github.com/zmap/zlint@v1.1.0/lints/lint_subject_contains_reserved_arpa_ip_test.go

github.com/zmap/zlint@v1.1.0/lints/lint_subject_contains_reserved_arpa_ip_test.go (about)

     1  package lints
     2  
     3  import (
     4  	"fmt"
     5  	"testing"
     6  )
     7  
     8  const (
     9  	testCaseDir = "../testlint/testCerts/"
    10  )
    11  
    12  func TestSubjectReverseDNSARPA(t *testing.T) {
    13  	testCases := []struct {
    14  		Name            string
    15  		InputFilename   string
    16  		ExpectedResult  LintStatus
    17  		ExpectedDetails string
    18  	}{
    19  		{
    20  			Name:           "IPv4 rDNS too few labels",
    21  			InputFilename:  "subjectRDNSIPv4TooFewLabels.pem",
    22  			ExpectedResult: Pass, // this linter only cares about well formed rDNS for a reserved network address
    23  		},
    24  		{
    25  			Name:           "IPv4 rDNS bad IP",
    26  			InputFilename:  "subjectRDNSIPv4BadIP.pem",
    27  			ExpectedResult: Pass, // this linter only cares about well formed rDNS for a reserved network address
    28  		},
    29  		{
    30  			Name:            "IPv4 rDNS reserved IP",
    31  			InputFilename:   "subjectRDNSIPv4ReservedIP.pem",
    32  			ExpectedResult:  Error,
    33  			ExpectedDetails: `the first 4 labels of name "1.1.168.192.in-addr.arpa" parsed as a reversed IP address in an IANA reserved IP space.`,
    34  		},
    35  		{
    36  			Name:           "IPv4 rDNS OK",
    37  			InputFilename:  "subjectRDNSIPv4GoodIP.pem",
    38  			ExpectedResult: Pass,
    39  		},
    40  		{
    41  			Name:           "IPv6 rDNS too few labels",
    42  			InputFilename:  "subjectRDNSIPv6TooFewLabels.pem",
    43  			ExpectedResult: Pass, // this linter only cares about well formed rDNS for a reserved network address
    44  		},
    45  		{
    46  			Name:           "IPv6 rDNS bad IP",
    47  			InputFilename:  "subjectRDNSIPv6BadIP.pem",
    48  			ExpectedResult: Pass, // this linter only cares about well formed rDNS for a reserved network address
    49  		},
    50  		{
    51  			Name:            "IPv6 rDNS reserved IP",
    52  			InputFilename:   "subjectRDNSIPv6ReservedIP.pem",
    53  			ExpectedResult:  Error,
    54  			ExpectedDetails: `the first 32 labels of name "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa" parsed as a reversed IP address in an IANA reserved IP space.`,
    55  		},
    56  		{
    57  			Name:           "IPv6 rDNS OK",
    58  			InputFilename:  "subjectRDNSIPv6GoodIP.pem",
    59  			ExpectedResult: Pass,
    60  		},
    61  	}
    62  
    63  	for _, tc := range testCases {
    64  		t.Run(tc.Name, func(t *testing.T) {
    65  			inputPath := fmt.Sprintf("%s%s", testCaseDir, tc.InputFilename)
    66  			result := Lints["e_subject_contains_reserved_arpa_ip"].Execute(ReadCertificate(inputPath))
    67  			if result.Status != tc.ExpectedResult {
    68  				t.Errorf("expected result %v was %v", tc.ExpectedResult, result.Status)
    69  			}
    70  			if result.Details != tc.ExpectedDetails {
    71  				t.Errorf("expected result details %q was %q", tc.ExpectedDetails, result.Details)
    72  			}
    73  		})
    74  	}
    75  }