Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

tests/firewall: added test for /dns/[ip]/[domain] info

Browse Source
This commit is contained in:
3hhh 2021-05-16 08:09:19 +02:00
parent 3230f471b0
commit adfe982bfd
No known key found for this signature in database
GPG Key ID: EB03A691DB2F0833
1 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
qubesagent/test_firewall.py
View File

@ -32,7 +32,7 @@ class DummyQubesDB(object):
def rm(self, path): def rm(self, path):
if path.endswith('/'): if path.endswith('/'):
for key in self.entries: for key in list(self.entries):
if key.startswith(path): if key.startswith(path):
self.entries.pop(key) self.entries.pop(key)
else: else:
@ -166,7 +166,7 @@ class NftablesWorker(qubesagent.firewall.NftablesWorker):
else: else:
return ['2001::1', '2001::2'] return ['2001::1', '2001::2']
class WorkerTestCase(TestCase): class WorkerCommon(object):
def assertPrepareRulesDnsRet(self, dns_ret, expected_domain, family): def assertPrepareRulesDnsRet(self, dns_ret, expected_domain, family):
self.assertEqual(dns_ret.keys(), {expected_domain}) self.assertEqual(dns_ret.keys(), {expected_domain})
self.assertIsInstance(dns_ret[expected_domain], set) self.assertIsInstance(dns_ret[expected_domain], set)
@ -179,7 +179,18 @@ class WorkerTestCase(TestCase):
else: else:
raise ValueError() raise ValueError()
class TestIptablesWorker(WorkerTestCase): def test_701_dns_info(self):
rules = [
{'action': 'accept', 'proto': 'tcp',
'dstports': '80-80', 'dsthost': 'ripe.net'},
{'action': 'drop'},
]
self.obj.apply_rules('10.137.0.1', rules)
self.assertIsNotNone(self.obj.qdb.read('/dns/10.137.0.1/ripe.net'))
self.obj.apply_rules('10.137.0.1', [{'action': 'drop'}])
self.assertIsNone(self.obj.qdb.read('/dns/10.137.0.1/ripe.net'))
class TestIptablesWorker(TestCase, WorkerCommon):
def setUp(self): def setUp(self):
super(TestIptablesWorker, self).setUp() super(TestIptablesWorker, self).setUp()
self.obj = IptablesWorker() self.obj = IptablesWorker()
@ -398,8 +409,7 @@ class TestIptablesWorker(WorkerTestCase):
['-t', 'mangle', '-F', 'QBS-POSTROUTING'], ['-t', 'mangle', '-F', 'QBS-POSTROUTING'],
]) ])
class TestNftablesWorker(TestCase, WorkerCommon):
class TestNftablesWorker(WorkerTestCase):
def setUp(self): def setUp(self):
super(TestNftablesWorker, self).setUp() super(TestNftablesWorker, self).setUp()
self.obj = NftablesWorker() self.obj = NftablesWorker()