iptables-converter - tests
Untested software, that means software which isn’t accompanied by automated
functional tests, is assumed to be broken by design. As iptables-converter is
written in python, use of the popular unittests is done for your convienience.
Two testclasses are build: Chains_Test and Tables_Test accordingly to the
two classes from which the iptables-converter script is build from.
Runing the tests with nosetests:
nosetests --with-coverage
....................
Name Stmts Miss Cover Missing
--------------------------------------------------
iptables_converter 174 14 92% 226-239, 243-244
----------------------------------------------------------------------
Ran 20 tests in 0.038s
OK
The untested lines are the following:
226 usage = "usage: %prog --help | -h \n\n\t%prog: version 0.9"
227 usage = usage + "\tHave Fun!"
228 parser = OptionParser(usage)
229 parser.disable_interspersed_args()
230 parser.add_option("-s", "", dest="sourcefile",
231 help="file with iptables commands, default: rules\n")
232 (options, args) = parser.parse_args()
233 hlp = "\n\tplease use \"--help\" as argument, abort!\n"
234 if options.sourcefile is None:
235 options.sourcefile = "rules"
236 sourcefile = options.sourcefile
237
238 chains = Tables(sourcefile)
239 chains.table_printout()
and:
243 main()
244 sys.exit(0)
Chains_Test(unittest.TestCase)
The tests are enumerated to assure a predefined sequence of evaluating for
cosmetical reason.
- A tables group is build first, filter is choosen. The predfined chains
are given as parameter to the chains object, then their existance and
the default policy is prooved.
- Setting policy drop into the filter chains is prooved for each chain,
an invalid policy keyword is tried and exeption raising is pooved.
- Append a rule (a valid iptables-statment) into each chain, try to
use an invalid filter group and the exception raising for that.
- Insert rules and then flush them, proof emptiness. Then check exception
raising for flushing an invalid filter group
- Create a userdefind chain and verify existance in the objects dictionay.
Check exception raising on creating a predefined chain.
- Inserting a rule into an empty chain necessarily fails, exception is verified.
- Inserting a rule into a nonexisting chain fails with exception.
- Inserting a rule into a nonempty chain works and is verified.
- Appending three rules to a chain works and their existance in chain
object dictionary is prooved.
- Try to remove a predefined chain raises exception.
- This test is removed (commented) for reason of practicability.
It’s intention was, to check if removal of a nonexisting chain raises
exception. The code in the chain object is commented as well, as it is
needed to achieve a clean status of the chains from any status. So it
was not a good idea to raise an exception just for completeness.
- Creation and successful removal of an userdefined chain.
- Just look if an illegal command raises an exception.
Tables_Test(unittest.TestCase)
- Create a Tables object and verify the completeness of all the predefined
chains.
- Verify correctness of a given iptables -t nat command.
- Verify correctness of a given iptables -t mangle command.
- Verify correctness of a given iptables -t raw command.
- Inserting a rule into a nonexisting chain raises exception.
- Try to read a nonexisting file raises exception.
- Read file reference-one and verify result.
- Read a file without iptables commands and verify result.