malcontent-dns-parental-con.../tests/integration_test.rs

// SPDX-FileCopyrightText: 2022 Matteo Settenvini <matteo.settenvini@montecristosoftware.eu>
// SPDX-License-Identifier: GPL-3.0-or-later

mod common;

use {
    crate::common::Eai,
    anyhow::Result,
    libc::{freeaddrinfo, gai_strerror, getaddrinfo},
    nix::unistd::getuid,
    once_cell::sync::Lazy,
    std::collections::HashMap,
    std::net::{IpAddr, Ipv4Addr, Ipv6Addr},
    std::time::Duration,
    tokio::time::timeout,
};

static CLOUDFLARE_PARENTALCONTROL_ADDRS: Lazy<Vec<IpAddr>> = Lazy::new(|| {
    vec![
        IpAddr::V4(Ipv4Addr::new(1, 1, 1, 3)),
        IpAddr::V4(Ipv4Addr::new(1, 0, 0, 3)),
        IpAddr::V6(Ipv6Addr::new(2606, 4700, 4700, 0, 0, 0, 0, 1113)),
        IpAddr::V6(Ipv6Addr::new(2606, 4700, 4700, 0, 0, 0, 0, 1003)),
    ]
});

#[test]
#[ignore]
fn nss_module_is_loaded() -> Result<()> {
    common::setup()?;

    let hostname = std::ffi::CString::new("gnome.org").unwrap();
    unsafe {
        let mut addr = std::ptr::null_mut();
        let getaddrinfo_status = getaddrinfo(
            hostname.as_ptr(),
            std::ptr::null(),
            std::ptr::null(),
            &mut addr,
        );

        let error = std::ffi::CStr::from_ptr(gai_strerror(getaddrinfo_status));
        assert_eq!(
            getaddrinfo_status,
            0,
            "Unable to resolve hostname, getaddrinfo failed: {}",
            error.to_str().unwrap()
        );
        freeaddrinfo(addr);
    };

    Ok(())
}

#[tokio::test]
#[ignore]
async fn application_dns_is_nxdomain() -> Result<()> {
    let dbus = common::mock_dbus(HashMap::from([(
        getuid(),
        vec![CLOUDFLARE_PARENTALCONTROL_ADDRS.clone()],
    )]));

    common::setup()?;
    let hostname = std::ffi::CString::new("use-application-dns.net").unwrap();
    unsafe {
        let mut addr = std::ptr::null_mut();
        let getaddrinfo_status = getaddrinfo(
            hostname.as_ptr(),
            std::ptr::null(),
            std::ptr::null(),
            &mut addr,
        );

        let error = std::ffi::CStr::from_ptr(gai_strerror(getaddrinfo_status));
        assert_eq!(
            getaddrinfo_status,
            Eai::NoName.0,
            "Should have gotten no hostname (NXDOMAIN), instead got {}",
            error.to_str().unwrap()
        );
        freeaddrinfo(addr);
    };

    timeout(Duration::from_secs(1), dbus).await??
}

#[tokio::test]
#[ignore]
async fn wikipedia_is_unrestricted() -> Result<()> {
    let dbus = common::mock_dbus(HashMap::from([(
        getuid(),
        vec![CLOUDFLARE_PARENTALCONTROL_ADDRS.clone()],
    )]));

    let (system_addr, our_addr) = common::resolve_system_and_us("wikipedia.org")?;
    assert_eq!(system_addr, our_addr);
    timeout(Duration::from_secs(1), dbus).await??
}

#[tokio::test]
#[ignore]
async fn adultsite_is_restricted() -> Result<()> {
    let dbus = common::mock_dbus(HashMap::from([(
        getuid(),
        vec![CLOUDFLARE_PARENTALCONTROL_ADDRS.clone()],
    )]));

    let (system_addr, our_addr) = common::resolve_system_and_us("pornhub.com")?;
    assert_ne!(system_addr, our_addr);
    assert_eq!(our_addr, IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)));
    timeout(Duration::from_secs(1), dbus).await??
}

#[tokio::test]
#[ignore]
async fn privileged_user_bypasses_restrictions() -> Result<()> {
    let dbus = common::mock_dbus(HashMap::from([(getuid(), vec![ /* no restriction */])]));

    let (system_addr, our_addr) = common::resolve_system_and_us("pornhub.com")?;
    assert_eq!(system_addr, our_addr);
    timeout(Duration::from_secs(1), dbus).await??
}
Add basic test 2022-08-13 17:04:22 +02:00			`// SPDX-FileCopyrightText: 2022 Matteo Settenvini <matteo.settenvini@montecristosoftware.eu>`
			`// SPDX-License-Identifier: GPL-3.0-or-later`

			`mod common;`

Ensure loading of NSS module in tests 2022-08-14 23:03:59 +02:00			`use {`
Start implementing and testing gethostbyname4_r 2022-08-15 22:55:35 +02:00			`crate::common::Eai,`
			`anyhow::Result,`
Ensure loading of NSS module in tests 2022-08-14 23:03:59 +02:00			`libc::{freeaddrinfo, gai_strerror, getaddrinfo},`
Move to rust stable, introduce mock for dbus in tests 2022-08-18 13:59:11 +02:00			`nix::unistd::getuid,`
			`once_cell::sync::Lazy,`
			`std::collections::HashMap,`
			`std::net::{IpAddr, Ipv4Addr, Ipv6Addr},`
			`std::time::Duration,`
			`tokio::time::timeout,`
Ensure loading of NSS module in tests 2022-08-14 23:03:59 +02:00			`};`
Add basic test 2022-08-13 17:04:22 +02:00
Move to rust stable, introduce mock for dbus in tests 2022-08-18 13:59:11 +02:00			`static CLOUDFLARE_PARENTALCONTROL_ADDRS: Lazy<Vec<IpAddr>> = Lazy::new(\|\| {`
			`vec![`
			`IpAddr::V4(Ipv4Addr::new(1, 1, 1, 3)),`
			`IpAddr::V4(Ipv4Addr::new(1, 0, 0, 3)),`
			`IpAddr::V6(Ipv6Addr::new(2606, 4700, 4700, 0, 0, 0, 0, 1113)),`
			`IpAddr::V6(Ipv6Addr::new(2606, 4700, 4700, 0, 0, 0, 0, 1003)),`
			`]`
			`});`

Add basic test 2022-08-13 17:04:22 +02:00			`#[test]`
Move to rust stable, introduce mock for dbus in tests 2022-08-18 13:59:11 +02:00			`#[ignore]`
Start implementing and testing gethostbyname4_r 2022-08-15 22:55:35 +02:00			`fn nss_module_is_loaded() -> Result<()> {`
			`common::setup()?;`
Add basic test 2022-08-13 17:04:22 +02:00
Ensure loading of NSS module in tests 2022-08-14 23:03:59 +02:00			`let hostname = std::ffi::CString::new("gnome.org").unwrap();`
			`unsafe {`
			`let mut addr = std::ptr::null_mut();`
Start implementing and testing gethostbyname4_r 2022-08-15 22:55:35 +02:00			`let getaddrinfo_status = getaddrinfo(`
Ensure loading of NSS module in tests 2022-08-14 23:03:59 +02:00			`hostname.as_ptr(),`
			`std::ptr::null(),`
			`std::ptr::null(),`
			`&mut addr,`
Start implementing and testing gethostbyname4_r 2022-08-15 22:55:35 +02:00			`);`

			`let error = std::ffi::CStr::from_ptr(gai_strerror(getaddrinfo_status));`
			`assert_eq!(`
			`getaddrinfo_status,`
			`0,`
			`"Unable to resolve hostname, getaddrinfo failed: {}",`
			`error.to_str().unwrap()`
			`);`
			`freeaddrinfo(addr);`
Ensure loading of NSS module in tests 2022-08-14 23:03:59 +02:00			`};`
Start implementing and testing gethostbyname4_r 2022-08-15 22:55:35 +02:00
			`Ok(())`
			`}`

Move to rust stable, introduce mock for dbus in tests 2022-08-18 13:59:11 +02:00			`#[tokio::test]`
			`#[ignore]`
			`async fn application_dns_is_nxdomain() -> Result<()> {`
			`let dbus = common::mock_dbus(HashMap::from([(`
			`getuid(),`
			`vec![CLOUDFLARE_PARENTALCONTROL_ADDRS.clone()],`
			`)]));`
Start implementing and testing gethostbyname4_r 2022-08-15 22:55:35 +02:00
Move to rust stable, introduce mock for dbus in tests 2022-08-18 13:59:11 +02:00			`common::setup()?;`
Start implementing and testing gethostbyname4_r 2022-08-15 22:55:35 +02:00			`let hostname = std::ffi::CString::new("use-application-dns.net").unwrap();`
			`unsafe {`
			`let mut addr = std::ptr::null_mut();`
			`let getaddrinfo_status = getaddrinfo(`
			`hostname.as_ptr(),`
			`std::ptr::null(),`
			`std::ptr::null(),`
			`&mut addr,`
			`);`

			`let error = std::ffi::CStr::from_ptr(gai_strerror(getaddrinfo_status));`
			`assert_eq!(`
			`getaddrinfo_status,`
			`Eai::NoName.0,`
			`"Should have gotten no hostname (NXDOMAIN), instead got {}",`
			`error.to_str().unwrap()`
			`);`
			`freeaddrinfo(addr);`
			`};`
Move to rust stable, introduce mock for dbus in tests 2022-08-18 13:59:11 +02:00
			`timeout(Duration::from_secs(1), dbus).await??`
Start implementing and testing gethostbyname4_r 2022-08-15 22:55:35 +02:00			`}`

Move to rust stable, introduce mock for dbus in tests 2022-08-18 13:59:11 +02:00			`#[tokio::test]`
			`#[ignore]`
			`async fn wikipedia_is_unrestricted() -> Result<()> {`
			`let dbus = common::mock_dbus(HashMap::from([(`
			`getuid(),`
			`vec![CLOUDFLARE_PARENTALCONTROL_ADDRS.clone()],`
			`)]));`
Start implementing and testing gethostbyname4_r 2022-08-15 22:55:35 +02:00
			`let (system_addr, our_addr) = common::resolve_system_and_us("wikipedia.org")?;`
			`assert_eq!(system_addr, our_addr);`
Move to rust stable, introduce mock for dbus in tests 2022-08-18 13:59:11 +02:00			`timeout(Duration::from_secs(1), dbus).await??`
Start implementing and testing gethostbyname4_r 2022-08-15 22:55:35 +02:00			`}`

Move to rust stable, introduce mock for dbus in tests 2022-08-18 13:59:11 +02:00			`#[tokio::test]`
Start implementing and testing gethostbyname4_r 2022-08-15 22:55:35 +02:00			`#[ignore]`
Move to rust stable, introduce mock for dbus in tests 2022-08-18 13:59:11 +02:00			`async fn adultsite_is_restricted() -> Result<()> {`
			`let dbus = common::mock_dbus(HashMap::from([(`
			`getuid(),`
			`vec![CLOUDFLARE_PARENTALCONTROL_ADDRS.clone()],`
			`)]));`

Start implementing and testing gethostbyname4_r 2022-08-15 22:55:35 +02:00			`let (system_addr, our_addr) = common::resolve_system_and_us("pornhub.com")?;`
			`assert_ne!(system_addr, our_addr);`
			`assert_eq!(our_addr, IpAddr::V4(Ipv4Addr::new(0, 0, 0, 0)));`
Move to rust stable, introduce mock for dbus in tests 2022-08-18 13:59:11 +02:00			`timeout(Duration::from_secs(1), dbus).await??`
Start implementing and testing gethostbyname4_r 2022-08-15 22:55:35 +02:00			`}`

Move to rust stable, introduce mock for dbus in tests 2022-08-18 13:59:11 +02:00			`#[tokio::test]`
Start implementing and testing gethostbyname4_r 2022-08-15 22:55:35 +02:00			`#[ignore]`
Move to rust stable, introduce mock for dbus in tests 2022-08-18 13:59:11 +02:00			`async fn privileged_user_bypasses_restrictions() -> Result<()> {`
			`let dbus = common::mock_dbus(HashMap::from([(getuid(), vec![ /* no restriction */])]));`
Start implementing and testing gethostbyname4_r 2022-08-15 22:55:35 +02:00
			`let (system_addr, our_addr) = common::resolve_system_and_us("pornhub.com")?;`
			`assert_eq!(system_addr, our_addr);`
Move to rust stable, introduce mock for dbus in tests 2022-08-18 13:59:11 +02:00			`timeout(Duration::from_secs(1), dbus).await??`
Add basic test 2022-08-13 17:04:22 +02:00			`}`