NIFI-144: Skip firewall tests that require known bad host names on pe…

…rmissive DNS setups. Signed-off-by: Mark Payne <markap14@hotmail.com>
apache · Apr 30, 2015 · 8ed131b · 8ed131b
1 parent 21c5c48
commit 8ed131b
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 2 deletions.
diff --git a/...ter/src/main/java/org/apache/nifi/cluster/firewall/impl/FileBasedClusterNodeFirewall.java b/...ter/src/main/java/org/apache/nifi/cluster/firewall/impl/FileBasedClusterNodeFirewall.java
@@ -113,9 +113,11 @@ public boolean isPermissible(final String hostOrIp) {
             }
 
             // no match
+            logger.debug("Blocking host '{}' because it does not match our allowed list.", hostOrIp);
             return false;
 
         } catch (final IllegalArgumentException iae) {
+            logger.debug("Blocking requested host, '{}', because it is malformed.", hostOrIp, iae);
             return false;
         }
     }

diff --git a/...src/test/java/org/apache/nifi/cluster/firewall/impl/FileBasedClusterNodeFirewallTest.java b/...src/test/java/org/apache/nifi/cluster/firewall/impl/FileBasedClusterNodeFirewallTest.java
@@ -18,12 +18,16 @@
 
 import java.io.File;
 import java.io.IOException;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
 import org.apache.nifi.util.file.FileUtils;
 import org.junit.After;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
+import static org.junit.Assume.assumeTrue;
 import org.junit.Before;
+import org.junit.BeforeClass;
 import org.junit.Test;
 
 public class FileBasedClusterNodeFirewallTest {
@@ -38,6 +42,23 @@ public class FileBasedClusterNodeFirewallTest {
 
     private File restoreDirectory;
 
+    private static boolean badHostsDoNotResolve = false;
+
+    /**
+     * We have tests that rely on known bad host/ip parameters; make sure DNS doesn't resolve them.
+     * This can be a problem i.e. on residential ISPs in the USA because the provider will often
+     * wildcard match all possible DNS names in an attempt to serve advertising.
+     */
+    @BeforeClass
+    public static void ensureBadHostsDoNotWork() {
+        final InetAddress ip;
+        try {
+            ip = InetAddress.getByName("I typed a search term and my browser expected a host.");
+        } catch (final UnknownHostException uhe) {
+            badHostsDoNotResolve = true;
+        }
+    }
+
     @Before
     public void setup() throws Exception {
 
@@ -55,6 +76,22 @@ public void teardown() throws IOException {
         deleteFile(restoreDirectory);
     }
 
+    /**
+     * We have two garbage lines in our test config file, ensure they didn't get turned into hosts.
+     */
+    @Test
+    public void ensureBadDataWasIgnored() {
+        assumeTrue(badHostsDoNotResolve);
+        assertFalse("firewall treated our malformed data as a host. If " +
+            "`host \"bad data should be skipped\"` works locally, this test should have been " +
+            "skipped.",
+            ipsFirewall.isPermissible("bad data should be skipped"));
+        assertFalse("firewall treated our malformed data as a host. If " +
+            "`host \"more bad data\"` works locally, this test should have been " +
+            "skipped.",
+            ipsFirewall.isPermissible("more bad data"));
+    }
+
     @Test
     public void testSyncWithRestore() {
         assertEquals(ipsConfig.length(), new File(restoreDirectory, ipsConfig.getName()).length());
@@ -77,7 +114,10 @@ public void testIsPermissibleWithNoMatch() {
 
     @Test
     public void testIsPermissibleWithMalformedData() {
-        assertFalse(ipsFirewall.isPermissible("abc"));
+        assumeTrue(badHostsDoNotResolve);
+        assertFalse("firewall allowed host 'abc' rather than rejecting as malformed. If `host abc` "
+            + "works locally, this test should have been skipped.",
+            ipsFirewall.isPermissible("abc"));
     }
 
     @Test
@@ -87,7 +127,10 @@ public void testIsPermissibleWithEmptyConfig() {
 
     @Test
     public void testIsPermissibleWithEmptyConfigWithMalformedData() {
-        assertTrue(acceptAllFirewall.isPermissible("abc"));
+        assumeTrue(badHostsDoNotResolve);
+        assertTrue("firewall did not allow malformed host 'abc' under permissive configs. If " +
+            "`host abc` works locally, this test should have been skipped.",
+            acceptAllFirewall.isPermissible("abc"));
     }
 
     private boolean deleteFile(final File file) {