1 /* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #define private public 17 #define protected public 18 #include "firewall_chain_rule.h" 19 #undef protected 20 #undef private 21 22 #include <gtest/gtest.h> 23 24 using namespace testing::ext; 25 using namespace testing; 26 using namespace OHOS::EDM::IPTABLES; 27 28 namespace OHOS { 29 namespace EDM { 30 namespace IPTABLES { 31 namespace TEST { 32 33 class FirewallChainRuleTest : public testing::Test {}; 34 35 /** 36 * @tc.name: TestToFilterRule 37 * @tc.desc: Test ToFilterRule func. 38 * @tc.type: FUNC 39 */ 40 HWTEST_F(FirewallChainRuleTest, TestToFilterRule, TestSize.Level1) 41 { 42 FirewallRule firewallRule{Direction::INPUT, Action::DENY, Protocol::UDP, "192.168.2.100", "192.168.2.200", "80", 43 "90", ""}; 44 45 FirewallChainRule firewallChainRule{firewallRule}; 46 EXPECT_EQ(firewallChainRule.ToFilterRule(Direction::INPUT), firewallRule); 47 48 firewallRule = {Direction::INPUT, Action::ALLOW, Protocol::UDP, "192.168.1.1", "192.168.2.2", "9090", "9091", 49 "1234567"}; 50 std::string rule = 51 "1 0 0 ACCEPT udp -- * * 192.168.1.1 192.168.2.2 " 52 "udp spt:9090 dpt:9091 owner UID match 1234567"; 53 FirewallChainRule firewallChainRule1{rule}; 54 EXPECT_EQ(firewallChainRule1.ToFilterRule(Direction::INPUT), firewallRule); 55 56 firewallRule = {Direction::INPUT, Action::ALLOW, Protocol::UDP, "192.168.4.1", "192.168.5.1-192.168.5.254", 57 "55", "55", "6667"}; 58 rule = 59 "2 0 0 ACCEPT udp -- * * 192.168.4.1 0.0.0.0/0 " 60 "destination IP range 192.168.5.1-192.168.5.254 udp spt:55 dpt:55 owner UID match 6667"; 61 62 FirewallChainRule firewallChainRule2{rule}; 63 EXPECT_EQ(firewallChainRule2.ToFilterRule(Direction::INPUT), firewallRule); 64 65 firewallRule = {Direction::INPUT, Action::ALLOW, Protocol::UDP, "192.168.6.1-192.168.6.254", 66 "192.168.5.1-192.168.5.254", "55:66", "55:77", ""}; 67 rule = 68 "3 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 " 69 "source IP range 192.168.6.1-192.168.6.254 destination IP range 192.168.5.1-192.168.5.254 " 70 "udp spts:55:66 dpts:55:77 "; 71 72 FirewallChainRule firewallChainRule3{rule}; 73 EXPECT_EQ(firewallChainRule3.ToFilterRule(Direction::INPUT), firewallRule); 74 75 FirewallChainRule firewallChainRuleEmpty{}; 76 firewallRule = {Direction::INPUT, Action::ALLOW, Protocol::INVALID, "", "", "", "", ""}; 77 EXPECT_EQ(firewallChainRuleEmpty.ToFilterRule(Direction::INPUT), firewallRule); 78 79 firewallRule = {Direction::OUTPUT, Action::ALLOW, Protocol::INVALID, "", "", "", "", ""}; 80 EXPECT_EQ(firewallChainRuleEmpty.ToFilterRule(Direction::OUTPUT), firewallRule); 81 } 82 83 /** 84 * @tc.name: TestParameter 85 * @tc.desc: Test Parameter func. 86 * @tc.type: FUNC 87 */ 88 HWTEST_F(FirewallChainRuleTest, TestParameter, TestSize.Level1) 89 { 90 FirewallRule firewallRule{Direction::INPUT, Action::DENY, Protocol::UDP, "192.168.2.100", "192.168.2.200", "80", 91 "90", ""}; 92 std::string parameter = " -p udp -s 192.168.2.100 -d 192.168.2.200 --sport 80 --dport 90"; 93 94 FirewallChainRule firewallChainRule{firewallRule}; 95 EXPECT_EQ(firewallChainRule.Parameter(), parameter); 96 97 firewallRule = {Direction::INPUT, Action::ALLOW, Protocol::ALL, "192.168.2.100", "192.168.2.200", "", "", "9999"}; 98 parameter = " -p all -s 192.168.2.100 -d 192.168.2.200 -m owner --uid-owner 9999"; 99 100 FirewallChainRule firewallChainRule1{firewallRule}; 101 EXPECT_EQ(firewallChainRule1.Parameter(), parameter); 102 103 firewallRule = {Direction::INPUT, Action::ALLOW, Protocol::TCP, "192.168.2.1/22", "192.168.2.200", "99,100", 104 "800-900", "9999"}; 105 parameter = 106 " -p tcp -s 192.168.2.1/22 -d 192.168.2.200 -m multiport --sport 99,100 -m multiport --dport 800-900 " 107 "-m owner --uid-owner 9999"; 108 109 FirewallChainRule firewallChainRule2{firewallRule}; 110 EXPECT_EQ(firewallChainRule2.Parameter(), parameter); 111 } 112 113 /** 114 * @tc.name: TestIpToParameter 115 * @tc.desc: Test IpToParameter func. 116 * @tc.type: FUNC 117 */ 118 HWTEST_F(FirewallChainRuleTest, TestIpToParameter, TestSize.Level1) 119 { 120 std::string parameter = " -s 192.168.1.1"; 121 std::string ip = "192.168.1.1"; 122 std::string ipType = "-s"; 123 EXPECT_EQ(FirewallChainRule::IpToParameter(ip, ipType), parameter); 124 125 parameter = " -s 192.168.1.1/20"; 126 ip = "192.168.1.1/20"; 127 ipType = "-s"; 128 EXPECT_EQ(FirewallChainRule::IpToParameter(ip, ipType), parameter); 129 130 parameter = " -m iprange --src-range 192.168.1.1-192.168.1.200"; 131 ip = "192.168.1.1-192.168.1.200"; 132 ipType = "-s"; 133 EXPECT_EQ(FirewallChainRule::IpToParameter(ip, ipType), parameter); 134 135 parameter = " -m iprange --dst-range 192.168.1.1-192.168.1.200"; 136 ip = "192.168.1.1-192.168.1.200"; 137 ipType = "-d"; 138 EXPECT_EQ(FirewallChainRule::IpToParameter(ip, ipType), parameter); 139 } 140 141 /** 142 * @tc.name: TestPortToParameter 143 * @tc.desc: Test PortToParameter func. 144 * @tc.type: FUNC 145 */ 146 HWTEST_F(FirewallChainRuleTest, TestPortToParameter, TestSize.Level1) 147 { 148 std::string parameter; 149 std::string port; 150 std::string portType; 151 std::string option; 152 EXPECT_EQ(FirewallChainRule::PortToParameter(port, portType, option), parameter); 153 154 parameter =" --sport 80"; 155 port = "80"; 156 portType = "--sport"; 157 option = " "; 158 EXPECT_EQ(FirewallChainRule::PortToParameter(port, portType, option), parameter); 159 160 parameter =" --dport 90"; 161 port = "90"; 162 portType = "--dport"; 163 option = " "; 164 EXPECT_EQ(FirewallChainRule::PortToParameter(port, portType, option), parameter); 165 166 parameter =" -m multiport --dport 90,100"; 167 port = "90,100"; 168 portType = "--dport"; 169 option = " -m multiport "; 170 EXPECT_EQ(FirewallChainRule::PortToParameter(port, portType, option), parameter); 171 } 172 } // namespace TEST 173 } // namespace IPTABLES 174 } // namespace EDM 175 } // namespace OHOS