From fb075e78955b4c7ef86c2708489024193c31c286 Mon Sep 17 00:00:00 2001 From: Garfield Freeman Date: Thu, 16 Feb 2023 02:49:22 -0800 Subject: [PATCH] fix(decryption rules): fixing path to multiple ssl certificates --- poli/decryption/entry.go | 2 +- poli/decryption/fw_test.go | 29 +++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/poli/decryption/entry.go b/poli/decryption/entry.go index 6194de29..f0a42576 100644 --- a/poli/decryption/entry.go +++ b/poli/decryption/entry.go @@ -725,7 +725,7 @@ type entry_v5 struct { type dType_v2 struct { SslForwardProxy *string `xml:"ssl-forward-proxy"` SshProxy *string `xml:"ssh-proxy"` - SslCertificates *util.MemberType `xml:"ssl-inbound-inspection"` + SslCertificates *util.MemberType `xml:"ssl-inbound-inspection>certificates"` } func (e *entry_v5) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error { diff --git a/poli/decryption/fw_test.go b/poli/decryption/fw_test.go index 02a5a4be..b7c5afc0 100644 --- a/poli/decryption/fw_test.go +++ b/poli/decryption/fw_test.go @@ -2,9 +2,11 @@ package decryption import ( "reflect" + "strings" "testing" "github.com/PaloAltoNetworks/pango/testdata" + "github.com/PaloAltoNetworks/pango/version" ) func TestFwNormalization(t *testing.T) { @@ -33,3 +35,30 @@ func TestFwNormalization(t *testing.T) { }) } } + +func TestNotPresent(t *testing.T) { + mc := &testdata.MockClient{} + ns := FirewallNamespace(mc) + + mc.Version = version.Number{10, 2, 0, ""} + mc.AddResp("") + + elm := Entry{ + Name: "rule1", + Uuid: "uuid123", + GroupTag: "tag123", + Description: "blah", + DestinationHips: []string{"dst2", "dst1"}, + LogFailedTlsHandshakes: true, + LogSetting: "my log setting", + } + + err := ns.Set("vsys1", elm) + if err != nil { + t.Fatalf("Failed set: %s", err) + } + + if strings.Contains(mc.Elm, "ssl-inbound-inspection") { + t.Fatalf("Contains ssl-inbound-inspection") + } +}