From: Petr Špaček Date: Wed, 21 May 2025 15:58:17 +0000 (+0200) Subject: Test ZoneAnalyzer utility class X-Git-Tag: v9.21.11~22^2~16 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cad48e56ab5e08ccb7bde55948a511538cef2649;p=thirdparty%2Fbind9.git Test ZoneAnalyzer utility class I've considered writing hypothesis test for this but I would have to reimplement the same thing, which would probably have the same logic bugs, so I will leave it as an exercise for someone else. --- diff --git a/bin/tests/system/selftest/analyzer.db b/bin/tests/system/selftest/analyzer.db new file mode 100644 index 00000000000..298de3a7bce --- /dev/null +++ b/bin/tests/system/selftest/analyzer.db @@ -0,0 +1,46 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 300 ; 5 minutes +@ IN SOA mname1. . ( + 2000042407 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns +ns A 10.53.0.3 + +a A 10.0.0.1 +b A 10.0.0.2 +d A 10.0.0.4 +z A 10.0.0.26 +a.a.a.a A 10.0.0.3 +*.wild A 10.0.0.6 +underwild.wild TXT "not occluded" +insecure NS ns.insecure +secondns.insecure NS ns.insecure +insecure NS ns.insecure2 +belowcut.insecure TXT "occluded" +belowcut2.insecure TXT "occluded" ; two RRs, just in case +dname.insecure DNAME occluded. +ns.insecure A 10.53.0.3 +02HC3EM7BDD011A0GMS3HKKJT2IF5VP8 A 10.0.0.17 +dname DNAME elsewhere. +*.dname TXT "occluded" +occluded.dname TXT "occluded" +occluded2.dname TXT "occluded" +nsunder.occluded.dname NS ns +nsunder.dname NS ns +*.nsunder.dname TXT "occluded" + +test. TXT "out of zone" diff --git a/bin/tests/system/selftest/tests_zone_analyzer.py b/bin/tests/system/selftest/tests_zone_analyzer.py new file mode 100755 index 00000000000..1808cd4beb5 --- /dev/null +++ b/bin/tests/system/selftest/tests_zone_analyzer.py @@ -0,0 +1,134 @@ +#!/usr/bin/python3 + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +import os +from pathlib import Path + +import pytest + +pytest.importorskip("dns", minversion="2.5.0") +import dns.name + +import isctest + +from typing import List + + +SUFFIX = dns.name.from_text("nsec3.example.") +ZONE = isctest.name.ZoneAnalyzer.read_path( + Path(os.environ["builddir"]) / "selftest/analyzer.db", origin=SUFFIX +) + + +def text_to_names(texts: List[str]): + return frozenset(dns.name.from_text(text, origin=SUFFIX) for text in texts) + + +def test_analyzer_delegations(): + assert ZONE.delegations == text_to_names( + [ + "nsunder.dname", + "nsunder.occluded.dname", + "insecure", + "secondns.insecure", + ] + ) + + +def test_analyzer_dnames(): + assert ZONE.dnames == text_to_names( + [ + "dname", + "dname.insecure", + ] + ) + + +def test_analyzer_ents(): + assert ZONE.ents == text_to_names( + [ + "a.a", + "a.a.a", + "wild", + ] + ) + + +def test_analyzer_occluded(): + assert ZONE.occluded == text_to_names( + [ + "*.dname", + "nsunder.dname", + "*.nsunder.dname", + "occluded.dname", + "nsunder.occluded.dname", + "occluded2.dname", + "belowcut.insecure", + "belowcut2.insecure", + "dname.insecure", + "ns.insecure", + "secondns.insecure", + ] + ) + + +def test_analyzer_reachable(): + assert ZONE.reachable == text_to_names( + [ + "@", + "02HC3EM7BDD011A0GMS3HKKJT2IF5VP8", + "a", + "a.a.a.a", + "b", + "d", + "dname", + "ns", + "*.wild", + "underwild.wild", + "z", + ] + ) + + +def test_analyzer_reachable_delegations(): + assert ZONE.reachable_delegations == text_to_names( + [ + "insecure", + ] + ) + + +def test_analyzer_reachable_dnames(): + assert ZONE.reachable_dnames == text_to_names( + [ + "dname", + ] + ) + + +def test_analyzer_reachable_wildcards(): + assert ZONE.reachable_wildcards == text_to_names( + [ + "*.wild", + ] + ) + + +def test_analyzer_wildcards(): + assert ZONE.wildcards == text_to_names( + [ + "*.dname", + "*.nsunder.dname", + "*.wild", + ] + )