From adfe982bfd3f77ffb008b188c367fdf53fab7117 Mon Sep 17 00:00:00 2001 From: 3hhh Date: Sun, 16 May 2021 08:09:19 +0200 Subject: [PATCH] tests/firewall: added test for /dns/[ip]/[domain] info --- qubesagent/test_firewall.py | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/qubesagent/test_firewall.py b/qubesagent/test_firewall.py index 504ca7c..b87f605 100644 --- a/qubesagent/test_firewall.py +++ b/qubesagent/test_firewall.py @@ -32,7 +32,7 @@ class DummyQubesDB(object): def rm(self, path): if path.endswith('/'): - for key in self.entries: + for key in list(self.entries): if key.startswith(path): self.entries.pop(key) else: @@ -166,7 +166,7 @@ class NftablesWorker(qubesagent.firewall.NftablesWorker): else: return ['2001::1', '2001::2'] -class WorkerTestCase(TestCase): +class WorkerCommon(object): def assertPrepareRulesDnsRet(self, dns_ret, expected_domain, family): self.assertEqual(dns_ret.keys(), {expected_domain}) self.assertIsInstance(dns_ret[expected_domain], set) @@ -179,7 +179,18 @@ class WorkerTestCase(TestCase): else: raise ValueError() -class TestIptablesWorker(WorkerTestCase): + def test_701_dns_info(self): + rules = [ + {'action': 'accept', 'proto': 'tcp', + 'dstports': '80-80', 'dsthost': 'ripe.net'}, + {'action': 'drop'}, + ] + self.obj.apply_rules('10.137.0.1', rules) + self.assertIsNotNone(self.obj.qdb.read('/dns/10.137.0.1/ripe.net')) + self.obj.apply_rules('10.137.0.1', [{'action': 'drop'}]) + self.assertIsNone(self.obj.qdb.read('/dns/10.137.0.1/ripe.net')) + +class TestIptablesWorker(TestCase, WorkerCommon): def setUp(self): super(TestIptablesWorker, self).setUp() self.obj = IptablesWorker() @@ -398,8 +409,7 @@ class TestIptablesWorker(WorkerTestCase): ['-t', 'mangle', '-F', 'QBS-POSTROUTING'], ]) - -class TestNftablesWorker(WorkerTestCase): +class TestNftablesWorker(TestCase, WorkerCommon): def setUp(self): super(TestNftablesWorker, self).setUp() self.obj = NftablesWorker()