Apache/nifi
1
0
Fork 0
mirror of https://github.com/apache/nifi.git synced 2025-02-16 15:06:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

NIFI-144: Skip firewall tests that require known bad host names on permissive DNS setups.

Browse Source 
Signed-off-by: Mark Payne <markap14@hotmail.com>
This commit is contained in:
Sean Busbey 2015-04-29 21:25:22 -05:00 committed by Mark Payne
parent 21c5c48cab
commit 8ed131b635
2 changed files with 47 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/firewall/impl/FileBasedClusterNodeFirewall.java
View File

@ -113,9 +113,11 @@ public class FileBasedClusterNodeFirewall implements ClusterNodeFirewall {
} }
// no match // no match
logger.debug("Blocking host '{}' because it does not match our allowed list.", hostOrIp);
return false; return false;
} catch (final IllegalArgumentException iae) { } catch (final IllegalArgumentException iae) {
logger.debug("Blocking requested host, '{}', because it is malformed.", hostOrIp, iae);
return false; return false;
} }
} }

47
nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/test/java/org/apache/nifi/cluster/firewall/impl/FileBasedClusterNodeFirewallTest.java
View File

@ -18,12 +18,16 @@ package org.apache.nifi.cluster.firewall.impl;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import org.apache.nifi.util.file.FileUtils; import org.apache.nifi.util.file.FileUtils;
import org.junit.After; import org.junit.After;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.junit.Assume.assumeTrue;
import org.junit.Before; import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
public class FileBasedClusterNodeFirewallTest { public class FileBasedClusterNodeFirewallTest {
@ -38,6 +42,23 @@ public class FileBasedClusterNodeFirewallTest {
private File restoreDirectory; private File restoreDirectory;
private static boolean badHostsDoNotResolve = false;
/**
* We have tests that rely on known bad host/ip parameters; make sure DNS doesn't resolve them.
* This can be a problem i.e. on residential ISPs in the USA because the provider will often
* wildcard match all possible DNS names in an attempt to serve advertising.
*/
@BeforeClass
public static void ensureBadHostsDoNotWork() {
final InetAddress ip;
try {
ip = InetAddress.getByName("I typed a search term and my browser expected a host.");
} catch (final UnknownHostException uhe) {
badHostsDoNotResolve = true;
}
}
@Before @Before
public void setup() throws Exception { public void setup() throws Exception {
@ -55,6 +76,22 @@ public class FileBasedClusterNodeFirewallTest {
deleteFile(restoreDirectory); deleteFile(restoreDirectory);
} }
/**
* We have two garbage lines in our test config file, ensure they didn't get turned into hosts.
*/
@Test
public void ensureBadDataWasIgnored() {
assumeTrue(badHostsDoNotResolve);
assertFalse("firewall treated our malformed data as a host. If " +
"`host \"bad data should be skipped\"` works locally, this test should have been " +
"skipped.",
ipsFirewall.isPermissible("bad data should be skipped"));
assertFalse("firewall treated our malformed data as a host. If " +
"`host \"more bad data\"` works locally, this test should have been " +
"skipped.",
ipsFirewall.isPermissible("more bad data"));
}
@Test @Test
public void testSyncWithRestore() { public void testSyncWithRestore() {
assertEquals(ipsConfig.length(), new File(restoreDirectory, ipsConfig.getName()).length()); assertEquals(ipsConfig.length(), new File(restoreDirectory, ipsConfig.getName()).length());
@ -77,7 +114,10 @@ public class FileBasedClusterNodeFirewallTest {
@Test @Test
public void testIsPermissibleWithMalformedData() { public void testIsPermissibleWithMalformedData() {
assertFalse(ipsFirewall.isPermissible("abc")); assumeTrue(badHostsDoNotResolve);
assertFalse("firewall allowed host 'abc' rather than rejecting as malformed. If `host abc` "
+ "works locally, this test should have been skipped.",
ipsFirewall.isPermissible("abc"));
} }
@Test @Test
@ -87,7 +127,10 @@ public class FileBasedClusterNodeFirewallTest {
@Test @Test
public void testIsPermissibleWithEmptyConfigWithMalformedData() { public void testIsPermissibleWithEmptyConfigWithMalformedData() {
assertTrue(acceptAllFirewall.isPermissible("abc")); assumeTrue(badHostsDoNotResolve);
assertTrue("firewall did not allow malformed host 'abc' under permissive configs. If " +
"`host abc` works locally, this test should have been skipped.",
acceptAllFirewall.isPermissible("abc"));
} }
private boolean deleteFile(final File file) { private boolean deleteFile(final File file) {