dpi: add global exemptions

NethServer · Nov 28, 2023 · b206fea · b206fea
1 parent b7c1067
commit b206fea
Show file tree

Hide file tree

Showing 2 changed files with 128 additions and 0 deletions.
diff --git a/src/nethsec/dpi/__init__.py b/src/nethsec/dpi/__init__.py
@@ -335,6 +335,11 @@ def __save_rule_data(e_uci: EUci, config_name: str, enabled: bool, device: str,
     e_uci.set('dpi', config_name, 'application', applications)
     e_uci.set('dpi', config_name, 'protocol', protocols)
 
+def __save_exemption_data(e_uci: EUci, config_name: str, criteria: str, description: str, enabled: bool):
+    e_uci.set('dpi', config_name, 'enabled', enabled)
+    e_uci.set('dpi', config_name, 'criteria', criteria)
+    e_uci.set('dpi', config_name, 'description', description)
+
 def __toggle_engine(e_uci: EUci):
     count_enabled = 0
     for section in e_uci.get_all('dpi'):
@@ -408,3 +413,85 @@ def edit_rule(e_uci: EUci, config_name: str, enabled: bool, device: str, action:
     __toggle_engine(e_uci)
 
     e_uci.save('dpi')
+
+def list_exemptions(e_uci: EUci) -> list[dict[str]]:
+    """
+    Index all global exemptions
+
+    Args:
+      - e_uci: euci instance
+
+    Returns:
+        list of dicts, each dict contains the property "config-name", "description", "enabled", "criteria"
+    """
+    exemptions = list[dict[str]]()
+    fetch_ex = utils.get_all_by_type(e_uci, 'dpi', 'exemption')
+
+    if not fetch_ex:
+        return exemptions
+    for ex_name in fetch_ex.keys():
+        # get content of exemption
+        ex = fetch_ex[ex_name]
+        # prepare the data to append to rules
+        data_ex = dict[str]()
+        data_ex['config-name'] = ex_name
+        data_ex['enabled'] = ex.get('enabled', '1') == '1'
+        data_ex['criteria'] = ex.get('criteria', '')
+        data_ex['description'] = ex.get('description', '')
+        # append exemption
+        exemptions.append(data_ex)
+
+    return exemptions
+
+
+def add_exemption(e_uci: EUci, criteria: str, description: str, enabled: bool):
+    """
+    Store a new global exemption
+
+    Args:
+      - e_uci: euci instance
+      - criteria: exemption criteria, usually it's an IP address
+      - description: description of the rule
+      - enabled: enable the exemption
+
+    Returns:
+        config name of the exemption created
+    """
+    ex_name = utils.get_random_id()
+    e_uci.set('dpi', ex_name, 'exemption')
+    __save_exemption_data(e_uci, ex_name, criteria, description, enabled)
+    e_uci.save('dpi')
+    return ex_name
+
+
+def delete_exemption(e_uci: EUci, config_name: str):
+    """
+    Delete a global exemption
+
+    Args:
+      - e_uci: euci instance
+      - config_name: config name of the rule to delete
+    """
+    e_uci.delete('dpi', config_name)
+    e_uci.save('dpi')
+
+
+def edit_exemption(e_uci: EUci, config_name: str, criteria: str, description: str, enabled: bool):
+    """
+    Edit a global exemption
+
+    Args:
+      - e_uci: euci instance
+      - config_name: rule to change
+      - criteria: exemption criteria, usually it's an IP address
+      - description: description of the rule
+      - enabled: enable the exemption
+
+    Raises
+        - ValidationError: if the config name is invalid
+    """
+    if e_uci.get('dpi', config_name, default=None) is None:
+        raise ValidationError('config-name', 'invalid', config_name)
+
+    __save_exemption_data(e_uci, config_name, criteria, description, enabled)
+    e_uci.save('dpi')
diff --git a/tests/test_dpi.py b/tests/test_dpi.py
@@ -257,6 +257,11 @@
     list protocol 'HTTP/Connect'
     option device 'eth1'
     option enabled 1
+
+config exemption exemp1
+    option criteria '192.168.1.1'
+    option description 'my host'
+    option enabled 1
 """
 
 network_config = """
@@ -1001,3 +1006,39 @@ def test_list_popular_with_limits(e_uci_with_data, mock_load):
             'total': 7
         }
     }
+
+def test_list_exemptions(e_uci_with_data):
+    assert dpi.list_exemptions(e_uci_with_data) == [
+        {
+            'config-name': 'exemp1',
+            'enabled': True,
+            'criteria': '192.168.1.1',
+            'description': 'my host',
+        }
+    ]
+
+def test_add_exemption(e_uci):
+    ex_created = dpi.add_exemption(e_uci, "192.168.2.2", 'my host2', True)
+    assert dpi.list_exemptions(e_uci) == [
+        {
+            'config-name': ex_created,
+            'enabled': True,
+            'criteria': "192.168.2.2",
+            'description': 'my host2',
+        }
+    ]
+
+def test_edit_exemption(e_uci_with_data):
+    dpi.edit_exemption(e_uci_with_data, 'exemp1', '192.168.1.3', 'my host 3', False)
+    assert dpi.list_exemptions(e_uci_with_data) == [
+        {
+            'config-name': 'exemp1',
+            'enabled': False,
+            'criteria': "192.168.1.3",
+            'description': 'my host 3',
+        }
+    ]
+
+def test_delete_exemption(e_uci):
+    dpi.delete_exemption(e_uci, 'exemp1')
+    assert dpi.list_exemptions(e_uci) == []