(t *testing.T)
| 40 | } |
| 41 | |
| 42 | func TestHandleConnectIPAccess(t *testing.T) { |
| 43 | prefix := "127.0.0.0/24" |
| 44 | rule1, _ := ipaccess.NewRuleByCIDR(&prefix, []int{1337}, true) |
| 45 | rule2, _ := ipaccess.NewRuleByCIDR(&prefix, []int{1338}, false) |
| 46 | rules := []ipaccess.Rule{rule1, rule2} |
| 47 | var b bytes.Buffer |
| 48 | |
| 49 | accessPolicy, _ := ipaccess.NewPolicy(false, nil) |
| 50 | requestHandler := NewRequestHandler(NewNetDialer(), accessPolicy) |
| 51 | req := createRequest(t, socks5Version, connectCommand, "127.0.0.1", 1337, false) |
| 52 | err := requestHandler.Handle(req, &b) |
| 53 | assert.Error(t, err) |
| 54 | assert.True(t, b.Bytes()[1] == ruleFailure, "expected to be denied as no rules and defaultAllow=false") |
| 55 | |
| 56 | b.Reset() |
| 57 | accessPolicy, _ = ipaccess.NewPolicy(true, nil) |
| 58 | requestHandler = NewRequestHandler(NewNetDialer(), accessPolicy) |
| 59 | req = createRequest(t, socks5Version, connectCommand, "127.0.0.1", 1337, false) |
| 60 | err = requestHandler.Handle(req, &b) |
| 61 | assert.Error(t, err) |
| 62 | assert.True(t, b.Bytes()[1] == connectionRefused, "expected to be allowed as no rules and defaultAllow=true") |
| 63 | |
| 64 | b.Reset() |
| 65 | accessPolicy, _ = ipaccess.NewPolicy(false, rules) |
| 66 | requestHandler = NewRequestHandler(NewNetDialer(), accessPolicy) |
| 67 | req = createRequest(t, socks5Version, connectCommand, "127.0.0.1", 1337, false) |
| 68 | err = requestHandler.Handle(req, &b) |
| 69 | assert.Error(t, err) |
| 70 | assert.True(t, b.Bytes()[1] == connectionRefused, "expected to be allowed as matching rule") |
| 71 | |
| 72 | b.Reset() |
| 73 | req = createRequest(t, socks5Version, connectCommand, "127.0.0.1", 1338, false) |
| 74 | err = requestHandler.Handle(req, &b) |
| 75 | assert.Error(t, err) |
| 76 | assert.True(t, b.Bytes()[1] == ruleFailure, "expected to be denied as matching rule") |
| 77 | |
| 78 | b.Reset() |
| 79 | req = createRequest(t, socks5Version, connectCommand, "127.0.0.1", 1339, false) |
| 80 | err = requestHandler.Handle(req, &b) |
| 81 | assert.Error(t, err) |
| 82 | assert.True(t, b.Bytes()[1] == ruleFailure, "expect to be denied as no matching rule and defaultAllow=false") |
| 83 | } |
nothing calls this directly
no test coverage detected