105 lines
3.1 KiB
Python
105 lines
3.1 KiB
Python
# Crown Copyright (C) Dstl 2022. DEFCON 703. Shared in confidence.
|
|
"""Used to tes the ACL functions."""
|
|
|
|
from primaite.acl.access_control_list import AccessControlList
|
|
from primaite.acl.acl_rule import ACLRule
|
|
|
|
|
|
def test_acl_address_match_1():
|
|
"""Test that matching IP addresses produce True."""
|
|
acl = AccessControlList(True, "DENY", 10)
|
|
|
|
rule = ACLRule("ALLOW", "192.168.1.1", "192.168.1.2", "TCP", "80")
|
|
|
|
assert acl.check_address_match(rule, "192.168.1.1", "192.168.1.2") == True
|
|
|
|
|
|
def test_acl_address_match_2():
|
|
"""Test that mismatching IP addresses produce False."""
|
|
acl = AccessControlList(True, "DENY", 10)
|
|
|
|
rule = ACLRule("ALLOW", "192.168.1.1", "192.168.1.2", "TCP", "80")
|
|
|
|
assert acl.check_address_match(rule, "192.168.1.1", "192.168.1.3") == False
|
|
|
|
|
|
def test_acl_address_match_3():
|
|
"""Test the ANY condition for source IP addresses produce True."""
|
|
acl = AccessControlList(True, "DENY", 10)
|
|
|
|
rule = ACLRule("ALLOW", "ANY", "192.168.1.2", "TCP", "80")
|
|
|
|
assert acl.check_address_match(rule, "192.168.1.1", "192.168.1.2") == True
|
|
|
|
|
|
def test_acl_address_match_4():
|
|
"""Test the ANY condition for dest IP addresses produce True."""
|
|
acl = AccessControlList(True, "DENY", 10)
|
|
|
|
rule = ACLRule("ALLOW", "192.168.1.1", "ANY", "TCP", "80")
|
|
|
|
assert acl.check_address_match(rule, "192.168.1.1", "192.168.1.2") == True
|
|
|
|
|
|
def test_check_acl_block_affirmative():
|
|
"""Test the block function (affirmative)."""
|
|
# Create the Access Control List
|
|
acl = AccessControlList(True, "DENY", 10)
|
|
|
|
# Create a rule
|
|
acl_rule_permission = "ALLOW"
|
|
acl_rule_source = "192.168.1.1"
|
|
acl_rule_destination = "192.168.1.2"
|
|
acl_rule_protocol = "TCP"
|
|
acl_rule_port = "80"
|
|
acl_position_in_list = "0"
|
|
|
|
acl.add_rule(
|
|
acl_rule_permission,
|
|
acl_rule_source,
|
|
acl_rule_destination,
|
|
acl_rule_protocol,
|
|
acl_rule_port,
|
|
acl_position_in_list,
|
|
)
|
|
print(len(acl.acl), "len of acl list\n", acl.acl[0])
|
|
assert acl.is_blocked("192.168.1.1", "192.168.1.2", "TCP", "80") == False
|
|
|
|
|
|
def test_check_acl_block_negative():
|
|
"""Test the block function (negative)."""
|
|
# Create the Access Control List
|
|
acl = AccessControlList(True, "DENY", 10)
|
|
|
|
# Create a rule
|
|
acl_rule_permission = "DENY"
|
|
acl_rule_source = "192.168.1.1"
|
|
acl_rule_destination = "192.168.1.2"
|
|
acl_rule_protocol = "TCP"
|
|
acl_rule_port = "80"
|
|
acl_position_in_list = "0"
|
|
|
|
acl.add_rule(
|
|
acl_rule_permission,
|
|
acl_rule_source,
|
|
acl_rule_destination,
|
|
acl_rule_protocol,
|
|
acl_rule_port,
|
|
acl_position_in_list,
|
|
)
|
|
|
|
assert acl.is_blocked("192.168.1.1", "192.168.1.2", "TCP", "80") == True
|
|
|
|
|
|
def test_rule_hash():
|
|
"""Test the rule hash."""
|
|
# Create the Access Control List
|
|
acl = AccessControlList(True, "DENY", 10)
|
|
|
|
rule = ACLRule("DENY", "192.168.1.1", "192.168.1.2", "TCP", "80")
|
|
hash_value_local = hash(rule)
|
|
|
|
hash_value_remote = acl.get_dictionary_hash("DENY", "192.168.1.1", "192.168.1.2", "TCP", "80")
|
|
|
|
assert hash_value_local == hash_value_remote
|