github.com/hashicorp/vault/sdk@v0.11.0/helper/cidrutil/cidr_test.go (about) 1 // Copyright (c) HashiCorp, Inc. 2 // SPDX-License-Identifier: MPL-2.0 3 4 package cidrutil 5 6 import ( 7 "testing" 8 9 sockaddr "github.com/hashicorp/go-sockaddr" 10 ) 11 12 func TestCIDRUtil_IPBelongsToCIDR(t *testing.T) { 13 ip := "192.168.25.30" 14 cidr := "192.168.26.30/16" 15 16 belongs, err := IPBelongsToCIDR(ip, cidr) 17 if err != nil { 18 t.Fatal(err) 19 } 20 if !belongs { 21 t.Fatalf("expected IP %q to belong to CIDR %q", ip, cidr) 22 } 23 24 ip = "10.197.192.6" 25 cidr = "10.197.192.0/18" 26 belongs, err = IPBelongsToCIDR(ip, cidr) 27 if err != nil { 28 t.Fatal(err) 29 } 30 if !belongs { 31 t.Fatalf("expected IP %q to belong to CIDR %q", ip, cidr) 32 } 33 34 ip = "192.168.25.30" 35 cidr = "192.168.26.30/24" 36 belongs, err = IPBelongsToCIDR(ip, cidr) 37 if err != nil { 38 t.Fatal(err) 39 } 40 if belongs { 41 t.Fatalf("expected IP %q to not belong to CIDR %q", ip, cidr) 42 } 43 44 ip = "192.168.25.30.100" 45 cidr = "192.168.26.30/24" 46 belongs, err = IPBelongsToCIDR(ip, cidr) 47 if err == nil { 48 t.Fatalf("expected an error") 49 } 50 } 51 52 func TestCIDRUtil_IPBelongsToCIDRBlocksSlice(t *testing.T) { 53 ip := "192.168.27.29" 54 cidrList := []string{"172.169.100.200/18", "192.168.0.0/16", "10.10.20.20/24"} 55 56 belongs, err := IPBelongsToCIDRBlocksSlice(ip, cidrList) 57 if err != nil { 58 t.Fatal(err) 59 } 60 if !belongs { 61 t.Fatalf("expected IP %q to belong to one of the CIDRs in %q", ip, cidrList) 62 } 63 64 ip = "192.168.27.29" 65 cidrList = []string{"172.169.100.200/18", "192.168.0.0.0/16", "10.10.20.20/24"} 66 67 belongs, err = IPBelongsToCIDRBlocksSlice(ip, cidrList) 68 if err == nil { 69 t.Fatalf("expected an error") 70 } 71 72 ip = "30.40.50.60" 73 cidrList = []string{"172.169.100.200/18", "192.168.0.0/16", "10.10.20.20/24"} 74 75 belongs, err = IPBelongsToCIDRBlocksSlice(ip, cidrList) 76 if err != nil { 77 t.Fatal(err) 78 } 79 if belongs { 80 t.Fatalf("expected IP %q to not belong to one of the CIDRs in %q", ip, cidrList) 81 } 82 } 83 84 func TestCIDRUtil_ValidateCIDRListString(t *testing.T) { 85 cidrList := "172.169.100.200/18,192.168.0.0/16,10.10.20.20/24" 86 87 valid, err := ValidateCIDRListString(cidrList, ",") 88 if err != nil { 89 t.Fatal(err) 90 } 91 if !valid { 92 t.Fatalf("expected CIDR list %q to be valid", cidrList) 93 } 94 95 cidrList = "172.169.100.200,192.168.0.0/16,10.10.20.20/24" 96 valid, err = ValidateCIDRListString(cidrList, ",") 97 if err == nil { 98 t.Fatal("expected an error") 99 } 100 101 cidrList = "172.169.100.200/18,192.168.0.0.0/16,10.10.20.20/24" 102 valid, err = ValidateCIDRListString(cidrList, ",") 103 if err == nil { 104 t.Fatal("expected an error") 105 } 106 } 107 108 func TestCIDRUtil_ValidateCIDRListSlice(t *testing.T) { 109 cidrList := []string{"172.169.100.200/18", "192.168.0.0/16", "10.10.20.20/24"} 110 111 valid, err := ValidateCIDRListSlice(cidrList) 112 if err != nil { 113 t.Fatal(err) 114 } 115 if !valid { 116 t.Fatalf("expected CIDR list %q to be valid", cidrList) 117 } 118 119 cidrList = []string{"172.169.100.200", "192.168.0.0/16", "10.10.20.20/24"} 120 valid, err = ValidateCIDRListSlice(cidrList) 121 if err == nil { 122 t.Fatal("expected an error") 123 } 124 125 cidrList = []string{"172.169.100.200/18", "192.168.0.0.0/16", "10.10.20.20/24"} 126 valid, err = ValidateCIDRListSlice(cidrList) 127 if err == nil { 128 t.Fatal("expected an error") 129 } 130 } 131 132 func TestCIDRUtil_Subset(t *testing.T) { 133 cidr1 := "192.168.27.29/24" 134 cidr2 := "192.168.27.29/24" 135 subset, err := Subset(cidr1, cidr2) 136 if err != nil { 137 t.Fatal(err) 138 } 139 if !subset { 140 t.Fatalf("expected CIDR %q to be a subset of CIDR %q", cidr2, cidr1) 141 } 142 143 cidr1 = "192.168.27.29/16" 144 cidr2 = "192.168.27.29/24" 145 subset, err = Subset(cidr1, cidr2) 146 if err != nil { 147 t.Fatal(err) 148 } 149 if !subset { 150 t.Fatalf("expected CIDR %q to be a subset of CIDR %q", cidr2, cidr1) 151 } 152 153 cidr1 = "192.168.27.29/24" 154 cidr2 = "192.168.27.29/16" 155 subset, err = Subset(cidr1, cidr2) 156 if err != nil { 157 t.Fatal(err) 158 } 159 if subset { 160 t.Fatalf("expected CIDR %q to not be a subset of CIDR %q", cidr2, cidr1) 161 } 162 163 cidr1 = "192.168.0.128/25" 164 cidr2 = "192.168.0.0/24" 165 subset, err = Subset(cidr1, cidr2) 166 if err != nil { 167 t.Fatal(err) 168 } 169 if subset { 170 t.Fatalf("expected CIDR %q to not be a subset of CIDR %q", cidr2, cidr1) 171 } 172 subset, err = Subset(cidr2, cidr1) 173 if err != nil { 174 t.Fatal(err) 175 } 176 if !subset { 177 t.Fatalf("expected CIDR %q to be a subset of CIDR %q", cidr1, cidr2) 178 } 179 } 180 181 func TestCIDRUtil_SubsetBlocks(t *testing.T) { 182 cidrBlocks1 := []string{"192.168.27.29/16", "172.245.30.40/24", "10.20.30.40/30"} 183 cidrBlocks2 := []string{"192.168.27.29/20", "172.245.30.40/25", "10.20.30.40/32"} 184 185 subset, err := SubsetBlocks(cidrBlocks1, cidrBlocks2) 186 if err != nil { 187 t.Fatal(err) 188 } 189 if !subset { 190 t.Fatalf("expected CIDR blocks %q to be a subset of CIDR blocks %q", cidrBlocks2, cidrBlocks1) 191 } 192 193 cidrBlocks1 = []string{"192.168.27.29/16", "172.245.30.40/25", "10.20.30.40/30"} 194 cidrBlocks2 = []string{"192.168.27.29/20", "172.245.30.40/24", "10.20.30.40/32"} 195 196 subset, err = SubsetBlocks(cidrBlocks1, cidrBlocks2) 197 if err != nil { 198 t.Fatal(err) 199 } 200 if subset { 201 t.Fatalf("expected CIDR blocks %q to not be a subset of CIDR blocks %q", cidrBlocks2, cidrBlocks1) 202 } 203 } 204 205 func TestCIDRUtil_RemoteAddrIsOk_NegativeTest(t *testing.T) { 206 addr, err := sockaddr.NewSockAddr("127.0.0.1/8") 207 if err != nil { 208 t.Fatal(err) 209 } 210 boundCIDRs := []*sockaddr.SockAddrMarshaler{ 211 {addr}, 212 } 213 if RemoteAddrIsOk("123.0.0.1", boundCIDRs) { 214 t.Fatal("remote address of 123.0.0.1/2 should not be allowed for 127.0.0.1/8") 215 } 216 } 217 218 func TestCIDRUtil_RemoteAddrIsOk_PositiveTest(t *testing.T) { 219 addr, err := sockaddr.NewSockAddr("127.0.0.1/8") 220 if err != nil { 221 t.Fatal(err) 222 } 223 boundCIDRs := []*sockaddr.SockAddrMarshaler{ 224 {addr}, 225 } 226 if !RemoteAddrIsOk("127.0.0.1", boundCIDRs) { 227 t.Fatal("remote address of 127.0.0.1 should be allowed for 127.0.0.1/8") 228 } 229 }