ipaccess 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,53 @@
1
+ # encoding: utf-8
2
+ #
3
+ # Author:: Paweł Wilk (mailto:pw@gnu.org)
4
+ # Copyright:: Copyright (c) 2009 Paweł Wilk
5
+ # License:: This program is licensed under the terms of {GNU Lesser General Public License}[link:docs/LGPL-LICENSE.html] or {Ruby License}[link:docs/COPYING.html].
6
+ #
7
+ # Classes contained in this file are subclasses
8
+ # of Ruby socket handling classes equipped
9
+ # with IP access control.
10
+ #
11
+ #--
12
+ #
13
+ # Copyright (C) 2009 by Paweł Wilk. All Rights Reserved.
14
+ #
15
+ # This program is free software; you can redistribute it and/or modify
16
+ # it under the terms of either: 1) the GNU Lesser General Public License
17
+ # as published by the Free Software Foundation; either version 3 of the
18
+ # License, or (at your option) any later version; or 2) Ruby's License.
19
+ #
20
+ # See the file COPYING for complete licensing information.
21
+ #
22
+ #
23
+ # See ipaccess/ghost_doc.rb for documentation of this classes.
24
+ #
25
+ #++
26
+
27
+ require 'socket'
28
+ require 'ipaccess/ip_access'
29
+ require 'ipaccess/ip_access_patches'
30
+
31
+
32
+ class IPAccess::Socket < Socket
33
+ include IPAccess::Patches::Socket
34
+ end
35
+
36
+ class IPAccess::UDPSocket < UDPSocket
37
+ include IPAccess::Patches::UDPSocket
38
+ end
39
+
40
+ if Object.const_defined?(:SOCKSSocket)
41
+ class IPAccess::SOCKSSocket < SOCKSSocket
42
+ include IPAccess::Patches::SOCKSSocket
43
+ end
44
+ end
45
+
46
+ class IPAccess::TCPSocket < TCPSocket
47
+ include IPAccess::Patches::TCPSocket
48
+ end
49
+
50
+ class IPAccess::TCPServer < TCPServer
51
+ include IPAccess::Patches::TCPServer
52
+ end
53
+
data/spec/core_spec.rb ADDED
@@ -0,0 +1,5 @@
1
+ $:.unshift File.join(File.dirname(__FILE__), "..", "lib")
2
+
3
+ ['ip_access_list_spec'].each do |spec|
4
+ require File.join(File.dirname(__FILE__), spec)
5
+ end
@@ -0,0 +1,302 @@
1
+ $:.unshift File.join(File.dirname(__FILE__), "..", "lib")
2
+
3
+ require 'uri'
4
+ require 'socket'
5
+ require 'rubygems'
6
+ require 'ipaccess'
7
+
8
+ describe IPAccessList do
9
+
10
+ describe "initializer" do
11
+
12
+ it "should take an empty array as parameter" do
13
+ lambda { IPAccessList.new [] }.should_not raise_error
14
+ end
15
+
16
+ it "should take an array of strings describing IPs as parameter" do
17
+ lambda { IPAccessList.new ["192.168.0.0/16", "127.0.0.1"] }.should_not raise_error
18
+ end
19
+
20
+ it "should take an array of names as parameter" do
21
+ lambda { IPAccessList.new ["localhost"] }.should_not raise_error
22
+ end
23
+
24
+ it "should take an array of symbols as parameter" do
25
+ lambda { IPAccessList.new [:local, :private] }.should_not raise_error
26
+ end
27
+
28
+ it "should take an array of URLs as parameter" do
29
+ lambda { IPAccessList.new ["http://localhost/","https://127.0.0.2/"] }.should_not raise_error
30
+ end
31
+
32
+ it "should take an array of sockets as parameter" do
33
+ s1 = UDPSocket.new
34
+ s2 = UDPSocket.new
35
+ def s1.getpeername; "\x10\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" end
36
+ def s2.getpeername; "\x10\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" end
37
+ lambda { IPAccessList.new [s1, s2] }.should_not raise_error
38
+ end
39
+
40
+ it "should take an array of IPAddr objects as parameter" do
41
+ lambda { IPAccessList.new [IPAddr.new("127.0.0.1"), IPAddr.new("192.168.1.1")] }.should_not raise_error
42
+ end
43
+
44
+ it "should take an array of numbers as parameter" do
45
+ lambda { IPAccessList.new [2130706433,2130706434] }.should_not raise_error
46
+ end
47
+
48
+ it "should take an array of URI objects as parameter" do
49
+ lambda { IPAccessList.new [URI('http://localhost/'),URI('http://127.0.0.2:80/')] }.should_not raise_error
50
+ end
51
+
52
+ it "should take an array of CIDR objects as parameter" do
53
+ lambda { IPAccessList.new [NetAddr::CIDR.create('192.168.1.1'),NetAddr::CIDR.create('192.168.0.0/24')] }.should_not raise_error
54
+ end
55
+
56
+ it "should take an array of NetAddr::Tree objects as parameter" do
57
+ tree = NetAddr::Tree.new
58
+ tree.add!('192.168.0.0/24')
59
+ tree.add!('172.16.0.0')
60
+ lambda { IPAccessList.new [tree] }.should_not raise_error
61
+ end
62
+
63
+ it "should take an array of IPAccessList objects as parameter" do
64
+ tree = IPAccessList.new
65
+ tree.add!('192.168.0.0/24')
66
+ tree.add!('172.16.0.0')
67
+ lambda { z = IPAccessList.new [tree] }.should_not raise_error
68
+ end
69
+
70
+ end # initializer
71
+
72
+ describe "rules" do
73
+
74
+ before(:each) do
75
+ @access = IPAccessList.new
76
+ @access.blacklist :local, '192.168.0.1', :private
77
+ @access.whitelist '172.16.10.0/24', '192.168.0.2'
78
+ end
79
+
80
+ it "should be searchable by matching IP to rules" do
81
+ @access.included('192.168.0.1').first.should == '192.168.0.1/32'
82
+ @access.included('192.168.0.2').first.should == '192.168.0.2/32'
83
+ @access.included('192.168.2.5').first.should == '192.168.0.0/16'
84
+ @access.included('1.2.3.5').first.should == nil
85
+ @access.included('127.0.0.5/16').first.should == '127.0.0.0/8'
86
+ end
87
+
88
+ end # rules
89
+
90
+ describe "access" do
91
+
92
+ before(:each) do
93
+ @access = IPAccessList.new
94
+ end
95
+
96
+ it "should deny access when single IP is blacklisted" do
97
+ @access.blacklist '192.168.0.1'
98
+ @access.denied('192.168.0.1').first[:IP].should == '192.168.0.1/32'
99
+ end
100
+
101
+ it "should deny access when single IP is blacklisted and neighbour is whitelisted" do
102
+ @access.whitelist '192.168.0.1', '192.168.0.3'
103
+ @access.blacklist '192.168.0.2'
104
+ @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
105
+
106
+ @access.whitelist '172.16.0.1', '172.16.0.3'
107
+ @access.blacklist '172.16.0.2', '127.0.0.1'
108
+ @access.denied('192.168.0.2').first[:Rule].should == '192.168.0.2/32'
109
+ end
110
+
111
+ it "should deny access when single IP is blacklisted and neighbour is blacklisted" do
112
+ @access.blacklist '192.168.0.1', '192.168.0.2', '192.168.0.3'
113
+ @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
114
+
115
+ @access.whitelist '172.16.0.1', '172.16.0.3'
116
+ @access.blacklist '172.16.0.2', '127.0.0.1'
117
+ @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
118
+ end
119
+
120
+ it "should deny access when single IP is blacklisted and parent is blacklisted" do
121
+ @access.blacklist '192.168.0.0/24', '192.168.0.2'
122
+ @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
123
+
124
+ @access.whitelist '172.16.0.1', '172.16.0.3'
125
+ @access.blacklist '172.16.0.2', '127.0.0.1'
126
+ @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
127
+ end
128
+
129
+ it "should deny access when single IP is blacklisted, parent is blacklisted and neighbours are blacklisted" do
130
+ @access.blacklist '192.168.0.0/24', '192.168.0.1', '192.168.0.2', '192.168.0.3'
131
+ @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
132
+
133
+ @access.blacklist '172.16.0.1', '172.16.0.3'
134
+ @access.blacklist '172.16.0.2', '127.0.0.1'
135
+ @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
136
+ end
137
+
138
+ it "should deny access when single IP is blacklisted, parent is blacklisted and neighbours are whitelisted" do
139
+ @access.blacklist '192.168.0.0/24', '192.168.0.2'
140
+ @access.whitelist '192.168.0.1', '192.168.0.3'
141
+ @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
142
+
143
+ @access.whitelist '172.16.0.1', '172.16.0.3'
144
+ @access.whitelist '172.16.0.2', '127.0.0.1'
145
+ @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
146
+ end
147
+
148
+ it "should deny access when single IP is blacklisted, parent is blacklisted and parent's neigbour is blacklisted" do
149
+ @access.blacklist '192.168.0.0/24', '192.168.0.1', '192.168.0.2', '192.168.0.3'
150
+ @access.blacklist '192.168.1.0/24'
151
+ @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
152
+
153
+ @access.blacklist '172.16.0.2', '127.0.0.1', '172.16.0.1', '172.16.0.3'
154
+ @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
155
+ end
156
+
157
+ it "should deny access when single IP is blacklisted, parent is blacklisted and parent's neigbour is whitelisted" do
158
+ @access.blacklist '192.168.0.0/24', '192.168.0.1', '192.168.0.2', '192.168.0.3'
159
+ @access.whitelist '192.168.1.0/24'
160
+ @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
161
+
162
+ @access.blacklist '172.16.0.1', '172.16.0.3'
163
+ @access.whitelist '172.16.0.2', '127.0.0.1'
164
+ @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
165
+ end
166
+
167
+ it "should not deny access when single IP is not present" do
168
+ @access.blacklist '192.168.0.0/24', '192.168.0.1', '192.168.0.2', '192.168.0.3'
169
+ @access.whitelist '192.168.1.0/24'
170
+ @access.denied('127.0.0.1').first.should == nil
171
+
172
+ @access.blacklist '172.16.0.1', '172.16.0.3'
173
+ @access.whitelist '172.16.0.2', '127.0.0.1'
174
+ @access.denied('1.1.0.1').first.should == nil
175
+ end
176
+
177
+ it "should not deny access when single IP is whitelisted" do
178
+ @access.whitelist '192.168.1.0/24'
179
+ @access.denied('192.168.0.1').first.should == nil
180
+
181
+ @access.blacklist '192.168.1.2', '192.168.1.3'
182
+ @access.denied('192.168.0.1').first.should == nil
183
+
184
+ @access.blacklist '172.16.0.1', '172.16.0.3'
185
+ @access.whitelist '172.16.0.2', '127.0.0.1'
186
+ @access.denied('192.168.0.1').first.should == nil
187
+ end
188
+
189
+ it "should not deny access when single IP is whitelisted and parent is blacklisted" do
190
+ @access.blacklist '192.168.1.0/24'
191
+ @access.whitelist '192.168.1.2'
192
+ @access.denied('192.168.0.1').first.should == nil
193
+
194
+ @access.blacklist '192.168.1.1', '192.168.1.3'
195
+ @access.denied('192.168.0.2').first.should == nil
196
+
197
+ @access.blacklist '172.16.0.1', '172.16.0.3'
198
+ @access.whitelist '172.16.0.2', '127.0.0.1', '192.168.1.1', '192.168.1.3'
199
+ @access.denied('192.168.0.2').first.should == nil
200
+ end
201
+
202
+ it "should not deny access when single IP is blacklisted and whitelisted" do
203
+ @access.blacklist '192.168.0.1'
204
+ @access.whitelist '192.168.0.1'
205
+ @access.denied('192.168.0.1').first.should == nil
206
+
207
+ @access.blacklist '172.16.0.1', '172.16.0.3'
208
+ @access.whitelist '172.16.0.2', '127.0.0.1'
209
+ @access.denied('192.168.0.1').first.should == nil
210
+ end
211
+
212
+ it "should not deny access when single IP is blacklisted and parent is whitelisted" do
213
+ @access.whitelist '192.168.0.0/24'
214
+ @access.blacklist '192.168.0.1'
215
+ @access.denied('192.168.0.1').first.should == nil
216
+
217
+ @access.blacklist '172.16.0.1', '172.16.0.3'
218
+ @access.whitelist '172.16.0.2', '127.0.0.1'
219
+ @access.denied('192.168.0.1').first.should == nil
220
+ end
221
+
222
+ it "should not deny access when single IP is blacklisted, parent is whitelisted and neighbour is blacklisted" do
223
+ @access.whitelist '192.168.0.0/24'
224
+ @access.blacklist '192.168.0.1'
225
+ @access.blacklist '192.168.0.2'
226
+ @access.blacklist '192.168.0.3'
227
+ @access.denied('192.168.0.2').first.should == nil
228
+
229
+ @access.blacklist '172.16.0.1', '172.16.0.3'
230
+ @access.whitelist '172.16.0.2', '127.0.0.1'
231
+ @access.denied('192.168.0.1').first.should == nil
232
+ end
233
+
234
+ it "should not deny access when single IP is blacklisted, parent is whitelisted and neighbours are whitelisted" do
235
+ @access.whitelist '192.168.0.0/24'
236
+ @access.whitelist '192.168.0.1'
237
+ @access.blacklist '192.168.0.2'
238
+ @access.whitelist '192.168.0.3'
239
+ @access.denied('192.168.0.2').first.should == nil
240
+
241
+ @access.blacklist '172.16.0.1', '172.16.0.3'
242
+ @access.whitelist '172.16.0.2', '127.0.0.1'
243
+ @access.denied('192.168.0.1').first.should == nil
244
+ end
245
+
246
+ it "should not deny access when single IP is blacklisted, but all is whitelisted" do
247
+ @access.whitelist :all
248
+ @access.blacklist '192.168.0.2'
249
+ @access.denied('192.168.0.2').first.should == nil
250
+
251
+ @access.blacklist '172.16.0.1', '172.16.0.3'
252
+ @access.whitelist '172.16.0.2', '127.0.0.1'
253
+ @access.denied('192.168.0.1').first.should == nil
254
+ end
255
+
256
+ it "should deny access when IP class is blacklisted" do
257
+ @access.blacklist '192.168.0.0/24'
258
+ @access.denied('192.168.0.1').first[:Rule].should == '192.168.0.0/24'
259
+ end
260
+
261
+ it "should deny access when IP class is blacklisted and parent is blacklisted" do
262
+ @access.blacklist '192.168.0.0/24', '192.168.0.0/16'
263
+ @access.denied('192.168.0.1').first[:Rule].should == '192.168.0.0/24'
264
+ end
265
+
266
+ it "should deny access when IP class is blacklisted and neighbour classes are blacklisted" do
267
+ @access.blacklist '192.168.0.0/24', '172.16.0.0/24', '10.0.0.0/12'
268
+ @access.denied('192.168.0.1').first[:Rule].should == '192.168.0.0/24'
269
+ end
270
+
271
+ it "should deny access when IP class is blacklisted and neighbour classes are whitelisted" do
272
+ @access.blacklist '192.168.0.0/24'
273
+ @access.whitelist '172.16.0.0/24', '10.0.0.0/12', '255.255.0.0/24'
274
+ @access.denied('192.168.0.1').first[:Rule].should == '192.168.0.0/24'
275
+ end
276
+
277
+ it "should deny access when IP class is blacklisted and contains whitelisted items" do
278
+ @access.blacklist '192.168.0.0/24', '127.0.0.1', '10.0.0.1/12'
279
+ @access.whitelist '192.168.0.1', '192.168.0.3'
280
+ @access.denied('192.168.0.2').first[:Rule].should == '192.168.0.0/24'
281
+ end
282
+
283
+ it "should not deny access when IP class is whitelisted and parent is whitelisted" do
284
+ @access.whitelist '192.168.0.0/24', '192.168.0.0/16'
285
+ @access.denied('192.168.0.1').first.should == nil
286
+ end
287
+
288
+ it "should not deny access when IP class is blacklisted and parent is whitelisted" do
289
+ @access.blacklist '192.168.0.0/24'
290
+ @access.whitelist '192.168.0.0/16'
291
+ @access.denied('192.168.0.1').first.should == nil
292
+ end
293
+
294
+ it "should deny access when IP class is whitelisted and contains blacklisted items" do
295
+ @access.whitelist '192.168.0.0/24', '127.0.0.1', '10.0.0.1/12'
296
+ @access.blacklist '192.168.0.1', '192.168.0.3'
297
+ @access.denied('192.168.0.2').first.should == nil
298
+ end
299
+
300
+ end # access
301
+
302
+ end
data/spec/rcov.opts ADDED
@@ -0,0 +1,7 @@
1
+ --spec-only
2
+ --output coverage
3
+ --exclude examples
4
+ --exclude gems
5
+ --exclude spec
6
+ --exclude coverage
7
+ --exclude 00*
data/spec/spec.opts ADDED
@@ -0,0 +1,2 @@
1
+ --colour
2
+ --format profile
metadata ADDED
@@ -0,0 +1,84 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: ipaccess
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.2
5
+ platform: ruby
6
+ authors:
7
+ - "Pawe\xC5\x82 Wilk"
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+
12
+ date: 2009-05-10 00:00:00 +02:00
13
+ default_executable:
14
+ dependencies:
15
+ - !ruby/object:Gem::Dependency
16
+ name: netaddr
17
+ type: :runtime
18
+ version_requirement:
19
+ version_requirements: !ruby/object:Gem::Requirement
20
+ requirements:
21
+ - - ">="
22
+ - !ruby/object:Gem::Version
23
+ version: "0"
24
+ version:
25
+ description: Classes contained in this library allows you to create and control IP access
26
+ email: pw@gnu.org
27
+ executables: []
28
+
29
+ extensions: []
30
+
31
+ extra_rdoc_files: []
32
+
33
+ files:
34
+ - lib/ipaccess.rb
35
+ - lib/ipaccess/arm_sockets.rb
36
+ - lib/ipaccess/ip_access.rb
37
+ - lib/ipaccess/ip_access_errors.rb
38
+ - lib/ipaccess/ip_access_list.rb
39
+ - lib/ipaccess/ip_access_patches.rb
40
+ - lib/ipaccess/netaddr_patch.rb
41
+ - lib/ipaccess/sockets.rb
42
+ - lib/ipaccess/ghost_doc.rb
43
+ - lib/ipaccess/ghost_doc_acl.rb
44
+ - docs/LGPL-LICENSE
45
+ - Rakefile
46
+ - docs/README
47
+ - docs/TODO
48
+ - docs/COPYING
49
+ - docs/LEGAL
50
+ - docs/DOWNLOAD
51
+ - docs/WELCOME
52
+ - examples/tcp_socket.rb
53
+ - spec/core_spec.rb
54
+ - spec/ip_access_list_spec.rb
55
+ - spec/rcov.opts
56
+ - spec/spec.opts
57
+ has_rdoc: true
58
+ homepage: http://randomseed.pl/ipaccess
59
+ post_install_message:
60
+ rdoc_options: []
61
+
62
+ require_paths:
63
+ - lib
64
+ required_ruby_version: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - ">="
67
+ - !ruby/object:Gem::Version
68
+ version: "0"
69
+ version:
70
+ required_rubygems_version: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - ">="
73
+ - !ruby/object:Gem::Version
74
+ version: "0"
75
+ version:
76
+ requirements: []
77
+
78
+ rubyforge_project: ipaccess
79
+ rubygems_version: 1.3.1
80
+ signing_key:
81
+ specification_version: 2
82
+ summary: IP Access Control
83
+ test_files: []
84
+