1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #define private public
17 #include "iptables_rule_plugin.h"
18 #undef private
19 #include <gtest/gtest.h>
20
21 #include "edm_ipc_interface_code.h"
22 #include "utils.h"
23
24 using namespace testing::ext;
25 using namespace testing;
26
27 namespace OHOS {
28 namespace EDM {
29 namespace TEST {
30 class IptablesRulePluginTest : public testing::Test {
31 protected:
32 static void SetUpTestSuite(void);
33
34 static void TearDownTestSuite(void);
35
36 void ResetIptablesRule();
37 };
38
SetUpTestSuite(void)39 void IptablesRulePluginTest::SetUpTestSuite(void)
40 {
41 Utils::SetEdmInitialEnv();
42 }
43
TearDownTestSuite(void)44 void IptablesRulePluginTest::TearDownTestSuite(void)
45 {
46 Utils::ResetTokenTypeAndUid();
47 ASSERT_TRUE(Utils::IsOriginalUTEnv());
48 std::cout << "now ut process is orignal ut env : " << Utils::IsOriginalUTEnv() << std::endl;
49 }
50
ResetIptablesRule()51 void IptablesRulePluginTest::ResetIptablesRule()
52 {
53 IPTABLES::RemoveFilter removeFilter;
54 removeFilter.direction = IPTABLES::Direction::INPUT;
55 MessageParcel removeData;
56 MessageParcel removeReply;
57 IPTABLES::IptablesUtils::WriteRemoveFilterConfig(removeFilter, removeData);
58 HandlePolicyData handlePolicyData{"TestString", false};
59 std::uint32_t removeFuncCode =
60 POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::REMOVE, EdmInterfaceCode::IPTABLES_RULE);
61 std::shared_ptr<IptablesRulePlugin> plugin = std::make_shared<IptablesRulePlugin>();
62 plugin->OnHandlePolicy(removeFuncCode, removeData, removeReply, handlePolicyData, DEFAULT_USER_ID);
63
64 IPTABLES::RemoveFilter remoutOutFilter;
65 remoutOutFilter.direction = IPTABLES::Direction::OUTPUT;
66 MessageParcel removeOutData;
67 IPTABLES::IptablesUtils::WriteRemoveFilterConfig(remoutOutFilter, removeOutData);
68 plugin->OnHandlePolicy(removeFuncCode, removeOutData, removeReply, handlePolicyData, DEFAULT_USER_ID);
69 }
70
71 /**
72 * @tc.name: TestIptablesRulePluginErrorFuncCode
73 * @tc.desc: Test IptablesRulePlugin::OnSetPolicy error funccode.
74 * @tc.type: FUNC
75 */
76 HWTEST_F(IptablesRulePluginTest, TestIptablesRulePluginErrorFuncCode, TestSize.Level1)
77 {
78 std::shared_ptr<IptablesRulePlugin> plugin = std::make_shared<IptablesRulePlugin>();
79 MessageParcel data;
80 MessageParcel reply;
81 HandlePolicyData handlePolicyData{"TestString", false};
82 std::uint32_t funcCode = POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::GET, EdmInterfaceCode::IPTABLES_RULE);
83 ErrCode ret = plugin->OnHandlePolicy(funcCode, data, reply, handlePolicyData, DEFAULT_USER_ID);
84 ASSERT_TRUE(ret == EdmReturnErrCode::SYSTEM_ABNORMALLY);
85 }
86
87 /**
88 * @tc.name: TestIptablesRulePluginSetFunction
89 * @tc.desc: Test IptablesRulePlugin::OnHandlePolicy set function.
90 * @tc.type: FUNC
91 */
92 HWTEST_F(IptablesRulePluginTest, TestIptablesRulePluginSetFunction, TestSize.Level1)
93 {
94 std::shared_ptr<IptablesRulePlugin> plugin = std::make_shared<IptablesRulePlugin>();
95 IPTABLES::AddFilter addFilter;
96 MessageParcel data;
97 MessageParcel reply;
98 IPTABLES::IptablesUtils::WriteAddFilterConfig(addFilter, data);
99 HandlePolicyData handlePolicyData{"TestString", false};
100 std::uint32_t funcCode = POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::SET, EdmInterfaceCode::IPTABLES_RULE);
101 ErrCode ret = plugin->OnHandlePolicy(funcCode, data, reply, handlePolicyData, DEFAULT_USER_ID);
102 ASSERT_TRUE(ret == EdmReturnErrCode::PARAM_ERROR);
103 }
104
105 /**
106 * @tc.name: TestIptablesRulePluginRemoveFunction
107 * @tc.desc: Test IptablesRulePlugin::OnHandlePolicy remove function.
108 * @tc.type: FUNC
109 */
110 HWTEST_F(IptablesRulePluginTest, TestIptablesRulePluginRemoveFunction, TestSize.Level1)
111 {
112 std::shared_ptr<IptablesRulePlugin> plugin = std::make_shared<IptablesRulePlugin>();
113 IPTABLES::RemoveFilter filter;
114 MessageParcel data;
115 MessageParcel reply;
116 IPTABLES::IptablesUtils::WriteRemoveFilterConfig(filter, data);
117 HandlePolicyData handlePolicyData{"TestString", false};
118 std::uint32_t funcCode = POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::REMOVE, EdmInterfaceCode::IPTABLES_RULE);
119 ErrCode ret = plugin->OnHandlePolicy(funcCode, data, reply, handlePolicyData, DEFAULT_USER_ID);
120 ASSERT_TRUE(ret == EdmReturnErrCode::PARAM_ERROR);
121 }
122
123 /**
124 * @tc.name: TestIptablesRulePlugingGetPolicy
125 * @tc.desc: Test OnGetPolicy function.
126 * @tc.type: FUNC
127 */
128 HWTEST_F(IptablesRulePluginTest, TestIptablesRulePlugingGetPolicy, TestSize.Level1)
129 {
130 std::shared_ptr<IptablesRulePlugin> plugin = std::make_shared<IptablesRulePlugin>();
131 std::string policyData{"TestString"};
132 MessageParcel data;
133 MessageParcel reply;
134 ErrCode ret = plugin->OnGetPolicy(policyData, data, reply, DEFAULT_USER_ID);
135 ASSERT_TRUE(ret == ERR_OK);
136 }
137
138 /**
139 * @tc.name: TestAddIptablesFilterRule
140 * @tc.desc: Test IptablesRulePlugin::OnHandlePolicy test AddIptablesFilterRule
141 * @tc.type: FUNC
142 */
143 HWTEST_F(IptablesRulePluginTest, TestAddIptablesFilterRule, TestSize.Level1)
144 {
145 std::shared_ptr<IptablesRulePlugin> plugin = std::make_shared<IptablesRulePlugin>();
146 IPTABLES::AddFilter addFilter;
147 addFilter.action = IPTABLES::Action::DENY;
148 addFilter.direction = IPTABLES::Direction::INPUT;
149 addFilter.method = IPTABLES::AddMethod::INSERT;
150 addFilter.protocol = IPTABLES::Protocol::ICMP;
151 addFilter.ruleNo = 1;
152 addFilter.uid = "20230000";
153 addFilter.srcAddr = "192.192.192.192-202.202.202.202";
154 addFilter.destAddr = "203.203.203.203";
155 addFilter.srcPort = "999";
156 addFilter.destPort = "888";
157 MessageParcel data;
158 MessageParcel reply;
159 IPTABLES::IptablesUtils::WriteAddFilterConfig(addFilter, data);
160
161 IPTABLES::AddFilter addFilter2;
162 IPTABLES::IptablesUtils::ReadAddFilterConfig(addFilter2, data);
163 ASSERT_TRUE(addFilter2.action == IPTABLES::Action::DENY);
164 ASSERT_TRUE(addFilter2.direction == IPTABLES::Direction::INPUT);
165 ASSERT_TRUE(addFilter2.method == IPTABLES::AddMethod::INSERT);
166 ASSERT_TRUE(addFilter2.protocol == IPTABLES::Protocol::ICMP);
167 ASSERT_TRUE(addFilter2.ruleNo == 1);
168 ASSERT_TRUE(addFilter2.uid == "20230000");
169 ASSERT_TRUE(addFilter2.srcAddr == "192.192.192.192-202.202.202.202");
170 ASSERT_TRUE(addFilter2.destAddr == "203.203.203.203");
171 ASSERT_TRUE(addFilter2.srcPort == "999");
172 ASSERT_TRUE(addFilter2.destPort == "888");
173
174 HandlePolicyData handlePolicyData{"TestString", false};
175 std::uint32_t funcCode = POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::SET, EdmInterfaceCode::IPTABLES_RULE);
176 ErrCode ret = plugin->OnHandlePolicy(funcCode, data, reply, handlePolicyData, DEFAULT_USER_ID);
177 ASSERT_TRUE(ret == ERR_OK);
178
179 ResetIptablesRule();
180 }
181
182 /**
183 * @tc.name: TestRemoveIptablesFilterRule
184 * @tc.desc: Test IptablesRulePlugin::OnHandlePolicy test RemoveIptablesFilterRule.
185 * @tc.type: FUNC
186 */
187 HWTEST_F(IptablesRulePluginTest, TestRemoveIptablesFilterRule, TestSize.Level1)
188 {
189 std::shared_ptr<IptablesRulePlugin> plugin = std::make_shared<IptablesRulePlugin>();
190 IPTABLES::RemoveFilter filter;
191 filter.action = IPTABLES::Action::DENY;
192 filter.direction = IPTABLES::Direction::INPUT;
193 filter.protocol = IPTABLES::Protocol::TCP;
194 filter.srcAddr = "192.192.192.192";
195 filter.srcPort = "9090";
196 filter.destAddr = "192.192.192.1929999";
197 filter.destPort = "errorport";
198 MessageParcel data;
199 MessageParcel reply;
200 IPTABLES::IptablesUtils::WriteRemoveFilterConfig(filter, data);
201 IPTABLES::RemoveFilter filter2;
202 IPTABLES::IptablesUtils::ReadRemoveFilterConfig(filter2, data);
203 ASSERT_TRUE(filter2.action == IPTABLES::Action::DENY);
204 ASSERT_TRUE(filter2.direction == IPTABLES::Direction::INPUT);
205 ASSERT_TRUE(filter2.protocol == IPTABLES::Protocol::TCP);
206 ASSERT_TRUE(filter2.srcAddr == "192.192.192.192");
207 ASSERT_TRUE(filter2.srcPort == "9090");
208 ASSERT_TRUE(filter2.destAddr == "192.192.192.1929999");
209 ASSERT_TRUE(filter2.destPort == "errorport");
210
211 HandlePolicyData handlePolicyData{"TestString", false};
212 std::uint32_t funcCode = POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::REMOVE, EdmInterfaceCode::IPTABLES_RULE);
213 ErrCode ret = plugin->OnHandlePolicy(funcCode, data, reply, handlePolicyData, DEFAULT_USER_ID);
214 ASSERT_TRUE(ret == ERR_OK);
215 }
216
217 /**
218 * @tc.name: TestExecRemoveFilterIptablesCommand
219 * @tc.desc: Test IptablesRulePlugin::OnHandlePolicy test ExecRemoveFilterIptablesCommand.
220 * @tc.type: FUNC
221 */
222 HWTEST_F(IptablesRulePluginTest, TestExecRemoveFilterIptablesCommand, TestSize.Level1)
223 {
224 std::shared_ptr<IptablesRulePlugin> plugin = std::make_shared<IptablesRulePlugin>();
225 IPTABLES::RemoveFilter filter;
226 filter.direction = IPTABLES::Direction::INVALID;
227 MessageParcel data;
228 MessageParcel reply;
229 IPTABLES::IptablesUtils::WriteRemoveFilterConfig(filter, data);
230 HandlePolicyData handlePolicyData{"TestString", false};
231 std::uint32_t funcCode = POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::REMOVE, EdmInterfaceCode::IPTABLES_RULE);
232 ErrCode ret = plugin->OnHandlePolicy(funcCode, data, reply, handlePolicyData, DEFAULT_USER_ID);
233 ASSERT_TRUE(ret == EdmReturnErrCode::PARAM_ERROR);
234 }
235
236 /**
237 * @tc.name: TestOnHandlePolicyExecRemoveFilterBySimpleCommand
238 * @tc.desc: Test IptablesRulePlugin::OnHandlePolicy test ExecRemoveFilterBySimpleCommand.
239 * @tc.type: FUNC
240 */
241 HWTEST_F(IptablesRulePluginTest, TestOnHandlePolicyExecRemoveFilterBySimpleCommand, TestSize.Level1)
242 {
243 std::shared_ptr<IptablesRulePlugin> plugin = std::make_shared<IptablesRulePlugin>();
244 IPTABLES::RemoveFilter filter;
245 filter.direction = IPTABLES::Direction::INPUT;
246 MessageParcel data;
247 MessageParcel reply;
248 IPTABLES::IptablesUtils::WriteRemoveFilterConfig(filter, data);
249 HandlePolicyData handlePolicyData{"TestString", false};
250 std::uint32_t funcCode = POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::REMOVE, EdmInterfaceCode::IPTABLES_RULE);
251 ErrCode ret = plugin->OnHandlePolicy(funcCode, data, reply, handlePolicyData, DEFAULT_USER_ID);
252 ASSERT_TRUE(ret == ERR_OK);
253 }
254
255 /**
256 * @tc.name: TestExecRemoveFilterBySimpleCommand
257 * @tc.desc: Test IptablesRulePlugin ExecRemoveFilterBySimpleCommand.
258 * @tc.type: FUNC
259 */
260 HWTEST_F(IptablesRulePluginTest, TestExecRemoveFilterBySimpleCommand, TestSize.Level1)
261 {
262 std::shared_ptr<IptablesRulePlugin> plugin = std::make_shared<IptablesRulePlugin>();
263 std::string command;
264 ErrCode ret = plugin->ExecRemoveFilterBySimpleCommand(IPTABLES::Direction::INPUT);
265 ASSERT_TRUE(ret == ERR_OK);
266 ret = plugin->ExecRemoveFilterBySimpleCommand(IPTABLES::Direction::OUTPUT);
267 ASSERT_TRUE(ret == ERR_OK);
268 ret = plugin->ExecRemoveFilterBySimpleCommand(IPTABLES::Direction::INVALID);
269 ASSERT_TRUE(ret == EdmReturnErrCode::PARAM_ERROR);
270 }
271
272 /**
273 * @tc.name: TestExecRemoveFilterByDetailedCommand
274 * @tc.desc: Test IptablesRulePlugin::OnHandlePolicy test ExecRemoveFilterByDetailedCommand.
275 * @tc.type: FUNC
276 */
277 HWTEST_F(IptablesRulePluginTest, TestExecRemoveFilterByDetailedCommand, TestSize.Level1)
278 {
279 std::shared_ptr<IptablesRulePlugin> plugin = std::make_shared<IptablesRulePlugin>();
280 IPTABLES::RemoveFilter filter;
281 filter.action = IPTABLES::Action::DENY;
282 filter.direction = IPTABLES::Direction::INPUT;
283 filter.protocol = IPTABLES::Protocol::TCP;
284 filter.srcAddr = "192.192.192.192";
285 filter.srcPort = "9090";
286 filter.destAddr = "192.192.192.1929999";
287 filter.destPort = "errorport";
288 MessageParcel data;
289 MessageParcel reply;
290 IPTABLES::IptablesUtils::WriteRemoveFilterConfig(filter, data);
291 HandlePolicyData handlePolicyData{"TestString", false};
292 std::uint32_t funcCode = POLICY_FUNC_CODE((std::uint32_t)FuncOperateType::REMOVE, EdmInterfaceCode::IPTABLES_RULE);
293 ErrCode ret = plugin->OnHandlePolicy(funcCode, data, reply, handlePolicyData, DEFAULT_USER_ID);
294 ASSERT_TRUE(ret == ERR_OK);
295 }
296
297 /**
298 * @tc.name: TestProcessFirewallAction
299 * @tc.desc: Test IptablesRulePlugin::ProcessFirewallAction
300 * @tc.type: FUNC
301 */
302 HWTEST_F(IptablesRulePluginTest, TestProcessFirewallAction, TestSize.Level1)
303 {
304 std::shared_ptr<IPTABLES::IptablesUtils> plugin = std::make_shared<IPTABLES::IptablesUtils>();
305 IPTABLES::Action action = IPTABLES::Action::DENY;
306 bool ret = plugin->ProcessFirewallAction(static_cast<int32_t>(IPTABLES::Action::ALLOW), action);
307 ASSERT_TRUE(ret);
308 ret = plugin->ProcessFirewallAction(static_cast<int32_t>(IPTABLES::Action::DENY), action);
309 ASSERT_TRUE(ret);
310 ret = plugin->ProcessFirewallAction(static_cast<int32_t>(IPTABLES::Action::INVALID), action);
311 ASSERT_FALSE(ret);
312 }
313
314 /**
315 * @tc.name: TestProcessFirewallMethod
316 * @tc.desc: Test IptablesRulePlugin::ProcessFirewallMethod
317 * @tc.type: FUNC
318 */
319 HWTEST_F(IptablesRulePluginTest, TestProcessFirewallMethod, TestSize.Level1)
320 {
321 std::shared_ptr<IPTABLES::IptablesUtils> plugin = std::make_shared<IPTABLES::IptablesUtils>();
322 IPTABLES::AddMethod method = IPTABLES::AddMethod::INSERT;
323 bool ret = plugin->ProcessFirewallMethod(static_cast<int32_t>(IPTABLES::AddMethod::APPEND), method);
324 ASSERT_TRUE(ret);
325 ret = plugin->ProcessFirewallMethod(static_cast<int32_t>(IPTABLES::AddMethod::INSERT), method);
326 ASSERT_TRUE(ret);
327 ret = plugin->ProcessFirewallMethod(static_cast<int32_t>(IPTABLES::AddMethod::INVALID), method);
328 ASSERT_FALSE(ret);
329 }
330
331 /**
332 * @tc.name: TestProcessFirewallDirection
333 * @tc.desc: Test IptablesRulePlugin::ProcessFirewallDirection
334 * @tc.type: FUNC
335 */
336 HWTEST_F(IptablesRulePluginTest, TestProcessFirewallDirection, TestSize.Level1)
337 {
338 std::shared_ptr<IPTABLES::IptablesUtils> plugin = std::make_shared<IPTABLES::IptablesUtils>();
339 IPTABLES::Direction direction = IPTABLES::Direction::OUTPUT;
340 bool ret = plugin->ProcessFirewallDirection(static_cast<int32_t>(IPTABLES::Direction::INPUT), direction);
341 ASSERT_TRUE(ret);
342 ret = plugin->ProcessFirewallDirection(static_cast<int32_t>(IPTABLES::Direction::OUTPUT), direction);
343 ASSERT_TRUE(ret);
344 ret = plugin->ProcessFirewallDirection(static_cast<int32_t>(IPTABLES::Direction::INVALID), direction);
345 ASSERT_FALSE(ret);
346 }
347
348 /**
349 * @tc.name: TestProcessFirewallProtocol
350 * @tc.desc: Test IptablesRulePlugin::ProcessFirewallProtocol
351 * @tc.type: FUNC
352 */
353 HWTEST_F(IptablesRulePluginTest, TestProcessFirewallProtocol, TestSize.Level1)
354 {
355 std::shared_ptr<IPTABLES::IptablesUtils> plugin = std::make_shared<IPTABLES::IptablesUtils>();
356 IPTABLES::Protocol protocol = IPTABLES::Protocol::TCP;
357 plugin->ProcessFirewallProtocol(static_cast<int32_t>(IPTABLES::Protocol::ALL), protocol);
358 ASSERT_TRUE(protocol == IPTABLES::Protocol::ALL);
359 plugin->ProcessFirewallProtocol(static_cast<int32_t>(IPTABLES::Protocol::TCP), protocol);
360 ASSERT_TRUE(protocol == IPTABLES::Protocol::TCP);
361 plugin->ProcessFirewallProtocol(static_cast<int32_t>(IPTABLES::Protocol::UDP), protocol);
362 ASSERT_TRUE(protocol == IPTABLES::Protocol::UDP);
363 plugin->ProcessFirewallProtocol(static_cast<int32_t>(IPTABLES::Protocol::ICMP), protocol);
364 ASSERT_TRUE(protocol == IPTABLES::Protocol::ICMP);
365 plugin->ProcessFirewallProtocol(static_cast<int32_t>(IPTABLES::Protocol::INVALID), protocol);
366 ASSERT_FALSE(protocol == IPTABLES::Protocol::INVALID);
367 }
368
369 /**
370 * @tc.name: TestConvertChainCommand
371 * @tc.desc: Test IptablesRulePlugin::OnHandlePolicy test ConvertChainCommand.
372 * @tc.type: FUNC
373 */
374 HWTEST_F(IptablesRulePluginTest, TestConvertChainCommand, TestSize.Level1)
375 {
376 std::shared_ptr<IptablesRulePlugin> plugin = std::make_shared<IptablesRulePlugin>();
377 std::string command;
378 bool ret = plugin->ConvertChainCommand(IPTABLES::Action::ALLOW, IPTABLES::Direction::INPUT, command);
379 ASSERT_TRUE(ret);
380 ret = plugin->ConvertChainCommand(IPTABLES::Action::ALLOW, IPTABLES::Direction::OUTPUT, command);
381 ASSERT_TRUE(ret);
382 ret = plugin->ConvertChainCommand(IPTABLES::Action::DENY, IPTABLES::Direction::INPUT, command);
383 ASSERT_TRUE(ret);
384 ret = plugin->ConvertChainCommand(IPTABLES::Action::DENY, IPTABLES::Direction::OUTPUT, command);
385 ASSERT_TRUE(ret);
386 ret = plugin->ConvertChainCommand(IPTABLES::Action::INVALID, IPTABLES::Direction::INVALID, command);
387 ASSERT_FALSE(ret);
388 }
389
390 /**
391 * @tc.name: TestConvertProtocolCommand
392 * @tc.desc: Test IptablesRulePlugin::ConvertProtocolCommand
393 * @tc.type: FUNC
394 */
395 HWTEST_F(IptablesRulePluginTest, TestConvertProtocolCommand, TestSize.Level1)
396 {
397 std::shared_ptr<IptablesRulePlugin> plugin = std::make_shared<IptablesRulePlugin>();
398 std::string command1;
399 plugin->ConvertProtocolCommand(IPTABLES::Protocol::ALL, command1);
400 ASSERT_TRUE(command1 == " -p all");
401
402 std::string command2;
403 plugin->ConvertProtocolCommand(IPTABLES::Protocol::TCP, command2);
404 ASSERT_TRUE(command2 == " -p tcp");
405
406 std::string command3;
407 plugin->ConvertProtocolCommand(IPTABLES::Protocol::UDP, command3);
408 ASSERT_TRUE(command3 == " -p udp");
409
410 std::string command4;
411 plugin->ConvertProtocolCommand(IPTABLES::Protocol::ICMP, command4);
412 ASSERT_TRUE(command4 == " -p icmp");
413
414 std::string command5;
415 plugin->ConvertProtocolCommand(IPTABLES::Protocol::INVALID, command5);
416 ASSERT_TRUE(command5.empty());
417 }
418
419 /**
420 * @tc.name: TestConvertActionCommand
421 * @tc.desc: Test IptablesRulePlugin::ConvertActionCommand
422 * @tc.type: FUNC
423 */
424 HWTEST_F(IptablesRulePluginTest, TestConvertActionCommand, TestSize.Level1)
425 {
426 std::shared_ptr<IptablesRulePlugin> plugin = std::make_shared<IptablesRulePlugin>();
427 std::string command1;
428 bool ret = plugin->ConvertActionCommand(IPTABLES::Action::ALLOW, command1);
429 ASSERT_TRUE(command1 == " -j ACCEPT");
430 ASSERT_TRUE(ret);
431
432 std::string command2;
433 ret = plugin->ConvertActionCommand(IPTABLES::Action::DENY, command2);
434 ASSERT_TRUE(command2 == " -j REJECT");
435 ASSERT_TRUE(ret);
436 std::string command3;
437 ret = plugin->ConvertActionCommand(IPTABLES::Action::INVALID, command3);
438 ASSERT_TRUE(command3.empty());
439 ASSERT_FALSE(ret);
440 }
441
442 /**
443 * @tc.name: TestConvertIpAddressCommand
444 * @tc.desc: Test IptablesRulePlugin::ConvertIpAddressCommand
445 * @tc.type: FUNC
446 */
447 HWTEST_F(IptablesRulePluginTest, TestConvertIpAddressCommand, TestSize.Level1)
448 {
449 std::shared_ptr<IptablesRulePlugin> plugin = std::make_shared<IptablesRulePlugin>();
450 std::string command1;
451 std::string value;
452 plugin->ConvertIpAddressCommand(value, true, command1);
453 ASSERT_TRUE(command1.empty());
454
455 std::string command2;
456 value = "192.168.1.1";
457 plugin->ConvertIpAddressCommand(value, true, command2);
458 ASSERT_TRUE(command2 == (" -s " + value));
459
460 std::string command3;
461 value = "192.168.1.1-192.168.2.30";
462 plugin->ConvertIpAddressCommand(value, true, command3);
463 ASSERT_TRUE(command3 == (" -m iprange --src-range " + value));
464
465 std::string command4;
466 value = "192.168.1.1";
467 plugin->ConvertIpAddressCommand(value, false, command4);
468 ASSERT_TRUE(command4 == (" -d " + value));
469
470 std::string command5;
471 value = "192.168.1.1-192.168.2.30";
472 plugin->ConvertIpAddressCommand(value, false, command5);
473 ASSERT_TRUE(command5 == (" -m iprange --dst-range " + value));
474 }
475
476 /**
477 * @tc.name: TestConvertPortCommand
478 * @tc.desc: Test IptablesRulePlugin::ConvertPortCommand
479 * @tc.type: FUNC
480 */
481 HWTEST_F(IptablesRulePluginTest, TestConvertPortCommand, TestSize.Level1)
482 {
483 std::shared_ptr<IptablesRulePlugin> plugin = std::make_shared<IptablesRulePlugin>();
484 std::string command1;
485 std::string value;
486 plugin->ConvertPortCommand(value, true, command1);
487 ASSERT_TRUE(command1.empty());
488
489 std::string command2;
490 value = "8989";
491 plugin->ConvertPortCommand(value, true, command2);
492 ASSERT_TRUE(command2 == (" --sport " + value));
493
494 std::string command3;
495 value = "8989";
496 plugin->ConvertPortCommand(value, false, command3);
497 ASSERT_TRUE(command3 == (" --dport " + value));
498 }
499 /**
500 * @tc.name: TestConvertUidCommand
501 * @tc.desc: Test IptablesRulePlugin::ConvertUidCommand
502 * @tc.type: FUNC
503 */
504 HWTEST_F(IptablesRulePluginTest, TestConvertUidCommand, TestSize.Level1)
505 {
506 std::shared_ptr<IptablesRulePlugin> plugin = std::make_shared<IptablesRulePlugin>();
507 std::string command1;
508 std::string uid;
509 plugin->ConvertUidCommand(uid, command1);
510 ASSERT_TRUE(command1.empty());
511
512 std::string command2;
513 uid = "8989";
514 plugin->ConvertUidCommand(uid, command2);
515 ASSERT_TRUE(command2 == (" -m owner --uid-owner " + uid));
516 }
517
518 /**
519 * @tc.name: TestConvertRuleNoCommand
520 * @tc.desc: Test IptablesRulePlugin::ConvertRuleNoCommand
521 * @tc.type: FUNC
522 */
523 HWTEST_F(IptablesRulePluginTest, TestConvertRuleNoCommand, TestSize.Level1)
524 {
525 std::shared_ptr<IptablesRulePlugin> plugin = std::make_shared<IptablesRulePlugin>();
526 std::string command1;
527 uint32_t ruleNo = 10000;
528 plugin->ConvertRuleNoCommand(IPTABLES::AddMethod::APPEND, ruleNo, command1);
529 ASSERT_TRUE(command1.empty());
530
531 plugin->ConvertRuleNoCommand(IPTABLES::AddMethod::INSERT, ruleNo, command1);
532 ASSERT_TRUE(command1 == (" " + std::to_string(ruleNo)));
533 }
534
535 /**
536 * @tc.name: TestConvertAddFilterToIptablesCommand
537 * @tc.desc: Test IptablesRulePlugin::ConvertAddFilterToIptablesCommand must specify action and direction
538 * @tc.type: FUNC
539 */
540 HWTEST_F(IptablesRulePluginTest, TestConvertAddFilterToIptablesCommand, TestSize.Level1)
541 {
542 std::shared_ptr<IptablesRulePlugin> plugin = std::make_shared<IptablesRulePlugin>();
543 IPTABLES::AddFilter addFilter;
544 addFilter.method = IPTABLES::AddMethod::APPEND;
545 std::string command;
546 bool ret = plugin->ConvertAddFilterToIptablesCommand(addFilter, command);
547 ASSERT_FALSE(ret);
548 }
549 } // namespace TEST
550 } // namespace EDM
551 } // namespace OHOS