Skip to content

Commit

Permalink
Remove error-chain dependency in tests and test helpers
Browse files Browse the repository at this point in the history
  • Loading branch information
@faern
faern committed Jun 27, 2024
1 parent 73cb77b commit 08f1768
Show file tree
Hide file tree
Showing 8 changed files with 110 additions and 181 deletions.
7 changes: 2 additions & 5 deletions tests/anchors.rs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,3 @@
#[macro_use]
extern crate error_chain;

#[macro_use]
#[allow(dead_code)]
mod helper;
Expand All @@ -22,7 +19,7 @@ test!(add_filter_anchor {

assert_matches!(pf.add_anchor(&anchor_name, pfctl::AnchorKind::Filter), Ok(()));

let anchors = pfcli::get_anchors(None).unwrap();
let anchors = pfcli::get_anchors(None);
assert!(anchors.contains(&anchor_name));

assert_matches!(
Expand All @@ -39,7 +36,7 @@ test!(remove_filter_anchor {
assert_matches!(pf.add_anchor(&anchor_name, pfctl::AnchorKind::Filter), Ok(()));
assert_matches!(pf.remove_anchor(&anchor_name, pfctl::AnchorKind::Filter), Ok(()));

let anchors = pfcli::get_anchors(None).unwrap();
let anchors = pfcli::get_anchors(None);
assert!(!anchors.contains(&anchor_name));

assert_matches!(
Expand Down
15 changes: 6 additions & 9 deletions tests/enable_disable.rs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,3 @@
#[macro_use]
extern crate error_chain;

#[macro_use]
#[allow(dead_code)]
mod helper;
Expand All @@ -14,21 +11,21 @@ fn after_each() {}
test!(enable_pf {
let mut pf = pfctl::PfCtl::new().unwrap();

assert_matches!(pfcli::disable_firewall(), Ok(()));
pfcli::disable_firewall();
assert_matches!(pf.enable(), Ok(()));
assert_matches!(pfcli::is_enabled(), Ok(true));
assert!(pfcli::is_enabled());
assert_matches!(pf.enable(), Err(pfctl::Error(pfctl::ErrorKind::StateAlreadyActive, _)));
assert_matches!(pf.try_enable(), Ok(()));
assert_matches!(pfcli::is_enabled(), Ok(true));
assert!(pfcli::is_enabled());
});

test!(disable_pf {
let mut pf = pfctl::PfCtl::new().unwrap();

assert_matches!(pfcli::enable_firewall(), Ok(()));
pfcli::enable_firewall();
assert_matches!(pf.disable(), Ok(()));
assert_matches!(pfcli::is_enabled(), Ok(false));
assert!(!pfcli::is_enabled());
assert_matches!(pf.disable(), Err(pfctl::Error(pfctl::ErrorKind::StateAlreadyActive, _)));
assert_matches!(pf.try_disable(), Ok(()));
assert_matches!(pfcli::is_enabled(), Ok(false));
assert!(!pfcli::is_enabled());
});
81 changes: 34 additions & 47 deletions tests/filter_rules.rs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,3 @@
#[macro_use]
extern crate error_chain;

#[macro_use]
#[allow(dead_code)]
mod helper;
Expand All @@ -19,7 +16,7 @@ fn before_each() {
}

fn after_each() {
pfcli::flush_rules(ANCHOR_NAME, pfcli::FlushOptions::Rules).unwrap();
pfcli::flush_rules(ANCHOR_NAME, pfcli::FlushOptions::Rules);
pfctl::PfCtl::new()
.unwrap()
.try_remove_anchor(ANCHOR_NAME, pfctl::AnchorKind::Filter)
Expand All @@ -33,10 +30,7 @@ test!(drop_all_rule {
.build()
.unwrap();
assert_matches!(pf.add_rule(ANCHOR_NAME, &rule), Ok(()));
assert_matches!(
pfcli::get_rules(ANCHOR_NAME),
Ok(ref v) if v == &["block drop all"]
);
assert_eq!(pfcli::get_rules(ANCHOR_NAME), &["block drop all"]);
});

test!(return_all_rule {
Expand All @@ -46,9 +40,8 @@ test!(return_all_rule {
.build()
.unwrap();
assert_matches!(pf.add_rule(ANCHOR_NAME, &rule), Ok(()));
assert_matches!(
pfcli::get_rules(ANCHOR_NAME),
Ok(ref v) if v == &["block return all"]
assert_eq!(
pfcli::get_rules(ANCHOR_NAME), &["block return all"]
);
});

Expand All @@ -60,10 +53,7 @@ test!(drop_by_direction_rule {
.build()
.unwrap();
assert_matches!(pf.add_rule(ANCHOR_NAME, &rule), Ok(()));
assert_matches!(
pfcli::get_rules(ANCHOR_NAME),
Ok(ref v) if v == &["block drop out all"]
);
assert_eq!(pfcli::get_rules(ANCHOR_NAME), &["block drop out all"]);
});

test!(drop_quick_rule {
Expand All @@ -74,10 +64,7 @@ test!(drop_quick_rule {
.build()
.unwrap();
assert_matches!(pf.add_rule(ANCHOR_NAME, &rule), Ok(()));
assert_matches!(
pfcli::get_rules(ANCHOR_NAME),
Ok(ref v) if v == &["block drop quick all"]
);
assert_eq!(pfcli::get_rules(ANCHOR_NAME), &["block drop quick all"]);
});

test!(drop_by_ip_rule {
Expand All @@ -90,9 +77,9 @@ test!(drop_by_ip_rule {
.build()
.unwrap();
assert_matches!(pf.add_rule(ANCHOR_NAME, &rule), Ok(()));
assert_matches!(
assert_eq!(
pfcli::get_rules(ANCHOR_NAME),
Ok(ref v) if v == &["block drop inet proto tcp from 192.168.0.1 to 127.0.0.1"]
&["block drop inet proto tcp from 192.168.0.1 to 127.0.0.1"]
);
});

Expand All @@ -106,9 +93,9 @@ test!(drop_by_port_rule {
.build()
.unwrap();
assert_matches!(pf.add_rule(ANCHOR_NAME, &rule), Ok(()));
assert_matches!(
assert_eq!(
pfcli::get_rules(ANCHOR_NAME),
Ok(ref v) if v == &["block drop proto tcp from any port = 3000 to any port = 8080"]
&["block drop proto tcp from any port = 3000 to any port = 8080"]
);
});

Expand All @@ -122,9 +109,9 @@ test!(drop_by_port_range_rule {
.build()
.unwrap();
assert_matches!(pf.add_rule(ANCHOR_NAME, &rule), Ok(()));
assert_matches!(
assert_eq!(
pfcli::get_rules(ANCHOR_NAME),
Ok(ref v) if v == &["block drop proto tcp from any port 3000:4000 to any port 5000 >< 6000"]
&["block drop proto tcp from any port 3000:4000 to any port 5000 >< 6000"]
);
});

Expand All @@ -136,9 +123,9 @@ test!(drop_by_interface_rule {
.build()
.unwrap();
assert_matches!(pf.add_rule(ANCHOR_NAME, &rule), Ok(()));
assert_matches!(
assert_eq!(
pfcli::get_rules(ANCHOR_NAME),
Ok(ref v) if v == &["block drop on utun0 all"]
&["block drop on utun0 all"]
);
});

Expand Down Expand Up @@ -166,9 +153,9 @@ test!(pass_out_route_rule {
trans.add_change(ANCHOR_NAME, change);

assert_matches!(trans.commit(), Ok(()));
assert_matches!(
assert_eq!(
pfcli::get_rules(ANCHOR_NAME),
Ok(ref v) if v == &[
&[
"pass out route-to (lo0 127.0.0.1) inet proto udp \
from 1.2.3.4 to any port = 53 no state"
]
Expand All @@ -191,9 +178,9 @@ test!(pass_in_reply_to_rule {
trans.add_change(ANCHOR_NAME, change);

assert_matches!(trans.commit(), Ok(()));
assert_matches!(
assert_eq!(
pfcli::get_rules(ANCHOR_NAME),
Ok(ref v) if v == &["pass in on lo1 reply-to lo9 inet from 6.7.8.9 to any no state"]
&["pass in on lo1 reply-to lo9 inet from 6.7.8.9 to any no state"]
);
});

Expand All @@ -213,11 +200,9 @@ test!(pass_in_dup_to_rule {
trans.add_change(ANCHOR_NAME, change);

assert_matches!(trans.commit(), Ok(()));
assert_matches!(
assert_eq!(
pfcli::get_rules(ANCHOR_NAME),
Ok(ref v) if v == &[
"pass in on lo1 dup-to (lo8 1.2.3.4) inet from 6.7.8.9 to any no state"
]
&["pass in on lo1 dup-to (lo8 1.2.3.4) inet from 6.7.8.9 to any no state"]
);
});

Expand All @@ -228,15 +213,15 @@ test!(flush_filter_rules {
.build()
.unwrap();
assert_matches!(pf.add_rule(ANCHOR_NAME, &rule), Ok(()));
assert_matches!(
pfcli::get_rules(ANCHOR_NAME),
Ok(ref v) if v.len() == 1
assert_eq!(
pfcli::get_rules(ANCHOR_NAME).len(),
1
);

assert_matches!(pf.flush_rules(ANCHOR_NAME, pfctl::RulesetKind::Filter), Ok(()));
assert_matches!(
assert_eq!(
pfcli::get_rules(ANCHOR_NAME),
Ok(ref v) if v.is_empty()
&[] as &[&str]
);
});

Expand Down Expand Up @@ -278,12 +263,14 @@ test!(all_state_policies {
for rule in [rule1, rule2, rule3, rule4].iter() {
assert_matches!(pf.add_rule(ANCHOR_NAME, rule), Ok(()));
}
assert_matches!(
assert_eq!(
pfcli::get_rules(ANCHOR_NAME),
Ok(ref v) if v == &["pass inet from 192.168.1.1 to any no state",
"pass inet proto tcp from 192.168.1.2 to any flags S/FSRA keep state",
"pass inet proto tcp from 192.168.1.3 to any flags any modulate state",
"pass inet proto tcp from 192.168.1.4 to any flags any synproxy state"]
&[
"pass inet from 192.168.1.1 to any no state",
"pass inet proto tcp from 192.168.1.2 to any flags S/FSRA keep state",
"pass inet proto tcp from 192.168.1.3 to any flags any modulate state",
"pass inet proto tcp from 192.168.1.4 to any flags any synproxy state"
]
);
});

Expand All @@ -299,8 +286,8 @@ test!(logging {
.build()
.unwrap();
assert_matches!(pf.add_rule(ANCHOR_NAME, &rule), Ok(()));
assert_matches!(
assert_eq!(
pfcli::get_rules(ANCHOR_NAME),
Ok(ref v) if v == &["block drop log (all, user) all"]
&["block drop log (all, user) all"]
);
});
24 changes: 9 additions & 15 deletions tests/helper/mod.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,6 @@ pub use scopeguard;

pub mod pfcli;

mod errors {
error_chain! {}
}
use self::errors::*;

// A helper class to restore pf state after each test
pub struct PfState {
pub pf_enabled: bool,
Expand All @@ -17,18 +12,17 @@ impl PfState {
PfState { pf_enabled: false }
}

pub fn save(&mut self) -> Result<()> {
self.pf_enabled = pfcli::is_enabled().chain_err(|| "Cannot query pf state")?;
Ok(())
pub fn save(&mut self) {
self.pf_enabled = pfcli::is_enabled();
}

pub fn restore(&mut self) -> Result<()> {
let is_enabled = pfcli::is_enabled().chain_err(|| "Cannot query pf state")?;
pub fn restore(&mut self) {
let is_enabled = pfcli::is_enabled();

match (self.pf_enabled, is_enabled) {
(false, true) => pfcli::disable_firewall().chain_err(|| "Cannot disable firewall"),
(true, false) => pfcli::enable_firewall().chain_err(|| "Cannot enable firewall"),
_ => Ok(()),
(false, true) => pfcli::disable_firewall(),
(true, false) => pfcli::enable_firewall(),
_ => (),
}
}
}
Expand All @@ -39,9 +33,9 @@ macro_rules! test {
#[test]
fn $name() {
let mut pf_state = helper::PfState::new();
pf_state.save().unwrap();
pf_state.save();

let _guard1 = helper::scopeguard::guard((), |_| pf_state.restore().unwrap());
let _guard1 = helper::scopeguard::guard((), |_| pf_state.restore());
let _guard2 = helper::scopeguard::guard((), |_| after_each());

before_each();
Expand Down
Loading

0 comments on commit 08f1768

Please sign in to comment.