NIFI-144: Skip firewall tests that require known bad host names on permissive DNS setups.
Signed-off-by: Mark Payne <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-nifi/commit/8ed131b6 Tree: http://git-wip-us.apache.org/repos/asf/incubator-nifi/tree/8ed131b6 Diff: http://git-wip-us.apache.org/repos/asf/incubator-nifi/diff/8ed131b6 Branch: refs/heads/develop Commit: 8ed131b635796c08a222b9496122ea006d2710e9 Parents: 21c5c48 Author: Sean Busbey <[email protected]> Authored: Wed Apr 29 21:25:22 2015 -0500 Committer: Mark Payne <[email protected]> Committed: Thu Apr 30 13:37:42 2015 -0400 ---------------------------------------------------------------------- .../impl/FileBasedClusterNodeFirewall.java | 2 + .../impl/FileBasedClusterNodeFirewallTest.java | 47 +++++++++++++++++++- 2 files changed, 47 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/8ed131b6/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/firewall/impl/FileBasedClusterNodeFirewall.java ---------------------------------------------------------------------- diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/firewall/impl/FileBasedClusterNodeFirewall.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/firewall/impl/FileBasedClusterNodeFirewall.java index 5859e1b..5a0ce8a 100644 --- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/firewall/impl/FileBasedClusterNodeFirewall.java +++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/firewall/impl/FileBasedClusterNodeFirewall.java @@ -113,9 +113,11 @@ public class FileBasedClusterNodeFirewall implements ClusterNodeFirewall { } // no match + logger.debug("Blocking host '{}' because it does not match our allowed list.", hostOrIp); return false; } catch (final IllegalArgumentException iae) { + logger.debug("Blocking requested host, '{}', because it is malformed.", hostOrIp, iae); return false; } } http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/8ed131b6/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/test/java/org/apache/nifi/cluster/firewall/impl/FileBasedClusterNodeFirewallTest.java ---------------------------------------------------------------------- diff --git a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/test/java/org/apache/nifi/cluster/firewall/impl/FileBasedClusterNodeFirewallTest.java b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/test/java/org/apache/nifi/cluster/firewall/impl/FileBasedClusterNodeFirewallTest.java index 441a3b2..8e92de8 100644 --- a/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/test/java/org/apache/nifi/cluster/firewall/impl/FileBasedClusterNodeFirewallTest.java +++ b/nifi/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/test/java/org/apache/nifi/cluster/firewall/impl/FileBasedClusterNodeFirewallTest.java @@ -18,12 +18,16 @@ package org.apache.nifi.cluster.firewall.impl; import java.io.File; import java.io.IOException; +import java.net.InetAddress; +import java.net.UnknownHostException; import org.apache.nifi.util.file.FileUtils; import org.junit.After; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; +import static org.junit.Assume.assumeTrue; import org.junit.Before; +import org.junit.BeforeClass; import org.junit.Test; public class FileBasedClusterNodeFirewallTest { @@ -38,6 +42,23 @@ public class FileBasedClusterNodeFirewallTest { private File restoreDirectory; + private static boolean badHostsDoNotResolve = false; + + /** + * We have tests that rely on known bad host/ip parameters; make sure DNS doesn't resolve them. + * This can be a problem i.e. on residential ISPs in the USA because the provider will often + * wildcard match all possible DNS names in an attempt to serve advertising. + */ + @BeforeClass + public static void ensureBadHostsDoNotWork() { + final InetAddress ip; + try { + ip = InetAddress.getByName("I typed a search term and my browser expected a host."); + } catch (final UnknownHostException uhe) { + badHostsDoNotResolve = true; + } + } + @Before public void setup() throws Exception { @@ -55,6 +76,22 @@ public class FileBasedClusterNodeFirewallTest { deleteFile(restoreDirectory); } + /** + * We have two garbage lines in our test config file, ensure they didn't get turned into hosts. + */ + @Test + public void ensureBadDataWasIgnored() { + assumeTrue(badHostsDoNotResolve); + assertFalse("firewall treated our malformed data as a host. If " + + "`host \"bad data should be skipped\"` works locally, this test should have been " + + "skipped.", + ipsFirewall.isPermissible("bad data should be skipped")); + assertFalse("firewall treated our malformed data as a host. If " + + "`host \"more bad data\"` works locally, this test should have been " + + "skipped.", + ipsFirewall.isPermissible("more bad data")); + } + @Test public void testSyncWithRestore() { assertEquals(ipsConfig.length(), new File(restoreDirectory, ipsConfig.getName()).length()); @@ -77,7 +114,10 @@ public class FileBasedClusterNodeFirewallTest { @Test public void testIsPermissibleWithMalformedData() { - assertFalse(ipsFirewall.isPermissible("abc")); + assumeTrue(badHostsDoNotResolve); + assertFalse("firewall allowed host 'abc' rather than rejecting as malformed. If `host abc` " + + "works locally, this test should have been skipped.", + ipsFirewall.isPermissible("abc")); } @Test @@ -87,7 +127,10 @@ public class FileBasedClusterNodeFirewallTest { @Test public void testIsPermissibleWithEmptyConfigWithMalformedData() { - assertTrue(acceptAllFirewall.isPermissible("abc")); + assumeTrue(badHostsDoNotResolve); + assertTrue("firewall did not allow malformed host 'abc' under permissive configs. If " + + "`host abc` works locally, this test should have been skipped.", + acceptAllFirewall.isPermissible("abc")); } private boolean deleteFile(final File file) {
