dnsforward: imp tests

2024-04-16 10:56:40 +02:00 · 2024-04-16 10:56:40 +02:00 · 2243770b3a
parent 4c4b565eec
commit 2243770b3a
2 changed files with 133 additions and 120 deletions
--- a/internal/dnsforward/beforerequest_internal_test.go
+++ b/internal/dnsforward/beforerequest_internal_test.go
@ -0,0 +1,133 @@
+package dnsforward
+
+import (
+	"crypto/tls"
+	"net"
+	"testing"
+
+	"github.com/AdguardTeam/dnsproxy/proxy"
+	"github.com/miekg/dns"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestServer_HandleBefore(t *testing.T) {
+	const (
+		blockedHost = "blockedhost.org"
+		clientID    = "client-1"
+		testFQDN    = "example.org."
+	)
+
+	testCases := []struct {
+		want              assert.ValueAssertionFunc
+		clientSrvName     string
+		name              string
+		host              string
+		allowedClients    []string
+		disallowedClients []string
+		blockedHosts      []string
+		wantRCode         int
+	}{{
+		want:              assert.NotEmpty,
+		clientSrvName:     tlsServerName,
+		name:              "allow_all",
+		host:              testFQDN,
+		allowedClients:    []string{},
+		disallowedClients: []string{},
+		blockedHosts:      []string{},
+		wantRCode:         dns.RcodeSuccess,
+	}, {
+		want:              assert.NotEmpty,
+		clientSrvName:     clientID + "." + tlsServerName,
+		name:              "allowed_client_allowed",
+		host:              testFQDN,
+		allowedClients:    []string{clientID},
+		disallowedClients: []string{},
+		blockedHosts:      []string{},
+		wantRCode:         dns.RcodeSuccess,
+	}, {
+		want:              assert.Empty,
+		clientSrvName:     "client-2." + tlsServerName,
+		name:              "allowed_client_rejected",
+		host:              testFQDN,
+		allowedClients:    []string{clientID},
+		disallowedClients: []string{},
+		blockedHosts:      []string{},
+		wantRCode:         dns.RcodeRefused,
+	}, {
+		want:              assert.NotEmpty,
+		clientSrvName:     tlsServerName,
+		name:              "disallowed_client_allowed",
+		host:              testFQDN,
+		allowedClients:    []string{},
+		disallowedClients: []string{clientID},
+		blockedHosts:      []string{},
+		wantRCode:         dns.RcodeSuccess,
+	}, {
+		want:              assert.Empty,
+		clientSrvName:     clientID + "." + tlsServerName,
+		name:              "disallowed_client_rejected",
+		host:              testFQDN,
+		allowedClients:    []string{},
+		disallowedClients: []string{clientID},
+		blockedHosts:      []string{},
+		wantRCode:         dns.RcodeRefused,
+	}, {
+		want:              assert.NotEmpty,
+		clientSrvName:     tlsServerName,
+		name:              "blocked_hosts_allowed",
+		host:              testFQDN,
+		allowedClients:    []string{},
+		disallowedClients: []string{},
+		blockedHosts:      []string{blockedHost},
+		wantRCode:         dns.RcodeSuccess,
+	}, {
+		want:              assert.Empty,
+		clientSrvName:     tlsServerName,
+		name:              "blocked_hosts_rejected",
+		host:              dns.Fqdn(blockedHost),
+		allowedClients:    []string{},
+		disallowedClients: []string{},
+		blockedHosts:      []string{blockedHost},
+		wantRCode:         dns.RcodeRefused,
+	}}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			s, _ := createTestTLS(t, TLSConfig{
+				TLSListenAddrs: []*net.TCPAddr{{}},
+				ServerName:     tlsServerName,
+			})
+
+			s.conf.AllowedClients = tc.allowedClients
+			s.conf.DisallowedClients = tc.disallowedClients
+			s.conf.BlockedHosts = tc.blockedHosts
+
+			err := s.Prepare(&s.conf)
+			require.NoError(t, err)
+
+			startDeferStop(t, s)
+
+			tlsConfig := &tls.Config{
+				InsecureSkipVerify: true,
+				ServerName:         tc.clientSrvName,
+			}
+
+			client := &dns.Client{
+				Net:       "tcp-tls",
+				TLSConfig: tlsConfig,
+			}
+
+			req := createTestMessage(tc.host)
+			addr := s.dnsProxy.Addr(proxy.ProtoTLS).String()
+
+			reply, _, err := client.Exchange(req, addr)
+			require.NoError(t, err)
+
+			tc.want(t, reply.Answer)
+			assert.Equal(t, tc.wantRCode, reply.Rcode)
+		})
+	}
+}
--- a/internal/dnsforward/dnsforward_test.go
+++ b/internal/dnsforward/dnsforward_test.go
@ -1652,123 +1652,3 @@ func TestServer_Exchange(t *testing.T) {
 		assert.Empty(t, host)
 	})
 }
-
-func TestServer_HandleBefore(t *testing.T) {
-	const (
-		blockedHost = "blockedhost.org"
-		clientID    = "client-1"
-		testHost    = "example.org."
-	)
-
-	testCases := []struct {
-		want              assert.ValueAssertionFunc
-		clientSrvName     string
-		name              string
-		host              string
-		allowedClients    []string
-		disallowedClients []string
-		blockedHosts      []string
-		wantRCode         int
-	}{{
-		want:              assert.NotEmpty,
-		clientSrvName:     tlsServerName,
-		name:              "allow_all",
-		host:              testHost,
-		allowedClients:    []string{},
-		disallowedClients: []string{},
-		blockedHosts:      []string{},
-		wantRCode:         dns.RcodeSuccess,
-	}, {
-		want:              assert.NotEmpty,
-		clientSrvName:     clientID + "." + tlsServerName,
-		name:              "allowed_client_allowed",
-		host:              testHost,
-		allowedClients:    []string{clientID},
-		disallowedClients: []string{},
-		blockedHosts:      []string{},
-		wantRCode:         dns.RcodeSuccess,
-	}, {
-		want:              assert.Empty,
-		clientSrvName:     "client-2." + tlsServerName,
-		name:              "allowed_client_rejected",
-		host:              testHost,
-		allowedClients:    []string{clientID},
-		disallowedClients: []string{},
-		blockedHosts:      []string{},
-		wantRCode:         dns.RcodeRefused,
-	}, {
-		want:              assert.NotEmpty,
-		clientSrvName:     tlsServerName,
-		name:              "disallowed_client_allowed",
-		host:              testHost,
-		allowedClients:    []string{},
-		disallowedClients: []string{clientID},
-		blockedHosts:      []string{},
-		wantRCode:         dns.RcodeSuccess,
-	}, {
-		want:              assert.Empty,
-		clientSrvName:     clientID + "." + tlsServerName,
-		name:              "disallowed_client_rejected",
-		host:              testHost,
-		allowedClients:    []string{},
-		disallowedClients: []string{clientID},
-		blockedHosts:      []string{},
-		wantRCode:         dns.RcodeRefused,
-	}, {
-		want:              assert.NotEmpty,
-		clientSrvName:     tlsServerName,
-		name:              "blocked_hosts_allowed",
-		host:              testHost,
-		allowedClients:    []string{},
-		disallowedClients: []string{},
-		blockedHosts:      []string{blockedHost},
-		wantRCode:         dns.RcodeSuccess,
-	}, {
-		want:              assert.Empty,
-		clientSrvName:     tlsServerName,
-		name:              "blocked_hosts_rejected",
-		host:              dns.Fqdn(blockedHost),
-		allowedClients:    []string{},
-		disallowedClients: []string{},
-		blockedHosts:      []string{blockedHost},
-		wantRCode:         dns.RcodeRefused,
-	}}
-
-	for _, tc := range testCases {
-		t.Run(tc.name, func(t *testing.T) {
-			t.Parallel()
-
-			s, _ := createTestTLS(t, TLSConfig{
-				TLSListenAddrs: []*net.TCPAddr{{}},
-				ServerName:     tlsServerName,
-			})
-
-			s.conf.AllowedClients = tc.allowedClients
-			s.conf.DisallowedClients = tc.disallowedClients
-			s.conf.BlockedHosts = tc.blockedHosts
-
-			err := s.Prepare(&s.conf)
-			require.NoError(t, err)
-
-			startDeferStop(t, s)
-
-			tlsConfig := &tls.Config{
-				InsecureSkipVerify: true,
-				ServerName:         tc.clientSrvName,
-			}
-
-			client := &dns.Client{
-				Net:       "tcp-tls",
-				TLSConfig: tlsConfig,
-			}
-
-			req := createTestMessage(tc.host)
-			addr := s.dnsProxy.Addr(proxy.ProtoTLS).String()
-
-			reply, _, err := client.Exchange(req, addr)
-			require.NoErrorf(t, err, "couldn't talk to server %s: %s", addr, err)
-			tc.want(t, reply.Answer)
-			assert.Equal(t, tc.wantRCode, reply.Rcode)
-		})
-	}
-}