class GenRulesUfwTestCase(MyBaseTest): def setUp(self): MyBaseTest.setUp(self) self.cmd = GenrulesCommand() @patch("fwadmin.management.commands.genrules.Command.OUTPUT", new_callable=StringIO) def test_gen_rules(self, mock_f): """ Test the ufw backend """ ComplexRule.objects.create( host=self.host, name="complex", from_net="192.168.2.0/24", permit=False, ip_protocol="UDP", port=53) self.cmd.handle("ufw") self.assertEqual( mock_f.getvalue(), "\n".join( ["# fw rules for %s (%s) owned by %s created at %s" % ( self.host.name, self.host.ip, self.owner.username, self.host.created_at), "ufw deny proto udp from 192.168.2.0/24 to 192.168.1.1 " "port 53", ]) )
class GenRulesUfwTestCase(MyBaseTest): def setUp(self): MyBaseTest.setUp(self) self.cmd = GenrulesCommand() @patch("fwadmin.management.commands.genrules.Command.OUTPUT", new_callable=StringIO) def test_gen_rules(self, mock_f): """ Test the ufw backend """ ComplexRule.objects.create(host=self.host, name="complex", from_net="192.168.2.0/24", permit=False, ip_protocol="UDP", port_range=53) self.cmd.handle("ufw") self.assertEqual( mock_f.getvalue(), "\n".join([ "# fw rules for %s (%s) owned by %s created at %s" % (self.host.name, self.host.ip, self.owner.username, self.host.created_at), "ufw deny proto udp from 192.168.2.0/24 to 192.168.1.1 " "port 53", ])) @patch("fwadmin.management.commands.genrules.Command.OUTPUT", new_callable=StringIO) def test_gen_rules_port_range(self, mock_f): """ Test the ufw backend port range """ ComplexRule.objects.create(host=self.host, name="complex", from_net="192.168.2.0/24", permit=False, ip_protocol="UDP", port_range="6000-6100") self.cmd.handle("ufw") self.assertEqual( mock_f.getvalue(), "\n".join([ "# fw rules for %s (%s) owned by %s created at %s" % (self.host.name, self.host.ip, self.owner.username, self.host.created_at), "ufw deny proto udp from 192.168.2.0/24 to 192.168.1.1 " "port 6000:6100", ]))
class GenRulesUfwTestCase(MyBaseTest): def setUp(self): MyBaseTest.setUp(self) self.cmd = GenrulesCommand() self.writer = UfwRulesWriter() @patch("fwadmin.management.commands.genrules.Command._write_rules") def test_gen_rules(self, mock_f): """ Test the ufw backend """ ComplexRule.objects.create( host=self.host, name="complex", from_net="192.168.2.0/24", permit=False, ip_protocol="UDP", port=53) self.cmd.print_firewall_rules(self.writer) mock_f.assert_called_with( ["# fw rules for %s (%s) owned by %s" % ( self.host.name, self.host.ip, self.owner.username), "ufw deny proto udp from 192.168.2.0/24 to 192.168.1.1 " "port 53", ])
class ManagementCommandsTestCase(MyBaseTest): def setUp(self): MyBaseTest.setUp(self) self.cmd = GenrulesCommand() self.writer = CiscoRulesWriter() @patch("fwadmin.management.commands.genrules.Command._write_rules") def test_no_gen_rules_unapproved(self, mock_f): """Ensure we do not write rules for unapproved hosts""" self.host.approved = False self.host.save() self.cmd.print_firewall_rules(self.writer) self.assertFalse(mock_f.called) self.assertEqual(mock_f.mock_calls, []) @patch("fwadmin.management.commands.genrules.Command._write_rules") def test_no_gen_rules_not_active(self, mock_f): """Ensure to not write rules for inactive hosts""" self.host.active = False self.host.save() self.cmd.print_firewall_rules(self.writer) self.assertEqual(mock_f.mock_calls, []) @patch("fwadmin.management.commands.genrules.Command._write_rules") def test_no_gen_rules_active_until_over(self, mock_f): """Ensure we do not write rules for hosts that are expired""" self.host.active_until = datetime.date.today() self.host.save() self.cmd.print_firewall_rules(self.writer) self.assertEqual(mock_f.mock_calls, []) @patch("fwadmin.management.commands.genrules.Command._write_rules") def test_gen_rules_complex(self, mock_f): """ Ensure complex rules are written """ ComplexRule.objects.create( host=self.host, name="complex", from_net="192.168.2.0/24", permit=False, ip_protocol="UDP", port=53) self.cmd.print_firewall_rules(self.writer) mock_f.assert_called_with( ["! fw rules for %s (%s) owned by %s" % ( self.host.name, self.host.ip, self.owner.username), "access-list %s deny UDP 192.168.2.0/24 host 192.168.1.1 eq 53" % FWADMIN_ACCESS_LIST_NR, ])
def setUp(self): MyBaseTest.setUp(self) self.cmd = GenrulesCommand()
class ManagementCommandsTestCase(MyBaseTest): def setUp(self): MyBaseTest.setUp(self) self.cmd = GenrulesCommand() @patch("fwadmin.management.commands.genrules.Command.OUTPUT", new_callable=StringIO) def test_no_gen_rules_unapproved(self, mock_f): """Ensure we do not write rules for unapproved hosts""" self.host.approved = False self.host.save() self.cmd.handle() self.assertEqual(mock_f.getvalue(), "") @patch("fwadmin.management.commands.genrules.Command.OUTPUT", new_callable=StringIO) def test_no_gen_rules_not_active(self, mock_f): """Ensure to not write rules for inactive hosts""" self.host.active = False self.host.save() self.cmd.handle() self.assertEqual(mock_f.getvalue(), "") @patch("fwadmin.management.commands.genrules.Command.OUTPUT", new_callable=StringIO) def test_no_gen_rules_active_until_over(self, mock_f): """Ensure we do not write rules for hosts that are expired""" self.host.active_until = datetime.date.today() self.host.save() self.cmd.handle() self.assertEqual(mock_f.getvalue(), "") @patch("fwadmin.management.commands.genrules.Command.OUTPUT", new_callable=StringIO) def test_gen_rules_complex(self, mock_f): """ Ensure complex rules are written """ ComplexRule.objects.create( host=self.host, name="complex", from_net="192.168.2.0/24", permit=False, ip_protocol="UDP", port_range=53) self.cmd.handle() self.assertEqual( mock_f.getvalue(), "\n".join( ["! fw rules for %s (%s) owned by %s created at %s" % ( self.host.name, self.host.ip, self.owner.username, self.host.created_at), "access-list %s deny UDP 192.168.2.0 0.0.0.255 " "host 192.168.1.1 eq 53" % FWADMIN_ACCESS_LIST_NR, ]) ) @patch("fwadmin.management.commands.genrules.Command.OUTPUT", new_callable=StringIO) def test_gen_rules_complex_range(self, mock_f): """ Ensure complex rule with port range is written """ ComplexRule.objects.create( host=self.host, name="complex", from_net="192.168.2.0/24", permit=False, ip_protocol="TCP", port_range="6000-6100") self.cmd.handle() self.assertEqual( mock_f.getvalue(), "\n".join( ["! fw rules for %s (%s) owned by %s created at %s" % ( self.host.name, self.host.ip, self.owner.username, self.host.created_at), "access-list %s deny TCP 192.168.2.0 0.0.0.255 " "host 192.168.1.1 range 6000 6100" % FWADMIN_ACCESS_LIST_NR, ]) ) @patch("fwadmin.management.commands.genrules.Command.OUTPUT", new_callable=StringIO) def test_gen_rules_header(self, mock_f): """ Ensure complex rules are written """ rule_header = "! my header" StaticRule.objects.create( type=StaticRule.HEADER, text=rule_header, ) rule_footer = "! my footer" StaticRule.objects.create( type=StaticRule.FOOTER, text=rule_footer ) ComplexRule.objects.create( host=self.host, name="complex", from_net="192.168.2.0/24", permit=False, ip_protocol="UDP", port_range=53) self.cmd.handle() rule_1_comment = "! fw rules for %s (%s) owned by %s created at %s" % ( self.host.name, self.host.ip, self.owner.username, self.host.created_at) rule_1 = "access-list %s deny UDP 192.168.2.0 0.0.0.255 host "\ "192.168.1.1 eq 53" % FWADMIN_ACCESS_LIST_NR self.assertEqual( mock_f.getvalue(), "\n".join([rule_header, rule_1_comment, rule_1, rule_footer, ]))
def setUp(self): MyBaseTest.setUp(self) self.cmd = GenrulesCommand() self.writer = UfwRulesWriter()
class ManagementCommandsTestCase(MyBaseTest): def setUp(self): MyBaseTest.setUp(self) self.cmd = GenrulesCommand() @patch("fwadmin.management.commands.genrules.Command.OUTPUT", new_callable=StringIO) def test_no_gen_rules_unapproved(self, mock_f): """Ensure we do not write rules for unapproved hosts""" self.host.approved = False self.host.save() self.cmd.handle() self.assertEqual(mock_f.getvalue(), "") @patch("fwadmin.management.commands.genrules.Command.OUTPUT", new_callable=StringIO) def test_no_gen_rules_not_active(self, mock_f): """Ensure to not write rules for inactive hosts""" self.host.active = False self.host.save() self.cmd.handle() self.assertEqual(mock_f.getvalue(), "") @patch("fwadmin.management.commands.genrules.Command.OUTPUT", new_callable=StringIO) def test_no_gen_rules_active_until_over(self, mock_f): """Ensure we do not write rules for hosts that are expired""" self.host.active_until = datetime.date.today() self.host.save() self.cmd.handle() self.assertEqual(mock_f.getvalue(), "") @patch("fwadmin.management.commands.genrules.Command.OUTPUT", new_callable=StringIO) def test_gen_rules_complex(self, mock_f): """ Ensure complex rules are written """ ComplexRule.objects.create(host=self.host, name="complex", from_net="192.168.2.0/24", permit=False, ip_protocol="UDP", port_range=53) self.cmd.handle() self.assertEqual( mock_f.getvalue(), "\n".join([ "! fw rules for %s (%s) owned by %s created at %s" % (self.host.name, self.host.ip, self.owner.username, self.host.created_at), "access-list %s deny UDP 192.168.2.0 0.0.0.255 " "host 192.168.1.1 eq 53" % FWADMIN_ACCESS_LIST_NR, ])) @patch("fwadmin.management.commands.genrules.Command.OUTPUT", new_callable=StringIO) def test_gen_rules_complex_range(self, mock_f): """ Ensure complex rule with port range is written """ ComplexRule.objects.create(host=self.host, name="complex", from_net="192.168.2.0/24", permit=False, ip_protocol="TCP", port_range="6000-6100") self.cmd.handle() self.assertEqual( mock_f.getvalue(), "\n".join([ "! fw rules for %s (%s) owned by %s created at %s" % (self.host.name, self.host.ip, self.owner.username, self.host.created_at), "access-list %s deny TCP 192.168.2.0 0.0.0.255 " "host 192.168.1.1 range 6000 6100" % FWADMIN_ACCESS_LIST_NR, ])) @patch("fwadmin.management.commands.genrules.Command.OUTPUT", new_callable=StringIO) def test_gen_rules_header(self, mock_f): """ Ensure complex rules are written """ rule_header = "! my header" StaticRule.objects.create( type=StaticRule.HEADER, text=rule_header, ) rule_footer = "! my footer" StaticRule.objects.create(type=StaticRule.FOOTER, text=rule_footer) ComplexRule.objects.create(host=self.host, name="complex", from_net="192.168.2.0/24", permit=False, ip_protocol="UDP", port_range=53) self.cmd.handle() rule_1_comment = "! fw rules for %s (%s) owned by %s created at %s" % ( self.host.name, self.host.ip, self.owner.username, self.host.created_at) rule_1 = "access-list %s deny UDP 192.168.2.0 0.0.0.255 host "\ "192.168.1.1 eq 53" % FWADMIN_ACCESS_LIST_NR self.assertEqual( mock_f.getvalue(), "\n".join([ rule_header, rule_1_comment, rule_1, rule_footer, ]))