MCPcopy
hub / github.com/crowdsecurity/crowdsec / TestCheckAllowlist

Function TestCheckAllowlist

pkg/database/allowlists_test.go:32–109  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

30}
31
32func TestCheckAllowlist(t *testing.T) {
33 ctx := t.Context()
34 dbClient := getDBClient(t, ctx)
35
36 allowlist, err := dbClient.CreateAllowList(ctx, "test", "test", "", false)
37
38 require.NoError(t, err)
39
40 added, err := dbClient.AddToAllowlist(ctx, allowlist, []*models.AllowlistItem{
41 {
42 CreatedAt: strfmt.DateTime(time.Now()),
43 Value: "1.2.3.4",
44 },
45 {
46 CreatedAt: strfmt.DateTime(time.Now()),
47 Value: "8.0.0.0/8",
48 Description: "range allowlist",
49 },
50 {
51 CreatedAt: strfmt.DateTime(time.Now()),
52 Value: "2001:db8::/32",
53 },
54 {
55 CreatedAt: strfmt.DateTime(time.Now()),
56 Value: "2.3.4.5",
57 Expiration: strfmt.DateTime(time.Now().Add(-time.Hour)), // expired item
58 },
59 {
60 CreatedAt: strfmt.DateTime(time.Now()),
61 Value: "8a95:c186:9f96:4c75:0dad:49c6:ff62:94b8",
62 },
63 })
64
65 require.NoError(t, err)
66 assert.Equal(t, 5, added)
67
68 // Exatch match
69 allowlisted, reason, err := dbClient.IsAllowlisted(ctx, "1.2.3.4")
70 require.NoError(t, err)
71 require.True(t, allowlisted)
72 require.Equal(t, "1.2.3.4 from test", reason)
73
74 // CIDR match
75 allowlisted, reason, err = dbClient.IsAllowlisted(ctx, "8.8.8.8")
76 require.NoError(t, err)
77 require.True(t, allowlisted)
78 require.Equal(t, "8.0.0.0/8 from test (range allowlist)", reason)
79
80 // IPv6 match
81 allowlisted, reason, err = dbClient.IsAllowlisted(ctx, "2001:db8::1")
82 require.NoError(t, err)
83 require.True(t, allowlisted)
84 require.Equal(t, "2001:db8::/32 from test", reason)
85
86 // Expired item
87 allowlisted, reason, err = dbClient.IsAllowlisted(ctx, "2.3.4.5")
88 require.NoError(t, err)
89 require.False(t, allowlisted)

Callers

nothing calls this directly

Calls 6

CreateAllowListMethod · 0.80
AddToAllowlistMethod · 0.80
EmptyMethod · 0.80
getDBClientFunction · 0.70
AddMethod · 0.45
IsAllowlistedMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…