ipaccess 0.0.2

data/lib/ipaccess/sockets.rb

@@ -0,0 +1,53 @@
+# encoding: utf-8
+#
+# Author::    Paweł Wilk (mailto:pw@gnu.org)
+# Copyright:: Copyright (c) 2009 Paweł Wilk
+# License::   This program is licensed under the terms of {GNU Lesser General Public License}[link:docs/LGPL-LICENSE.html] or {Ruby License}[link:docs/COPYING.html].
+# 
+# Classes contained in this file are subclasses
+# of Ruby socket handling classes equipped
+# with IP access control.
+#
+#--
+# 
+# Copyright (C) 2009 by Paweł Wilk. All Rights Reserved.
+# 
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of either: 1) the GNU Lesser General Public License
+# as published by the Free Software Foundation; either version 3 of the
+# License, or (at your option) any later version; or 2) Ruby's License.
+# 
+# See the file COPYING for complete licensing information.
+#
+# 
+# See ipaccess/ghost_doc.rb for documentation of this classes.
+# 
+#++
+
+require 'socket'
+require 'ipaccess/ip_access'
+require 'ipaccess/ip_access_patches'
+
+
+class IPAccess::Socket < Socket
+  include IPAccess::Patches::Socket
+end
+
+class IPAccess::UDPSocket < UDPSocket
+  include IPAccess::Patches::UDPSocket
+end
+
+if Object.const_defined?(:SOCKSSocket)
+  class IPAccess::SOCKSSocket < SOCKSSocket
+    include IPAccess::Patches::SOCKSSocket
+  end
+end
+
+class IPAccess::TCPSocket < TCPSocket
+  include IPAccess::Patches::TCPSocket
+end
+
+class IPAccess::TCPServer < TCPServer
+  include IPAccess::Patches::TCPServer
+end
+

data/spec/core_spec.rb

@@ -0,0 +1,5 @@
+$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
+
+['ip_access_list_spec'].each do |spec|
+  require File.join(File.dirname(__FILE__), spec)
+end

data/spec/ip_access_list_spec.rb

@@ -0,0 +1,302 @@
+$:.unshift File.join(File.dirname(__FILE__), "..", "lib")
+
+require 'uri'
+require 'socket'
+require 'rubygems'
+require 'ipaccess'
+
+describe IPAccessList do
+ 
+    describe "initializer" do
+           
+      it "should take an empty array as parameter" do
+        lambda { IPAccessList.new [] }.should_not raise_error
+      end
+      
+      it "should take an array of strings describing IPs as parameter" do
+        lambda { IPAccessList.new ["192.168.0.0/16", "127.0.0.1"] }.should_not raise_error
+      end
+      
+      it "should take an array of names as parameter" do
+        lambda { IPAccessList.new ["localhost"] }.should_not raise_error
+      end
+
+      it "should take an array of symbols as parameter" do
+        lambda { IPAccessList.new [:local, :private] }.should_not raise_error
+      end
+
+      it "should take an array of URLs as parameter" do
+        lambda { IPAccessList.new ["http://localhost/","https://127.0.0.2/"] }.should_not raise_error
+      end
+      
+      it "should take an array of sockets as parameter" do
+        s1 = UDPSocket.new
+        s2 = UDPSocket.new
+        def s1.getpeername; "\x10\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" end
+        def s2.getpeername; "\x10\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" end
+        lambda { IPAccessList.new [s1, s2] }.should_not raise_error
+      end
+
+      it "should take an array of IPAddr objects as parameter" do
+        lambda { IPAccessList.new [IPAddr.new("127.0.0.1"), IPAddr.new("192.168.1.1")] }.should_not raise_error
+      end
+
+      it "should take an array of numbers as parameter" do
+        lambda { IPAccessList.new [2130706433,2130706434] }.should_not raise_error
+      end
+
+      it "should take an array of URI objects as parameter" do
+        lambda { IPAccessList.new [URI('http://localhost/'),URI('http://127.0.0.2:80/')] }.should_not raise_error
+      end
+
+      it "should take an array of CIDR objects as parameter" do
+        lambda { IPAccessList.new [NetAddr::CIDR.create('192.168.1.1'),NetAddr::CIDR.create('192.168.0.0/24')] }.should_not raise_error
+      end
+      
+      it "should take an array of NetAddr::Tree objects as parameter" do
+        tree = NetAddr::Tree.new
+        tree.add!('192.168.0.0/24')
+        tree.add!('172.16.0.0')
+        lambda { IPAccessList.new [tree] }.should_not raise_error
+      end
+      
+      it "should take an array of IPAccessList objects as parameter" do
+        tree = IPAccessList.new
+        tree.add!('192.168.0.0/24')
+        tree.add!('172.16.0.0')
+        lambda { z = IPAccessList.new [tree] }.should_not raise_error
+      end
+     
+    end # initializer
+    
+    describe "rules" do
+    
+      before(:each) do
+        @access = IPAccessList.new
+        @access.blacklist :local, '192.168.0.1', :private
+        @access.whitelist '172.16.10.0/24', '192.168.0.2'
+      end
+
+      it "should be searchable by matching IP to rules" do
+        @access.included('192.168.0.1').first.should == '192.168.0.1/32'
+        @access.included('192.168.0.2').first.should == '192.168.0.2/32'
+        @access.included('192.168.2.5').first.should == '192.168.0.0/16'
+        @access.included('1.2.3.5').first.should == nil
+        @access.included('127.0.0.5/16').first.should == '127.0.0.0/8'
+      end
+        
+    end # rules
+    
+    describe "access" do
+    
+      before(:each) do
+        @access = IPAccessList.new
+      end
+          
+      it "should deny access when single IP is blacklisted" do
+        @access.blacklist '192.168.0.1'
+        @access.denied('192.168.0.1').first[:IP].should == '192.168.0.1/32'
+      end
+      
+      it "should deny access when single IP is blacklisted and neighbour is whitelisted" do
+        @access.whitelist '192.168.0.1', '192.168.0.3'
+        @access.blacklist '192.168.0.2'
+        @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
+        
+        @access.whitelist '172.16.0.1', '172.16.0.3'
+        @access.blacklist '172.16.0.2', '127.0.0.1'
+        @access.denied('192.168.0.2').first[:Rule].should == '192.168.0.2/32'
+      end
+
+      it "should deny access when single IP is blacklisted and neighbour is blacklisted" do
+        @access.blacklist '192.168.0.1', '192.168.0.2', '192.168.0.3'
+        @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
+
+        @access.whitelist '172.16.0.1', '172.16.0.3'
+        @access.blacklist '172.16.0.2', '127.0.0.1'
+        @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
+      end
+
+      it "should deny access when single IP is blacklisted and parent is blacklisted" do
+        @access.blacklist '192.168.0.0/24', '192.168.0.2'
+        @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
+        
+        @access.whitelist '172.16.0.1', '172.16.0.3'
+        @access.blacklist '172.16.0.2', '127.0.0.1'
+        @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
+      end
+      
+      it "should deny access when single IP is blacklisted, parent is blacklisted and neighbours are blacklisted" do
+        @access.blacklist '192.168.0.0/24', '192.168.0.1', '192.168.0.2', '192.168.0.3'
+        @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
+        
+        @access.blacklist '172.16.0.1', '172.16.0.3'
+        @access.blacklist '172.16.0.2', '127.0.0.1'
+        @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
+      end
+      
+      it "should deny access when single IP is blacklisted, parent is blacklisted and neighbours are whitelisted" do
+        @access.blacklist '192.168.0.0/24', '192.168.0.2'
+        @access.whitelist '192.168.0.1', '192.168.0.3'
+        @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
+        
+        @access.whitelist '172.16.0.1', '172.16.0.3'
+        @access.whitelist '172.16.0.2', '127.0.0.1'
+        @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
+      end
+      
+      it "should deny access when single IP is blacklisted, parent is blacklisted and parent's neigbour is blacklisted" do
+        @access.blacklist '192.168.0.0/24', '192.168.0.1', '192.168.0.2', '192.168.0.3'
+        @access.blacklist '192.168.1.0/24'
+        @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
+        
+        @access.blacklist '172.16.0.2', '127.0.0.1', '172.16.0.1', '172.16.0.3'
+        @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
+      end
+      
+      it "should deny access when single IP is blacklisted, parent is blacklisted and parent's neigbour is whitelisted" do
+        @access.blacklist '192.168.0.0/24', '192.168.0.1', '192.168.0.2', '192.168.0.3'
+        @access.whitelist '192.168.1.0/24'
+        @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'
+
+        @access.blacklist '172.16.0.1', '172.16.0.3'
+        @access.whitelist '172.16.0.2', '127.0.0.1'
+        @access.denied('192.168.0.2').first[:IP].should == '192.168.0.2/32'      
+      end
+
+      it "should not deny access when single IP is not present" do
+        @access.blacklist '192.168.0.0/24', '192.168.0.1', '192.168.0.2', '192.168.0.3'
+        @access.whitelist '192.168.1.0/24'
+        @access.denied('127.0.0.1').first.should == nil
+        
+        @access.blacklist '172.16.0.1', '172.16.0.3'
+        @access.whitelist '172.16.0.2', '127.0.0.1'
+        @access.denied('1.1.0.1').first.should == nil        
+      end
+      
+      it "should not deny access when single IP is whitelisted" do
+        @access.whitelist '192.168.1.0/24'
+        @access.denied('192.168.0.1').first.should == nil
+        
+        @access.blacklist '192.168.1.2', '192.168.1.3'
+        @access.denied('192.168.0.1').first.should == nil
+        
+        @access.blacklist '172.16.0.1', '172.16.0.3'
+        @access.whitelist '172.16.0.2', '127.0.0.1'
+        @access.denied('192.168.0.1').first.should == nil
+      end
+      
+      it "should not deny access when single IP is whitelisted and parent is blacklisted" do
+        @access.blacklist '192.168.1.0/24'
+        @access.whitelist '192.168.1.2'
+        @access.denied('192.168.0.1').first.should == nil
+        
+        @access.blacklist '192.168.1.1', '192.168.1.3'
+        @access.denied('192.168.0.2').first.should == nil
+        
+        @access.blacklist '172.16.0.1', '172.16.0.3'
+        @access.whitelist '172.16.0.2', '127.0.0.1', '192.168.1.1', '192.168.1.3'
+        @access.denied('192.168.0.2').first.should == nil
+      end
+            
+      it "should not deny access when single IP is blacklisted and whitelisted" do
+        @access.blacklist '192.168.0.1'
+        @access.whitelist '192.168.0.1'
+        @access.denied('192.168.0.1').first.should == nil
+
+        @access.blacklist '172.16.0.1', '172.16.0.3'
+        @access.whitelist '172.16.0.2', '127.0.0.1'
+        @access.denied('192.168.0.1').first.should == nil
+      end
+
+      it "should not deny access when single IP is blacklisted and parent is whitelisted" do
+        @access.whitelist '192.168.0.0/24'
+        @access.blacklist '192.168.0.1'
+        @access.denied('192.168.0.1').first.should == nil
+        
+        @access.blacklist '172.16.0.1', '172.16.0.3'
+        @access.whitelist '172.16.0.2', '127.0.0.1'
+        @access.denied('192.168.0.1').first.should == nil
+      end
+      
+      it "should not deny access when single IP is blacklisted, parent is whitelisted and neighbour is blacklisted" do
+        @access.whitelist '192.168.0.0/24'
+        @access.blacklist '192.168.0.1'
+        @access.blacklist '192.168.0.2'
+        @access.blacklist '192.168.0.3'
+        @access.denied('192.168.0.2').first.should == nil
+        
+        @access.blacklist '172.16.0.1', '172.16.0.3'
+        @access.whitelist '172.16.0.2', '127.0.0.1'
+        @access.denied('192.168.0.1').first.should == nil
+      end
+      
+      it "should not deny access when single IP is blacklisted, parent is whitelisted and neighbours are whitelisted" do
+        @access.whitelist '192.168.0.0/24'
+        @access.whitelist '192.168.0.1'
+        @access.blacklist '192.168.0.2'
+        @access.whitelist '192.168.0.3'
+        @access.denied('192.168.0.2').first.should == nil
+        
+        @access.blacklist '172.16.0.1', '172.16.0.3'
+        @access.whitelist '172.16.0.2', '127.0.0.1'
+        @access.denied('192.168.0.1').first.should == nil
+      end
+      
+      it "should not deny access when single IP is blacklisted, but all is whitelisted" do
+        @access.whitelist :all
+        @access.blacklist '192.168.0.2'
+        @access.denied('192.168.0.2').first.should == nil
+        
+        @access.blacklist '172.16.0.1', '172.16.0.3'
+        @access.whitelist '172.16.0.2', '127.0.0.1'
+        @access.denied('192.168.0.1').first.should == nil
+      end
+      
+      it "should deny access when IP class is blacklisted" do
+        @access.blacklist '192.168.0.0/24'
+        @access.denied('192.168.0.1').first[:Rule].should == '192.168.0.0/24'
+      end
+
+      it "should deny access when IP class is blacklisted and parent is blacklisted" do
+        @access.blacklist '192.168.0.0/24', '192.168.0.0/16'
+        @access.denied('192.168.0.1').first[:Rule].should == '192.168.0.0/24'
+      end
+      
+      it "should deny access when IP class is blacklisted and neighbour classes are blacklisted" do
+        @access.blacklist '192.168.0.0/24', '172.16.0.0/24', '10.0.0.0/12'
+        @access.denied('192.168.0.1').first[:Rule].should == '192.168.0.0/24'
+      end
+
+      it "should deny access when IP class is blacklisted and neighbour classes are whitelisted" do
+        @access.blacklist '192.168.0.0/24'
+        @access.whitelist '172.16.0.0/24', '10.0.0.0/12', '255.255.0.0/24'
+        @access.denied('192.168.0.1').first[:Rule].should == '192.168.0.0/24'
+      end
+      
+      it "should deny access when IP class is blacklisted and contains whitelisted items" do
+        @access.blacklist '192.168.0.0/24', '127.0.0.1', '10.0.0.1/12'
+        @access.whitelist '192.168.0.1', '192.168.0.3'
+        @access.denied('192.168.0.2').first[:Rule].should == '192.168.0.0/24'
+      end
+
+      it "should not deny access when IP class is whitelisted and parent is whitelisted" do
+        @access.whitelist '192.168.0.0/24', '192.168.0.0/16'
+        @access.denied('192.168.0.1').first.should == nil
+      end
+
+      it "should not deny access when IP class is blacklisted and parent is whitelisted" do
+        @access.blacklist '192.168.0.0/24'
+        @access.whitelist '192.168.0.0/16'
+        @access.denied('192.168.0.1').first.should == nil
+      end
+      
+      it "should deny access when IP class is whitelisted and contains blacklisted items" do
+        @access.whitelist '192.168.0.0/24', '127.0.0.1', '10.0.0.1/12'
+        @access.blacklist '192.168.0.1', '192.168.0.3'
+        @access.denied('192.168.0.2').first.should == nil
+      end
+      
+    end # access
+
+end

data/spec/rcov.opts

@@ -0,0 +1,7 @@
+--spec-only
+--output coverage
+--exclude examples
+--exclude gems
+--exclude spec
+--exclude coverage
+--exclude 00*

data/spec/spec.opts

@@ -0,0 +1,2 @@
+--colour
+--format profile

metadata

@@ -0,0 +1,84 @@
+--- !ruby/object:Gem::Specification 
+name: ipaccess
+version: !ruby/object:Gem::Version 
+  version: 0.0.2
+platform: ruby
+authors: 
+- "Pawe\xC5\x82 Wilk"
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-05-10 00:00:00 +02:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: netaddr
+  type: :runtime
+  version_requirement: 
+  version_requirements: !ruby/object:Gem::Requirement 
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        version: "0"
+    version: 
+description: Classes contained in this library allows you to create and control IP access
+email: pw@gnu.org
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- lib/ipaccess.rb
+- lib/ipaccess/arm_sockets.rb
+- lib/ipaccess/ip_access.rb
+- lib/ipaccess/ip_access_errors.rb
+- lib/ipaccess/ip_access_list.rb
+- lib/ipaccess/ip_access_patches.rb
+- lib/ipaccess/netaddr_patch.rb
+- lib/ipaccess/sockets.rb
+- lib/ipaccess/ghost_doc.rb
+- lib/ipaccess/ghost_doc_acl.rb
+- docs/LGPL-LICENSE
+- Rakefile
+- docs/README
+- docs/TODO
+- docs/COPYING
+- docs/LEGAL
+- docs/DOWNLOAD
+- docs/WELCOME
+- examples/tcp_socket.rb
+- spec/core_spec.rb
+- spec/ip_access_list_spec.rb
+- spec/rcov.opts
+- spec/spec.opts
+has_rdoc: true
+homepage: http://randomseed.pl/ipaccess
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: ipaccess
+rubygems_version: 1.3.1
+signing_key: 
+specification_version: 2
+summary: IP Access Control
+test_files: []
+