ACL engine & tests

2025-09-20 06:56:02 +00:00 · 2020-04-25 22:56:49 -07:00
parent 6cd960ea41
commit ee8558f2fb
3 changed files with 174 additions and 3 deletions
--- a/pkg/acl/engine_test.go
+++ b/pkg/acl/engine_test.go
@@ -0,0 +1,107 @@
+package acl
+
+import (
+	"net"
+	"testing"
+)
+
+func TestEngine_Lookup(t *testing.T) {
+	e := &Engine{
+		DefaultAction: ActionDirect,
+		Entries: []Entry{
+			{
+				Net:       nil,
+				Domain:    "google.com",
+				Suffix:    false,
+				All:       false,
+				Action:    ActionProxy,
+				ActionArg: "",
+			},
+			{
+				Net:       nil,
+				Domain:    "evil.corp",
+				Suffix:    true,
+				All:       false,
+				Action:    ActionHijack,
+				ActionArg: "good.org",
+			},
+			{
+				Net: &net.IPNet{
+					IP:   net.ParseIP("10.0.0.0"),
+					Mask: net.CIDRMask(8, 32),
+				},
+				Domain:    "",
+				Suffix:    false,
+				All:       false,
+				Action:    ActionProxy,
+				ActionArg: "",
+			},
+			{
+				Net:       nil,
+				Domain:    "",
+				Suffix:    false,
+				All:       true,
+				Action:    ActionBlock,
+				ActionArg: "",
+			},
+		},
+	}
+	type args struct {
+		domain string
+		ip     net.IP
+	}
+	tests := []struct {
+		name  string
+		args  args
+		want  Action
+		want1 string
+	}{
+		{
+			name:  "domain direct",
+			args:  args{"google.com", nil},
+			want:  ActionProxy,
+			want1: "",
+		},
+		{
+			name:  "domain suffix 1",
+			args:  args{"evil.corp", nil},
+			want:  ActionHijack,
+			want1: "good.org",
+		},
+		{
+			name:  "domain suffix 2",
+			args:  args{"notevil.corp", nil},
+			want:  ActionBlock,
+			want1: "",
+		},
+		{
+			name:  "domain suffix 3",
+			args:  args{"im.real.evil.corp", nil},
+			want:  ActionHijack,
+			want1: "good.org",
+		},
+		{
+			name:  "ip match",
+			args:  args{"", net.ParseIP("10.2.3.4")},
+			want:  ActionProxy,
+			want1: "",
+		},
+		{
+			name:  "ip mismatch",
+			args:  args{"", net.ParseIP("100.5.6.0")},
+			want:  ActionBlock,
+			want1: "",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, got1 := e.Lookup(tt.args.domain, tt.args.ip)
+			if got != tt.want {
+				t.Errorf("Lookup() got = %v, want %v", got, tt.want)
+			}
+			if got1 != tt.want1 {
+				t.Errorf("Lookup() got1 = %v, want %v", got1, tt.want1)
+			}
+		})
+	}
+}