From 4bb71ae046a40f60eb23dcf584875ba6d5d46440 Mon Sep 17 00:00:00 2001 From: Dan Schaper Date: Tue, 24 Jan 2017 12:09:58 -0800 Subject: [PATCH] IPtables tests. mock commands for iptables check. Test setting IPTables ruleset. Test setting IPTables ruleset. Test for already configured IPTables rules. Test for addition of iptables rules. Can only mock so deep in the commands. --- test/test_automated_install.py | 52 ++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/test/test_automated_install.py b/test/test_automated_install.py index 48166fae..58d98939 100644 --- a/test/test_automated_install.py +++ b/test/test_automated_install.py @@ -114,6 +114,58 @@ def test_configureFirewall_no_firewall(Pihole): expected_stdout = 'No active firewall detected' assert expected_stdout in configureFirewall.stdout +def test_configureFirewall_IPTables_enabled_declined_no_errors(Pihole): + ''' confirms IPTables rules are not applied when IPTables is running, user declines ruleset ''' + # iptables command exists + mock_command('iptables', '', '0', Pihole) + # modinfo returns always true (ip_tables module check) + mock_command('modinfo', '', '0', Pihole) + # Whiptail dialog returns Cancel for user prompt + mock_command('whiptail', '', '1', Pihole) + configureFirewall = Pihole.run(''' + source /opt/pihole/basic-install.sh + configureFirewall + ''') + expected_stdout = 'Not installing firewall rulesets.' + assert expected_stdout in configureFirewall.stdout + +def test_configureFirewall_IPTables_enabled_rules_exist_no_errors(Pihole): + ''' confirms IPTables rules are not applied when IPTables is running and rules exist ''' + # iptables command exists and returns 0 on calls (should return 0 on iptables -C) + mock_command('iptables', '', '0', Pihole) + # modinfo returns always true (ip_tables module check) + mock_command('modinfo', '', '0', Pihole) + # Whiptail dialog returns Cancel for user prompt + mock_command('whiptail', '', '0', Pihole) + configureFirewall = Pihole.run(''' + source /opt/pihole/basic-install.sh + configureFirewall + ''') + expected_stdout = 'Installing new IPTables firewall rulesets' + assert expected_stdout in configureFirewall.stdout + firewall_calls = Pihole.run('cat /var/log/iptables').stdout + assert 'iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT' not in firewall_calls + assert 'iptables -I INPUT 1 -p tcp -m tcp --dport 53 -j ACCEPT' not in firewall_calls + assert 'iptables -I INPUT 1 -p udp -m udp --dport 53 -j ACCEPT' not in firewall_calls + +def test_configureFirewall_IPTables_enabled_not_exist_no_errors(Pihole): + ''' confirms IPTables rules are applied when IPTables is running and rules do not exist ''' + # iptables command and returns 1 on calls (should return 1 on iptables -C) + mock_command('iptables', '', '1', Pihole) + # modinfo returns always true (ip_tables module check) + mock_command('modinfo', '', '0', Pihole) + # Whiptail dialog returns Cancel for user prompt + mock_command('whiptail', '', '0', Pihole) + configureFirewall = Pihole.run(''' + source /opt/pihole/basic-install.sh + configureFirewall + ''') + expected_stdout = 'Installing new IPTables firewall rulesets' + assert expected_stdout in configureFirewall.stdout + firewall_calls = Pihole.run('cat /var/log/iptables').stdout + # Only check the first rule, since iptables returns a 1 from the mock command. + assert 'iptables -I INPUT 1 -p tcp -m tcp --dport 80 -j ACCEPT' in firewall_calls + # Helper functions def mock_command(script, result, retVal, container): ''' Allows for setup of commands we don't really want to have to run for real in unit tests '''