From b2319ba5d93a377faf0901d6eaef31b98a94b1f8 Mon Sep 17 00:00:00 2001
From: Christian Kreibich <christian@corelight.com>
Date: Wed, 8 Feb 2023 19:31:07 -0800
Subject: [PATCH] Add btests for new Site::local_nets behavior

---
 .../scripts.base.utils.site-defaults-2/output |  7 ++
 .../scripts.base.utils.site-defaults-3/output |  7 ++
 .../scripts.base.utils.site-defaults-4/output |  7 ++
 .../scripts.base.utils.site-defaults-5/output |  7 ++
 .../scripts.base.utils.site-defaults-6/output |  7 ++
 .../scripts.base.utils.site-defaults-7/output |  7 ++
 .../scripts.base.utils.site-defaults-8/output |  7 ++
 .../scripts.base.utils.site-defaults-9/output |  7 ++
 .../scripts.base.utils.site-defaults/output   |  7 ++
 .../scripts/base/utils/site-defaults.test     | 89 +++++++++++++++++++
 10 files changed, 152 insertions(+)
 create mode 100644 testing/btest/Baseline/scripts.base.utils.site-defaults-2/output
 create mode 100644 testing/btest/Baseline/scripts.base.utils.site-defaults-3/output
 create mode 100644 testing/btest/Baseline/scripts.base.utils.site-defaults-4/output
 create mode 100644 testing/btest/Baseline/scripts.base.utils.site-defaults-5/output
 create mode 100644 testing/btest/Baseline/scripts.base.utils.site-defaults-6/output
 create mode 100644 testing/btest/Baseline/scripts.base.utils.site-defaults-7/output
 create mode 100644 testing/btest/Baseline/scripts.base.utils.site-defaults-8/output
 create mode 100644 testing/btest/Baseline/scripts.base.utils.site-defaults-9/output
 create mode 100644 testing/btest/Baseline/scripts.base.utils.site-defaults/output
 create mode 100644 testing/btest/scripts/base/utils/site-defaults.test

diff --git a/testing/btest/Baseline/scripts.base.utils.site-defaults-2/output b/testing/btest/Baseline/scripts.base.utils.site-defaults-2/output
new file mode 100644
index 0000000000..3f110fc408
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.utils.site-defaults-2/output
@@ -0,0 +1,7 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+10.0.0.1 is private: F
+10.0.0.1 is local: F
+no local subnet
+1.2.3.4 is private: F
+1.2.3.4 is local: F
+no local subnet
diff --git a/testing/btest/Baseline/scripts.base.utils.site-defaults-3/output b/testing/btest/Baseline/scripts.base.utils.site-defaults-3/output
new file mode 100644
index 0000000000..b2e75100ce
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.utils.site-defaults-3/output
@@ -0,0 +1,7 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+10.0.0.1 is private: F
+10.0.0.1 is local: F
+no local subnet
+1.2.3.4 is private: T
+1.2.3.4 is local: T
+local subnet is 1.0.0.0/8
diff --git a/testing/btest/Baseline/scripts.base.utils.site-defaults-4/output b/testing/btest/Baseline/scripts.base.utils.site-defaults-4/output
new file mode 100644
index 0000000000..e2507237e3
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.utils.site-defaults-4/output
@@ -0,0 +1,7 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+10.0.0.1 is private: T
+10.0.0.1 is local: T
+local subnet is 10.0.0.0/8
+1.2.3.4 is private: F
+1.2.3.4 is local: T
+local subnet is 1.0.0.0/8
diff --git a/testing/btest/Baseline/scripts.base.utils.site-defaults-5/output b/testing/btest/Baseline/scripts.base.utils.site-defaults-5/output
new file mode 100644
index 0000000000..e2507237e3
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.utils.site-defaults-5/output
@@ -0,0 +1,7 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+10.0.0.1 is private: T
+10.0.0.1 is local: T
+local subnet is 10.0.0.0/8
+1.2.3.4 is private: F
+1.2.3.4 is local: T
+local subnet is 1.0.0.0/8
diff --git a/testing/btest/Baseline/scripts.base.utils.site-defaults-6/output b/testing/btest/Baseline/scripts.base.utils.site-defaults-6/output
new file mode 100644
index 0000000000..b2e75100ce
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.utils.site-defaults-6/output
@@ -0,0 +1,7 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+10.0.0.1 is private: F
+10.0.0.1 is local: F
+no local subnet
+1.2.3.4 is private: T
+1.2.3.4 is local: T
+local subnet is 1.0.0.0/8
diff --git a/testing/btest/Baseline/scripts.base.utils.site-defaults-7/output b/testing/btest/Baseline/scripts.base.utils.site-defaults-7/output
new file mode 100644
index 0000000000..e2507237e3
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.utils.site-defaults-7/output
@@ -0,0 +1,7 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+10.0.0.1 is private: T
+10.0.0.1 is local: T
+local subnet is 10.0.0.0/8
+1.2.3.4 is private: F
+1.2.3.4 is local: T
+local subnet is 1.0.0.0/8
diff --git a/testing/btest/Baseline/scripts.base.utils.site-defaults-8/output b/testing/btest/Baseline/scripts.base.utils.site-defaults-8/output
new file mode 100644
index 0000000000..b9b28edcc8
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.utils.site-defaults-8/output
@@ -0,0 +1,7 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+10.0.0.1 is private: T
+10.0.0.1 is local: F
+no local subnet
+1.2.3.4 is private: F
+1.2.3.4 is local: F
+no local subnet
diff --git a/testing/btest/Baseline/scripts.base.utils.site-defaults-9/output b/testing/btest/Baseline/scripts.base.utils.site-defaults-9/output
new file mode 100644
index 0000000000..9cc8a55048
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.utils.site-defaults-9/output
@@ -0,0 +1,7 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+10.0.0.1 is private: F
+10.0.0.1 is local: T
+local subnet is 10.0.0.0/8
+1.2.3.4 is private: T
+1.2.3.4 is local: F
+no local subnet
diff --git a/testing/btest/Baseline/scripts.base.utils.site-defaults/output b/testing/btest/Baseline/scripts.base.utils.site-defaults/output
new file mode 100644
index 0000000000..6bb8679c6c
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.utils.site-defaults/output
@@ -0,0 +1,7 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+10.0.0.1 is private: T
+10.0.0.1 is local: T
+local subnet is 10.0.0.0/8
+1.2.3.4 is private: F
+1.2.3.4 is local: F
+no local subnet
diff --git a/testing/btest/scripts/base/utils/site-defaults.test b/testing/btest/scripts/base/utils/site-defaults.test
new file mode 100644
index 0000000000..7ff587e8e1
--- /dev/null
+++ b/testing/btest/scripts/base/utils/site-defaults.test
@@ -0,0 +1,89 @@
+# This tests the relationship of Site::local_nets and Site::private_address_space.
+# The former defaults to the same values as the latter and both are config options.
+# Therefore both redefs and runtime updates only affect the respective variable,
+# not the other.
+#
+# @TEST-EXEC: zeek -b %INPUT > output
+# @TEST-EXEC: btest-diff output
+
+@TEST-START-FILE common.zeek
+function check_addr(ip: addr)
+	{
+	print fmt("%s is private: %s", ip, Site::is_private_addr(ip));
+	print fmt("%s is local: %s", ip, Site::is_local_addr(ip));
+
+	if ( ip in Site::local_nets_table )
+		print fmt("local subnet is %s", Site::local_nets_table[ip]);
+	else
+		print fmt("no local subnet");
+	}
+
+event zeek_init()
+	{
+	check_addr(10.0.0.1);
+	check_addr(1.2.3.4);
+	}
+@TEST-END-FILE
+
+# (1) The common case: 10/8 is private, implying local, and 1/8 is not.
+@load ./common
+
+@TEST-START-NEXT
+
+# (2) Removing 10/8 from private space implies we remove it from local, too.
+@load ./common
+redef Site::private_address_space -= { 10.0.0.0/8 };
+
+@TEST-START-NEXT
+
+# (3) Adding 1/8 to private space implies we add it to local, too.
+@load ./common
+redef Site::private_address_space = { 1.0.0.0/8 };
+
+@TEST-START-NEXT
+
+# (4) Adding 1/8 to local space doesn't change the private one.
+@load ./common
+redef Site::local_nets += { 1.0.0.0/8 };
+
+@TEST-START-NEXT
+
+# (5) Resetting the local space to 1/8 does not lose the private space.
+@load ./common
+redef Site::local_nets = { 1.0.0.0/8 };
+
+@TEST-START-NEXT
+
+# (6) Resetting the private space dynamically does propagate into local space.
+@load ./common
+
+event zeek_init() &priority=5
+	{
+	Config::set_value("Site::private_address_space", set(1.0.0.0/8));
+	}
+
+@TEST-START-NEXT
+
+# (7) Resetting local space dynamically does not lose the private space.
+@load ./common
+
+event zeek_init() &priority=5
+	{
+	Config::set_value("Site::local_nets", set(1.0.0.0/8));
+	}
+
+@TEST-START-NEXT
+
+# (8) Disable the private-means-local implication and verify defaults.
+@load ./common
+
+redef Site::private_address_space_is_local = F;
+
+@TEST-START-NEXT
+
+# (9) Disable the private-means-local implication and alter both.
+@load ./common
+
+redef Site::private_address_space_is_local = F;
+redef Site::private_address_space = { 1.0.0.0/8 };
+redef Site::local_nets = { 10.0.0.0/8 };