[tor-commits] [stem/master] Tests for is_exiting_allowed() and can_exit_to()

atagar at torproject.org atagar at torproject.org
Thu Jul 19 16:01:03 UTC 2012


commit ac5b8e74f4b07ee0e2ab25745519417711bdf576
Author: Damian Johnson <atagar at torproject.org>
Date:   Tue Jul 17 09:27:31 2012 -0700

    Tests for is_exiting_allowed() and can_exit_to()
    
    Tests for a couple more ExitPolicy methods, and fixes for issues with
    is_exiting_allowed() that they revealed.
---
 stem/exit_policy.py             |   12 ++++++--
 test/unit/exit_policy/policy.py |   57 +++++++++++++++++++++-----------------
 2 files changed, 40 insertions(+), 29 deletions(-)

diff --git a/stem/exit_policy.py b/stem/exit_policy.py
index 12cc11f..2d00553 100644
--- a/stem/exit_policy.py
+++ b/stem/exit_policy.py
@@ -131,11 +131,17 @@ class ExitPolicy(object):
     Provides True if the policy allows exiting whatsoever, False otherwise.
     """
     
+    rejected_ports = set()
     for rule in self._rules:
       if rule.is_accept:
-        return True
-      elif rule.is_address_wildcard() and rule.is_port_wildcard():
-        return False
+        for port in xrange(rule.min_port, rule.max_port + 1):
+          if not port in rejected_ports:
+            return True
+      elif rule.is_address_wildcard():
+        if rule.is_port_wildcard():
+          return False
+        else:
+          rejected_ports.update(range(rule.min_port, rule.max_port + 1))
     
     return self._is_allowed_default
   
diff --git a/test/unit/exit_policy/policy.py b/test/unit/exit_policy/policy.py
index 51d650c..8b74998 100644
--- a/test/unit/exit_policy/policy.py
+++ b/test/unit/exit_policy/policy.py
@@ -57,6 +57,37 @@ class TestExitPolicy(unittest.TestCase):
     policy.set_default_allowed(False)
     self.assertFalse(policy.is_exiting_allowed())
   
+  def test_can_exit_to(self):
+    # Basic sanity test for our can_exit_to() method. Most of the interesting
+    # use cases (ip masks, wildcards, etc) are covered by the ExitPolicyRule
+    # tests.
+    
+    policy = ExitPolicy('accept *:80', 'accept *:443', 'reject *:*')
+    
+    for i in xrange(1, 500):
+      ip_addr = "%i.%i.%i.%i" % (i / 2, i / 2, i / 2, i / 2)
+      expected_result = i in (80, 443)
+      
+      self.assertEquals(expected_result, policy.can_exit_to(ip_addr, i))
+      self.assertEquals(expected_result, policy.can_exit_to(port = i))
+  
+  def test_is_exiting_allowed(self):
+    test_inputs = {
+      (): True,
+      ('accept *:*', ): True,
+      ('reject *:*', ): False,
+      ('accept *:80', 'reject *:*'): True,
+      ('reject *:80', 'accept *:80', 'reject *:*'): False,
+      ('reject *:50-90', 'accept *:80', 'reject *:*'): False,
+      ('reject *:2-65535', 'accept *:80-65535', 'reject *:*'): False,
+      ('reject *:2-65535', 'accept 127.0.0.0:1', 'reject *:*'): True,
+      ('reject 127.0.0.1:*', 'accept *:80', 'reject *:*'): True,
+    }
+    
+    for rules, expected_result in test_inputs.items():
+      policy = ExitPolicy(*rules)
+      self.assertEquals(expected_result, policy.is_exiting_allowed())
+  
   
   def test_parsing(self):
     """
@@ -93,32 +124,6 @@ class TestExitPolicy(unittest.TestCase):
     self.assertRaises(ValueError, stem.exit_policy.ExitPolicy, "accept *:a")
     self.assertRaises(ValueError, stem.exit_policy.ExitPolicy, "accept *:70000")
     
-  def test_can_exit_to(self):
-    """
-    Tests if exiting to this ip is allowed.
-    """
-    
-    exit_policies = stem.exit_policy.ExitPolicy("accept *:80", "accept *:443", "reject *:*")
-    
-    self.assertTrue(exit_policies.can_exit_to("192.168.0.50", 80))
-    self.assertTrue(exit_policies.can_exit_to("192.168.0.50", 443))
-    
-    self.assertFalse(exit_policies.can_exit_to("192.168.0.50", 22))
-    self.assertFalse(exit_policies.can_exit_to("192.168.0.50", 8118))
-    
-  def test_is_exiting_allowed(self):
-    """
-    Tests if this is an exit node
-    """
-    
-    exit_policies = stem.exit_policy.ExitPolicy("accept *:80", "accept *:443", "reject *:*")
-    
-    self.assertTrue(exit_policies.is_exiting_allowed())
-    
-    exit_policies = stem.exit_policy.ExitPolicy("reject *:*")
-    
-    self.assertFalse(exit_policies.is_exiting_allowed())
-    
   def test_microdesc_exit_parsing(self):
     microdesc_exit_policy = stem.exit_policy.MicrodescriptorExitPolicy("accept 80,443")
     





More information about the tor-commits mailing list