test: improve coverage across package

2026-05-01 14:09:10 +05:30
parent e1c68ec7d0
commit e3f1f5046a
18 changed files with 2652 additions and 6 deletions
--- a/ruleset/builtins/cidr_test.go
+++ b/ruleset/builtins/cidr_test.go
@@ -0,0 +1,98 @@
+package builtins
+
+import (
+	"net"
+	"testing"
+)
+
+func TestCompileCIDR(t *testing.T) {
+	tests := []struct {
+		name    string
+		input   string
+		wantErr bool
+		wantStr string
+	}{
+		{"valid ipv4", "192.168.0.0/24", false, "192.168.0.0/24"},
+		{"valid ipv6", "2001:db8::/32", false, "2001:db8::/32"},
+		{"valid host ipv4", "10.0.0.1/32", false, "10.0.0.1/32"},
+		{"valid host ipv6", "::1/128", false, "::1/128"},
+		{"invalid no mask", "192.168.0.0", true, ""},
+		{"invalid bad ip", "not-an-ip/24", true, ""},
+		{"invalid empty", "", true, ""},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := CompileCIDR(tt.input)
+			if tt.wantErr {
+				if err == nil {
+					t.Errorf("CompileCIDR(%q) expected error, got nil", tt.input)
+				}
+				return
+			}
+			if err != nil {
+				t.Fatalf("CompileCIDR(%q) unexpected error: %v", tt.input, err)
+			}
+			if got.String() != tt.wantStr {
+				t.Errorf("CompileCIDR(%q) = %q, want %q", tt.input, got.String(), tt.wantStr)
+			}
+		})
+	}
+}
+
+func TestMatchCIDR(t *testing.T) {
+	cidr := mustCompileCIDR(t, "192.168.0.0/24")
+
+	tests := []struct {
+		name string
+		ip   string
+		want bool
+	}{
+		{"inside", "192.168.0.1", true},
+		{"boundary low", "192.168.0.0", true},
+		{"boundary high", "192.168.0.255", true},
+		{"outside", "192.168.1.1", false},
+		{"different network", "10.0.0.1", false},
+		{"invalid ip", "not-an-ip", false},
+		{"empty", "", false},
+		{"ipv6 in ipv4", "::1", false},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := MatchCIDR(tt.ip, cidr)
+			if got != tt.want {
+				t.Errorf("MatchCIDR(%q, %q) = %v, want %v", tt.ip, cidr, got, tt.want)
+			}
+		})
+	}
+}
+
+func TestMatchCIDR_IPv6(t *testing.T) {
+	cidr := mustCompileCIDR(t, "2001:db8::/32")
+
+	inside := "2001:db8::1"
+	if !MatchCIDR(inside, cidr) {
+		t.Errorf("MatchCIDR(%q) should be true", inside)
+	}
+
+	outside := "2001:db9::1"
+	if MatchCIDR(outside, cidr) {
+		t.Errorf("MatchCIDR(%q) should be false", outside)
+	}
+}
+
+func TestMatchCIDR_NullResult(t *testing.T) {
+	if MatchCIDR("10.0.0.1", &net.IPNet{}) {
+		t.Error("MatchCIDR with empty IPNet should return false")
+	}
+}
+
+func mustCompileCIDR(t *testing.T, cidr string) *net.IPNet {
+	t.Helper()
+	_, ipNet, err := net.ParseCIDR(cidr)
+	if err != nil {
+		t.Fatalf("failed to parse CIDR %q: %v", cidr, err)
+	}
+	return ipNet
+}