path: root/tests/unittests/cleaner_tests.py

# This file is part of the sos project: https://github.com/sosreport/sos
#
# This copyrighted material is made available to anyone wishing to use,
# modify, copy, or redistribute it subject to the terms and conditions of
# version 2 of the GNU General Public License.
#
# See the LICENSE file in the source distribution for further information.

import unittest

from ipaddress import ip_interface
from sos.cleaner.parsers.ip_parser import SoSIPParser
from sos.cleaner.parsers.mac_parser import SoSMacParser
from sos.cleaner.parsers.hostname_parser import SoSHostnameParser
from sos.cleaner.parsers.keyword_parser import SoSKeywordParser
from sos.cleaner.parsers.ipv6_parser import SoSIPv6Parser
from sos.cleaner.parsers.username_parser import SoSUsernameParser
from sos.cleaner.mappings.ip_map import SoSIPMap
from sos.cleaner.mappings.mac_map import SoSMacMap
from sos.cleaner.mappings.hostname_map import SoSHostnameMap
from sos.cleaner.mappings.keyword_map import SoSKeywordMap
from sos.cleaner.mappings.ipv6_map import SoSIPv6Map


class CleanerMapTests(unittest.TestCase):

    def setUp(self):
        self.mac_map = SoSMacMap()
        self.ip_map = SoSIPMap()
        self.host_map = SoSHostnameMap()
        self.host_map.load_domains_from_options(['redhat.com'])
        self.kw_map = SoSKeywordMap()
        self.ipv6_map = SoSIPv6Map()

    def test_mac_map_obfuscate_valid_v4(self):
        _test = self.mac_map.get('12:34:56:78:90:ab')
        self.assertNotEqual(_test, '12:34:56:78:90:ab')

    def test_mac_map_obfuscate_valid_v6(self):
        _test = self.mac_map.get('12:34:56:ff:fe:78:90:ab')
        self.assertNotEqual(_test, '12:34:56:ff:fe:78:90:ab')

    def test_mac_map_obfuscate_valid_v6_quad(self):
        _test = self.mac_map.get('1234:56ff:fe78:90ab')
        self.assertNotEqual(_test, '1234:56ff:fe78:90ab')

    def test_mac_map_skip_ignores(self):
        _test = self.mac_map.get('ff:ff:ff:ff:ff:ff')
        self.assertEquals(_test, 'ff:ff:ff:ff:ff:ff')

    def test_mac_map_avoid_duplicate_obfuscation(self):
        _test = self.mac_map.get('ab:cd:ef:fe:dc:ba')
        _dup = self.mac_map.get(_test)
        self.assertEquals(_test, _dup)

    def test_ip_map_obfuscate_v4_with_cidr(self):
        _test = self.ip_map.get('192.168.1.0/24')
        self.assertNotEqual(_test, '192.168.1.0/24')

    def test_ip_map_obfuscate_no_cidr(self):
        _test = self.ip_map.get('192.168.2.2')
        self.assertNotEqual(_test, '192.168.2.2')

    def test_ip_map_obfuscate_same_subnet(self):
        _net = ip_interface(self.ip_map.get('192.168.3.0/24'))
        _test = ip_interface(self.ip_map.get('192.168.3.1'))
        self.assertTrue(_test.ip in _net.network)

    def test_ip_map_get_same_with_or_without_cidr(self):
        _hostwsub = self.ip_map.get('192.168.4.1/24')
        _hostnosub = self.ip_map.get('192.168.4.1')
        self.assertEqual(_hostwsub.split('/')[0], _hostnosub)

    def test_ip_skip_ignores(self):
        _test = self.ip_map.get('127.0.0.1')
        self.assertEquals(_test, '127.0.0.1')

    def test_hostname_obfuscate_domain_options(self):
        _test = self.host_map.get('www.redhat.com')
        self.assertNotEqual(_test, 'www.redhat.com')

    def test_hostname_obfuscate_same_item(self):
        _test1 = self.host_map.get('example.redhat.com')
        _test2 = self.host_map.get('example.redhat.com')
        self.assertEqual(_test1, _test2)

    def test_hostname_obfuscate_just_domain(self):
        _test = self.host_map.get('redhat.com')
        self.assertEqual(_test, 'obfuscateddomain0.com')

    def test_hostname_no_obfuscate_non_loaded_domain(self):
        _test = self.host_map.get('foobar.com')
        self.assertEqual(_test, 'foobar.com')

    def test_hostname_no_obfuscate_non_loaded_fqdn(self):
        _test = self.host_map.get('example.foobar.com')
        self.assertEqual(_test, 'example.foobar.com')

    def test_keyword_single(self):
        _test = self.kw_map.get('foobar')
        self.assertEqual(_test, 'obfuscatedword0')

    def test_ipv6_obfuscate_global(self):
        _net = '2022:1104:abcd::'
        _ob_net = self.ipv6_map.get(_net)
        self.assertNotEqual(_net, _ob_net, 'Address was unchanged')
        self.assertTrue(_ob_net.startswith('534f'), 'Global address does not start with identifier')
        _host = '2022:1104:abcd::1234'
        _ob_host = self.ipv6_map.get(_host)
        self.assertNotEqual(_host, _ob_host, 'Host address was unchanged')
        self.assertTrue(_host.startswith(_net), 'Host address not in network')

    def test_ipv6_link_local(self):
        _test = 'fe80::1234'
        _ob_test = self.ipv6_map.get(_test)
        self.assertTrue(_ob_test.startswith('fe80'), 'Link-local identifier not maintained')
        self.assertNotEqual(_test, _ob_test, 'Device address was unchanged')

    def test_ipv6_private(self):
        _net = 'fd00:abcd::'
        _host = 'fd00:abcd::1234'
        _ob_net = self.ipv6_map.get(_net).split('/')[0]
        _ob_host = self.ipv6_map.get(_host)
        self.assertTrue(_ob_net.startswith('fd53'), 'Private network does not start with identifier')
        self.assertTrue(_ob_host.startswith(_ob_net), 'Private address not in same network')
        self.assertNotEqual(_net, _ob_net, 'Private network was unchanged')

    def test_ipv6_short_network(self):
        _net = 'ff02::'
        _ob_net = self.ipv6_map.get(_net)
        self.assertTrue(_ob_net.startswith(('53', '54')), f'Short network does not start with identifier: {_ob_net}')

    def test_ipv6_consistent_obfuscation(self):
        _test = '2022:1104:abcd::ef09'
        _new = self.ipv6_map.get(_test)
        _second = self.ipv6_map.get(_test)
        self.assertEqual(_new, _second, "Same address produced two different results")

    def test_ipv6_global_no_collision(self):
        """Tests that generating more than 256 global network obfuscations does
        not produce any repeats"""
        _nets = []
        for i in range(1, 300):
            _nets.append(self.ipv6_map.get(f"f{i:03}::abcd").split('::')[0])
        # if there are any duplicates, then the length of the set will not match
        self.assertTrue(len(set(_nets)) == len(_nets), "Duplicate global network obfuscations produced")
        self.assertTrue(_nets[-1].startswith('54'), "First hextet of global network obfuscation over 256 not expected '54'")

class CleanerParserTests(unittest.TestCase):

    def setUp(self):
        self.ip_parser = SoSIPParser(config={})
        self.ipv6_parser = SoSIPv6Parser(config={})
        self.mac_parser = SoSMacParser(config={})
        self.host_parser = SoSHostnameParser(config={},
                                             opt_domains=['foobar.com'])
        self.kw_parser = SoSKeywordParser(config={}, keywords=['foobar'])
        self.kw_parser_none = SoSKeywordParser(config={})
        self.kw_parser.generate_item_regexes()
        self.uname_parser = SoSUsernameParser(config={},
                                              opt_names=['DOMAIN\myusername'])

    def test_ip_parser_valid_ipv4_line(self):
        line = 'foobar foo 10.0.0.1/24 barfoo bar'
        _test = self.ip_parser.parse_line(line)[0]
        self.assertNotEqual(line, _test)

    def test_ip_parser_invalid_ipv4_line(self):
        line = 'foobar foo 10.1.2.350 barfoo bar'
        self.assertRaises(ValueError, self.ip_parser.parse_line, line)

    def test_ip_parser_package_version_line(self):
        line = 'mycoolpackage-1.2.3.4.5'
        _test = self.ip_parser.parse_line(line)[0]
        self.assertEqual(line, _test)

    def test_mac_parser_valid_ipv4_line(self):
        line = 'foobar foo 13:24:35:46:57:68 bar barfoo'
        _test = self.mac_parser.parse_line(line)[0]
        self.assertNotEqual(line, _test)

    def test_mac_parser_valid_ipv6_line(self):
        line = 'foobar foo AA:BB:CC:FF:FE:DD:EE:FF bar barfoo'
        _test = self.mac_parser.parse_line(line)[0]
        self.assertNotEqual(line, _test)

    def test_mac_parser_with_quotes(self):
        line = "foobar foo '12:34:56:78:90:AA' bar barfoo"
        _test = self.mac_parser.parse_line(line)[0]
        self.assertNotEqual(line, _test)
        dline = 'foobar foo "aa:12:bb:34:cc:56" bar barfoo'
        _dtest = self.mac_parser.parse_line(dline)[0]
        self.assertNotEqual(dline, _dtest)

    def test_mac_parser_with_quotes_ipv6(self):
        line = "foobar foo 'FF:EE:DD:FF:FE:CC:BB:AA' bar barfoo"
        _test = self.mac_parser.parse_line(line)[0]
        self.assertNotEqual(line, _test)
        dline = 'foobar foo "DD:EE:FF:FF:FE:BB:CC:AA" bar barfoo'
        _dtest = self.mac_parser.parse_line(dline)[0]
        self.assertNotEqual(dline, _dtest)

    def test_mac_parser_with_quotes_ipv6_quad(self):
        line = "foobar foo 'AABB:CCDD:EEFF:FFAA' bar barfoo"
        _test = self.mac_parser.parse_line(line)[0]
        self.assertNotEqual(line, _test)
        dline = 'foobar foo "AAFF:FFEE:DDCC:BBAA" bar barfoo'
        _dtest = self.mac_parser.parse_line(dline)[0]
        self.assertNotEqual(dline, _dtest)

    def test_hostname_load_hostname_string(self):
        fqdn = 'myhost.subnet.example.com'
        self.host_parser.load_hostname_into_map(fqdn)

    def test_hostname_valid_domain_line(self):
        self.host_parser.load_hostname_into_map('myhost.subnet.example.com')
        line = 'testing myhost.subnet.example.com in a string'
        _test = self.host_parser.parse_line(line)[0]
        self.assertNotEqual(line, _test)

    def test_hostname_short_name_in_line(self):
        self.host_parser.load_hostname_into_map('myhost.subnet.example.com')
        line = 'testing just myhost in a line'
        _test = self.host_parser.parse_line(line)[0]
        self.assertNotEqual(line, _test)

    def test_obfuscate_whole_fqdn_for_given_domainname(self):
        self.host_parser.load_hostname_into_map('sostestdomain.domain')
        line = 'let obfuscate soshost.sostestdomain.domain'
        _test = self.host_parser.parse_line(line)[0]
        self.assertFalse('soshost' in _test)
        self.assertFalse('sostestdomain' in _test)

    def test_hostname_no_obfuscate_underscore(self):
        line = 'pam_env.so _why.not_'
        _test = self.host_parser.parse_line(line)[0]
        self.assertEqual(line, _test)

    def test_keyword_parser_valid_line(self):
        line = 'this is my foobar test line'
        _test = self.kw_parser.parse_line(line)[0]
        self.assertNotEqual(line, _test)

    def test_keyword_parser_no_change_by_default(self):
        line = 'this is my foobar test line'
        _test = self.kw_parser_none.parse_line(line)[0]
        self.assertEqual(line, _test)

    def test_ipv6_parser_strings(self):
        t1 = 'testing abcd:ef01::1234 as a compressed address'
        t2 = 'testing abcd:ef01::5678:1234 as a separate address'
        t3 = 'testing 2607:c540:8c00:3318::34/64 as another address'
        t4 = 'testing 2007:1234:5678:90ab:0987:6543:21fe:dcba as a full address'
        t1_test = self.ipv6_parser.parse_line(t1)[0]
        t2_test = self.ipv6_parser.parse_line(t2)[0]
        t3_test = self.ipv6_parser.parse_line(t3)[0]
        t4_test = self.ipv6_parser.parse_line(t4)[0]
        self.assertNotEqual(t1, t1_test, f"Parser did not match and obfuscate '{t1}'")
        self.assertNotEqual(t2, t2_test, f"Parser did not match and obfuscate '{t2}'")
        self.assertNotEqual(t3, t3_test, f"Parser did not match and obfuscate '{t3}'")
        self.assertNotEqual(t4, t4_test, f"Parser did not match and obfuscate '{t4}'")

    def test_ipv6_no_match_signature(self):
        modstr = '2D:4F:6E:55:4F:E8:5E:D2:D2:A3:73:62:AB:FD:F9:C5:A5:53:31:93'
        mod_test = self.ipv6_parser.parse_line(modstr)[0]
        self.assertEqual(modstr, mod_test, "Parser matched module signature, and should not")

    def test_ipv6_no_match_log_false_positive(self):
        logln = 'Automatically imported trusted_ca::ca from trusted_ca/ca into production'
        log_test = self.ipv6_parser.parse_line(logln)[0]
        self.assertEqual(logln, log_test, "IPv6 parser incorrectly matched a log line of 'trusted_ca::ca'")

    def test_ad_username(self):
        line = "DOMAIN\myusername"
        _test = self.uname_parser.parse_line(line)[0]
        self.assertNotEqual(line, _test)