Merge "Handle icmp type 0 validation correctly"

2020-07-20 07:33:28 +00:00
parent dfe26e5f81 b73f1ea42f
commit f0107bde1c
2 changed files with 22 additions and 1 deletions
--- a/vmware_nsxlib/tests/unit/v3/test_security.py
+++ b/vmware_nsxlib/tests/unit/v3/test_security.py
@@ -260,6 +260,27 @@ class TestNsxLibFirewallSection(nsxlib_testcase.NsxLibTestCase):
                section_id, group_id, False,
                "ALLOW", rules, {rule_id: target_id})

+    def test_create_rule_with_illegal_icmp_0_255(self):
+        rule_id = uuidutils.generate_uuid()
+        rule = {'id': rule_id,
+                'ethertype': 'IPv4',
+                'protocol': 'icmp',
+                'direction': 'egress',
+                'port_range_min': 0,
+                'port_range_max': 255,
+                'remote_ip_prefix': None}
+        rules = [rule]
+        section_id = 'section-id'
+        group_id = 'nsgroup-id'
+        target_id = 'dummy'
+        with mock.patch("vmware_nsxlib.v3.NsxLib.get_version",
+                        return_value="2.4.0"):
+            self.assertRaises(
+                nsxlib_exc.InvalidInput,
+                self.nsxlib.firewall_section.create_section_rules,
+                section_id, group_id, False,
+                "ALLOW", rules, {rule_id: target_id})
+
    def test_create_with_rules(self):
        expected_body = {
            'display_name': 'display-name',
--- a/vmware_nsxlib/v3/utils.py
+++ b/vmware_nsxlib/v3/utils.py
@@ -600,7 +600,7 @@ def validate_icmp_params(icmp_type, icmp_code, icmp_version=4, strict=False):
    if icmp_version != 4:
        # ICMPv6 is currently not supported
        return
-    if icmp_type:
+    if icmp_type is not None:
        if (strict and icmp_type not in
                constants.IPV4_ICMP_STRICT_TYPES):
            raise nsxlib_exc.InvalidInput(