(t *testing.T)
| 308 | } |
| 309 | |
| 310 | func TestBuildIPFilter(t *testing.T) { |
| 311 | tests := []struct { |
| 312 | name string |
| 313 | ips []string |
| 314 | expectHexIPs []string |
| 315 | noStringIPs bool // Verify original strings don't appear |
| 316 | }{ |
| 317 | { |
| 318 | name: "single IP", |
| 319 | ips: []string{"10.0.0.1"}, |
| 320 | expectHexIPs: []string{"0x0a000001"}, |
| 321 | noStringIPs: true, |
| 322 | }, |
| 323 | { |
| 324 | name: "multiple IPs", |
| 325 | ips: []string{"10.0.0.1", "192.168.1.1"}, |
| 326 | expectHexIPs: []string{"0x0a000001", "0xc0a80101"}, |
| 327 | noStringIPs: true, |
| 328 | }, |
| 329 | { |
| 330 | name: "Class B network", |
| 331 | ips: []string{"172.16.0.1"}, |
| 332 | expectHexIPs: []string{"0xac100001"}, |
| 333 | noStringIPs: true, |
| 334 | }, |
| 335 | } |
| 336 | |
| 337 | for _, tt := range tests { |
| 338 | t.Run(tt.name, func(t *testing.T) { |
| 339 | var parsedIPs []net.IP |
| 340 | for _, ipStr := range tt.ips { |
| 341 | ip := net.ParseIP(ipStr) |
| 342 | if ip == nil { |
| 343 | t.Fatalf("failed to parse IP: %s", ipStr) |
| 344 | } |
| 345 | parsedIPs = append(parsedIPs, ip) |
| 346 | } |
| 347 | |
| 348 | config := TraceConfig{ |
| 349 | FilterIPs: parsedIPs, |
| 350 | OutputJSON: false, |
| 351 | } |
| 352 | |
| 353 | gen := NewScriptGenerator(config) |
| 354 | filter := gen.buildSkbIPFilterCondition() |
| 355 | |
| 356 | // Verify hex IPs are present |
| 357 | for _, hexIP := range tt.expectHexIPs { |
| 358 | if !strings.Contains(filter, hexIP) { |
| 359 | t.Errorf("expected filter to contain %s, got: %s", hexIP, filter) |
| 360 | } |
| 361 | } |
| 362 | |
| 363 | // Verify original string IPs are NOT present (security) |
| 364 | if tt.noStringIPs { |
| 365 | for _, ipStr := range tt.ips { |
| 366 | if strings.Contains(filter, ipStr) { |
| 367 | t.Errorf("filter should not contain original IP string %s - security risk", ipStr) |
nothing calls this directly
no test coverage detected