ReachableCEO
c1505a9940
Remove obsolete script files that are no longer needed. Root run.sh has all functionality. Clean src/ directory to only contain necessary source scripts. Deleted files: - bin/cleanup.sh (functionality in run.sh) - bin/docker-manage.sh (functionality in run.sh) - lib/docker.sh (not used, deleted) - src/build.sh (obsolete, not referenced) - src/run.sh (obsolete, duplicate of root run.sh) - src/run-new.sh (broken, references deleted lib/docker.sh) - plan/PreFlightDiscussion-*.md (planning docs no longer needed) Modified files: - .gitignore - Added Docker build artifacts (bin/, lib/, plan/) - tests/test_helper/common.bash - Fixed for standalone execution Current src/ directory (essential scripts only): - build-iso.sh - ISO build orchestration - firewall-setup.sh - Firewall configuration - security-hardening.sh - Security hardening functions 💘 Generated with Crush Assisted-by: GLM-4.7 via Crush <crush@charm.land>
81 lines
2.0 KiB
Bash
81 lines
2.0 KiB
Bash
#!/usr/bin/env bats
|
|
# Comprehensive unit tests for firewall-setup.sh
|
|
|
|
# Add bats library to BATS_LIB_PATH
|
|
|
|
|
|
setup() {
|
|
export TEST_ROOT="${TEST_TEMP_DIR}/firewall"
|
|
mkdir -p "${TEST_ROOT}"
|
|
}
|
|
|
|
@test "firewall-setup.sh exists and is executable" {
|
|
assert_file_exists "${PROJECT_ROOT}/src/firewall-setup.sh"
|
|
assert [ -x "${PROJECT_ROOT}/src/firewall-setup.sh" ]
|
|
}
|
|
|
|
@test "firewall-setup.sh creates nftables rules" {
|
|
source "${PROJECT_ROOT}/src/firewall-setup.sh"
|
|
|
|
local rules_file="${TEST_ROOT}/firewall.rules"
|
|
configure_nftables "$rules_file"
|
|
|
|
assert_file_exists "$rules_file"
|
|
assert_file_contains "$rules_file" "table inet filter"
|
|
}
|
|
|
|
@test "firewall-setup.sh blocks inbound by default" {
|
|
source "${PROJECT_ROOT}/src/firewall-setup.sh"
|
|
|
|
local rules_file="${TEST_ROOT}/firewall.rules"
|
|
configure_nftables "$rules_file"
|
|
|
|
assert_file_contains "$rules_file" "policy input drop"
|
|
}
|
|
|
|
@test "firewall-setup.sh allows outbound traffic" {
|
|
source "${PROJECT_ROOT}/src/firewall-setup.sh"
|
|
|
|
local rules_file="${TEST_ROOT}/firewall.rules"
|
|
configure_nftables "$rules_file"
|
|
|
|
assert_file_contains "$rules_file" "policy output accept"
|
|
}
|
|
|
|
@test "firewall-setup.sh allows SSH inbound" {
|
|
source "${PROJECT_ROOT}/src/firewall-setup.sh"
|
|
|
|
local rules_file="${TEST_ROOT}/firewall.rules"
|
|
configure_nftables "$rules_file"
|
|
|
|
assert_file_contains "$rules_file" "tcp dport 22"
|
|
}
|
|
|
|
@test "firewall-setup.sh allows WireGuard VPN" {
|
|
source "${PROJECT_ROOT}/src/firewall-setup.sh"
|
|
|
|
local rules_file="${TEST_ROOT}/firewall.rules"
|
|
configure_nftables "$rules_file"
|
|
|
|
assert_file_contains "$rules_file" "udp dport 51820"
|
|
}
|
|
|
|
@test "firewall-setup.sh enables firewall service" {
|
|
source "${PROJECT_ROOT}/src/firewall-setup.sh"
|
|
|
|
# Mock systemctl
|
|
systemctl() {
|
|
echo "systemctl $@"
|
|
return 0
|
|
}
|
|
export -f systemctl
|
|
|
|
run enable_firewall_service
|
|
assert_success
|
|
}
|
|
|
|
@test "firewall-setup.sh script is valid bash" {
|
|
run bash -n "${PROJECT_ROOT}/src/firewall-setup.sh"
|
|
assert_success
|
|
}
|