[tor-commits] [stem/master] Tests for is_exiting_allowed() and can_exit_to()
atagar at torproject.org
atagar at torproject.org
Thu Jul 19 16:01:03 UTC 2012
commit ac5b8e74f4b07ee0e2ab25745519417711bdf576
Author: Damian Johnson <atagar at torproject.org>
Date: Tue Jul 17 09:27:31 2012 -0700
Tests for is_exiting_allowed() and can_exit_to()
Tests for a couple more ExitPolicy methods, and fixes for issues with
is_exiting_allowed() that they revealed.
---
stem/exit_policy.py | 12 ++++++--
test/unit/exit_policy/policy.py | 57 +++++++++++++++++++++-----------------
2 files changed, 40 insertions(+), 29 deletions(-)
diff --git a/stem/exit_policy.py b/stem/exit_policy.py
index 12cc11f..2d00553 100644
--- a/stem/exit_policy.py
+++ b/stem/exit_policy.py
@@ -131,11 +131,17 @@ class ExitPolicy(object):
Provides True if the policy allows exiting whatsoever, False otherwise.
"""
+ rejected_ports = set()
for rule in self._rules:
if rule.is_accept:
- return True
- elif rule.is_address_wildcard() and rule.is_port_wildcard():
- return False
+ for port in xrange(rule.min_port, rule.max_port + 1):
+ if not port in rejected_ports:
+ return True
+ elif rule.is_address_wildcard():
+ if rule.is_port_wildcard():
+ return False
+ else:
+ rejected_ports.update(range(rule.min_port, rule.max_port + 1))
return self._is_allowed_default
diff --git a/test/unit/exit_policy/policy.py b/test/unit/exit_policy/policy.py
index 51d650c..8b74998 100644
--- a/test/unit/exit_policy/policy.py
+++ b/test/unit/exit_policy/policy.py
@@ -57,6 +57,37 @@ class TestExitPolicy(unittest.TestCase):
policy.set_default_allowed(False)
self.assertFalse(policy.is_exiting_allowed())
+ def test_can_exit_to(self):
+ # Basic sanity test for our can_exit_to() method. Most of the interesting
+ # use cases (ip masks, wildcards, etc) are covered by the ExitPolicyRule
+ # tests.
+
+ policy = ExitPolicy('accept *:80', 'accept *:443', 'reject *:*')
+
+ for i in xrange(1, 500):
+ ip_addr = "%i.%i.%i.%i" % (i / 2, i / 2, i / 2, i / 2)
+ expected_result = i in (80, 443)
+
+ self.assertEquals(expected_result, policy.can_exit_to(ip_addr, i))
+ self.assertEquals(expected_result, policy.can_exit_to(port = i))
+
+ def test_is_exiting_allowed(self):
+ test_inputs = {
+ (): True,
+ ('accept *:*', ): True,
+ ('reject *:*', ): False,
+ ('accept *:80', 'reject *:*'): True,
+ ('reject *:80', 'accept *:80', 'reject *:*'): False,
+ ('reject *:50-90', 'accept *:80', 'reject *:*'): False,
+ ('reject *:2-65535', 'accept *:80-65535', 'reject *:*'): False,
+ ('reject *:2-65535', 'accept 127.0.0.0:1', 'reject *:*'): True,
+ ('reject 127.0.0.1:*', 'accept *:80', 'reject *:*'): True,
+ }
+
+ for rules, expected_result in test_inputs.items():
+ policy = ExitPolicy(*rules)
+ self.assertEquals(expected_result, policy.is_exiting_allowed())
+
def test_parsing(self):
"""
@@ -93,32 +124,6 @@ class TestExitPolicy(unittest.TestCase):
self.assertRaises(ValueError, stem.exit_policy.ExitPolicy, "accept *:a")
self.assertRaises(ValueError, stem.exit_policy.ExitPolicy, "accept *:70000")
- def test_can_exit_to(self):
- """
- Tests if exiting to this ip is allowed.
- """
-
- exit_policies = stem.exit_policy.ExitPolicy("accept *:80", "accept *:443", "reject *:*")
-
- self.assertTrue(exit_policies.can_exit_to("192.168.0.50", 80))
- self.assertTrue(exit_policies.can_exit_to("192.168.0.50", 443))
-
- self.assertFalse(exit_policies.can_exit_to("192.168.0.50", 22))
- self.assertFalse(exit_policies.can_exit_to("192.168.0.50", 8118))
-
- def test_is_exiting_allowed(self):
- """
- Tests if this is an exit node
- """
-
- exit_policies = stem.exit_policy.ExitPolicy("accept *:80", "accept *:443", "reject *:*")
-
- self.assertTrue(exit_policies.is_exiting_allowed())
-
- exit_policies = stem.exit_policy.ExitPolicy("reject *:*")
-
- self.assertFalse(exit_policies.is_exiting_allowed())
-
def test_microdesc_exit_parsing(self):
microdesc_exit_policy = stem.exit_policy.MicrodescriptorExitPolicy("accept 80,443")
More information about the tor-commits
mailing list