From 719b94d9e40d8a1a7586a7b030be582e4e264605 Mon Sep 17 00:00:00 2001 From: bcmmbaga Date: Thu, 8 Feb 2024 15:01:07 +0300 Subject: [PATCH] Add tests and validation for empty peer location in GeoLocationCheck --- management/server/posture/geo_location.go | 5 ++++ .../server/posture/geo_location_test.go | 30 +++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/management/server/posture/geo_location.go b/management/server/posture/geo_location.go index 72ff3e6daff..ceade0d2ae5 100644 --- a/management/server/posture/geo_location.go +++ b/management/server/posture/geo_location.go @@ -30,6 +30,11 @@ type GeoLocationCheck struct { } func (g *GeoLocationCheck) Check(peer nbpeer.Peer) (bool, error) { + // deny if the peer location is not evaluated + if peer.Location.CountryCode == "" && peer.Location.CityName == "" { + return false, fmt.Errorf("peer's location is not set") + } + for _, loc := range g.Locations { if loc.CountryCode == peer.Location.CountryCode { if loc.CityName == "" || loc.CityName == peer.Location.CityName { diff --git a/management/server/posture/geo_location_test.go b/management/server/posture/geo_location_test.go index 908e42eb958..7a886a2827e 100644 --- a/management/server/posture/geo_location_test.go +++ b/management/server/posture/geo_location_test.go @@ -192,6 +192,36 @@ func TestGeoLocationCheck_Check(t *testing.T) { wantErr: false, isValid: true, }, + { + name: "Peer with no location in the allow sets", + input: peer.Peer{}, + check: GeoLocationCheck{ + Locations: []Location{ + { + CountryCode: "DE", + CityName: "Berlin", + }, + }, + Action: GeoLocationActionAllow, + }, + wantErr: true, + isValid: false, + }, + { + name: "Peer with no location in the deny sets", + input: peer.Peer{}, + check: GeoLocationCheck{ + Locations: []Location{ + { + CountryCode: "DE", + CityName: "Berlin", + }, + }, + Action: GeoLocationActionDeny, + }, + wantErr: true, + isValid: false, + }, } for _, tt := range tests {