From ade0e8e8fc18ff9a0dd406206a85238f1f5a739d Mon Sep 17 00:00:00 2001 From: Kelly Brazil Date: Wed, 21 Apr 2021 09:09:23 -0700 Subject: [PATCH] add ufw tests --- tests/fixtures/generic/ufw-inactive.json | 1 + tests/fixtures/generic/ufw-inactive.out | 1 + tests/fixtures/generic/ufw-numbered.json | 1 + tests/fixtures/generic/ufw-numbered.out | 23 ++++++++++ tests/fixtures/generic/ufw.json | 1 + tests/fixtures/generic/ufw.out | 22 +++++++++ tests/test_ufw.py | 58 ++++++++++++++++++++++++ 7 files changed, 107 insertions(+) create mode 100644 tests/fixtures/generic/ufw-inactive.json create mode 100644 tests/fixtures/generic/ufw-inactive.out create mode 100644 tests/fixtures/generic/ufw-numbered.json create mode 100644 tests/fixtures/generic/ufw-numbered.out create mode 100644 tests/fixtures/generic/ufw.json create mode 100644 tests/fixtures/generic/ufw.out create mode 100644 tests/test_ufw.py diff --git a/tests/fixtures/generic/ufw-inactive.json b/tests/fixtures/generic/ufw-inactive.json new file mode 100644 index 00000000..1dd1cc6c --- /dev/null +++ b/tests/fixtures/generic/ufw-inactive.json @@ -0,0 +1 @@ +{"status":"inactive","rules":[]} diff --git a/tests/fixtures/generic/ufw-inactive.out b/tests/fixtures/generic/ufw-inactive.out new file mode 100644 index 00000000..91fecc6b --- /dev/null +++ b/tests/fixtures/generic/ufw-inactive.out @@ -0,0 +1 @@ +Status: inactive diff --git a/tests/fixtures/generic/ufw-numbered.json b/tests/fixtures/generic/ufw-numbered.json new file mode 100644 index 00000000..f9f97a09 --- /dev/null +++ b/tests/fixtures/generic/ufw-numbered.json @@ -0,0 +1 @@ +{"status":"active","logging":"on","logging_level":"low","default":"deny (incoming), allow (outgoing), deny (routed)","new_profiles":"skip","rules":[{"action":"ALLOW","action_direction":"IN","index":1,"network_protocol":"ipv4","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_ip":"0.0.0.0","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"OUT","index":2,"network_protocol":"ipv6","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"::","to_ip_prefix":"0","from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"DENY","action_direction":null,"index":3,"network_protocol":"ipv4","to_interface":"any","to_transport":"tcp","to_start_port":443,"to_end_port":443,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_interface":"any","from_ip":"192.168.0.1","from_ip_prefix":"32","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"DENY","action_direction":"OUT","index":4,"network_protocol":"ipv4","to_interface":"any","to_transport":"udp","to_start_port":443,"to_end_port":443,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_interface":"any","from_ip":"192.168.0.7","from_ip_prefix":"32","from_transport":"any","from_start_port":8080,"from_end_port":8081,"from_service":null},{"action":"ALLOW","action_direction":null,"index":5,"network_protocol":"ipv4","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_interface":"any","from_ip":"192.168.0.0","from_ip_prefix":"24","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":null,"index":6,"network_protocol":"ipv4","to_interface":"any","to_transport":"udp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_interface":"en0","from_ip":"192.168.0.0","from_ip_prefix":"24","from_transport":"any","from_start_port":8080,"from_end_port":8081,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":7,"network_protocol":"ipv6","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"::","to_ip_prefix":"0","from_interface":"en1","from_ip":"2405:204:7449:49fc:f09a:6f4a:bc93:1955","from_ip_prefix":"64","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":8,"network_protocol":"ipv4","to_interface":"any","to_transport":"any","to_start_port":80,"to_end_port":80,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_ip":"0.0.0.0","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":9,"network_protocol":"ipv6","to_interface":"any","to_transport":"any","to_start_port":8080,"to_end_port":8080,"to_service":null,"to_ip":"::","to_ip_prefix":"0","from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":10,"network_protocol":"ipv4","to_interface":"any","to_transport":null,"to_service":"Apache Full","to_start_port":null,"to_end_port":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_ip":"0.0.0.0","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":11,"network_protocol":"ipv6","to_interface":"any","to_transport":null,"to_service":"Apache Full","to_start_port":null,"to_end_port":null,"to_ip":"::","to_ip_prefix":"0","from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"DENY","action_direction":"IN","index":12,"network_protocol":"ipv6","to_interface":"any","to_transport":null,"to_service":"OpenSSH","to_start_port":null,"to_end_port":null,"to_ip":"::","to_ip_prefix":"0","from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":null,"index":13,"network_protocol":"ipv4","to_interface":"enp34s0","to_ip":"10.10.10.10","to_ip_prefix":"32","to_transport":"any","to_start_port":8080,"to_end_port":8080,"to_service":null,"from_interface":"any","from_ip":"127.0.0.1","from_ip_prefix":"32","from_transport":"any","from_start_port":8000,"from_end_port":8000,"from_service":null},{"action":"ALLOW","action_direction":null,"index":14,"network_protocol":"ipv6","to_interface":"any","to_transport":"tcp","to_start_port":50200,"to_end_port":50300,"to_service":null,"to_ip":"::","to_ip_prefix":"0","from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":15,"network_protocol":"ipv6","to_ip":"::","to_ip_prefix":"0","to_interface":"any","to_transport":"any","to_start_port":0,"to_end_port":65535,"to_service":null,"from_interface":"any","from_ip":"2405:204:7449:49fc:f09a:6f4a:bc93:1955","from_ip_prefix":"128","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null}]} diff --git a/tests/fixtures/generic/ufw-numbered.out b/tests/fixtures/generic/ufw-numbered.out new file mode 100644 index 00000000..bd42c6c3 --- /dev/null +++ b/tests/fixtures/generic/ufw-numbered.out @@ -0,0 +1,23 @@ +Status: active +Logging: on (low) +Default: deny (incoming), allow (outgoing), deny (routed) +New profiles: skip + +To Action From +-- ------ ---- +[ 1] 22/tcp ALLOW IN Anywhere +[ 2] 22/tcp (v6) ALLOW OUT Anywhere (v6) +[ 3] 443/tcp DENY 192.168.0.1 +[ 4] 443/udp DENY OUT 192.168.0.7 8080:8081 +[ 5] 22/tcp ALLOW 192.168.0.0/24 +[ 6] 22/udp ALLOW 192.168.0.0/24 8080:8081 on en0 +[ 7] 22/tcp (v6) ALLOW IN 2405:204:7449:49fc:f09a:6f4a:bc93:1955/64 on en1 +[ 8] 80 ALLOW IN Anywhere +[ 9] 8080 (v6) ALLOW IN Anywhere (v6) +[10] Apache Full ALLOW IN Anywhere +[11] Apache Full (v6) ALLOW IN Anywhere (v6) +[12] OpenSSH (v6) DENY IN Anywhere (v6) +[13] 10.10.10.10 8080 on enp34s0 ALLOW 127.0.0.1 8000 +[14] 50200:50300/tcp (v6) ALLOW Anywhere (v6) +[15] Anywhere (v6) ALLOW IN 2405:204:7449:49fc:f09a:6f4a:bc93:1955 + diff --git a/tests/fixtures/generic/ufw.json b/tests/fixtures/generic/ufw.json new file mode 100644 index 00000000..35157b64 --- /dev/null +++ b/tests/fixtures/generic/ufw.json @@ -0,0 +1 @@ +{"status":"active","logging":"on","logging_level":"low","default":"deny (incoming), allow (outgoing), deny (routed)","new_profiles":"skip","rules":[{"action":"ALLOW","action_direction":"IN","index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_ip":"0.0.0.0","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"OUT","index":null,"network_protocol":"ipv6","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"::","to_ip_prefix":"0","from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"DENY","action_direction":null,"index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":"tcp","to_start_port":443,"to_end_port":443,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_interface":"any","from_ip":"192.168.0.1","from_ip_prefix":"32","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"DENY","action_direction":"OUT","index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":"udp","to_start_port":443,"to_end_port":443,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_interface":"any","from_ip":"192.168.0.7","from_ip_prefix":"32","from_transport":"any","from_start_port":8080,"from_end_port":8081,"from_service":null},{"action":"ALLOW","action_direction":null,"index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_interface":"any","from_ip":"192.168.0.0","from_ip_prefix":"24","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":null,"index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":"udp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_interface":"en0","from_ip":"192.168.0.0","from_ip_prefix":"24","from_transport":"any","from_start_port":8080,"from_end_port":8081,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":null,"network_protocol":"ipv6","to_interface":"any","to_transport":"tcp","to_start_port":22,"to_end_port":22,"to_service":null,"to_ip":"::","to_ip_prefix":"0","from_interface":"en1","from_ip":"2405:204:7449:49fc:f09a:6f4a:bc93:1955","from_ip_prefix":"64","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":"any","to_start_port":80,"to_end_port":80,"to_service":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_ip":"0.0.0.0","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":null,"network_protocol":"ipv6","to_interface":"any","to_transport":"any","to_start_port":8080,"to_end_port":8080,"to_service":null,"to_ip":"::","to_ip_prefix":"0","from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":null,"network_protocol":"ipv4","to_interface":"any","to_transport":null,"to_service":"Apache Full","to_start_port":null,"to_end_port":null,"to_ip":"0.0.0.0","to_ip_prefix":"0","from_ip":"0.0.0.0","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":null,"network_protocol":"ipv6","to_interface":"any","to_transport":null,"to_service":"Apache Full","to_start_port":null,"to_end_port":null,"to_ip":"::","to_ip_prefix":"0","from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"DENY","action_direction":"IN","index":null,"network_protocol":"ipv6","to_interface":"any","to_transport":null,"to_service":"OpenSSH","to_start_port":null,"to_end_port":null,"to_ip":"::","to_ip_prefix":"0","from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":null,"index":null,"network_protocol":"ipv4","to_interface":"enp34s0","to_ip":"10.10.10.10","to_ip_prefix":"32","to_transport":"any","to_start_port":8080,"to_end_port":8080,"to_service":null,"from_interface":"any","from_ip":"127.0.0.1","from_ip_prefix":"32","from_transport":"any","from_start_port":8000,"from_end_port":8000,"from_service":null},{"action":"ALLOW","action_direction":null,"index":null,"network_protocol":"ipv6","to_interface":"any","to_transport":"tcp","to_start_port":50200,"to_end_port":50300,"to_service":null,"to_ip":"::","to_ip_prefix":"0","from_ip":"::","from_ip_prefix":"0","from_interface":"any","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null},{"action":"ALLOW","action_direction":"IN","index":null,"network_protocol":"ipv6","to_ip":"::","to_ip_prefix":"0","to_interface":"any","to_transport":"any","to_start_port":0,"to_end_port":65535,"to_service":null,"from_interface":"any","from_ip":"2405:204:7449:49fc:f09a:6f4a:bc93:1955","from_ip_prefix":"128","from_transport":"any","from_start_port":0,"from_end_port":65535,"from_service":null}]} diff --git a/tests/fixtures/generic/ufw.out b/tests/fixtures/generic/ufw.out new file mode 100644 index 00000000..99bca0f5 --- /dev/null +++ b/tests/fixtures/generic/ufw.out @@ -0,0 +1,22 @@ +Status: active +Logging: on (low) +Default: deny (incoming), allow (outgoing), deny (routed) +New profiles: skip + +To Action From +-- ------ ---- +22/tcp ALLOW IN Anywhere +22/tcp (v6) ALLOW OUT Anywhere (v6) +443/tcp DENY 192.168.0.1 +443/udp DENY OUT 192.168.0.7 8080:8081 +22/tcp ALLOW 192.168.0.0/24 +22/udp ALLOW 192.168.0.0/24 8080:8081 on en0 +22/tcp (v6) ALLOW IN 2405:204:7449:49fc:f09a:6f4a:bc93:1955/64 on en1 +80 ALLOW IN Anywhere +8080 (v6) ALLOW IN Anywhere (v6) +Apache Full ALLOW IN Anywhere +Apache Full (v6) ALLOW IN Anywhere (v6) +OpenSSH (v6) DENY IN Anywhere (v6) +10.10.10.10 8080 on enp34s0 ALLOW 127.0.0.1 8000 +50200:50300/tcp (v6) ALLOW Anywhere (v6) +Anywhere (v6) ALLOW IN 2405:204:7449:49fc:f09a:6f4a:bc93:1955 diff --git a/tests/test_ufw.py b/tests/test_ufw.py new file mode 100644 index 00000000..4b53eaeb --- /dev/null +++ b/tests/test_ufw.py @@ -0,0 +1,58 @@ +import os +import json +import unittest +import jc.parsers.ufw + +THIS_DIR = os.path.dirname(os.path.abspath(__file__)) + + +class MyTests(unittest.TestCase): + + def setUp(self): + # input + with open(os.path.join(THIS_DIR, os.pardir, 'tests/fixtures/generic/ufw.out'), 'r', encoding='utf-8') as f: + self.generic_ufw = f.read() + + with open(os.path.join(THIS_DIR, os.pardir, 'tests/fixtures/generic/ufw-numbered.out'), 'r', encoding='utf-8') as f: + self.generic_ufw_numbered = f.read() + + with open(os.path.join(THIS_DIR, os.pardir, 'tests/fixtures/generic/ufw-inactive.out'), 'r', encoding='utf-8') as f: + self.generic_ufw_inactive = f.read() + + # output + with open(os.path.join(THIS_DIR, os.pardir, 'tests/fixtures/generic/ufw.json'), 'r', encoding='utf-8') as f: + self.generic_ufw_json = json.loads(f.read()) + + with open(os.path.join(THIS_DIR, os.pardir, 'tests/fixtures/generic/ufw-numbered.json'), 'r', encoding='utf-8') as f: + self.generic_ufw_numbered_json = json.loads(f.read()) + + with open(os.path.join(THIS_DIR, os.pardir, 'tests/fixtures/generic/ufw-inactive.json'), 'r', encoding='utf-8') as f: + self.generic_ufw_inactive_json = json.loads(f.read()) + + def test_ufw_nodata(self): + """ + Test 'ufw' with no data + """ + self.assertEqual(jc.parsers.ufw.parse('', quiet=True), {}) + + def test_ufw_verbose(self): + """ + Test 'ufw status verbose' sample + """ + self.assertEqual(jc.parsers.ufw.parse(self.generic_ufw, quiet=True), self.generic_ufw_json) + + def test_ufw_verbose_numbered(self): + """ + Test 'ufw status verbose numbered' sample + """ + self.assertEqual(jc.parsers.ufw.parse(self.generic_ufw_numbered, quiet=True), self.generic_ufw_numbered_json) + + def test_ufw_inactive(self): + """ + Test 'ufw status' when firewall is inactive + """ + self.assertEqual(jc.parsers.ufw.parse(self.generic_ufw_inactive, quiet=True), self.generic_ufw_inactive_json) + + +if __name__ == '__main__': + unittest.main()