Example 56 with IpWildcard
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class SecurityGroupsTest method testSinglePort.
@Test
public void testSinglePort() throws JSONException {
SecurityGroup sg = new SecurityGroup(_securityGroups.getJSONObject(0), null);
List<IpAccessListLine> inboundRules = new LinkedList<>();
List<IpAccessListLine> outboundRules = new LinkedList<>();
sg.addInOutAccessLines(inboundRules, outboundRules, _region);
assertThat(inboundRules, equalTo(ImmutableList.of(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"))).setDstPorts(Sets.newHashSet(new SubRange(22, 22))).build(), _rejectSynOnly, _allowAllReverseOutboundRule)));
}
Also used :
IpWildcard(org.batfish.datamodel.IpWildcard)
IpAccessListLine(org.batfish.datamodel.IpAccessListLine)
SubRange(org.batfish.datamodel.SubRange)
LinkedList(java.util.LinkedList)
Test(org.junit.Test)
Example 57 with IpWildcard
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class SecurityGroupsTest method testStatefulTcpRules.
@Test
public void testStatefulTcpRules() throws JSONException {
SecurityGroup sg = new SecurityGroup(_securityGroups.getJSONObject(8), null);
List<IpAccessListLine> inboundRules = new LinkedList<>();
List<IpAccessListLine> outboundRules = new LinkedList<>();
sg.addInOutAccessLines(inboundRules, outboundRules, _region);
assertThat(inboundRules, equalTo(ImmutableList.of(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"))).setDstPorts(Sets.newHashSet(new SubRange(22, 22))).build(), _rejectSynOnly, // reverse of outbound rule
IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("5.6.7.8/32"))).setSrcPorts(Sets.newHashSet(new SubRange(80, 80))).build())));
assertThat(outboundRules, equalTo(ImmutableList.of(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setDstIps(Sets.newHashSet(new IpWildcard("5.6.7.8/32"))).setDstPorts(Sets.newHashSet(new SubRange(80, 80))).build(), _rejectSynOnly, // reverse of inbound rule
IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setDstIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"))).setSrcPorts(Sets.newHashSet(new SubRange(22, 22))).build())));
}
Also used :
IpWildcard(org.batfish.datamodel.IpWildcard)
IpAccessListLine(org.batfish.datamodel.IpAccessListLine)
SubRange(org.batfish.datamodel.SubRange)
LinkedList(java.util.LinkedList)
Test(org.junit.Test)
Example 58 with IpWildcard
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class SecurityGroupsTest method testBeginningHalfOpenInterval.
@Test
public void testBeginningHalfOpenInterval() throws JSONException {
SecurityGroup sg = new SecurityGroup(_securityGroups.getJSONObject(1), null);
List<IpAccessListLine> inboundRules = new LinkedList<>();
List<IpAccessListLine> outboundRules = new LinkedList<>();
sg.addInOutAccessLines(inboundRules, outboundRules, _region);
assertThat(inboundRules, equalTo(ImmutableList.of(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"))).setDstPorts(Sets.newHashSet(new SubRange(0, 22))).build(), _rejectSynOnly, _allowAllReverseOutboundRule)));
}
Also used :
IpWildcard(org.batfish.datamodel.IpWildcard)
IpAccessListLine(org.batfish.datamodel.IpAccessListLine)
SubRange(org.batfish.datamodel.SubRange)
LinkedList(java.util.LinkedList)
Test(org.junit.Test)
Example 59 with IpWildcard
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class SecurityGroupsTest method setup.
@Before
public void setup() throws JSONException {
_securityGroups = new JSONObject(CommonUtil.readResource("org/batfish/representation/aws/SecurityGroupTest.json")).getJSONArray(JSON_KEY_SECURITY_GROUPS);
_rejectSynOnly = IpAccessListLine.builder().setTcpFlags(ImmutableSet.of(TcpFlags.SYN_ONLY)).setAction(LineAction.REJECT).build();
_allowAllReverseOutboundRule = IpAccessListLine.builder().setAction(LineAction.ACCEPT).setSrcIps(Sets.newHashSet(new IpWildcard("0.0.0.0/0"))).build();
_region = new Region("test");
_flowBuilder = new Builder();
_flowBuilder.setIngressNode("foo");
_flowBuilder.setTag("TEST");
_flowBuilder.setIpProtocol(IpProtocol.TCP);
}
Also used :
IpWildcard(org.batfish.datamodel.IpWildcard)
JSONObject(org.codehaus.jettison.json.JSONObject)
Builder(org.batfish.datamodel.Flow.Builder)
Before(org.junit.Before)
Example 60 with IpWildcard
use of org.batfish.datamodel.IpWildcard in project batfish by batfish.
the class SecurityGroupsTest method testInvalidEndInterval.
@Test
public void testInvalidEndInterval() throws JSONException {
SecurityGroup sg = new SecurityGroup(_securityGroups.getJSONObject(7), null);
List<IpAccessListLine> inboundRules = new LinkedList<>();
List<IpAccessListLine> outboundRules = new LinkedList<>();
sg.addInOutAccessLines(inboundRules, outboundRules, _region);
assertThat(inboundRules, equalTo(ImmutableList.of(IpAccessListLine.builder().setAction(LineAction.ACCEPT).setIpProtocols(Sets.newHashSet(IpProtocol.TCP)).setSrcIps(Sets.newHashSet(new IpWildcard("1.2.3.4/32"))).setDstPorts(Sets.newHashSet(new SubRange(30, 65535))).build(), _rejectSynOnly, _allowAllReverseOutboundRule)));
}
Also used :
IpWildcard(org.batfish.datamodel.IpWildcard)
IpAccessListLine(org.batfish.datamodel.IpAccessListLine)
SubRange(org.batfish.datamodel.SubRange)
LinkedList(java.util.LinkedList)
Test(org.junit.Test)
Aggregations
IpWildcard (org.batfish.datamodel.IpWildcard)63
Test (org.junit.Test)38
Ip (org.batfish.datamodel.Ip)18
IpAccessListLine (org.batfish.datamodel.IpAccessListLine)17
SubRange (org.batfish.datamodel.SubRange)16
HeaderSpace (org.batfish.datamodel.HeaderSpace)12
Prefix (org.batfish.datamodel.Prefix)9
LinkedList (java.util.LinkedList)8
Configuration (org.batfish.datamodel.Configuration)8
Context (com.microsoft.z3.Context)7
Interface (org.batfish.datamodel.Interface)7
IpAccessList (org.batfish.datamodel.IpAccessList)6
IpProtocol (org.batfish.datamodel.IpProtocol)6
BoolExpr (com.microsoft.z3.BoolExpr)5
TreeSet (java.util.TreeSet)5
BatfishException (org.batfish.common.BatfishException)5
RouteFilterList (org.batfish.datamodel.RouteFilterList)5
ImmutableSortedMap (com.google.common.collect.ImmutableSortedMap)4
Status (com.microsoft.z3.Status)4
Map (java.util.Map)4
