fix(firewall): iptables detection improved
1. Try setting a dummy output rule 2. Remove the dummy output rule 3. Get the INPUT table policy 4. Set the INPUT table policy to its existing policy
This commit is contained in:
Quentin McGaw
61
internal/firewall/cmd_matcher_test.go
Normal file
61
internal/firewall/cmd_matcher_test.go
Normal file
@@ -0,0 +1,61 @@
|
||||
package firewall
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"os/exec"
|
||||
"regexp"
|
||||
|
||||
"github.com/golang/mock/gomock"
|
||||
)
|
||||
|
||||
var _ gomock.Matcher = (*cmdMatcher)(nil)
|
||||
|
||||
type cmdMatcher struct {
|
||||
path string
|
||||
argsRegex []string
|
||||
argsRegexp []*regexp.Regexp
|
||||
}
|
||||
|
||||
func (cm *cmdMatcher) Matches(x interface{}) bool {
|
||||
cmd, ok := x.(*exec.Cmd)
|
||||
if !ok {
|
||||
return false
|
||||
}
|
||||
|
||||
if cmd.Path != cm.path {
|
||||
return false
|
||||
}
|
||||
|
||||
if len(cmd.Args) == 0 {
|
||||
return false
|
||||
}
|
||||
|
||||
arguments := cmd.Args[1:]
|
||||
if len(arguments) != len(cm.argsRegex) {
|
||||
return false
|
||||
}
|
||||
|
||||
for i, arg := range arguments {
|
||||
if !cm.argsRegexp[i].MatchString(arg) {
|
||||
return false
|
||||
}
|
||||
}
|
||||
|
||||
return true
|
||||
}
|
||||
|
||||
func (cm *cmdMatcher) String() string {
|
||||
return fmt.Sprintf("path %s, argument regular expressions %v", cm.path, cm.argsRegex)
|
||||
}
|
||||
|
||||
func newCmdMatcher(path string, argsRegex ...string) *cmdMatcher { //nolint:unparam
|
||||
argsRegexp := make([]*regexp.Regexp, len(argsRegex))
|
||||
for i, argRegex := range argsRegex {
|
||||
argsRegexp[i] = regexp.MustCompile(argRegex)
|
||||
}
|
||||
return &cmdMatcher{
|
||||
path: path,
|
||||
argsRegex: argsRegex,
|
||||
argsRegexp: argsRegexp,
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user