mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity

Rewrite dsdigest system test to pytest

Browse Source
This commit is contained in:
Michal Nowak
2024-02-22 16:04:03 +01:00
parent 5830ac831f
commit cfb68bda79
4 changed files with 55 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bin/tests/system/dsdigest/clean.sh
View File

@@ -11,12 +11,10 @@
# See the COPYRIGHT file distributed with this work for additional # See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership. # information regarding copyright ownership.
rm -f supported
rm -f */K* */dsset-* */*.signed */trusted.conf rm -f */K* */dsset-* */*.signed */trusted.conf
rm -f ns1/root.db rm -f ns1/root.db
rm -f ns1/signer.err rm -f ns1/signer.err
rm -f ns2/good.db ns2/bad.db rm -f ns2/good.db ns2/bad.db
rm -f dig.out*
rm -f */named.conf rm -f */named.conf
rm -f */named.run rm -f */named.run
rm -f */named.memstats rm -f */named.memstats

55
bin/tests/system/dsdigest/tests.sh
View File

@@ -1,55 +0,0 @@
#!/bin/sh
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
rm -f dig.out.*
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}"
# Check the good. domain
echo_i "checking that validation with enabled digest types works"
ret=0
$DIG $DIGOPTS a.good. @10.53.0.3 a >dig.out.good || ret=1
grep "status: NOERROR" dig.out.good >/dev/null || ret=1
grep "flags:[^;]* ad[ ;]" dig.out.good >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
# Check the bad. domain
echo_i "checking that validation with no supported digest types and must-be-secure results in SERVFAIL"
ret=0
$DIG $DIGOPTS a.bad. @10.53.0.3 a >dig.out.bad || ret=1
grep "SERVFAIL" dig.out.bad >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "checking that validation with no supported digest algorithms results in insecure"
ret=0
$DIG $DIGOPTS bad. @10.53.0.4 ds >dig.out.ds || ret=1
grep "NOERROR" dig.out.ds >/dev/null || ret=1
grep "flags:[^;]* ad[ ;]" dig.out.ds >/dev/null || ret=1
$DIG $DIGOPTS a.bad. @10.53.0.4 a >dig.out.insecure || ret=1
grep "NOERROR" dig.out.insecure >/dev/null || ret=1
grep "flags:[^;]* ad[ ;]" dig.out.insecure >/dev/null && ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

55
bin/tests/system/dsdigest/tests_dsdigest.py Normal file
View File

@@ -0,0 +1,55 @@
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
import dns.message
import isctest
def test_dsdigest_good():
"""Check that validation with enabled digest types works"""
msg = dns.message.make_query("a.good.", "A", want_dnssec=True)
res = isctest.query.tcp(
msg,
"10.53.0.3",
)
isctest.check.noerror(res)
assert res.flags & dns.flags.AD
def test_dsdigest_bad():
"""Check that validation with not supported digest types
and "dnssec-must-be-secure yes;" results in SERVFAIL"""
msg = dns.message.make_query("a.bad.", "A", want_dnssec=True)
res = isctest.query.tcp(
msg,
"10.53.0.3",
)
isctest.check.servfail(res)
def test_dsdigest_insecure():
"""Check that validation with not supported digest algorithms is insecure"""
msg_ds = dns.message.make_query("bad.", "DS", want_dnssec=True)
res_ds = isctest.query.tcp(
msg_ds,
"10.53.0.4",
)
isctest.check.noerror(res_ds)
assert res_ds.flags & dns.flags.AD
msg_a = dns.message.make_query("a.bad.", "A", want_dnssec=True)
res_a = isctest.query.tcp(
msg_a,
"10.53.0.4",
)
isctest.check.noerror(res_a)
assert not res_a.flags & dns.flags.AD

14
bin/tests/system/dsdigest/tests_sh_dsdigest.py
View File

@@ -1,14 +0,0 @@
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
def test_dsdigest(run_tests_sh):
run_tests_sh()