PrimAITE/tests/test_acl.py

# Crown Copyright (C) Dstl 2022. DEFCON 703. Shared in confidence.
"""Used to tes the ACL functions."""

from primaite.acl.access_control_list import AccessControlList
from primaite.acl.acl_rule import ACLRule


def test_acl_address_match_1():
    """Test that matching IP addresses produce True."""
    acl = AccessControlList(True, "DENY", 10)

    rule = ACLRule("ALLOW", "192.168.1.1", "192.168.1.2", "TCP", "80")

    assert acl.check_address_match(rule, "192.168.1.1", "192.168.1.2") == True


def test_acl_address_match_2():
    """Test that mismatching IP addresses produce False."""
    acl = AccessControlList(True, "DENY", 10)

    rule = ACLRule("ALLOW", "192.168.1.1", "192.168.1.2", "TCP", "80")

    assert acl.check_address_match(rule, "192.168.1.1", "192.168.1.3") == False


def test_acl_address_match_3():
    """Test the ANY condition for source IP addresses produce True."""
    acl = AccessControlList(True, "DENY", 10)

    rule = ACLRule("ALLOW", "ANY", "192.168.1.2", "TCP", "80")

    assert acl.check_address_match(rule, "192.168.1.1", "192.168.1.2") == True


def test_acl_address_match_4():
    """Test the ANY condition for dest IP addresses produce True."""
    acl = AccessControlList(True, "DENY", 10)

    rule = ACLRule("ALLOW", "192.168.1.1", "ANY", "TCP", "80")

    assert acl.check_address_match(rule, "192.168.1.1", "192.168.1.2") == True


def test_check_acl_block_affirmative():
    """Test the block function (affirmative)."""
    # Create the Access Control List
    acl = AccessControlList(True, "DENY", 10)

    # Create a rule
    acl_rule_permission = "ALLOW"
    acl_rule_source = "192.168.1.1"
    acl_rule_destination = "192.168.1.2"
    acl_rule_protocol = "TCP"
    acl_rule_port = "80"
    acl_position_in_list = "0"

    acl.add_rule(
        acl_rule_permission,
        acl_rule_source,
        acl_rule_destination,
        acl_rule_protocol,
        acl_rule_port,
        acl_position_in_list,
    )
    print(len(acl.acl), "len of acl list\n", acl.acl[0])
    assert acl.is_blocked("192.168.1.1", "192.168.1.2", "TCP", "80") == False


def test_check_acl_block_negative():
    """Test the block function (negative)."""
    # Create the Access Control List
    acl = AccessControlList(True, "DENY", 10)

    # Create a rule
    acl_rule_permission = "DENY"
    acl_rule_source = "192.168.1.1"
    acl_rule_destination = "192.168.1.2"
    acl_rule_protocol = "TCP"
    acl_rule_port = "80"
    acl_position_in_list = "0"

    acl.add_rule(
        acl_rule_permission,
        acl_rule_source,
        acl_rule_destination,
        acl_rule_protocol,
        acl_rule_port,
        acl_position_in_list,
    )

    assert acl.is_blocked("192.168.1.1", "192.168.1.2", "TCP", "80") == True


def test_rule_hash():
    """Test the rule hash."""
    # Create the Access Control List
    acl = AccessControlList(True, "DENY", 10)

    rule = ACLRule("DENY", "192.168.1.1", "192.168.1.2", "TCP", "80")
    hash_value_local = hash(rule)

    hash_value_remote = acl.get_dictionary_hash("DENY", "192.168.1.1", "192.168.1.2", "TCP", "80")

    assert hash_value_local == hash_value_remote
Initial commit of v1.0.0. Updated the .gitignore for the standard Python gitignore. Added Azure DevOps release pipeline for proper artifact release from the start. 2023-03-28 17:33:34 +01:00			`# Crown Copyright (C) Dstl 2022. DEFCON 703. Shared in confidence.`
Ran pre-commit hook on all files and performed changes to fix flake8 failures 2023-05-25 11:42:19 +01:00			`"""Used to tes the ACL functions."""`
Initial commit of v1.0.0. Updated the .gitignore for the standard Python gitignore. Added Azure DevOps release pipeline for proper artifact release from the start. 2023-03-28 17:33:34 +01:00
Package restructuring 2023-05-25 10:31:37 +01:00			`from primaite.acl.access_control_list import AccessControlList`
Ran pre-commit hook on all files and performed changes to fix flake8 failures 2023-05-25 11:42:19 +01:00			`from primaite.acl.acl_rule import ACLRule`
Initial commit of v1.0.0. Updated the .gitignore for the standard Python gitignore. Added Azure DevOps release pipeline for proper artifact release from the start. 2023-03-28 17:33:34 +01:00

Ran pre-commit hook on all files and performed changes to fix flake8 failures 2023-05-25 11:42:19 +01:00			`def test_acl_address_match_1():`
			`"""Test that matching IP addresses produce True."""`
901 - changed ACL instantiation and changed acl t private _acl (list not dict) attribute, added laydown_ACL.yaml for testing, fixed encoding of acl rules to integers for obs space, added ACL position to node action space and added generic test where agents adds two ACL rules. 2023-06-20 11:47:20 +01:00			`acl = AccessControlList(True, "DENY", 10)`
Initial commit of v1.0.0. Updated the .gitignore for the standard Python gitignore. Added Azure DevOps release pipeline for proper artifact release from the start. 2023-03-28 17:33:34 +01:00
			`rule = ACLRule("ALLOW", "192.168.1.1", "192.168.1.2", "TCP", "80")`

			`assert acl.check_address_match(rule, "192.168.1.1", "192.168.1.2") == True`


Ran pre-commit hook on all files and performed changes to fix flake8 failures 2023-05-25 11:42:19 +01:00			`def test_acl_address_match_2():`
			`"""Test that mismatching IP addresses produce False."""`
901 - changed ACL instantiation and changed acl t private _acl (list not dict) attribute, added laydown_ACL.yaml for testing, fixed encoding of acl rules to integers for obs space, added ACL position to node action space and added generic test where agents adds two ACL rules. 2023-06-20 11:47:20 +01:00			`acl = AccessControlList(True, "DENY", 10)`
Initial commit of v1.0.0. Updated the .gitignore for the standard Python gitignore. Added Azure DevOps release pipeline for proper artifact release from the start. 2023-03-28 17:33:34 +01:00
			`rule = ACLRule("ALLOW", "192.168.1.1", "192.168.1.2", "TCP", "80")`

			`assert acl.check_address_match(rule, "192.168.1.1", "192.168.1.3") == False`


Ran pre-commit hook on all files and performed changes to fix flake8 failures 2023-05-25 11:42:19 +01:00			`def test_acl_address_match_3():`
			`"""Test the ANY condition for source IP addresses produce True."""`
901 - changed ACL instantiation and changed acl t private _acl (list not dict) attribute, added laydown_ACL.yaml for testing, fixed encoding of acl rules to integers for obs space, added ACL position to node action space and added generic test where agents adds two ACL rules. 2023-06-20 11:47:20 +01:00			`acl = AccessControlList(True, "DENY", 10)`
Initial commit of v1.0.0. Updated the .gitignore for the standard Python gitignore. Added Azure DevOps release pipeline for proper artifact release from the start. 2023-03-28 17:33:34 +01:00
			`rule = ACLRule("ALLOW", "ANY", "192.168.1.2", "TCP", "80")`

			`assert acl.check_address_match(rule, "192.168.1.1", "192.168.1.2") == True`


Ran pre-commit hook on all files and performed changes to fix flake8 failures 2023-05-25 11:42:19 +01:00			`def test_acl_address_match_4():`
			`"""Test the ANY condition for dest IP addresses produce True."""`
901 - changed ACL instantiation and changed acl t private _acl (list not dict) attribute, added laydown_ACL.yaml for testing, fixed encoding of acl rules to integers for obs space, added ACL position to node action space and added generic test where agents adds two ACL rules. 2023-06-20 11:47:20 +01:00			`acl = AccessControlList(True, "DENY", 10)`
Initial commit of v1.0.0. Updated the .gitignore for the standard Python gitignore. Added Azure DevOps release pipeline for proper artifact release from the start. 2023-03-28 17:33:34 +01:00
			`rule = ACLRule("ALLOW", "192.168.1.1", "ANY", "TCP", "80")`

			`assert acl.check_address_match(rule, "192.168.1.1", "192.168.1.2") == True`


Ran pre-commit hook on all files and performed changes to fix flake8 failures 2023-05-25 11:42:19 +01:00			`def test_check_acl_block_affirmative():`
			`"""Test the block function (affirmative)."""`
Initial commit of v1.0.0. Updated the .gitignore for the standard Python gitignore. Added Azure DevOps release pipeline for proper artifact release from the start. 2023-03-28 17:33:34 +01:00			`# Create the Access Control List`
901 - changed ACL instantiation and changed acl t private _acl (list not dict) attribute, added laydown_ACL.yaml for testing, fixed encoding of acl rules to integers for obs space, added ACL position to node action space and added generic test where agents adds two ACL rules. 2023-06-20 11:47:20 +01:00			`acl = AccessControlList(True, "DENY", 10)`
Initial commit of v1.0.0. Updated the .gitignore for the standard Python gitignore. Added Azure DevOps release pipeline for proper artifact release from the start. 2023-03-28 17:33:34 +01:00
			`# Create a rule`
			`acl_rule_permission = "ALLOW"`
			`acl_rule_source = "192.168.1.1"`
			`acl_rule_destination = "192.168.1.2"`
			`acl_rule_protocol = "TCP"`
			`acl_rule_port = "80"`
901 - fixed test_acl.py tests 2023-06-13 10:01:55 +01:00			`acl_position_in_list = "0"`
Initial commit of v1.0.0. Updated the .gitignore for the standard Python gitignore. Added Azure DevOps release pipeline for proper artifact release from the start. 2023-03-28 17:33:34 +01:00
Ran pre-commit hook on all files and performed changes to fix flake8 failures 2023-05-25 11:42:19 +01:00			`acl.add_rule(`
			`acl_rule_permission,`
			`acl_rule_source,`
			`acl_rule_destination,`
			`acl_rule_protocol,`
			`acl_rule_port,`
901 - merged dev into my branch 2023-06-13 08:54:33 +01:00			`acl_position_in_list,`
Ran pre-commit hook on all files and performed changes to fix flake8 failures 2023-05-25 11:42:19 +01:00			`)`
901 - fixed how acls are added into list with new logic - agent cannot overwrite another acl in the list 2023-07-12 09:47:16 +01:00			`print(len(acl.acl), "len of acl list\n", acl.acl[0])`
Initial commit of v1.0.0. Updated the .gitignore for the standard Python gitignore. Added Azure DevOps release pipeline for proper artifact release from the start. 2023-03-28 17:33:34 +01:00			`assert acl.is_blocked("192.168.1.1", "192.168.1.2", "TCP", "80") == False`


Ran pre-commit hook on all files and performed changes to fix flake8 failures 2023-05-25 11:42:19 +01:00			`def test_check_acl_block_negative():`
			`"""Test the block function (negative)."""`
Initial commit of v1.0.0. Updated the .gitignore for the standard Python gitignore. Added Azure DevOps release pipeline for proper artifact release from the start. 2023-03-28 17:33:34 +01:00			`# Create the Access Control List`
901 - changed ACL instantiation and changed acl t private _acl (list not dict) attribute, added laydown_ACL.yaml for testing, fixed encoding of acl rules to integers for obs space, added ACL position to node action space and added generic test where agents adds two ACL rules. 2023-06-20 11:47:20 +01:00			`acl = AccessControlList(True, "DENY", 10)`
Initial commit of v1.0.0. Updated the .gitignore for the standard Python gitignore. Added Azure DevOps release pipeline for proper artifact release from the start. 2023-03-28 17:33:34 +01:00
			`# Create a rule`
			`acl_rule_permission = "DENY"`
			`acl_rule_source = "192.168.1.1"`
			`acl_rule_destination = "192.168.1.2"`
			`acl_rule_protocol = "TCP"`
			`acl_rule_port = "80"`
901 - fixed test_acl.py tests 2023-06-13 10:01:55 +01:00			`acl_position_in_list = "0"`
Initial commit of v1.0.0. Updated the .gitignore for the standard Python gitignore. Added Azure DevOps release pipeline for proper artifact release from the start. 2023-03-28 17:33:34 +01:00
Ran pre-commit hook on all files and performed changes to fix flake8 failures 2023-05-25 11:42:19 +01:00			`acl.add_rule(`
			`acl_rule_permission,`
			`acl_rule_source,`
			`acl_rule_destination,`
			`acl_rule_protocol,`
			`acl_rule_port,`
901 - merged dev into my branch 2023-06-13 08:54:33 +01:00			`acl_position_in_list,`
Ran pre-commit hook on all files and performed changes to fix flake8 failures 2023-05-25 11:42:19 +01:00			`)`
Initial commit of v1.0.0. Updated the .gitignore for the standard Python gitignore. Added Azure DevOps release pipeline for proper artifact release from the start. 2023-03-28 17:33:34 +01:00
			`assert acl.is_blocked("192.168.1.1", "192.168.1.2", "TCP", "80") == True`


Ran pre-commit hook on all files and performed changes to fix flake8 failures 2023-05-25 11:42:19 +01:00			`def test_rule_hash():`
			`"""Test the rule hash."""`
Initial commit of v1.0.0. Updated the .gitignore for the standard Python gitignore. Added Azure DevOps release pipeline for proper artifact release from the start. 2023-03-28 17:33:34 +01:00			`# Create the Access Control List`
901 - changed ACL instantiation and changed acl t private _acl (list not dict) attribute, added laydown_ACL.yaml for testing, fixed encoding of acl rules to integers for obs space, added ACL position to node action space and added generic test where agents adds two ACL rules. 2023-06-20 11:47:20 +01:00			`acl = AccessControlList(True, "DENY", 10)`
Initial commit of v1.0.0. Updated the .gitignore for the standard Python gitignore. Added Azure DevOps release pipeline for proper artifact release from the start. 2023-03-28 17:33:34 +01:00
			`rule = ACLRule("DENY", "192.168.1.1", "192.168.1.2", "TCP", "80")`
			`hash_value_local = hash(rule)`

#917 - Fixed the RLlib integration - Dropped support for overriding the num_episodes and num_steps at the agent level. It's just not needed and will add complexity when overriding and writing output files. 2023-06-30 16:52:57 +01:00			`hash_value_remote = acl.get_dictionary_hash("DENY", "192.168.1.1", "192.168.1.2", "TCP", "80")`
Initial commit of v1.0.0. Updated the .gitignore for the standard Python gitignore. Added Azure DevOps release pipeline for proper artifact release from the start. 2023-03-28 17:33:34 +01:00
			`assert hash_value_local == hash_value_remote`