2020-06-15 16:46:33 +00:00
|
|
|
import _ = require('lodash');
|
|
|
|
import { expect } from 'chai';
|
2020-07-10 14:02:07 +00:00
|
|
|
import { stub } from 'sinon';
|
|
|
|
import { child_process } from 'mz';
|
2020-06-15 16:46:33 +00:00
|
|
|
|
|
|
|
import * as firewall from '../../src/lib/firewall';
|
|
|
|
import * as iptables from '../../src/lib/iptables';
|
|
|
|
import { EventEmitter } from 'events';
|
2020-07-10 14:02:07 +00:00
|
|
|
import { Writable } from 'stream';
|
2020-06-15 16:46:33 +00:00
|
|
|
|
2020-08-12 11:16:55 +00:00
|
|
|
export enum RuleProperty {
|
|
|
|
NotSet,
|
|
|
|
}
|
|
|
|
|
|
|
|
export type Testable<T> = { [P in keyof T]?: T[P] | RuleProperty | undefined };
|
|
|
|
|
2020-06-15 16:46:33 +00:00
|
|
|
class FakeRuleAdaptor {
|
|
|
|
private rules: iptables.Rule[];
|
|
|
|
|
|
|
|
constructor() {
|
|
|
|
this.rules = [];
|
|
|
|
}
|
|
|
|
|
|
|
|
public getRuleAdaptor(): iptables.RuleAdaptor {
|
|
|
|
return this.ruleAdaptor.bind(this);
|
|
|
|
}
|
|
|
|
|
|
|
|
private async ruleAdaptor(rules: iptables.Rule[]): Promise<void> {
|
|
|
|
const handleRule = async (rule: iptables.Rule) => {
|
|
|
|
// remove any undefined values from the object...
|
|
|
|
for (const key of Object.getOwnPropertyNames(rule)) {
|
|
|
|
if ((rule as any)[key] === undefined) {
|
|
|
|
delete (rule as any)[key];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
this.rules.push(rule);
|
|
|
|
return '';
|
|
|
|
};
|
|
|
|
|
|
|
|
if (_.isArray(rules)) {
|
|
|
|
for (const rule of rules) {
|
|
|
|
await handleRule(rule);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
private isSameRule(
|
2020-08-12 11:16:55 +00:00
|
|
|
testable: Testable<iptables.Rule>,
|
2020-06-15 16:46:33 +00:00
|
|
|
rule: iptables.Rule,
|
|
|
|
): boolean {
|
2020-08-12 11:16:55 +00:00
|
|
|
const props = Object.getOwnPropertyNames(testable);
|
2020-06-15 16:46:33 +00:00
|
|
|
for (const prop of props) {
|
2020-08-12 11:16:55 +00:00
|
|
|
if (
|
|
|
|
_.get(testable, prop) === RuleProperty.NotSet &&
|
|
|
|
_.get(rule, prop) === undefined
|
|
|
|
) {
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2020-06-15 16:46:33 +00:00
|
|
|
if (
|
|
|
|
_.get(rule, prop) === undefined ||
|
2020-08-12 11:16:55 +00:00
|
|
|
!_.isEqual(_.get(rule, prop), _.get(testable, prop))
|
2020-06-15 16:46:33 +00:00
|
|
|
) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2020-08-12 11:16:55 +00:00
|
|
|
public expectRule(testRule: Testable<iptables.Rule>) {
|
|
|
|
const matchingIndex = (() => {
|
|
|
|
for (let i = 0; i < this.rules.length; i++) {
|
|
|
|
if (this.isSameRule(testRule, this.rules[i])) {
|
|
|
|
return i;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return -1;
|
|
|
|
})();
|
|
|
|
|
|
|
|
if (matchingIndex < 0) {
|
|
|
|
console.log({ testRule, rules: this.rules });
|
|
|
|
}
|
|
|
|
|
|
|
|
expect(matchingIndex).to.be.greaterThan(-1, `Rule has not been applied`);
|
|
|
|
|
|
|
|
return matchingIndex;
|
2020-06-15 16:46:33 +00:00
|
|
|
}
|
2020-08-12 11:16:55 +00:00
|
|
|
public expectNoRule(testRule: Testable<iptables.Rule>) {
|
2020-06-15 16:46:33 +00:00
|
|
|
return expect(
|
|
|
|
_.some(this.rules, (r) => this.isSameRule(testRule, r)),
|
|
|
|
).to.eq(
|
|
|
|
false,
|
|
|
|
`Rule has been applied: ${JSON.stringify(testRule)}\n\n${JSON.stringify(
|
|
|
|
this.rules,
|
|
|
|
null,
|
|
|
|
2,
|
|
|
|
)}`,
|
|
|
|
);
|
|
|
|
}
|
|
|
|
public clearHistory() {
|
|
|
|
this.rules = [];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-07-10 14:02:07 +00:00
|
|
|
export const realRuleAdaptor = iptables.getDefaultRuleAdaptor();
|
|
|
|
|
|
|
|
const fakeRuleAdaptorManager = new FakeRuleAdaptor();
|
|
|
|
const fakeRuleAdaptor = fakeRuleAdaptorManager.getRuleAdaptor();
|
|
|
|
|
2020-06-15 16:46:33 +00:00
|
|
|
// @ts-expect-error Assigning to a RO property
|
2020-07-10 14:02:07 +00:00
|
|
|
iptables.getDefaultRuleAdaptor = () => {
|
|
|
|
return fakeRuleAdaptor;
|
|
|
|
};
|
2020-06-15 16:46:33 +00:00
|
|
|
|
|
|
|
export interface MockedState {
|
|
|
|
hasAppliedRules: Promise<void>;
|
2020-08-12 11:16:55 +00:00
|
|
|
expectRule: (rule: Testable<iptables.Rule>) => number;
|
|
|
|
expectNoRule: (rule: Testable<iptables.Rule>) => void;
|
2020-06-15 16:46:33 +00:00
|
|
|
clearHistory: () => void;
|
|
|
|
}
|
|
|
|
|
|
|
|
export type MockedConext = (state: MockedState) => Promise<any>;
|
|
|
|
|
|
|
|
const applyFirewallRules = firewall.applyFirewallMode;
|
2020-07-10 14:02:07 +00:00
|
|
|
export const whilstMocked = async (
|
|
|
|
context: MockedConext,
|
|
|
|
ruleAdaptor: iptables.RuleAdaptor = fakeRuleAdaptor,
|
|
|
|
) => {
|
|
|
|
const getOriginalDefaultRuleAdaptor = iptables.getDefaultRuleAdaptor;
|
|
|
|
|
|
|
|
const spawnStub = stub(child_process, 'spawn').callsFake(() => {
|
|
|
|
const fakeProc = new EventEmitter();
|
|
|
|
(fakeProc as any).stdout = new EventEmitter();
|
|
|
|
|
|
|
|
const stdin = new Writable();
|
|
|
|
stdin._write = (
|
|
|
|
chunk: Buffer,
|
|
|
|
_encoding: string,
|
|
|
|
callback: (err?: Error) => void,
|
|
|
|
) => {
|
|
|
|
console.log(chunk.toString('utf8'));
|
|
|
|
callback();
|
|
|
|
fakeProc.emit('close', 1);
|
|
|
|
};
|
|
|
|
(fakeProc as any).stdin = stdin;
|
|
|
|
|
|
|
|
return fakeProc as any;
|
|
|
|
});
|
|
|
|
|
|
|
|
// @ts-expect-error Assigning to a RO property
|
|
|
|
iptables.getDefaultRuleAdaptor = () => {
|
|
|
|
return ruleAdaptor;
|
|
|
|
};
|
|
|
|
|
|
|
|
fakeRuleAdaptorManager.clearHistory();
|
2020-06-15 16:46:33 +00:00
|
|
|
|
|
|
|
const applied = new EventEmitter();
|
|
|
|
|
|
|
|
// @ts-expect-error Assigning to a RO property
|
|
|
|
firewall.applyFirewallMode = async (mode: string) => {
|
|
|
|
await applyFirewallRules(mode);
|
|
|
|
applied.emit('applied');
|
|
|
|
};
|
|
|
|
|
|
|
|
await context({
|
2020-07-10 14:02:07 +00:00
|
|
|
expectRule: (rule) => fakeRuleAdaptorManager.expectRule(rule),
|
|
|
|
expectNoRule: (rule) => fakeRuleAdaptorManager.expectNoRule(rule),
|
|
|
|
clearHistory: () => fakeRuleAdaptorManager.clearHistory(),
|
2020-06-15 16:46:33 +00:00
|
|
|
hasAppliedRules: new Promise((resolve) => {
|
|
|
|
applied.once('applied', () => resolve());
|
|
|
|
}),
|
|
|
|
});
|
|
|
|
|
|
|
|
// @ts-expect-error Assigning to a RO property
|
|
|
|
firewall.applyFirewallMode = applyFirewallRules;
|
2020-07-10 14:02:07 +00:00
|
|
|
|
|
|
|
spawnStub.restore();
|
|
|
|
|
|
|
|
// @ts-expect-error Assigning to a RO property
|
|
|
|
iptables.getDefaultRuleAdaptor = getOriginalDefaultRuleAdaptor;
|
2020-06-15 16:46:33 +00:00
|
|
|
};
|