mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 22:45:39 +00:00
Code Issues Releases Wiki Activity

Parametrize dnssec/tests_badkey.py tests

Browse Source 
Utilize test parametrization to reduce code duplication.
This commit is contained in:
Nicki Křížek
2025-07-10 15:16:06 +02:00
committed by Evan Hunt
parent 3c067e99b3
commit e7bd28dbf8
1 changed files with 35 additions and 76 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
bin/tests/system/dnssec/tests_badkey.py
View File

@@ -14,6 +14,7 @@ from dns import flags
import pytest import pytest
import isctest import isctest
from isctest.util import param
pytestmark = pytest.mark.extra_artifacts( pytestmark = pytest.mark.extra_artifacts(
@@ -44,90 +45,48 @@ pytestmark = pytest.mark.extra_artifacts(
) )
def test_misconfigured_validation(): @pytest.mark.parametrize(
# check that validation fails with a misconfigured trust anchor "check, qname, qtype",
msg = isctest.query.create("example.", "SOA") [
param("validation", "example.", "SOA"),
param("negative-validation", "example.", "PTR"),
param("insecurity-proof", "a.insecure.example.", "A"),
],
)
def test_misconfigured_ta_servfail(check, qname, qtype):
isctest.log.info(f"check that {check} fails")
msg = isctest.query.create(qname, qtype)
res = isctest.query.tcp(msg, "10.53.0.5") res = isctest.query.tcp(msg, "10.53.0.5")
isctest.check.servfail(res) isctest.check.servfail(res)
def test_misconfigured_negative_validation(): @pytest.mark.parametrize(
# check that negative validation fails with a misconfigured trust anchor "check, qname, qtype, rcode_func",
msg = isctest.query.create("example.", "PTR") [
res = isctest.query.tcp(msg, "10.53.0.5") param("positive-answer", "example.", "SOA", isctest.check.noerror),
isctest.check.servfail(res) param("negative-answer", "q.example.", "SOA", isctest.check.nxdomain),
param("bogus-answer", "a.bogus.example.", "SOA", isctest.check.noerror),
param("insecurity-proof", "a.insecure.example.", "SOA", isctest.check.noerror),
def test_misconfigured_insecurity(): param(
# check that insecurity proofs fail with a misconfigured trust anchor "negative-insecurity-proof",
msg = isctest.query.create("a.insecure.example.", "A") "q.insecure.example.",
res = isctest.query.tcp(msg, "10.53.0.5") "SOA",
isctest.check.servfail(res) isctest.check.nxdomain,
),
],
def test_misconfigured_cd_positive(): )
# check AD bit of a positive answer with misconfigured trust anchor, CD=1 def test_misconfigured_ta_with_cd(check, qname, qtype, rcode_func):
msg = isctest.query.create("example.", "SOA") isctest.log.info(f"check {check} with CD=1")
msg = isctest.query.create(qname, qtype)
msg.flags |= flags.CD msg.flags |= flags.CD
res = isctest.query.tcp(msg, "10.53.0.5") res = isctest.query.tcp(msg, "10.53.0.5")
isctest.check.noerror(res) rcode_func(res)
assert (res.flags & flags.AD) == 0 isctest.check.noadflag(res)
isctest.log.debug("compare the response from a correctly configured server")
def test_misconfigured_cd_negative():
# check cd bit on a negative answer with misconfigured trust anchor, CD=1
msg = isctest.query.create("q.example.", "SOA")
msg.flags |= flags.CD
res = isctest.query.tcp(msg, "10.53.0.5")
isctest.check.nxdomain(res)
assert (res.flags & flags.AD) == 0
# compare the response from a correctly configured server
res2 = isctest.query.tcp(msg, "10.53.0.4") res2 = isctest.query.tcp(msg, "10.53.0.4")
isctest.check.nxdomain(res2) isctest.check.noadflag(res2)
assert (res2.flags & flags.AD) == 0 isctest.check.same_answer(res, res2)
assert res.answer == res2.answer
def test_misconfigured_cd_bogus():
# check cd bit on a query that should fail
msg = isctest.query.create("a.bogus.example.", "SOA")
msg.flags |= flags.CD
res = isctest.query.tcp(msg, "10.53.0.5")
isctest.check.noerror(res)
assert (res.flags & flags.AD) == 0
# compare the response from a correctly configured server
res2 = isctest.query.tcp(msg, "10.53.0.4")
isctest.check.noerror(res2)
assert (res2.flags & flags.AD) == 0
assert res.answer == res2.answer
def test_misconfigured_cd_insecurity():
# check cd bit on an insecurity proof
msg = isctest.query.create("a.insecure.example.", "SOA")
msg.flags |= flags.CD
res = isctest.query.tcp(msg, "10.53.0.5")
isctest.check.noerror(res)
assert (res.flags & flags.AD) == 0
# compare the response from a correctly configured server
res2 = isctest.query.tcp(msg, "10.53.0.4")
isctest.check.noerror(res2)
assert (res2.flags & flags.AD) == 0
assert res.answer == res2.answer
def test_misconfigured_cd_negative_insecurity():
# check cd bit on an insecurity proof
msg = isctest.query.create("q.insecure.example.", "A")
msg.flags |= flags.CD
res = isctest.query.tcp(msg, "10.53.0.5")
isctest.check.nxdomain(res)
assert (res.flags & flags.AD) == 0
# compare the response from a correctly configured server
res2 = isctest.query.tcp(msg, "10.53.0.4")
isctest.check.nxdomain(res2)
assert (res2.flags & flags.AD) == 0
assert res.answer == res2.answer
def test_revoked_init(servers, templates): def test_revoked_init(servers, templates):