# HG changeset patch # User Branko Majic # Date 2013-06-23 23:25:07 # Node ID 94adf07f332cc483e55a95808a255e1114200f02 # Parent adb80c4c58a5f1051b9c6424ce3ed4a515d300b0 Implemented tests for the iptables utility classes. diff --git a/conntrackt/tests.py b/conntrackt/tests.py --- a/conntrackt/tests.py +++ b/conntrackt/tests.py @@ -1,16 +1,161 @@ -""" -This file demonstrates writing tests using the unittest module. These will pass -when you run "manage.py test". +# Django imports. +from django.test import TestCase + +# Application imports. +import iptables + + +class RuleTest(TestCase): + def test_output_case(self): + """ + Test that protocol name is lower-cased during rule generation. + """ + + rule = iptables.Rule("192.168.1.1/255.255.255.255", "192.168.1.2/255.255.255.255", "tCp", "80", description="Web server.") + self.assertEqual(str(rule), "-s 192.168.1.1/255.255.255.255 -d 192.168.1.2/255.255.255.255 -p tcp -m tcp --dport 80 -j ACCEPT") + + def test_output_tcp(self): + """ + Tests that a TCP rule is generated properly. + """ + + rule = iptables.Rule("192.168.1.1/255.255.255.255", "192.168.1.2/255.255.255.255", "TCP", "80", description="Web server.") + self.assertEqual(str(rule), "-s 192.168.1.1/255.255.255.255 -d 192.168.1.2/255.255.255.255 -p tcp -m tcp --dport 80 -j ACCEPT") + + def test_output_udp(self): + """ + Tests that a UDP rule is generated properly. + """ + + rule = iptables.Rule("192.168.1.1/255.255.255.255", "192.168.1.2/255.255.255.255", "UDP", "53", description="DNS server.") + self.assertEqual(str(rule), "-s 192.168.1.1/255.255.255.255 -d 192.168.1.2/255.255.255.255 -p udp -m udp --dport 53 -j ACCEPT") + + def test_output_icmp(self): + """ + Tests that an ICMP rule is generated properly. + """ + + rule = iptables.Rule("192.168.1.1/255.255.255.255", "192.168.1.2/255.255.255.255", "ICMP", "8", description="Ping.") + self.assertEqual(str(rule), "-s 192.168.1.1/255.255.255.255 -d 192.168.1.2/255.255.255.255 -p icmp -m icmp --icmp-type 8 -j ACCEPT") + + def test_unsupported_protocol(self): + """ + Tests that unsupported protocol will raise an exception. + """ + + self.assertRaises(ValueError, iptables.Rule, "192.168.1.1/255.255.255.255", "192.168.1.2/255.255.255.255", + "NONEXIST", "8", description="Non-existing") + + +class LoopbackRuleTest(TestCase): + def test_output(self): + """ + Tests that a loopback rule is generated properly. + """ + + rule = iptables.LoopbackRule() + self.assertEqual(str(rule), "-i lo -j ACCEPT") + -Replace this with more appropriate tests for your application. +class RelatedRuleTest(TestCase): + def test_output(self): + """ + Tests that a related rule is generated properly. + """ + + rule = iptables.RelatedRule() + self.assertEqual(str(rule), "-m state --state RELATED,ESTABLISHED -j ACCEPT") + + +class ChainTest(TestCase): + def test_output_empty(self): + """ + Test generation of empty chain. + """ + + chain = iptables.Chain("INPUT", "ACCEPT") + self.assertEqual(str(chain), ":INPUT ACCEPT [0:0]\n") + + def test_unsupported_protocol(self): + """ + Tests that unsupported target will raise an exception. + """ + + self.assertRaises(ValueError, iptables.Chain, "INPUT", "NOTARGET") + + def test_add_rule(self): + """ + Tests that the rule is being added to the chain properly. + """ + + chain = iptables.Chain("INPUT", "ACCEPT") + rule = iptables.Rule("192.168.1.1/255.255.255.255", "192.168.1.2/255.255.255.255", "TCP", "22", "SSH") + chain.add_rule(rule) + + self.assertItemsEqual(chain.rules, [rule]) + + def test_output(self): + """ + Tests that a chain is generated properly. + """ + + chain = iptables.Chain("INPUT", "ACCEPT") + + chain.add_rule(iptables.Rule("192.168.1.1/255.255.255.255", "192.168.1.2/255.255.255.255", "TCP", "80", "Web server")) + chain.add_rule(iptables.Rule("192.168.1.1/255.255.255.255", "192.168.1.3/255.255.255.255", "TCP", "80", "Web server")) + + chain.add_rule(iptables.Rule("192.168.1.1/255.255.255.255", "192.168.1.2/255.255.255.255", "TCP", "22", "SSH")) + chain.add_rule(iptables.Rule("192.168.1.1/255.255.255.255", "192.168.1.3/255.255.255.255", "TCP", "22", "")) + + expected_output = """:INPUT ACCEPT [0:0] +-A INPUT -s 192.168.1.1/255.255.255.255 -d 192.168.1.3/255.255.255.255 -p tcp -m tcp --dport 22 -j ACCEPT + +# SSH +-A INPUT -s 192.168.1.1/255.255.255.255 -d 192.168.1.2/255.255.255.255 -p tcp -m tcp --dport 22 -j ACCEPT + +# Web server +-A INPUT -s 192.168.1.1/255.255.255.255 -d 192.168.1.2/255.255.255.255 -p tcp -m tcp --dport 80 -j ACCEPT +-A INPUT -s 192.168.1.1/255.255.255.255 -d 192.168.1.3/255.255.255.255 -p tcp -m tcp --dport 80 -j ACCEPT + """ -from django.test import TestCase + self.assertEqual(str(chain), expected_output) -class SimpleTest(TestCase): - def test_basic_addition(self): +class TableTest(TestCase): + def test_output_empty(self): + """ + Tests that an empty table is generated properly. + """ + + table = iptables.Table("filter") + self.assertEqual(str(table), "*filter\nCOMMIT\n") + + def test_output(self): + """ + Tests that a table is generated properly. """ - Tests that 1 + 1 always equals 2. + + table = iptables.Table("filter") + table.add_chain(iptables.Chain("INPUT", "ACCEPT")) + table.add_chain(iptables.Chain("OUTPUT", "ACCEPT")) + table.add_chain(iptables.Chain("FORWARD", "ACCEPT")) + + expected_output = """*filter +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +COMMIT +""" + self.assertEqual(str(table), expected_output) + + def test_add_chain(self): """ - self.assertEqual(1 + 1, 2) + Tests that the chain is being added to the table properly. + """ + + table = iptables.Table("filter") + chain = iptables.Chain("INPUT", "ACCEPT") + table.add_chain(chain) + + self.assertItemsEqual(table.chains, [chain])