), [(123, 45, 67, 189),
                                                (123, 45, 67, 189)])

        cidr_range = CidrMatch.to_range("0.0.0.0/0")
        self.assertListEqual(list(cidr_range), [(0, 0, 0, 0),
                                                (255, 255, 255, 255)])

        cidr_range = CidrMatch.to_range("192.168.15.2/22")
        self.assertListEqual(list(cidr_range), [(192, 168, 12, 0),
                                                (192, 168, 15, 255)])
示例#4
0
    def equals(cls, term, value):
        if utils.is_string(term) and utils.is_string(value):
            if CidrMatch.ip_compiled.match(term) and CidrMatch.cidr_compiled.match(value):
                # check for an ipv4 cidr
                if value not in cls.__cidr_cache:
                    cls.__cidr_cache[value] = CidrMatch.get_callback(None, eql.ast.String(value))
                return cls.__cidr_cache[value](term)

        return term == value
示例#5
0
    def test_cidr_regex(self):
        """Test that octet regex are correctly matching the range."""
        for _ in range(200):
            # make an ip address
            ip_addr = (
                random.randrange(256),
                random.randrange(256),
                random.randrange(256),
                random.randrange(256),
            )
            size = random.randrange(33)
            total_ips = 2**(32 - size)

            args = list(ip_addr)
            args.append(size)
            cidr_mask = "{:d}.{:d}.{:d}.{:d}/{:d}".format(*args)

            pattern = CidrMatch.make_cidr_regex(cidr_mask)

            regex = re.compile("^({})$".format(pattern))
            min_ip, max_ip = CidrMatch.to_range(cidr_mask)

            # randomly pick IPs that *are* in the range
            for _ in range(min(200, total_ips)):
                rand_addr = [
                    random.randrange(mn, mx + 1)
                    for mn, mx in zip(min_ip, max_ip)
                ]
                rand_ip = "{:d}.{:d}.{:d}.{:d}".format(*rand_addr)

                self.assertIsNotNone(regex.match(rand_ip))

            # todo: pick IPs that are definitely not in the range
            for _ in range(200):
                rand_addr = [random.randrange(0, 255) for _ in range(4)]
                in_subnet = all(
                    mn <= o <= mx
                    for o, mn, mx in zip(rand_addr, min_ip, max_ip))
                rand_ip = "{:d}.{:d}.{:d}.{:d}".format(*rand_addr)

                rv = regex.match(rand_ip) is not None
                self.assertEqual(rv, in_subnet)
示例#6
0
    def test_cidr_match_rewrite(self):
        """Test that cidrMatch() rewrites the arguments."""
        arguments = [
            Field("ip"),
            String("10.0.0.0/8"),
            String("172.169.18.19/31"),
            String("192.168.1.25/24"),
        ]
        hints = [
            types.dynamic(types.STRING),
            types.literal(types.STRING),
            types.literal(types.STRING),
            types.literal(types.STRING),
        ]

        position, new_arguments, type_hints = CidrMatch.validate(
            arguments, hints)
        self.assertEqual(position, None)

        # check that the original wasn't modified
        self.assertIsNot(arguments[2], new_arguments[2])

        # and that the values were set to the base of the subnet
        self.assertEqual(new_arguments[2].value, "172.169.18.18/31")
        self.assertEqual(new_arguments[3].value, "192.168.1.0/24")

        # test that /0 is working
        arguments[2] = String("1.2.3.4/0")
        position, new_arguments, type_hints = CidrMatch.validate(
            arguments, hints)

        self.assertIsNot(arguments[2], new_arguments[2])

        # and /32
        self.assertEqual(new_arguments[2].value, "0.0.0.0/0")
        arguments[2] = String("12.34.45.56/32")
        position, new_arguments, type_hints = CidrMatch.validate(
            arguments, hints)

        self.assertIsNone(position)
示例#7
0
    def test_cidr_match_rewrite(self):
        """Test that cidrMatch() rewrites the arguments."""
        arguments = [
            Field("ip"),
            String("10.0.0.0/8"),
            String("172.169.18.19/31"),
            String("192.168.1.25/24"),
        ]
        info = [types.NodeInfo(arg, types.TypeHint.String) for arg in arguments]

        position = CidrMatch.validate(info)
        self.assertEqual(position, None)

        new_arguments = [arg.node for arg in info]

        # check that the original were only modified to round the values
        self.assertIsNot(arguments[0], new_arguments[1])
        self.assertIsNot(arguments[1], new_arguments[1])
        self.assertIsNot(arguments[2], new_arguments[2])

        # and that the values were set to the base of the subnet
        self.assertEqual(new_arguments[2].value, "172.169.18.18/31")
        self.assertEqual(new_arguments[3].value, "192.168.1.0/24")

        # test that /0 is working
        info[2].node = String("1.2.3.4/0")
        position = CidrMatch.validate(info)
        new_arguments = [arg.node for arg in info]
        self.assertIsNone(position)
        self.assertIsNot(arguments[2], new_arguments[2])

        # and /32
        self.assertEqual(new_arguments[2].value, "0.0.0.0/0")
        info[2].node = String("12.34.45.56/32")
        position = CidrMatch.validate(info)

        self.assertIsNone(position)
示例#8
0
    def test_octet_regex(self):
        """Test that octet regex are correctly matching the range."""
        for _ in range(100):
            # too many possible combos, so we can just randomly generate them
            start = random.randrange(256)
            end = random.randrange(256)

            # order them correctly
            start, end = min(start, end), max(start, end)

            # now build the regex and check that each one matches
            regex = re.compile("^(" + CidrMatch.make_octet_re(start, end) +
                               ")$")
            for num in range(500):
                should_match = start <= num <= end
                did_match = regex.match(str(num)) is not None
                self.assertEqual(should_match, did_match)