oxbrbtx/PrimAITE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

#2257: acl tests

Browse Source
This commit is contained in:
Czar Echavez
2024-02-15 16:29:36 +00:00
parent 48d7f9f85a
commit e390d8385c
3 changed files with 73 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tests/assets/configs/dmz_network.yaml
View File

@@ -218,17 +218,11 @@ simulation:
action: PERMIT action: PERMIT
src_port: ARP src_port: ARP
dst_port: ARP dst_port: ARP
23:
action: PERMIT
protocol: ICMP
external_outbound_acl: external_outbound_acl:
22: 22:
action: PERMIT action: PERMIT
src_port: ARP src_port: ARP
dst_port: ARP dst_port: ARP
23:
action: PERMIT
protocol: ICMP
routes: routes:
- address: 192.168.0.10 # route to client_1 - address: 192.168.0.10 # route to client_1
subnet_mask: 255.255.255.0 subnet_mask: 255.255.255.0

61
tests/integration_tests/configuration_file_parsing/nodes/network/test_firewall_config.py
View File

@@ -4,6 +4,9 @@ from primaite.simulator.network.container import Network
from primaite.simulator.network.hardware.nodes.host.computer import Computer from primaite.simulator.network.hardware.nodes.host.computer import Computer
from primaite.simulator.network.hardware.nodes.host.server import Server from primaite.simulator.network.hardware.nodes.host.server import Server
from primaite.simulator.network.hardware.nodes.network.firewall import Firewall from primaite.simulator.network.hardware.nodes.network.firewall import Firewall
from primaite.simulator.network.hardware.nodes.network.router import ACLAction
from primaite.simulator.network.transmission.network_layer import IPProtocol
from primaite.simulator.network.transmission.transport_layer import Port
from tests.integration_tests.configuration_file_parsing import DMZ_NETWORK, load_config from tests.integration_tests.configuration_file_parsing import DMZ_NETWORK, load_config
@@ -37,9 +40,63 @@ def test_firewall_routes_are_correctly_added(dmz_config):
assert external_server.ping(client_1.network_interface[1].ip_address) assert external_server.ping(client_1.network_interface[1].ip_address)
def test_firewall_acl_rules_correctly_added(): def test_firewall_acl_rules_correctly_added(dmz_config):
""" """
Test that makes sure that the firewall ACLs have been configured onto the firewall Test that makes sure that the firewall ACLs have been configured onto the firewall
node via configuration file. node via configuration file.
""" """
pass firewall: Firewall = dmz_config.get_node_by_hostname("firewall")
# ICMP and ARP should be allowed internal_inbound
assert firewall.internal_inbound_acl.num_rules == 2
assert firewall.internal_inbound_acl.acl[22].action == ACLAction.PERMIT
assert firewall.internal_inbound_acl.acl[22].src_port == Port.ARP
assert firewall.internal_inbound_acl.acl[22].dst_port == Port.ARP
assert firewall.internal_inbound_acl.acl[23].action == ACLAction.PERMIT
assert firewall.internal_inbound_acl.acl[23].protocol == IPProtocol.ICMP
assert firewall.internal_inbound_acl.implicit_action == ACLAction.DENY
# ICMP and ARP should be allowed internal_outbound
assert firewall.internal_outbound_acl.num_rules == 2
assert firewall.internal_outbound_acl.acl[22].action == ACLAction.PERMIT
assert firewall.internal_outbound_acl.acl[22].src_port == Port.ARP
assert firewall.internal_outbound_acl.acl[22].dst_port == Port.ARP
assert firewall.internal_outbound_acl.acl[23].action == ACLAction.PERMIT
assert firewall.internal_outbound_acl.acl[23].protocol == IPProtocol.ICMP
assert firewall.internal_outbound_acl.implicit_action == ACLAction.DENY
# ICMP and ARP should be allowed dmz_inbound
assert firewall.dmz_inbound_acl.num_rules == 2
assert firewall.dmz_inbound_acl.acl[22].action == ACLAction.PERMIT
assert firewall.dmz_inbound_acl.acl[22].src_port == Port.ARP
assert firewall.dmz_inbound_acl.acl[22].dst_port == Port.ARP
assert firewall.dmz_inbound_acl.acl[23].action == ACLAction.PERMIT
assert firewall.dmz_inbound_acl.acl[23].protocol == IPProtocol.ICMP
assert firewall.dmz_inbound_acl.implicit_action == ACLAction.DENY
# ICMP and ARP should be allowed dmz_outbound
assert firewall.dmz_outbound_acl.num_rules == 2
assert firewall.dmz_outbound_acl.acl[22].action == ACLAction.PERMIT
assert firewall.dmz_outbound_acl.acl[22].src_port == Port.ARP
assert firewall.dmz_outbound_acl.acl[22].dst_port == Port.ARP
assert firewall.dmz_outbound_acl.acl[23].action == ACLAction.PERMIT
assert firewall.dmz_outbound_acl.acl[23].protocol == IPProtocol.ICMP
assert firewall.dmz_outbound_acl.implicit_action == ACLAction.DENY
# ICMP and ARP should be allowed external_inbound
assert firewall.external_inbound_acl.num_rules == 1
assert firewall.external_inbound_acl.acl[22].action == ACLAction.PERMIT
assert firewall.external_inbound_acl.acl[22].src_port == Port.ARP
assert firewall.external_inbound_acl.acl[22].dst_port == Port.ARP
# external_inbound should have implicit action PERMIT
# ICMP does not have a provided ACL Rule but implicit action should allow anything
assert firewall.external_inbound_acl.implicit_action == ACLAction.PERMIT
# ICMP and ARP should be allowed external_outbound
assert firewall.external_outbound_acl.num_rules == 1
assert firewall.external_outbound_acl.acl[22].action == ACLAction.PERMIT
assert firewall.external_outbound_acl.acl[22].src_port == Port.ARP
assert firewall.external_outbound_acl.acl[22].dst_port == Port.ARP
# external_outbound should have implicit action PERMIT
# ICMP does not have a provided ACL Rule but implicit action should allow anything
assert firewall.external_outbound_acl.implicit_action == ACLAction.PERMIT

17
tests/integration_tests/configuration_file_parsing/nodes/network/test_router_config.py
View File

@@ -3,7 +3,9 @@ import pytest
from primaite.simulator.network.container import Network from primaite.simulator.network.container import Network
from primaite.simulator.network.hardware.nodes.host.computer import Computer from primaite.simulator.network.hardware.nodes.host.computer import Computer
from primaite.simulator.network.hardware.nodes.host.server import Server from primaite.simulator.network.hardware.nodes.host.server import Server
from primaite.simulator.network.hardware.nodes.network.router import Router from primaite.simulator.network.hardware.nodes.network.router import ACLAction, Router
from primaite.simulator.network.transmission.network_layer import IPProtocol
from primaite.simulator.network.transmission.transport_layer import Port
from tests.integration_tests.configuration_file_parsing import DMZ_NETWORK, load_config from tests.integration_tests.configuration_file_parsing import DMZ_NETWORK, load_config
@@ -49,6 +51,15 @@ def test_router_routes_are_correctly_added(dmz_config):
assert external_computer.ping(external_server.network_interface[1].ip_address) assert external_computer.ping(external_server.network_interface[1].ip_address)
def test_router_acl_rules_correctly_added(): def test_router_acl_rules_correctly_added(dmz_config):
"""Test that makes sure that the router ACLs have been configured onto the router node via configuration file.""" """Test that makes sure that the router ACLs have been configured onto the router node via configuration file."""
pass router_1: Router = dmz_config.get_node_by_hostname("router_1")
# ICMP and ARP should be allowed
assert router_1.acl.num_rules == 2
assert router_1.acl.acl[22].action == ACLAction.PERMIT
assert router_1.acl.acl[22].src_port == Port.ARP
assert router_1.acl.acl[22].dst_port == Port.ARP
assert router_1.acl.acl[23].action == ACLAction.PERMIT
assert router_1.acl.acl[23].protocol == IPProtocol.ICMP
assert router_1.acl.implicit_action == ACLAction.DENY