From 4d6d152c04088c70888fb13b845af3a96bcf8917 Mon Sep 17 00:00:00 2001
From: Eric Garver <e@erig.me>
Date: Mon, 17 Dec 2018 12:42:16 -0500
Subject: [PATCH 2/4] tests/firewall-cmd: Coverage for interface wildcarding

Coverage for rhbz 1644025.

(cherry picked from commit e3f936080ff57884df20b5def241593eecb10364)
---
 src/tests/firewall-cmd.at | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at
index 87e0eea4150e..3b6b6057dbec 100644
--- a/src/tests/firewall-cmd.at
+++ b/src/tests/firewall-cmd.at
@@ -115,6 +115,8 @@ FWD_START_TEST([zone interfaces])
 ])
     FWD_CHECK([--permanent --zone=public --remove-interface=perm_dummy], 0, ignore)
     FWD_CHECK([--permanent --zone=public --query-interface perm_dummy], 1, ignore)
+    FWD_CHECK([--permanent --zone=trusted --remove-interface=perm_dummy2], 0, ignore)
+    FWD_RELOAD
 
     FWD_CHECK([--add-interface=foo], 0, ignore)
     FWD_CHECK([--add-interface=bar --zone=public], 0, ignore)
@@ -128,6 +130,30 @@ FWD_START_TEST([zone interfaces])
     FWD_CHECK([--set-default-zone=public], 0, ignore)
     FWD_CHECK([--remove-interface=foo], 0, ignore)
     FWD_CHECK([--remove-interface=bar], 0, ignore)
+
+    dnl exercise wildcards, rhbz 1644025
+    dnl Note: This feature is undocumented, because it's a possible security
+    dnl risk.
+    FWD_CHECK([--zone=trusted --add-interface=+], 0, ignore)
+    FWD_CHECK([--add-interface=foobar+++], 0, ignore)
+    FWD_CHECK([--add-interface=foobar+], 0, ignore)
+    m4_if(nftables, FIREWALL_BACKEND, [
+    NFT_LIST_RULES([inet], [filter_INPUT_ZONES], 0, [dnl
+        table inet firewalld {
+        chain filter_INPUT_ZONES {
+            iifname "foobar*" goto filter_IN_public
+            iifname "foobar++*" goto filter_IN_public
+            jump filter_IN_trusted
+            goto filter_IN_public
+        }
+        }
+    ])])
+    FWD_CHECK([--zone=trusted --remove-interface=+], 0, ignore)
+    FWD_CHECK([--remove-interface=foobar+++], 0, ignore)
+    FWD_CHECK([--remove-interface=foobar+], 0, ignore)
+    FWD_CHECK([--permanent --add-interface=foobar+], 0, ignore)
+    FWD_CHECK([--permanent --remove-interface=foobar+], 0, ignore)
+    FWD_RELOAD
 FWD_END_TEST([-e '/ERROR: ZONE_CONFLICT: perm_dummy/d'])
 
 FWD_START_TEST([zone sources])
-- 
2.18.0