diff options
| author | [email protected] <[email protected]> | 2024-11-27 17:18:08 +0800 |
|---|---|---|
| committer | [email protected] <[email protected]> | 2024-11-27 17:18:08 +0800 |
| commit | 545190230d004a51c25d06a8103eda4eec1b7b51 (patch) | |
| tree | 74d63ec6dff8a30c724e1874234694cae2610833 | |
| parent | ae9ef595a621bafd6f343b9daf8e259b5a55abaf (diff) | |
update error block cases
160 files changed, 16975 insertions, 8376 deletions
diff --git a/tests/security/sec_allow_subid_ssl_substr_fqdn_substr_cn_substr_san.py b/tests/security/sec_allow_subid_ssl_substr_fqdn_substr_cn_substr_san.py index d2c26cc53..4d6d9b6d1 100644 --- a/tests/security/sec_allow_subid_ssl_substr_fqdn_substr_cn_substr_san.py +++ b/tests/security/sec_allow_subid_ssl_substr_fqdn_substr_cn_substr_san.py @@ -72,7 +72,7 @@ def run(parameter): ] }, { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SSL_CN", @@ -89,7 +89,7 @@ def run(parameter): ] }, { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SSL_SAN", diff --git a/tests/security/sec_deny_signature_common_app_id_default.py b/tests/security/sec_deny_signature_common_app_id_default.py index 457722c11..1167e740a 100644 --- a/tests/security/sec_deny_signature_common_app_id_default.py +++ b/tests/security/sec_deny_signature_common_app_id_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_common_port_app_default.py b/tests/security/sec_deny_signature_common_port_app_default.py index 815a2f615..3f27d561a 100644 --- a/tests/security/sec_deny_signature_common_port_app_default.py +++ b/tests/security/sec_deny_signature_common_port_app_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_dns_qry_name_default.py b/tests/security/sec_deny_signature_dns_qry_name_default.py index 82ba05826..c84e73ece 100644 --- a/tests/security/sec_deny_signature_dns_qry_name_default.py +++ b/tests/security/sec_deny_signature_dns_qry_name_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_http_request_full_uri_default.py b/tests/security/sec_deny_signature_http_request_full_uri_default.py index 89dd94011..71e07c8b7 100644 --- a/tests/security/sec_deny_signature_http_request_full_uri_default.py +++ b/tests/security/sec_deny_signature_http_request_full_uri_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_http_request_header_default.py b/tests/security/sec_deny_signature_http_request_header_default.py index 58d5abdaa..376cbc5a8 100644 --- a/tests/security/sec_deny_signature_http_request_header_default.py +++ b/tests/security/sec_deny_signature_http_request_header_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_http_response_header_default.py b/tests/security/sec_deny_signature_http_response_header_default.py index b705071d8..2e7693104 100644 --- a/tests/security/sec_deny_signature_http_response_header_default.py +++ b/tests/security/sec_deny_signature_http_response_header_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_ip_dst_default.py b/tests/security/sec_deny_signature_ip_dst_default.py index 3d85361b1..f64200037 100644 --- a/tests/security/sec_deny_signature_ip_dst_default.py +++ b/tests/security/sec_deny_signature_ip_dst_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_ip_proto_default.py b/tests/security/sec_deny_signature_ip_proto_default.py index 864207bcd..c69a9755e 100644 --- a/tests/security/sec_deny_signature_ip_proto_default.py +++ b/tests/security/sec_deny_signature_ip_proto_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_ip_src_default.py b/tests/security/sec_deny_signature_ip_src_default.py index f4b05f5cd..e65d27f16 100644 --- a/tests/security/sec_deny_signature_ip_src_default.py +++ b/tests/security/sec_deny_signature_ip_src_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_ssl_analysis_ja3_default.py b/tests/security/sec_deny_signature_ssl_analysis_ja3_default.py index 0197ed2e1..3245e0a00 100644 --- a/tests/security/sec_deny_signature_ssl_analysis_ja3_default.py +++ b/tests/security/sec_deny_signature_ssl_analysis_ja3_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_ssl_analysis_ja3s_default.py b/tests/security/sec_deny_signature_ssl_analysis_ja3s_default.py index 35e11ad4d..39753fa8d 100644 --- a/tests/security/sec_deny_signature_ssl_analysis_ja3s_default.py +++ b/tests/security/sec_deny_signature_ssl_analysis_ja3s_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_ssl_analysis_sni_absent_default.py b/tests/security/sec_deny_signature_ssl_analysis_sni_absent_default.py index 0492fe2d5..5af3458ea 100644 --- a/tests/security/sec_deny_signature_ssl_analysis_sni_absent_default.py +++ b/tests/security/sec_deny_signature_ssl_analysis_sni_absent_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_ssl_handshake_certificate_algorithm_id_default.py b/tests/security/sec_deny_signature_ssl_handshake_certificate_algorithm_id_default.py index cdd1e1043..023da3b2b 100644 --- a/tests/security/sec_deny_signature_ssl_handshake_certificate_algorithm_id_default.py +++ b/tests/security/sec_deny_signature_ssl_handshake_certificate_algorithm_id_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_ssl_handshake_certificate_algorithm_identifier_default.py b/tests/security/sec_deny_signature_ssl_handshake_certificate_algorithm_identifier_default.py index b5bac97d3..093137a5f 100644 --- a/tests/security/sec_deny_signature_ssl_handshake_certificate_algorithm_identifier_default.py +++ b/tests/security/sec_deny_signature_ssl_handshake_certificate_algorithm_identifier_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_ssl_handshake_certificate_issuer_common_name_default.py b/tests/security/sec_deny_signature_ssl_handshake_certificate_issuer_common_name_default.py index 394d76db6..efc9df8af 100644 --- a/tests/security/sec_deny_signature_ssl_handshake_certificate_issuer_common_name_default.py +++ b/tests/security/sec_deny_signature_ssl_handshake_certificate_issuer_common_name_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_ssl_handshake_certificate_issuer_country_name_default.py b/tests/security/sec_deny_signature_ssl_handshake_certificate_issuer_country_name_default.py index a3a1dd29a..2d520dfe3 100644 --- a/tests/security/sec_deny_signature_ssl_handshake_certificate_issuer_country_name_default.py +++ b/tests/security/sec_deny_signature_ssl_handshake_certificate_issuer_country_name_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_ssl_handshake_certificate_issuer_organization_name_default.py b/tests/security/sec_deny_signature_ssl_handshake_certificate_issuer_organization_name_default.py index 59a48d8f9..f18eda15a 100644 --- a/tests/security/sec_deny_signature_ssl_handshake_certificate_issuer_organization_name_default.py +++ b/tests/security/sec_deny_signature_ssl_handshake_certificate_issuer_organization_name_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_ssl_handshake_certificate_not_valid_default.py b/tests/security/sec_deny_signature_ssl_handshake_certificate_not_valid_default.py index e9a4d177b..af5aed24b 100644 --- a/tests/security/sec_deny_signature_ssl_handshake_certificate_not_valid_default.py +++ b/tests/security/sec_deny_signature_ssl_handshake_certificate_not_valid_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_ssl_handshake_certificate_subject_common_name_default.py b/tests/security/sec_deny_signature_ssl_handshake_certificate_subject_common_name_default.py index b82948f4f..0378e3738 100644 --- a/tests/security/sec_deny_signature_ssl_handshake_certificate_subject_common_name_default.py +++ b/tests/security/sec_deny_signature_ssl_handshake_certificate_subject_common_name_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_ssl_handshake_certificate_subject_country_name_default.py b/tests/security/sec_deny_signature_ssl_handshake_certificate_subject_country_name_default.py index dac71ffef..4cb33949f 100644 --- a/tests/security/sec_deny_signature_ssl_handshake_certificate_subject_country_name_default.py +++ b/tests/security/sec_deny_signature_ssl_handshake_certificate_subject_country_name_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_ssl_handshake_certificate_subject_organization_name_default.py b/tests/security/sec_deny_signature_ssl_handshake_certificate_subject_organization_name_default.py index 98acbc6d6..0f9a9d3f5 100644 --- a/tests/security/sec_deny_signature_ssl_handshake_certificate_subject_organization_name_default.py +++ b/tests/security/sec_deny_signature_ssl_handshake_certificate_subject_organization_name_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_signature_tcp_payload_signature_default.py b/tests/security/sec_deny_signature_tcp_payload_signature_default.py index 36ee63695..8e3fa48a5 100644 --- a/tests/security/sec_deny_signature_tcp_payload_signature_default.py +++ b/tests/security/sec_deny_signature_tcp_payload_signature_default.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_dns_default.py b/tests/security/sec_deny_srcip_dns_default.py index 636c29074..5edd115a9 100644 --- a/tests/security/sec_deny_srcip_dns_default.py +++ b/tests/security/sec_deny_srcip_dns_default.py @@ -1,145 +1,191 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_redirect_qtype_A_atype_A_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [], - "sub_action_override": False, - "sub_action": [], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + } + ], + "action_parameter": { + "sub_action": "default", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.example.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.example.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_drop.py b/tests/security/sec_deny_srcip_dns_drop.py index d8dd99dde..3bca3f3e9 100644 --- a/tests/security/sec_deny_srcip_dns_drop.py +++ b/tests/security/sec_deny_srcip_dns_drop.py @@ -1,152 +1,193 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "send_tcp_rst": False, - "drop_packet": 0, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.example.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.example.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_pre_qname_drop.py b/tests/security/sec_deny_srcip_dns_pre_qname_drop.py index 01e7b134f..71bfbe026 100644 --- a/tests/security/sec_deny_srcip_dns_pre_qname_drop.py +++ b/tests/security/sec_deny_srcip_dns_pre_qname_drop.py @@ -1,168 +1,212 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_pre_qname_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "www.facebook*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "send_tcp_rst": False, - "drop_packet": 0, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^www.facebook", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_a_atype_a_profile.py b/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_a_atype_a_profile.py index 187646cd8..7fa81e11d 100644 --- a/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_a_atype_a_profile.py +++ b/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_a_atype_a_profile.py @@ -1,184 +1,237 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_pre_qname_redirect_qtype_a_atype_a_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^www.facebook", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ + "qtype": "A", + "answer": [ { - "item_operation": "add", - "item_type": "qname", - "item_value": "www.facebook*" + "atype": "A", + "record_profile": { + "name": "auto_dns_record", + "type": "A", + "description": "auto_dns_record", + "values": [{"value": "1.1.1.1"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "A", - "answer":[ - { - "atype": "A", - "answer_value_type": "Profile", - "profile_name": "sec_dns_type_A", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] }, - "profile": [ - { - "name": "sec_dns_type_A", - "type": "A", - "items": ["1.1.1.1"] - } - ], - "expected_return": "1.1.1.1", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "1.1.1.1", + "expected_metric": {"hits": 2}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_a_atype_a_text.py b/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_a_atype_a_text.py index 76d82e5a3..810b678c7 100644 --- a/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_a_atype_a_text.py +++ b/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_a_atype_a_text.py @@ -1,178 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_pre_qname_redirect_qtype_a_atype_a_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^www.facebook", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "resolution":[ { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + "qtype": "A", + "answer":[ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], + "atype": "A", + "value": "1.1.1.1", + "ttl": { + "min":300, + "max":333 + } } ] } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "www.facebook*" - } ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "A", - "answer":[ - { - "atype": "A", - "answer_value_type": "TEXT", - "answer_value": "1.1.1.1", - "ttl": "300-333" - } - ] - } - ] - } - ], - "packet_capture": [] + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "1.1.1.1", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "1.1.1.1", + "expected_metric": {"hits": 2}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_a_atype_cname_profile.py b/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_a_atype_cname_profile.py index 474bb878b..421ce8cb4 100644 --- a/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_a_atype_cname_profile.py +++ b/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_a_atype_cname_profile.py @@ -1,184 +1,237 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_pre_qname_redirect_qtype_a_atype_cname_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^www.facebook", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ + "qtype": "A", + "answer": [ { - "item_operation": "add", - "item_type": "qname", - "item_value": "www.facebook*" + "atype": "CNAME", + "record_profile": { + "name": "auto_dns_record", + "type": "CNAME", + "description": "auto_dns_record", + "values": [{"value": "aaa.bbb.ccc"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "A", - "answer":[ - { - "atype": "CNAME", - "answer_value_type": "Profile", - "profile_name": "sec_dns_type_cname", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] }, - "profile": [ - { - "name": "sec_dns_type_cname", - "type": "CNAME", - "items": ["aaa.bbb.ccc"] - } - ], - "expected_return": "aaa.bbb.ccc", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "aaa.bbb.ccc", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_a_atype_cname_text.py b/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_a_atype_cname_text.py index 90c72097c..67aa43d48 100644 --- a/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_a_atype_cname_text.py +++ b/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_a_atype_cname_text.py @@ -1,178 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_pre_qname_redirect_qtype_a_atype_cname_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^www.facebook", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "resolution":[ { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + "qtype": "A", + "answer":[ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], + "atype": "CNAME", + "value": "aaa.bbb.ccc", + "ttl": { + "min":300, + "max":333 + } } ] } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "www.facebook*" - } ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "A", - "answer":[ - { - "atype": "CNAME", - "answer_value_type": "TEXT", - "answer_value": "aaa.bbb.ccc", - "ttl": "300-333" - } - ] - } - ] - } - ], - "packet_capture": [] + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "aaa.bbb.ccc", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "aaa.bbb.ccc", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_aaaa_atype_aaaa_profile.py b/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_aaaa_atype_aaaa_profile.py index 9bb49acf6..5be9ae1fc 100644 --- a/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_aaaa_atype_aaaa_profile.py +++ b/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_aaaa_atype_aaaa_profile.py @@ -1,184 +1,237 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_aaaa_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^star-mini.c10r.facebook", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ + "qtype": "AAAA", + "answer": [ { - "item_operation": "add", - "item_type": "qname", - "item_value": "star-mini.c10r.facebook*" + "atype": "AAAA", + "record_profile": { + "name": "auto_dns_record", + "type": "AAAA", + "description": "auto_dns_record", + "values": [{"value": "1::1:1:1"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "AAAA", - "answer":[ - { - "atype": "AAAA", - "answer_value_type": "Profile", - "profile_name": "sec_dns_type_AAAA", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] }, - "profile": [ - { - "name": "sec_dns_type_AAAA", - "type": "AAAA", - "items": ["1::1:1:1"] - } - ], - "expected_return": "1::1:1:1", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "1::1:1:1", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_aaaa_atype_aaaa_text.py b/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_aaaa_atype_aaaa_text.py index 5385968f9..5203988f3 100644 --- a/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_aaaa_atype_aaaa_text.py +++ b/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_aaaa_atype_aaaa_text.py @@ -1,178 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_aaaa_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^star-mini.c10r.facebook", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "resolution":[ { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + "qtype": "AAAA", + "answer":[ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], + "atype": "AAAA", + "value": "1::1:1:1", + "ttl": { + "min":300, + "max":333 + } } ] } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "star-mini.c10r.facebook*" - } ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "AAAA", - "answer":[ - { - "atype": "AAAA", - "answer_value_type": "TEXT", - "answer_value": "1::1:1:1", - "ttl": "300-333" - } - ] - } - ] - } - ], - "packet_capture": [] + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "1::1:1:1", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "1::1:1:1", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_aaaa_atype_cname_profile.py b/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_aaaa_atype_cname_profile.py index 54a55b620..deb08a427 100644 --- a/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_aaaa_atype_cname_profile.py +++ b/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_aaaa_atype_cname_profile.py @@ -1,184 +1,237 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^star-mini.c10r.facebook", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ + "qtype": "AAAA", + "answer": [ { - "item_operation": "add", - "item_type": "qname", - "item_value": "star-mini.c10r.facebook*" + "atype": "CNAME", + "record_profile": { + "name": "auto_dns_record", + "type": "CNAME", + "description": "auto_dns_record", + "values": [{"value": "aaa.bbb.ccc"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "AAAA", - "answer":[ - { - "atype": "CNAME", - "answer_value_type": "Profile", - "profile_name": "sec_dns_type_cname", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] }, - "profile": [ - { - "name": "sec_dns_type_cname", - "type": "CNAME", - "items": ["aaa.bbb.ccc"] - } - ], - "expected_return": "aaa.bbb.ccc", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "aaa.bbb.ccc", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_aaaa_atype_cname_text.py b/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_aaaa_atype_cname_text.py index 9b251ff62..7c53e5b8a 100644 --- a/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_aaaa_atype_cname_text.py +++ b/tests/security/sec_deny_srcip_dns_pre_qname_redirect_qtype_aaaa_atype_cname_text.py @@ -1,178 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_pre_qname_redirect_qtype_aaaa_atype_cname_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^star-mini.c10r.facebook", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "resolution":[ { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + "qtype": "AAAA", + "answer":[ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], + "atype": "CNAME", + "value": "aaa.bbb.ccc", + "ttl": { + "min":300, + "max":333 + } } ] } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "star-mini.c10r.facebook*" - } ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "AAAA", - "answer":[ - { - "atype": "CNAME", - "answer_value_type": "TEXT", - "answer_value": "aaa.bbb.ccc", - "ttl": "300-333" - } - ] - } - ] - } - ], - "packet_capture": [] + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "aaa.bbb.ccc", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "aaa.bbb.ccc", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_pre_qname_tamper.py b/tests/security/sec_deny_srcip_dns_pre_qname_tamper.py index be0619834..9146dce9c 100644 --- a/tests/security/sec_deny_srcip_dns_pre_qname_tamper.py +++ b/tests/security/sec_deny_srcip_dns_pre_qname_tamper.py @@ -1,165 +1,211 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_pre_qname_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "www.facebook*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^www.facebook", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "SERVFAIL", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "SERVFAIL", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_rate_high.py b/tests/security/sec_deny_srcip_dns_rate_high.py index 1c250b770..6e7da887d 100644 --- a/tests/security/sec_deny_srcip_dns_rate_high.py +++ b/tests/security/sec_deny_srcip_dns_rate_high.py @@ -1,150 +1,195 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "100000", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "www.example.com", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.example.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.example.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 2}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.example.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_rate_low.py b/tests/security/sec_deny_srcip_dns_rate_low.py index e85f5962a..3582406ed 100644 --- a/tests/security/sec_deny_srcip_dns_rate_low.py +++ b/tests/security/sec_deny_srcip_dns_rate_low.py @@ -1,150 +1,195 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_redirect_qtype_A_atype_A_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.01", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.example.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_redirect_qtype_a_atype_a_profile.py b/tests/security/sec_deny_srcip_dns_redirect_qtype_a_atype_a_profile.py index da18ed6d6..42a269310 100644 --- a/tests/security/sec_deny_srcip_dns_redirect_qtype_a_atype_a_profile.py +++ b/tests/security/sec_deny_srcip_dns_redirect_qtype_a_atype_a_profile.py @@ -1,168 +1,219 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_redirect_qtype_a_atype_a_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + "qtype": "A", + "answer": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], + "atype": "A", + "record_profile": { + "name": "auto_dns_record", + "type": "A", + "description": "auto_dns_record", + "values": [{"value": "1.1.1.1"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "A", - "answer":[ - { - "atype": "A", - "answer_value_type": "Profile", - "profile_name": "sec_dns_type_A", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] - }, - "profile": [ - { - "name": "sec_dns_type_A", - "type": "A", - "items": ["1.1.1.1"] - } - ], - "expected_return": "1.1.1.1", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.example.com -timeout=1 8.8.8.8" }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "1.1.1.1", + "expected_metric": {"hits": 2}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_redirect_qtype_a_atype_a_text.py b/tests/security/sec_deny_srcip_dns_redirect_qtype_a_atype_a_text.py index 1d736152f..82a6aade2 100644 --- a/tests/security/sec_deny_srcip_dns_redirect_qtype_a_atype_a_text.py +++ b/tests/security/sec_deny_srcip_dns_redirect_qtype_a_atype_a_text.py @@ -1,162 +1,207 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_redirect_qtype_a_atype_a_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "resolution":[ { - "type": "redirect", - "resolution":[ + "qtype": "A", + "answer":[ { - "qtype": "A", - "answer":[ - { - "atype": "A", - "answer_value_type": "TEXT", - "answer_value": "1.1.1.1", - "ttl": "300-333" - } - ] + "atype": "A", + "value": "1.1.1.1", + "ttl": { + "min":300, + "max":333 + } } ] } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "1.1.1.1", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.example.com -timeout=1 8.8.8.8" + ], + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "1.1.1.1", + "expected_metric": {"hits": 2}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_redirect_qtype_a_atype_cname_profile.py b/tests/security/sec_deny_srcip_dns_redirect_qtype_a_atype_cname_profile.py index fae0c8166..7546ee38b 100644 --- a/tests/security/sec_deny_srcip_dns_redirect_qtype_a_atype_cname_profile.py +++ b/tests/security/sec_deny_srcip_dns_redirect_qtype_a_atype_cname_profile.py @@ -1,168 +1,219 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_redirect_qtype_a_atype_cname_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + "qtype": "A", + "answer": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], + "atype": "CNAME", + "record_profile": { + "name": "auto_dns_record", + "type": "CNAME", + "description": "auto_dns_record", + "values": [{"value": "aaa.bbb.ccc"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "A", - "answer":[ - { - "atype": "CNAME", - "answer_value_type": "Profile", - "profile_name": "sec_dns_type_cname", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] - }, - "profile": [ - { - "name": "sec_dns_type_cname", - "type": "CNAME", - "items": ["aaa.bbb.ccc"] - } - ], - "expected_return": "aaa.bbb.ccc", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.example.com -timeout=1 8.8.8.8" }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.example.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "aaa.bbb.ccc", + "expected_metric": {"hits": 2}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.example.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_redirect_qtype_a_atype_cname_text.py b/tests/security/sec_deny_srcip_dns_redirect_qtype_a_atype_cname_text.py index 1011bd377..b746ed138 100644 --- a/tests/security/sec_deny_srcip_dns_redirect_qtype_a_atype_cname_text.py +++ b/tests/security/sec_deny_srcip_dns_redirect_qtype_a_atype_cname_text.py @@ -1,162 +1,207 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_redirect_qtype_a_atype_cname_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "resolution":[ { - "type": "redirect", - "resolution":[ + "qtype": "A", + "answer":[ { - "qtype": "A", - "answer":[ - { - "atype": "CNAME", - "answer_value_type": "TEXT", - "answer_value": "aaa.bbb.ccc", - "ttl": "300-333" - } - ] + "atype": "CNAME", + "value": "aaa.bbb.ccc", + "ttl": { + "min":300, + "max":333 + } } ] } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "aaa.bbb.ccc", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.example.com -timeout=1 8.8.8.8" + ], + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.example.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "aaa.bbb.ccc", + "expected_metric": {"hits": 2}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.example.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_redirect_qtype_aaaa_atype_aaaa_profile.py b/tests/security/sec_deny_srcip_dns_redirect_qtype_aaaa_atype_aaaa_profile.py index df2bf5eb4..e0d922917 100644 --- a/tests/security/sec_deny_srcip_dns_redirect_qtype_aaaa_atype_aaaa_profile.py +++ b/tests/security/sec_deny_srcip_dns_redirect_qtype_aaaa_atype_aaaa_profile.py @@ -1,168 +1,219 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_redirect_qtype_aaaa_atype_aaaa_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + "qtype": "AAAA", + "answer": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], + "atype": "AAAA", + "record_profile": { + "name": "auto_dns_record", + "type": "AAAA", + "description": "auto_dns_record", + "values": [{"value": "1::1:1:1"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "AAAA", - "answer":[ - { - "atype": "AAAA", - "answer_value_type": "Profile", - "profile_name": "sec_dns_type_AAAA", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] - }, - "profile": [ - { - "name": "sec_dns_type_AAAA", - "type": "AAAA", - "items": ["1::1:1:1"] - } - ], - "expected_return": "1::1:1:1", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.example.com -timeout=1 8.8.8.8" }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.example.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "1::1:1:1", + "expected_metric": {"hits": 2}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.example.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_redirect_qtype_aaaa_atype_aaaa_text.py b/tests/security/sec_deny_srcip_dns_redirect_qtype_aaaa_atype_aaaa_text.py index 583b5e32f..8397bbbf8 100644 --- a/tests/security/sec_deny_srcip_dns_redirect_qtype_aaaa_atype_aaaa_text.py +++ b/tests/security/sec_deny_srcip_dns_redirect_qtype_aaaa_atype_aaaa_text.py @@ -1,162 +1,207 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_redirect_qtype_aaaa_atype_aaaa_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "resolution":[ { - "type": "redirect", - "resolution":[ + "qtype": "AAAA", + "answer":[ { - "qtype": "AAAA", - "answer":[ - { - "atype": "AAAA", - "answer_value_type": "TEXT", - "answer_value": "1::1:1:1", - "ttl": "300-333" - } - ] + "atype": "AAAA", + "value": "1::1:1:1", + "ttl": { + "min":300, + "max":333 + } } ] } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "1::1:1:1", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.example.com -timeout=1 8.8.8.8" + ], + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.example.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "1::1:1:1", + "expected_metric": {"hits": 2}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.example.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_redirect_qtype_aaaa_atype_cname_profile.py b/tests/security/sec_deny_srcip_dns_redirect_qtype_aaaa_atype_cname_profile.py index 238771b46..770fc35ad 100644 --- a/tests/security/sec_deny_srcip_dns_redirect_qtype_aaaa_atype_cname_profile.py +++ b/tests/security/sec_deny_srcip_dns_redirect_qtype_aaaa_atype_cname_profile.py @@ -1,168 +1,219 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_redirect_qtype_aaaa_atype_cname_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + "qtype": "AAAA", + "answer": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], + "atype": "CNAME", + "record_profile": { + "name": "auto_dns_record", + "type": "CNAME", + "description": "auto_dns_record", + "values": [{"value": "aaa.bbb.ccc"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "AAAA", - "answer":[ - { - "atype": "CNAME", - "answer_value_type": "Profile", - "profile_name": "sec_dns_type_cname", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] - }, - "profile": [ - { - "name": "sec_dns_type_cname", - "type": "CNAME", - "items": ["aaa.bbb.ccc"] - } - ], - "expected_return": "aaa.bbb.ccc", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.example.com -timeout=1 8.8.8.8" }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.example.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "aaa.bbb.ccc", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.example.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_redirect_qtype_aaaa_atype_cname_text.py b/tests/security/sec_deny_srcip_dns_redirect_qtype_aaaa_atype_cname_text.py index 8618e458b..35d877f32 100644 --- a/tests/security/sec_deny_srcip_dns_redirect_qtype_aaaa_atype_cname_text.py +++ b/tests/security/sec_deny_srcip_dns_redirect_qtype_aaaa_atype_cname_text.py @@ -1,162 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_redirect_qtype_aaaa_atype_cname_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^star-mini.c10r.facebook", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "resolution":[ { - "type": "redirect", - "resolution":[ + "qtype": "AAAA", + "answer":[ { - "qtype": "AAAA", - "answer":[ - { - "atype": "CNAME", - "answer_value_type": "TEXT", - "answer_value": "aaa.bbb.ccc", - "ttl": "300-333" - } - ] + "atype": "CNAME", + "value": "aaa.bbb.ccc", + "ttl": { + "min":300, + "max":333 + } } ] } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "aaa.bbb.ccc", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.example.com -timeout=1 8.8.8.8" + ], + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.example.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "aaa.bbb.ccc", + "expected_metric": {"hits": 2}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.example.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_sub_qname_drop.py b/tests/security/sec_deny_srcip_dns_sub_qname_drop.py index 2231e1972..5c6cecd4e 100644 --- a/tests/security/sec_deny_srcip_dns_sub_qname_drop.py +++ b/tests/security/sec_deny_srcip_dns_sub_qname_drop.py @@ -1,168 +1,212 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_sub_qname_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "facebook.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "send_tcp_rst": False, - "drop_packet": 0, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "facebook.com", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_a_atype_a_profile.py b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_a_atype_a_profile.py index 861fc4587..8e80f4990 100644 --- a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_a_atype_a_profile.py +++ b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_a_atype_a_profile.py @@ -1,184 +1,237 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_sub_qname_redirect_qtype_a_atype_a_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "facebook.com", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ + "qtype": "A", + "answer": [ { - "item_operation": "add", - "item_type": "qname", - "item_value": "facebook.com" + "atype": "A", + "record_profile": { + "name": "auto_dns_record", + "type": "A", + "description": "auto_dns_record", + "values": [{"value": "1.1.1.1"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "A", - "answer":[ - { - "atype": "A", - "answer_value_type": "Profile", - "profile_name": "sec_dns_type_A", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] }, - "profile": [ - { - "name": "sec_dns_type_A", - "type": "A", - "items": ["1.1.1.1"] - } - ], - "expected_return": "1.1.1.1", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "1.1.1.1", + "expected_metric": {"hits": 2}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_a_atype_a_text.py b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_a_atype_a_text.py index 59387e850..8d306951c 100644 --- a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_a_atype_a_text.py +++ b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_a_atype_a_text.py @@ -1,178 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_sub_qname_redirect_qtype_a_atype_a_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "facebook.com", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "resolution":[ { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + "qtype": "A", + "answer":[ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], + "atype": "A", + "value": "1.1.1.1", + "ttl": { + "min":300, + "max":333 + } } ] } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "facebook.com" - } ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "A", - "answer":[ - { - "atype": "A", - "answer_value_type": "TEXT", - "answer_value": "1.1.1.1", - "ttl": "300-333" - } - ] - } - ] - } - ], - "packet_capture": [] + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "1.1.1.1", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "1.1.1.1", + "expected_metric": {"hits": 2}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_a_atype_cname_profile.py b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_a_atype_cname_profile.py index 1564f34d6..1613a843e 100644 --- a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_a_atype_cname_profile.py +++ b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_a_atype_cname_profile.py @@ -1,184 +1,237 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_sub_qname_redirect_qtype_a_atype_cname_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "facebook.com", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ + "qtype": "A", + "answer": [ { - "item_operation": "add", - "item_type": "qname", - "item_value": "facebook.com" + "atype": "CNAME", + "record_profile": { + "name": "auto_dns_record", + "type": "CNAME", + "description": "auto_dns_record", + "values": [{"value": "aaa.bbb.ccc"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "A", - "answer":[ - { - "atype": "CNAME", - "answer_value_type": "Profile", - "profile_name": "sec_dns_type_cname", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] }, - "profile": [ - { - "name": "sec_dns_type_cname", - "type": "CNAME", - "items": ["aaa.bbb.ccc"] - } - ], - "expected_return": "aaa.bbb.ccc", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "aaa.bbb.ccc", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_a_atype_cname_text.py b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_a_atype_cname_text.py index 8fd43946a..20c88d236 100644 --- a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_a_atype_cname_text.py +++ b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_a_atype_cname_text.py @@ -1,178 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_sub_qname_redirect_qtype_a_atype_cname_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "facebook.com", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "resolution":[ { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + "qtype": "A", + "answer":[ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], + "atype": "CNAME", + "value": "aaa.bbb.ccc", + "ttl": { + "min":300, + "max":333 + } } ] } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "facebook.com" - } ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "A", - "answer":[ - { - "atype": "CNAME", - "answer_value_type": "TEXT", - "answer_value": "aaa.bbb.ccc", - "ttl": "300-333" - } - ] - } - ] - } - ], - "packet_capture": [] + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "aaa.bbb.ccc", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "aaa.bbb.ccc", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_aaaa_profile.py b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_aaaa_profile.py index 4950cef2d..d717619d3 100644 --- a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_aaaa_profile.py +++ b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_aaaa_profile.py @@ -1,184 +1,237 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_aaaa_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "example.com", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ + "qtype": "AAAA", + "answer": [ { - "item_operation": "add", - "item_type": "qname", - "item_value": "example.com" + "atype": "AAAA", + "record_profile": { + "name": "auto_dns_record", + "type": "AAAA", + "description": "auto_dns_record", + "values": [{"value": "1::1:1:1"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "AAAA", - "answer":[ - { - "atype": "AAAA", - "answer_value_type": "Profile", - "profile_name": "sec_dns_type_AAAA", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] }, - "profile": [ - { - "name": "sec_dns_type_AAAA", - "type": "AAAA", - "items": ["1::1:1:1"] - } - ], - "expected_return": "1::1:1:1", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.example.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.example.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.example.com.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "1::1:1:1", + "expected_metric": {"hits": 2}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.example.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_aaaa_text.py b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_aaaa_text.py index 7eab37e92..354d47c3c 100644 --- a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_aaaa_text.py +++ b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_aaaa_text.py @@ -1,178 +1,231 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_aaaa_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "example.com", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + "qtype": "AAAA", + "answer": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], + "atype": "AAAA", + "record_profile": { + "name": "auto_dns_record", + "type": "AAAA", + "description": "auto_dns_record", + "values": [{"value": "1::1:1:1"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "example.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "AAAA", - "answer":[ - { - "atype": "AAAA", - "answer_value_type": "TEXT", - "answer_value": "1::1:1:1", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "1::1:1:1", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.example.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.example.com -timeout=1 8.8.8.8" }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.example.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "1::1:1:1", + "expected_metric": {"hits": 2}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.example.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_profile.py b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_profile.py index 44d2c43c8..f5e91fd04 100644 --- a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_profile.py +++ b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_profile.py @@ -1,184 +1,237 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "example.com", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ + "qtype": "AAAA", + "answer": [ { - "item_operation": "add", - "item_type": "qname", - "item_value": "example.com" + "atype": "CNAME", + "record_profile": { + "name": "auto_dns_record", + "type": "CNAME", + "description": "auto_dns_record", + "values": [{"value": "aaa.bbb.ccc"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "AAAA", - "answer":[ - { - "atype": "CNAME", - "answer_value_type": "Profile", - "profile_name": "sec_dns_type_cname", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] }, - "profile": [ - { - "name": "sec_dns_type_cname", - "type": "CNAME", - "items": ["aaa.bbb.ccc"] - } - ], - "expected_return": "aaa.bbb.ccc", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.example.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.example.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.example.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "aaa.bbb.ccc", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.example.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_text.py b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_text.py index 454bf72b3..bc974215a 100644 --- a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_text.py +++ b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_text.py @@ -1,178 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "example.com", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "resolution":[ { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + "qtype": "AAAA", + "answer":[ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], + "atype": "CNAME", + "value": "aaa.bbb.ccc", + "ttl": { + "min":300, + "max":333 + } } ] } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "example.com" - } ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "AAAA", - "answer":[ - { - "atype": "CNAME", - "answer_value_type": "TEXT", - "answer_value": "aaa.bbb.ccc", - "ttl": "300-333" - } - ] - } - ] - } - ], - "packet_capture": [] + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "aaa.bbb.ccc", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.example.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.example.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.example.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "aaa.bbb.ccc", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.example.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_sub_qname_tamper.py b/tests/security/sec_deny_srcip_dns_sub_qname_tamper.py index 72f25ceb2..9b8428c36 100644 --- a/tests/security/sec_deny_srcip_dns_sub_qname_tamper.py +++ b/tests/security/sec_deny_srcip_dns_sub_qname_tamper.py @@ -1,165 +1,211 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_sub_qname_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "facebook.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "facebook.com", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "SERVFAIL", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "SERVFAIL", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_suff_qname_drop.py b/tests/security/sec_deny_srcip_dns_suff_qname_drop.py index 653bacfdc..b6edd1406 100644 --- a/tests/security/sec_deny_srcip_dns_suff_qname_drop.py +++ b/tests/security/sec_deny_srcip_dns_suff_qname_drop.py @@ -1,168 +1,212 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_suff_qname_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "*facebook.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "send_tcp_rst": False, - "drop_packet": 0, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "facebook.com$", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_a_atype_a_profile.py b/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_a_atype_a_profile.py index f8545aadc..24685f27e 100644 --- a/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_a_atype_a_profile.py +++ b/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_a_atype_a_profile.py @@ -1,184 +1,237 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_suff_qname_redirect_qtype_a_atype_a_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "facebook.com$", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ + "qtype": "A", + "answer": [ { - "item_operation": "add", - "item_type": "qname", - "item_value": "*facebook.com" + "atype": "A", + "record_profile": { + "name": "auto_dns_record", + "type": "A", + "description": "auto_dns_record", + "values": [{"value": "1.1.1.1"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "A", - "answer":[ - { - "atype": "A", - "answer_value_type": "Profile", - "profile_name": "sec_dns_type_A", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] }, - "profile": [ - { - "name": "sec_dns_type_A", - "type": "A", - "items": ["1.1.1.1"] - } - ], - "expected_return": "1.1.1.1", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "1.1.1.1", + "expected_metric": {"hits": 2}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_a_atype_a_text.py b/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_a_atype_a_text.py index fc0273f9a..9f96e9b66 100644 --- a/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_a_atype_a_text.py +++ b/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_a_atype_a_text.py @@ -1,178 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_suff_qname_redirect_qtype_a_atype_a_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "facebook.com$", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "resolution":[ { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + "qtype": "A", + "answer":[ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], + "atype": "A", + "value": "1.1.1.1", + "ttl": { + "min":300, + "max":333 + } } ] } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "*facebook.com" - } ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "A", - "answer":[ - { - "atype": "A", - "answer_value_type": "TEXT", - "answer_value": "1.1.1.1", - "ttl": "300-333" - } - ] - } - ] - } - ], - "packet_capture": [] + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "1.1.1.1", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "1.1.1.1", + "expected_metric": {"hits": 2}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_a_atype_cname_profile.py b/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_a_atype_cname_profile.py index 2c5fa59f2..cd42e5b17 100644 --- a/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_a_atype_cname_profile.py +++ b/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_a_atype_cname_profile.py @@ -1,184 +1,237 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_suff_qname_redirect_qtype_a_atype_cname_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "facebook.com$", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ + "qtype": "A", + "answer": [ { - "item_operation": "add", - "item_type": "qname", - "item_value": "*facebook.com" + "atype": "CNAME", + "record_profile": { + "name": "auto_dns_record", + "type": "CNAME", + "description": "auto_dns_record", + "values": [{"value": "aaa.bbb.ccc"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "A", - "answer":[ - { - "atype": "CNAME", - "answer_value_type": "Profile", - "profile_name": "sec_dns_type_cname", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] }, - "profile": [ - { - "name": "sec_dns_type_cname", - "type": "CNAME", - "items": ["aaa.bbb.ccc"] - } - ], - "expected_return": "aaa.bbb.ccc", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "aaa.bbb.ccc", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_a_atype_cname_text.py b/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_a_atype_cname_text.py index 16a143878..f6a458f9d 100644 --- a/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_a_atype_cname_text.py +++ b/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_a_atype_cname_text.py @@ -1,178 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_suff_qname_redirect_qtype_a_atype_cname_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "facebook.com$", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "resolution":[ { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + "qtype": "A", + "answer":[ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], + "atype": "CNAME", + "value": "aaa.bbb.ccc", + "ttl": { + "min":300, + "max":333 + } } ] } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "*facebook.com" - } ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "A", - "answer":[ - { - "atype": "CNAME", - "answer_value_type": "TEXT", - "answer_value": "aaa.bbb.ccc", - "ttl": "300-333" - } - ] - } - ] - } - ], - "packet_capture": [] + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "aaa.bbb.ccc", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "aaa.bbb.ccc", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_aaaa_atype_aaaa_profile.py b/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_aaaa_atype_aaaa_profile.py index d6f6943e7..f3d7c7262 100644 --- a/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_aaaa_atype_aaaa_profile.py +++ b/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_aaaa_atype_aaaa_profile.py @@ -1,184 +1,237 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_suff_qname_redirect_qtype_aaaa_atype_aaaa_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "c10r.facebook.com$", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ + "qtype": "AAAA", + "answer": [ { - "item_operation": "add", - "item_type": "qname", - "item_value": "*c10r.facebook.com" + "atype": "AAAA", + "record_profile": { + "name": "auto_dns_record", + "type": "AAAA", + "description": "auto_dns_record", + "values": [{"value": "1::1:1:1"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "AAAA", - "answer":[ - { - "atype": "AAAA", - "answer_value_type": "Profile", - "profile_name": "sec_dns_type_AAAA", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] }, - "profile": [ - { - "name": "sec_dns_type_AAAA", - "type": "AAAA", - "items": ["1::1:1:1"] - } - ], - "expected_return": "1::1:1:1", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "1::1:1:1", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_aaaa_atype_aaaa_text.py b/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_aaaa_atype_aaaa_text.py index 6bcf34a0f..1f4bd09aa 100644 --- a/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_aaaa_atype_aaaa_text.py +++ b/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_aaaa_atype_aaaa_text.py @@ -1,178 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_suff_qname_redirect_qtype_aaaa_atype_aaaa_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "c10r.facebook.com$", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "resolution":[ { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + "qtype": "AAAA", + "answer":[ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], + "atype": "AAAA", + "value": "1::1:1:1", + "ttl": { + "min":300, + "max":333 + } } ] } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "*c10r.facebook.com" - } ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "AAAA", - "answer":[ - { - "atype": "AAAA", - "answer_value_type": "TEXT", - "answer_value": "1::1:1:1", - "ttl": "300-333" - } - ] - } - ] - } - ], - "packet_capture": [] + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "1::1:1:1", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "1::1:1:1", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_aaaa_atype_cname_profile.py b/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_aaaa_atype_cname_profile.py index db99d5dc4..d064cbd18 100644 --- a/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_aaaa_atype_cname_profile.py +++ b/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_aaaa_atype_cname_profile.py @@ -1,184 +1,237 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_suff_qname_redirect_qtype_aaaa_atype_cname_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "c10r.facebook.com$", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ + "qtype": "AAAA", + "answer": [ { - "item_operation": "add", - "item_type": "qname", - "item_value": "*c10r.facebook.com" + "atype": "CNAME", + "record_profile": { + "name": "auto_dns_record", + "type": "CNAME", + "description": "auto_dns_record", + "values": [{"value": "aaa.bbb.ccc"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "AAAA", - "answer":[ - { - "atype": "CNAME", - "answer_value_type": "Profile", - "profile_name": "sec_dns_type_cname", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] }, - "profile": [ - { - "name": "sec_dns_type_cname", - "type": "CNAME", - "items": ["aaa.bbb.ccc"] - } - ], - "expected_return": "aaa.bbb.ccc", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "aaa.bbb.ccc", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_aaaa_atype_cname_text.py b/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_aaaa_atype_cname_text.py index 62dd8d2c0..7aba8f1c9 100644 --- a/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_aaaa_atype_cname_text.py +++ b/tests/security/sec_deny_srcip_dns_suff_qname_redirect_qtype_aaaa_atype_cname_text.py @@ -1,178 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_suff_qname_redirect_qtype_aaaa_atype_cname_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "c10r.facebook.com$", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "resolution":[ { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + "qtype": "AAAA", + "answer":[ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], + "atype": "CNAME", + "value": "aaa.bbb.ccc", + "ttl": { + "min":300, + "max":333 + } } ] } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "*c10r.facebook.com" - } ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "AAAA", - "answer":[ - { - "atype": "CNAME", - "answer_value_type": "TEXT", - "answer_value": "aaa.bbb.ccc", - "ttl": "300-333" - } - ] - } - ] - } - ], - "packet_capture": [] + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "aaa.bbb.ccc", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "aaa.bbb.ccc", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_suff_qname_tamper.py b/tests/security/sec_deny_srcip_dns_suff_qname_tamper.py index ceeb695db..8361dd198 100644 --- a/tests/security/sec_deny_srcip_dns_suff_qname_tamper.py +++ b/tests/security/sec_deny_srcip_dns_suff_qname_tamper.py @@ -1,165 +1,211 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_suff_qname_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "*facebook.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "facebook.com$", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "SERVFAIL", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "SERVFAIL", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_tamper.py b/tests/security/sec_deny_srcip_dns_tamper.py index 56d301c90..20191a276 100644 --- a/tests/security/sec_deny_srcip_dns_tamper.py +++ b/tests/security/sec_deny_srcip_dns_tamper.py @@ -1,149 +1,193 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "SERVFAIL", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.example.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "SERVFAIL", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_xly_qname_drop.py b/tests/security/sec_deny_srcip_dns_xly_qname_drop.py index 27f8ff20c..42fecda89 100644 --- a/tests/security/sec_deny_srcip_dns_xly_qname_drop.py +++ b/tests/security/sec_deny_srcip_dns_xly_qname_drop.py @@ -1,168 +1,210 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_xly_qname_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "$www.facebook.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "send_tcp_rst": False, - "drop_packet": 0, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^www.facebook.com$", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_a_atype_a_profile.py b/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_a_atype_a_profile.py index 8e00059b0..bfb2e5a5f 100644 --- a/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_a_atype_a_profile.py +++ b/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_a_atype_a_profile.py @@ -1,184 +1,237 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_xly_qname_redirect_qtype_a_atype_a_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^www.facebook.com$", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ + "qtype": "A", + "answer": [ { - "item_operation": "add", - "item_type": "qname", - "item_value": "$www.facebook.com" + "atype": "A", + "record_profile": { + "name": "auto_dns_record", + "type": "A", + "description": "auto_dns_record", + "values": [{"value": "1.1.1.1"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "A", - "answer":[ - { - "atype": "A", - "answer_value_type": "Profile", - "profile_name": "sec_dns_type_A", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] }, - "profile": [ - { - "name": "sec_dns_type_A", - "type": "A", - "items": ["1.1.1.1"] - } - ], - "expected_return": "1.1.1.1", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "1.1.1.1", + "expected_metric": {"hits": 2}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_a_atype_a_text.py b/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_a_atype_a_text.py index a53b22e84..b6d5a2ece 100644 --- a/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_a_atype_a_text.py +++ b/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_a_atype_a_text.py @@ -1,178 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_xly_qname_redirect_qtype_a_atype_a_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^www.facebook.com$", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "resolution":[ { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + "qtype": "A", + "answer":[ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], + "atype": "A", + "value": "1.1.1.1", + "ttl": { + "min":300, + "max":333 + } } ] } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "$www.facebook.com" - } ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "A", - "answer":[ - { - "atype": "A", - "answer_value_type": "TEXT", - "answer_value": "1.1.1.1", - "ttl": "300-333" - } - ] - } - ] - } - ], - "packet_capture": [] + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "1.1.1.1", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "1.1.1.1", + "expected_metric": {"hits": 2}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_a_atype_cname_profile.py b/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_a_atype_cname_profile.py index d3500daa7..b397b1ef1 100644 --- a/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_a_atype_cname_profile.py +++ b/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_a_atype_cname_profile.py @@ -1,184 +1,237 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_xly_qname_redirect_qtype_a_atype_cname_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^www.facebook.com$", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ + "qtype": "A", + "answer": [ { - "item_operation": "add", - "item_type": "qname", - "item_value": "$www.facebook.com" + "atype": "CNAME", + "record_profile": { + "name": "auto_dns_record", + "type": "CNAME", + "description": "auto_dns_record", + "values": [{"value": "aaa.bbb.ccc"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "A", - "answer":[ - { - "atype": "CNAME", - "answer_value_type": "Profile", - "profile_name": "sec_dns_type_cname", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] }, - "profile": [ - { - "name": "sec_dns_type_cname", - "type": "CNAME", - "items": ["aaa.bbb.ccc"] - } - ], - "expected_return": "aaa.bbb.ccc", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "aaa.bbb.ccc", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_a_atype_cname_text.py b/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_a_atype_cname_text.py index ca6c88252..a3912e24a 100644 --- a/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_a_atype_cname_text.py +++ b/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_a_atype_cname_text.py @@ -1,178 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_xly_qname_redirect_qtype_a_atype_cname_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^www.facebook.com$", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "resolution":[ { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + "qtype": "A", + "answer":[ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], + "atype": "CNAME", + "value": "aaa.bbb.ccc", + "ttl": { + "min":300, + "max":333 + } } ] } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "$www.facebook.com" - } ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "A", - "answer":[ - { - "atype": "CNAME", - "answer_value_type": "TEXT", - "answer_value": "aaa.bbb.ccc", - "ttl": "300-333" - } - ] - } - ] - } - ], - "packet_capture": [] + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "aaa.bbb.ccc", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "aaa.bbb.ccc", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_aaaa_atype_aaaa_profile.py b/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_aaaa_atype_aaaa_profile.py index 5b64282c8..0753214f1 100644 --- a/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_aaaa_atype_aaaa_profile.py +++ b/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_aaaa_atype_aaaa_profile.py @@ -1,184 +1,237 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_xly_qname_redirect_qtype_aaaa_atype_aaaa_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "$star-mini.c10r.facebook.com", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ + "qtype": "AAAA", + "answer": [ { - "item_operation": "add", - "item_type": "qname", - "item_value": "$star-mini.c10r.facebook.com" + "atype": "AAAA", + "record_profile": { + "name": "auto_dns_record", + "type": "AAAA", + "description": "auto_dns_record", + "values": [{"value": "1::1:1:1"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "AAAA", - "answer":[ - { - "atype": "AAAA", - "answer_value_type": "Profile", - "profile_name": "sec_dns_type_AAAA", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] }, - "profile": [ - { - "name": "sec_dns_type_AAAA", - "type": "AAAA", - "items": ["1::1:1:1"] - } - ], - "expected_return": "1::1:1:1", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "1::1:1:1", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_aaaa_atype_aaaa_text.py b/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_aaaa_atype_aaaa_text.py index 65b2ab724..eef4b3e55 100644 --- a/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_aaaa_atype_aaaa_text.py +++ b/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_aaaa_atype_aaaa_text.py @@ -1,178 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_xly_qname_redirect_qtype_aaaa_atype_aaaa_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "$star-mini.c10r.facebook.com", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "resolution":[ { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + "qtype": "AAAA", + "answer":[ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], + "atype": "AAAA", + "value": "1::1:1:1", + "ttl": { + "min":300, + "max":333 + } } ] } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "$star-mini.c10r.facebook.com" - } ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "AAAA", - "answer":[ - { - "atype": "AAAA", - "answer_value_type": "TEXT", - "answer_value": "1::1:1:1", - "ttl": "300-333" - } - ] - } - ] - } - ], - "packet_capture": [] + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "1::1:1:1", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "1::1:1:1", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_aaaa_atype_cname_profile.py b/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_aaaa_atype_cname_profile.py index 9ba734815..2c6e14948 100644 --- a/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_aaaa_atype_cname_profile.py +++ b/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_aaaa_atype_cname_profile.py @@ -1,184 +1,237 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_xly_qname_redirect_qtype_aaaa_atype_cname_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "$star-mini.c10r.facebook.com", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + "resolution": [ { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ + "qtype": "AAAA", + "answer": [ { - "item_operation": "add", - "item_type": "qname", - "item_value": "$star-mini.c10r.facebook.com" + "atype": "CNAME", + "record_profile": { + "name": "auto_dns_record", + "type": "CNAME", + "description": "auto_dns_record", + "values": [{"value": "aaa.bbb.ccc"}] + }, + "selected_num": 1, + "ttl": { + "min": 300, + "max": 300 } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "AAAA", - "answer":[ - { - "atype": "CNAME", - "answer_value_type": "Profile", - "profile_name": "sec_dns_type_cname", - "ttl": "300-333" - } - ] } ] } ], - "packet_capture": [] }, - "profile": [ - { - "name": "sec_dns_type_cname", - "type": "CNAME", - "items": ["aaa.bbb.ccc"] - } - ], - "expected_return": "aaa.bbb.ccc", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "aaa.bbb.ccc", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_aaaa_atype_cname_text.py b/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_aaaa_atype_cname_text.py index f901a821a..79d32fc93 100644 --- a/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_aaaa_atype_cname_text.py +++ b/tests/security/sec_deny_srcip_dns_xly_qname_redirect_qtype_aaaa_atype_cname_text.py @@ -1,178 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_xly_qname_redirect_qtype_aaaa_atype_cname_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "$star-mini.c10r.facebook.com", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "packet_capture": { + "enable": 0 + }, + "resolution":[ { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + "qtype": "AAAA", + "answer":[ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], + "atype": "CNAME", + "value": "aaa.bbb.ccc", + "ttl": { + "min":300, + "max":333 + } } ] } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "$star-mini.c10r.facebook.com" - } ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "resolution":[ - { - "qtype": "AAAA", - "answer":[ - { - "atype": "CNAME", - "answer_value_type": "TEXT", - "answer_value": "aaa.bbb.ccc", - "ttl": "300-333" - } - ] - } - ] - } - ], - "packet_capture": [] + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "aaa.bbb.ccc", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" + } + + verification_result = { + "excepted_traffic_result": "aaa.bbb.ccc", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "star-mini.c10r.facebook.com"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_dns_xly_qname_tamper.py b/tests/security/sec_deny_srcip_dns_xly_qname_tamper.py index 0fee80cf0..27d578af1 100644 --- a/tests/security/sec_deny_srcip_dns_xly_qname_tamper.py +++ b/tests/security/sec_deny_srcip_dns_xly_qname_tamper.py @@ -1,165 +1,211 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_dns_xly_qname_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "dns", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_fqdn", - "object_type": "fqdn", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "qname", - "item_value": "$www.facebook.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["dns"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_DNS_QNAME", + "type": "fqdn", + "member_type": "item", + "name": "test_dns_qname", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^www.facebook.com$", + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "SERVFAIL", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"server_ip", "query_value": "8.8.8.8"}, - {"query_field_key":"decoded_as", "query_value": "DNS"}, - {"query_field_key":"dns_qname", "query_value": "www.facebook.com"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "dns", # or trex/http + "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "SERVFAIL", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, + {"query_field_key":"decoded_as", "query_value": "DNS"}, + {"query_field_key":"dns_qname", "query_value": "www.facebook.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_ftp_exactly_account_drop.py b/tests/security/sec_deny_srcip_ftp_exactly_account_drop.py index 21a658f9d..ec94d834d 100644 --- a/tests/security/sec_deny_srcip_ftp_exactly_account_drop.py +++ b/tests/security/sec_deny_srcip_ftp_exactly_account_drop.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_exactly_account_drop_rst.py b/tests/security/sec_deny_srcip_ftp_exactly_account_drop_rst.py index 65ab313fe..bb910b082 100644 --- a/tests/security/sec_deny_srcip_ftp_exactly_account_drop_rst.py +++ b/tests/security/sec_deny_srcip_ftp_exactly_account_drop_rst.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_exactly_account_rate_high.py b/tests/security/sec_deny_srcip_ftp_exactly_account_rate_high.py index a5d00878f..f966c24ea 100644 --- a/tests/security/sec_deny_srcip_ftp_exactly_account_rate_high.py +++ b/tests/security/sec_deny_srcip_ftp_exactly_account_rate_high.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_exactly_account_rate_low.py b/tests/security/sec_deny_srcip_ftp_exactly_account_rate_low.py index 3de3c4514..98ab6db15 100644 --- a/tests/security/sec_deny_srcip_ftp_exactly_account_rate_low.py +++ b/tests/security/sec_deny_srcip_ftp_exactly_account_rate_low.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_exactly_account_tamper.py b/tests/security/sec_deny_srcip_ftp_exactly_account_tamper.py index 9809c1b60..01c4150f5 100644 --- a/tests/security/sec_deny_srcip_ftp_exactly_account_tamper.py +++ b/tests/security/sec_deny_srcip_ftp_exactly_account_tamper.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_exactly_url_drop.py b/tests/security/sec_deny_srcip_ftp_exactly_url_drop.py index 95aa01b33..cf4ab843a 100644 --- a/tests/security/sec_deny_srcip_ftp_exactly_url_drop.py +++ b/tests/security/sec_deny_srcip_ftp_exactly_url_drop.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_exactly_url_drop_rst.py b/tests/security/sec_deny_srcip_ftp_exactly_url_drop_rst.py index 95aa01b33..cf4ab843a 100644 --- a/tests/security/sec_deny_srcip_ftp_exactly_url_drop_rst.py +++ b/tests/security/sec_deny_srcip_ftp_exactly_url_drop_rst.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_exactly_url_rate_high.py b/tests/security/sec_deny_srcip_ftp_exactly_url_rate_high.py index e0beb508e..a929ae9f7 100644 --- a/tests/security/sec_deny_srcip_ftp_exactly_url_rate_high.py +++ b/tests/security/sec_deny_srcip_ftp_exactly_url_rate_high.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_exactly_url_rate_low.py b/tests/security/sec_deny_srcip_ftp_exactly_url_rate_low.py index cb5a37c79..19a6a3bb0 100644 --- a/tests/security/sec_deny_srcip_ftp_exactly_url_rate_low.py +++ b/tests/security/sec_deny_srcip_ftp_exactly_url_rate_low.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_exactly_url_tamper.py b/tests/security/sec_deny_srcip_ftp_exactly_url_tamper.py index 792bf3989..83887a44c 100644 --- a/tests/security/sec_deny_srcip_ftp_exactly_url_tamper.py +++ b/tests/security/sec_deny_srcip_ftp_exactly_url_tamper.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_pre_account_drop.py b/tests/security/sec_deny_srcip_ftp_pre_account_drop.py index 6cfc4cbcd..403b62626 100644 --- a/tests/security/sec_deny_srcip_ftp_pre_account_drop.py +++ b/tests/security/sec_deny_srcip_ftp_pre_account_drop.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_pre_account_drop_rst.py b/tests/security/sec_deny_srcip_ftp_pre_account_drop_rst.py index 88bd0ea12..c27096650 100644 --- a/tests/security/sec_deny_srcip_ftp_pre_account_drop_rst.py +++ b/tests/security/sec_deny_srcip_ftp_pre_account_drop_rst.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_pre_account_rate_high.py b/tests/security/sec_deny_srcip_ftp_pre_account_rate_high.py index 8a273f696..2dde60c05 100644 --- a/tests/security/sec_deny_srcip_ftp_pre_account_rate_high.py +++ b/tests/security/sec_deny_srcip_ftp_pre_account_rate_high.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", @@ -242,7 +242,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_pre_account_rate_low.py b/tests/security/sec_deny_srcip_ftp_pre_account_rate_low.py index 2227a4be3..7ae812f59 100644 --- a/tests/security/sec_deny_srcip_ftp_pre_account_rate_low.py +++ b/tests/security/sec_deny_srcip_ftp_pre_account_rate_low.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_pre_account_tamper.py b/tests/security/sec_deny_srcip_ftp_pre_account_tamper.py index 5280aafb5..7452cbcf4 100644 --- a/tests/security/sec_deny_srcip_ftp_pre_account_tamper.py +++ b/tests/security/sec_deny_srcip_ftp_pre_account_tamper.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_pre_url_drop.py b/tests/security/sec_deny_srcip_ftp_pre_url_drop.py index 798df2832..1379a5321 100644 --- a/tests/security/sec_deny_srcip_ftp_pre_url_drop.py +++ b/tests/security/sec_deny_srcip_ftp_pre_url_drop.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_pre_url_drop_rst.py b/tests/security/sec_deny_srcip_ftp_pre_url_drop_rst.py index 798df2832..1379a5321 100644 --- a/tests/security/sec_deny_srcip_ftp_pre_url_drop_rst.py +++ b/tests/security/sec_deny_srcip_ftp_pre_url_drop_rst.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_pre_url_rate_high.py b/tests/security/sec_deny_srcip_ftp_pre_url_rate_high.py index be76c8562..990b3c0a1 100644 --- a/tests/security/sec_deny_srcip_ftp_pre_url_rate_high.py +++ b/tests/security/sec_deny_srcip_ftp_pre_url_rate_high.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_pre_url_rate_low.py b/tests/security/sec_deny_srcip_ftp_pre_url_rate_low.py index d7bf81092..fac765229 100644 --- a/tests/security/sec_deny_srcip_ftp_pre_url_rate_low.py +++ b/tests/security/sec_deny_srcip_ftp_pre_url_rate_low.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_pre_url_tamper.py b/tests/security/sec_deny_srcip_ftp_pre_url_tamper.py index cac64d96c..9767212c5 100644 --- a/tests/security/sec_deny_srcip_ftp_pre_url_tamper.py +++ b/tests/security/sec_deny_srcip_ftp_pre_url_tamper.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_substr_account_drop.py b/tests/security/sec_deny_srcip_ftp_substr_account_drop.py index 9cdeebb88..28d41b8b1 100644 --- a/tests/security/sec_deny_srcip_ftp_substr_account_drop.py +++ b/tests/security/sec_deny_srcip_ftp_substr_account_drop.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_substr_account_drop_rst.py b/tests/security/sec_deny_srcip_ftp_substr_account_drop_rst.py index be330389f..3dd82cf57 100644 --- a/tests/security/sec_deny_srcip_ftp_substr_account_drop_rst.py +++ b/tests/security/sec_deny_srcip_ftp_substr_account_drop_rst.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_substr_account_rate_high.py b/tests/security/sec_deny_srcip_ftp_substr_account_rate_high.py index beb7c53b6..81272fd53 100644 --- a/tests/security/sec_deny_srcip_ftp_substr_account_rate_high.py +++ b/tests/security/sec_deny_srcip_ftp_substr_account_rate_high.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", @@ -242,7 +242,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_substr_account_rate_low.py b/tests/security/sec_deny_srcip_ftp_substr_account_rate_low.py index ff49c27c5..1d066db8f 100644 --- a/tests/security/sec_deny_srcip_ftp_substr_account_rate_low.py +++ b/tests/security/sec_deny_srcip_ftp_substr_account_rate_low.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_substr_account_tamper.py b/tests/security/sec_deny_srcip_ftp_substr_account_tamper.py index 130331283..88e146b7a 100644 --- a/tests/security/sec_deny_srcip_ftp_substr_account_tamper.py +++ b/tests/security/sec_deny_srcip_ftp_substr_account_tamper.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_substr_content_drop.py b/tests/security/sec_deny_srcip_ftp_substr_content_drop.py index 5e24ac380..2fe7bb01a 100644 --- a/tests/security/sec_deny_srcip_ftp_substr_content_drop.py +++ b/tests/security/sec_deny_srcip_ftp_substr_content_drop.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_substr_content_drop_rst.py b/tests/security/sec_deny_srcip_ftp_substr_content_drop_rst.py index 181c9d0c2..d1ffd568d 100644 --- a/tests/security/sec_deny_srcip_ftp_substr_content_drop_rst.py +++ b/tests/security/sec_deny_srcip_ftp_substr_content_drop_rst.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_substr_content_rate_high.py b/tests/security/sec_deny_srcip_ftp_substr_content_rate_high.py index e85a8090b..91762c967 100644 --- a/tests/security/sec_deny_srcip_ftp_substr_content_rate_high.py +++ b/tests/security/sec_deny_srcip_ftp_substr_content_rate_high.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_substr_content_rate_low.py b/tests/security/sec_deny_srcip_ftp_substr_content_rate_low.py index dc458a6d7..6b2996495 100644 --- a/tests/security/sec_deny_srcip_ftp_substr_content_rate_low.py +++ b/tests/security/sec_deny_srcip_ftp_substr_content_rate_low.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_substr_content_tamper.py b/tests/security/sec_deny_srcip_ftp_substr_content_tamper.py index 339b7f7c8..b3a20ab19 100644 --- a/tests/security/sec_deny_srcip_ftp_substr_content_tamper.py +++ b/tests/security/sec_deny_srcip_ftp_substr_content_tamper.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_substr_url_drop.py b/tests/security/sec_deny_srcip_ftp_substr_url_drop.py index 56956b8d0..52f8212e0 100644 --- a/tests/security/sec_deny_srcip_ftp_substr_url_drop.py +++ b/tests/security/sec_deny_srcip_ftp_substr_url_drop.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_substr_url_drop_rst.py b/tests/security/sec_deny_srcip_ftp_substr_url_drop_rst.py index 56956b8d0..52f8212e0 100644 --- a/tests/security/sec_deny_srcip_ftp_substr_url_drop_rst.py +++ b/tests/security/sec_deny_srcip_ftp_substr_url_drop_rst.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_substr_url_rate_high.py b/tests/security/sec_deny_srcip_ftp_substr_url_rate_high.py index fc945c912..c37bb36cf 100644 --- a/tests/security/sec_deny_srcip_ftp_substr_url_rate_high.py +++ b/tests/security/sec_deny_srcip_ftp_substr_url_rate_high.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_substr_url_rate_low.py b/tests/security/sec_deny_srcip_ftp_substr_url_rate_low.py index e64dca4ea..d64d3f1f7 100644 --- a/tests/security/sec_deny_srcip_ftp_substr_url_rate_low.py +++ b/tests/security/sec_deny_srcip_ftp_substr_url_rate_low.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_substr_url_tamper.py b/tests/security/sec_deny_srcip_ftp_substr_url_tamper.py index 327526f6d..c3c8e9343 100644 --- a/tests/security/sec_deny_srcip_ftp_substr_url_tamper.py +++ b/tests/security/sec_deny_srcip_ftp_substr_url_tamper.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_suff_account_drop.py b/tests/security/sec_deny_srcip_ftp_suff_account_drop.py index c1c302b81..7bec2ca07 100644 --- a/tests/security/sec_deny_srcip_ftp_suff_account_drop.py +++ b/tests/security/sec_deny_srcip_ftp_suff_account_drop.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_suff_account_drop_rst.py b/tests/security/sec_deny_srcip_ftp_suff_account_drop_rst.py index f4d737b22..2a2fc565c 100644 --- a/tests/security/sec_deny_srcip_ftp_suff_account_drop_rst.py +++ b/tests/security/sec_deny_srcip_ftp_suff_account_drop_rst.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_suff_account_rate_high.py b/tests/security/sec_deny_srcip_ftp_suff_account_rate_high.py index 2a107ba4a..ac7d8ec7f 100644 --- a/tests/security/sec_deny_srcip_ftp_suff_account_rate_high.py +++ b/tests/security/sec_deny_srcip_ftp_suff_account_rate_high.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_suff_account_rate_low.py b/tests/security/sec_deny_srcip_ftp_suff_account_rate_low.py index b238839ad..80721f304 100644 --- a/tests/security/sec_deny_srcip_ftp_suff_account_rate_low.py +++ b/tests/security/sec_deny_srcip_ftp_suff_account_rate_low.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_suff_account_tamper.py b/tests/security/sec_deny_srcip_ftp_suff_account_tamper.py index cc6289df4..ba6c5fa2b 100644 --- a/tests/security/sec_deny_srcip_ftp_suff_account_tamper.py +++ b/tests/security/sec_deny_srcip_ftp_suff_account_tamper.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_suff_url_drop.py b/tests/security/sec_deny_srcip_ftp_suff_url_drop.py index 1d166b551..d1daa751f 100644 --- a/tests/security/sec_deny_srcip_ftp_suff_url_drop.py +++ b/tests/security/sec_deny_srcip_ftp_suff_url_drop.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_suff_url_rate_high.py b/tests/security/sec_deny_srcip_ftp_suff_url_rate_high.py index a17c94ec7..4e5b3604f 100644 --- a/tests/security/sec_deny_srcip_ftp_suff_url_rate_high.py +++ b/tests/security/sec_deny_srcip_ftp_suff_url_rate_high.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_suff_url_rate_low.py b/tests/security/sec_deny_srcip_ftp_suff_url_rate_low.py index 89f759d68..b7868dc93 100644 --- a/tests/security/sec_deny_srcip_ftp_suff_url_rate_low.py +++ b/tests/security/sec_deny_srcip_ftp_suff_url_rate_low.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_suff_url_rst.py b/tests/security/sec_deny_srcip_ftp_suff_url_rst.py index 1d166b551..d1daa751f 100644 --- a/tests/security/sec_deny_srcip_ftp_suff_url_rst.py +++ b/tests/security/sec_deny_srcip_ftp_suff_url_rst.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_ftp_suff_url_tamper.py b/tests/security/sec_deny_srcip_ftp_suff_url_tamper.py index 4c3b7a611..d9f8d5f26 100644 --- a/tests/security/sec_deny_srcip_ftp_suff_url_tamper.py +++ b/tests/security/sec_deny_srcip_ftp_suff_url_tamper.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_http_alert_200_profile.py b/tests/security/sec_deny_srcip_http_alert_200_profile.py index 609e72883..66e151288 100644 --- a/tests/security/sec_deny_srcip_http_alert_200_profile.py +++ b/tests/security/sec_deny_srcip_http_alert_200_profile.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_http_alert_200_text.py b/tests/security/sec_deny_srcip_http_alert_200_text.py index 8e0f455b6..c7d3f9cd9 100644 --- a/tests/security/sec_deny_srcip_http_alert_200_text.py +++ b/tests/security/sec_deny_srcip_http_alert_200_text.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_http_alert_204.py b/tests/security/sec_deny_srcip_http_alert_204.py index 7fa2b456e..9dbc51a04 100644 --- a/tests/security/sec_deny_srcip_http_alert_204.py +++ b/tests/security/sec_deny_srcip_http_alert_204.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", diff --git a/tests/security/sec_deny_srcip_http_block_403_profile.py b/tests/security/sec_deny_srcip_http_block_403_profile.py index 7fa2b456e..a2df4abff 100644 --- a/tests/security/sec_deny_srcip_http_block_403_profile.py +++ b/tests/security/sec_deny_srcip_http_block_403_profile.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", @@ -74,8 +74,13 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "alert", - "code": 204, + "sub_action": "block", + "code": 404, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, "packet_capture": { "enable": 0 }, @@ -91,7 +96,7 @@ def run(parameter): } verification_result = { - "excepted_traffic_result": "204", + "excepted_traffic_result": "403", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"server_fqdn", "query_value": "www.example.com"}, diff --git a/tests/security/sec_deny_srcip_http_block_403_text.py b/tests/security/sec_deny_srcip_http_block_403_text.py index d855a0055..d569cee41 100644 --- a/tests/security/sec_deny_srcip_http_block_403_text.py +++ b/tests/security/sec_deny_srcip_http_block_403_text.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", @@ -74,7 +74,7 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "alert", + "sub_action": "block", "code": 403, "message": "deny_autest_403", "packet_capture": { diff --git a/tests/security/sec_deny_srcip_http_block_404_profile.py b/tests/security/sec_deny_srcip_http_block_404_profile.py index d61c31b94..ee861c486 100644 --- a/tests/security/sec_deny_srcip_http_block_404_profile.py +++ b/tests/security/sec_deny_srcip_http_block_404_profile.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", @@ -74,7 +74,7 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "alert", + "sub_action": "block", "code": 404, "html_profile": { "name": "test", diff --git a/tests/security/sec_deny_srcip_http_block_404_text.py b/tests/security/sec_deny_srcip_http_block_404_text.py index 25205a161..f25792f34 100644 --- a/tests/security/sec_deny_srcip_http_block_404_text.py +++ b/tests/security/sec_deny_srcip_http_block_404_text.py @@ -28,7 +28,7 @@ def run(parameter): "action": "deny", "and_conditions": [ { - "negate_option": True, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_SOURCE_IP", @@ -74,7 +74,7 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "alert", + "sub_action": "block", "code": 404, "message": "deny_autest_404", "packet_capture": { diff --git a/tests/security/sec_deny_srcip_http_pre_reqbody_drop.py b/tests/security/sec_deny_srcip_http_pre_reqbody_drop.py index 38c4fdf51..b5d70e72b 100644 --- a/tests/security/sec_deny_srcip_http_pre_reqbody_drop.py +++ b/tests/security/sec_deny_srcip_http_pre_reqbody_drop.py @@ -1,103 +1,100 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -105,74 +102,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_reqbody_drop_rst.py b/tests/security/sec_deny_srcip_http_pre_reqbody_drop_rst.py index 8edd45239..7ee9800b5 100644 --- a/tests/security/sec_deny_srcip_http_pre_reqbody_drop_rst.py +++ b/tests/security/sec_deny_srcip_http_pre_reqbody_drop_rst.py @@ -1,103 +1,100 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -105,74 +102,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_reqbody_rate_high.py b/tests/security/sec_deny_srcip_http_pre_reqbody_rate_high.py index 36a751f0b..ecb2abe2e 100644 --- a/tests/security/sec_deny_srcip_http_pre_reqbody_rate_high.py +++ b/tests/security/sec_deny_srcip_http_pre_reqbody_rate_high.py @@ -1,101 +1,101 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "100000", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "test", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "test", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -103,74 +103,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_reqbody_rate_low.py b/tests/security/sec_deny_srcip_http_pre_reqbody_rate_low.py index d84110de3..b8f02d8c6 100644 --- a/tests/security/sec_deny_srcip_http_pre_reqbody_rate_low.py +++ b/tests/security/sec_deny_srcip_http_pre_reqbody_rate_low.py @@ -1,101 +1,101 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -103,74 +103,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_reqbody_tamper.py b/tests/security/sec_deny_srcip_http_pre_reqbody_tamper.py index 5647b441e..ad17efb6a 100644 --- a/tests/security/sec_deny_srcip_http_pre_reqbody_tamper.py +++ b/tests/security/sec_deny_srcip_http_pre_reqbody_tamper.py @@ -1,100 +1,99 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -102,74 +101,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_resbody_drop.py b/tests/security/sec_deny_srcip_http_pre_resbody_drop.py index 9409a0546..4f05b1dfc 100644 --- a/tests/security/sec_deny_srcip_http_pre_resbody_drop.py +++ b/tests/security/sec_deny_srcip_http_pre_resbody_drop.py @@ -1,171 +1,215 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_resbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "response_body", - "item_value": "TEXT", - "value": [ - "<html*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_RES_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^<html" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"imsi", "query_value":parameter['test_imsi']}, - {"query_field_key":"phone_number", "query_value": parameter['test_phone_number']}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"helloSecurity\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://192.168.40.206:180/go" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, + {"query_field_key":"decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action", "query_value":"deny"}, + {"query_field_key":"server_port", "query_value": 180}, + {"query_field_key":"ip_protocol", "query_value": "tcp"}, + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_resbody_drop_rst.py b/tests/security/sec_deny_srcip_http_pre_resbody_drop_rst.py index e6273ccf9..5a04ba672 100644 --- a/tests/security/sec_deny_srcip_http_pre_resbody_drop_rst.py +++ b/tests/security/sec_deny_srcip_http_pre_resbody_drop_rst.py @@ -1,171 +1,215 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_resbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "response_body", - "item_value": "TEXT", - "value": [ - "<html*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_RES_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^<html" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"imsi", "query_value":parameter['test_imsi']}, - {"query_field_key":"phone_number", "query_value": parameter['test_phone_number']}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"helloSecurity\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://192.168.40.206:180/go" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, + {"query_field_key":"decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action", "query_value":"deny"}, + {"query_field_key":"server_port", "query_value": 180}, + {"query_field_key":"ip_protocol", "query_value": "tcp"}, + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_resbody_rate_high.py b/tests/security/sec_deny_srcip_http_pre_resbody_rate_high.py index c824eed56..f3f69915c 100644 --- a/tests/security/sec_deny_srcip_http_pre_resbody_rate_high.py +++ b/tests/security/sec_deny_srcip_http_pre_resbody_rate_high.py @@ -1,169 +1,216 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_resbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "response_body", - "item_value": "TEXT", - "value": [ - "<html*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_RES_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^<html" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "test_resbody", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"imsi", "query_value":parameter['test_imsi']}, - {"query_field_key":"phone_number", "query_value": parameter['test_phone_number']}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"helloSecurity\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://192.168.40.206:180/go" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "test", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, + {"query_field_key":"decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action", "query_value":"deny"}, + {"query_field_key":"server_port", "query_value": 180}, + {"query_field_key":"ip_protocol", "query_value": "tcp"}, + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_resbody_rate_low.py b/tests/security/sec_deny_srcip_http_pre_resbody_rate_low.py index 9983caa95..fab358c2a 100644 --- a/tests/security/sec_deny_srcip_http_pre_resbody_rate_low.py +++ b/tests/security/sec_deny_srcip_http_pre_resbody_rate_low.py @@ -1,169 +1,216 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_resbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "response_body", - "item_value": "TEXT", - "value": [ - "<html*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_RES_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^<html" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"imsi", "query_value":parameter['test_imsi']}, - {"query_field_key":"phone_number", "query_value": parameter['test_phone_number']}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"helloSecurity\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://192.168.40.206:180/go" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, + {"query_field_key":"decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action", "query_value":"deny"}, + {"query_field_key":"server_port", "query_value": 180}, + {"query_field_key":"ip_protocol", "query_value": "tcp"}, + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_resbody_tamper.py b/tests/security/sec_deny_srcip_http_pre_resbody_tamper.py index 20934465c..7f8eb89a0 100644 --- a/tests/security/sec_deny_srcip_http_pre_resbody_tamper.py +++ b/tests/security/sec_deny_srcip_http_pre_resbody_tamper.py @@ -1,168 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_resbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "response_body", - "item_value": "TEXT", - "value": [ - "<html*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_RES_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^<html" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"imsi", "query_value":parameter['test_imsi']}, - {"query_field_key":"phone_number", "query_value": parameter['test_phone_number']}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"helloSecurity\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://192.168.40.206:180/go" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, + {"query_field_key":"decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action", "query_value":"deny"}, + {"query_field_key":"server_port", "query_value": 180}, + {"query_field_key":"ip_protocol", "query_value": "tcp"}, + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_url_alert_200_text.py b/tests/security/sec_deny_srcip_http_pre_url_alert_200_text.py index 6a0319586..7ab509173 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_alert_200_text.py +++ b/tests/security/sec_deny_srcip_http_pre_url_alert_200_text.py @@ -166,4 +166,403 @@ if __name__ == '__main__': "test_case_name": os.path.basename(__file__)[:-3] } parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import time +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +from datetime import datetime +from support.report_update import ReportUpdate +from support.common_utils.create_policy import CreatePolicy + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 + exception_result = "" + result = {} + + # 脚本启动时间 + script_start_time = time.time() + + # 测试数据 + test_data = { + "is_multi_priority": False, + "rule_num": 1, + "policy_type": "security", + "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", + "rule_action": "deny", + "rule_type": "create", + "condition": { + "source_ip": [ + { + "name": "sec_srcip", + "object_type": "ip", + "select_type": False, + "negate": False, + "item": [ + { + "item_operation": "add", + "item_type": "ipv4", + "item_value": parameter['test_pc_ip'], + } + ] + } + ], + "source_port": [], + "destination_ip": [], + "destination_port": [], + "internal_ip": [], + "internal_port": [], + "external_ip": [], + "external_port": [], + "source_geography": [], + "destination_geography": [], + "sub_id": [], + "device": [], + "tunnel": [], + "tunnel_level": [], + "flag": [], + "application": [ + { + "name": "http", # + "object_type": "application", + "negate": False + } + ], + "server_fqdn": [], + "protocol_filed": [ + { + "name": "sec_url", + "object_type": "url", + "item_operation": "add", + "select_type": False, + "negate": False, + "items": [ + { + "item_operation": "add", + "item_type": "url", + "item_value": "open.node*" + } + ], + } + ], + "sub_action_override": True, + "sub_action": [ + { + "type": "alert", + "code": 200, + "content_type": "Profile", + "content": "sec_respage" + } + ], + "packet_capture": [] + }, + "action_parameter": { + "response_page": [ + { + "profile_type": "response_page", + "response_code": 200, + "response_content_type": "Profile", + "profile_file": { + "name": "sec_respage", + "model": "create", + "file": "response_testa.html" + }, + } + ] + }, + "profile": [], + "expected_return": "200", + "counters": {"hits": 1}, + "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"}], + "traffic": { + "protocol": "http", + "type": "wget", + "command": "wget -q --debug http://open.node.com:180" + }, + "token": "" + } + # 测试用例实例化 + create = CreatePolicy(test_data, parameter) + result = create.create_policy() + + return result + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) + return "Error: " + str(e) + finally: + # 清理环境并删除配置 + if isinstance(create, CreatePolicy): + create.clean_up() + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + # ui + # parameter = { + # "username": "hebingning", + # "password": "hbn66AAA", + # "test_pc_ip": "192.168.64.65", + # "test_subcriber_id": "test6776", + # "api_server": "http://192.168.44.72", + # "debug_flag": "local", + # "script_type": "ui", + # "env": "tsgx", + # "vsys_id": 1, + # "is_log": 1, + # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", + # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", + # "module_name": "security", + # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" + # } + # run(parameter) + # api + from support.ui_utils.element_position.map_element_position_library import replace_paras + from support.ui_utils.workpath import workdir + + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.93", + "test_subcriber_id": "test6491", + "api_server": "http://192.168.44.72", + "debug_flag": "local", + "script_type": "api", # api ui 空字符串 + "is_log": 1, + "env": "tsgx", + "vsys_id": 1, + "root_path": workdir, + "path": workdir + "/tests/api", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 5, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_url_alert_204.py b/tests/security/sec_deny_srcip_http_pre_url_alert_204.py index 8f071c762..d14ca459f 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_alert_204.py +++ b/tests/security/sec_deny_srcip_http_pre_url_alert_204.py @@ -164,4 +164,403 @@ if __name__ == '__main__': "test_case_name": os.path.basename(__file__)[:-3] } parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import time +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +from datetime import datetime +from support.report_update import ReportUpdate +from support.common_utils.create_policy import CreatePolicy + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 + exception_result = "" + result = {} + + # 脚本启动时间 + script_start_time = time.time() + + # 测试数据 + test_data = { + "is_multi_priority": False, + "rule_num": 1, + "policy_type": "security", + "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", + "rule_action": "deny", + "rule_type": "create", + "condition": { + "source_ip": [ + { + "name": "sec_srcip", + "object_type": "ip", + "select_type": False, + "negate": False, + "item": [ + { + "item_operation": "add", + "item_type": "ipv4", + "item_value": parameter['test_pc_ip'], + } + ] + } + ], + "source_port": [], + "destination_ip": [], + "destination_port": [], + "internal_ip": [], + "internal_port": [], + "external_ip": [], + "external_port": [], + "source_geography": [], + "destination_geography": [], + "sub_id": [], + "device": [], + "tunnel": [], + "tunnel_level": [], + "flag": [], + "application": [ + { + "name": "http", # + "object_type": "application", + "negate": False + } + ], + "server_fqdn": [], + "protocol_filed": [ + { + "name": "sec_url", + "object_type": "url", + "item_operation": "add", + "select_type": False, + "negate": False, + "items": [ + { + "item_operation": "add", + "item_type": "url", + "item_value": "open.node*" + } + ], + } + ], + "sub_action_override": True, + "sub_action": [ + { + "type": "alert", + "code": 200, + "content_type": "Profile", + "content": "sec_respage" + } + ], + "packet_capture": [] + }, + "action_parameter": { + "response_page": [ + { + "profile_type": "response_page", + "response_code": 200, + "response_content_type": "Profile", + "profile_file": { + "name": "sec_respage", + "model": "create", + "file": "response_testa.html" + }, + } + ] + }, + "profile": [], + "expected_return": "200", + "counters": {"hits": 1}, + "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"}], + "traffic": { + "protocol": "http", + "type": "wget", + "command": "wget -q --debug http://open.node.com:180" + }, + "token": "" + } + # 测试用例实例化 + create = CreatePolicy(test_data, parameter) + result = create.create_policy() + + return result + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) + return "Error: " + str(e) + finally: + # 清理环境并删除配置 + if isinstance(create, CreatePolicy): + create.clean_up() + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + # ui + # parameter = { + # "username": "hebingning", + # "password": "hbn66AAA", + # "test_pc_ip": "192.168.64.65", + # "test_subcriber_id": "test6776", + # "api_server": "http://192.168.44.72", + # "debug_flag": "local", + # "script_type": "ui", + # "env": "tsgx", + # "vsys_id": 1, + # "is_log": 1, + # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", + # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", + # "module_name": "security", + # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" + # } + # run(parameter) + # api + from support.ui_utils.element_position.map_element_position_library import replace_paras + from support.ui_utils.workpath import workdir + + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.93", + "test_subcriber_id": "test6491", + "api_server": "http://192.168.44.72", + "debug_flag": "local", + "script_type": "api", # api ui 空字符串 + "is_log": 1, + "env": "tsgx", + "vsys_id": 1, + "root_path": workdir, + "path": workdir + "/tests/api", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 5, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_url_block_403_profile.py b/tests/security/sec_deny_srcip_http_pre_url_block_403_profile.py index 1971c4e9d..138836777 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_block_403_profile.py +++ b/tests/security/sec_deny_srcip_http_pre_url_block_403_profile.py @@ -180,4 +180,403 @@ if __name__ == '__main__': "test_case_name": os.path.basename(__file__)[:-3] } parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import time +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +from datetime import datetime +from support.report_update import ReportUpdate +from support.common_utils.create_policy import CreatePolicy + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 + exception_result = "" + result = {} + + # 脚本启动时间 + script_start_time = time.time() + + # 测试数据 + test_data = { + "is_multi_priority": False, + "rule_num": 1, + "policy_type": "security", + "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", + "rule_action": "deny", + "rule_type": "create", + "condition": { + "source_ip": [ + { + "name": "sec_srcip", + "object_type": "ip", + "select_type": False, + "negate": False, + "item": [ + { + "item_operation": "add", + "item_type": "ipv4", + "item_value": parameter['test_pc_ip'], + } + ] + } + ], + "source_port": [], + "destination_ip": [], + "destination_port": [], + "internal_ip": [], + "internal_port": [], + "external_ip": [], + "external_port": [], + "source_geography": [], + "destination_geography": [], + "sub_id": [], + "device": [], + "tunnel": [], + "tunnel_level": [], + "flag": [], + "application": [ + { + "name": "http", # + "object_type": "application", + "negate": False + } + ], + "server_fqdn": [], + "protocol_filed": [ + { + "name": "sec_url", + "object_type": "url", + "item_operation": "add", + "select_type": False, + "negate": False, + "items": [ + { + "item_operation": "add", + "item_type": "url", + "item_value": "open.node*" + } + ], + } + ], + "sub_action_override": True, + "sub_action": [ + { + "type": "alert", + "code": 200, + "content_type": "Profile", + "content": "sec_respage" + } + ], + "packet_capture": [] + }, + "action_parameter": { + "response_page": [ + { + "profile_type": "response_page", + "response_code": 200, + "response_content_type": "Profile", + "profile_file": { + "name": "sec_respage", + "model": "create", + "file": "response_testa.html" + }, + } + ] + }, + "profile": [], + "expected_return": "200", + "counters": {"hits": 1}, + "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"}], + "traffic": { + "protocol": "http", + "type": "wget", + "command": "wget -q --debug http://open.node.com:180" + }, + "token": "" + } + # 测试用例实例化 + create = CreatePolicy(test_data, parameter) + result = create.create_policy() + + return result + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) + return "Error: " + str(e) + finally: + # 清理环境并删除配置 + if isinstance(create, CreatePolicy): + create.clean_up() + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + # ui + # parameter = { + # "username": "hebingning", + # "password": "hbn66AAA", + # "test_pc_ip": "192.168.64.65", + # "test_subcriber_id": "test6776", + # "api_server": "http://192.168.44.72", + # "debug_flag": "local", + # "script_type": "ui", + # "env": "tsgx", + # "vsys_id": 1, + # "is_log": 1, + # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", + # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", + # "module_name": "security", + # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" + # } + # run(parameter) + # api + from support.ui_utils.element_position.map_element_position_library import replace_paras + from support.ui_utils.workpath import workdir + + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.93", + "test_subcriber_id": "test6491", + "api_server": "http://192.168.44.72", + "debug_flag": "local", + "script_type": "api", # api ui 空字符串 + "is_log": 1, + "env": "tsgx", + "vsys_id": 1, + "root_path": workdir, + "path": workdir + "/tests/api", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 5, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_url_block_403_text.py b/tests/security/sec_deny_srcip_http_pre_url_block_403_text.py index 3e33211c4..1ce8ff8b6 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_block_403_text.py +++ b/tests/security/sec_deny_srcip_http_pre_url_block_403_text.py @@ -166,4 +166,403 @@ if __name__ == '__main__': "test_case_name": os.path.basename(__file__)[:-3] } parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import time +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +from datetime import datetime +from support.report_update import ReportUpdate +from support.common_utils.create_policy import CreatePolicy + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 + exception_result = "" + result = {} + + # 脚本启动时间 + script_start_time = time.time() + + # 测试数据 + test_data = { + "is_multi_priority": False, + "rule_num": 1, + "policy_type": "security", + "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", + "rule_action": "deny", + "rule_type": "create", + "condition": { + "source_ip": [ + { + "name": "sec_srcip", + "object_type": "ip", + "select_type": False, + "negate": False, + "item": [ + { + "item_operation": "add", + "item_type": "ipv4", + "item_value": parameter['test_pc_ip'], + } + ] + } + ], + "source_port": [], + "destination_ip": [], + "destination_port": [], + "internal_ip": [], + "internal_port": [], + "external_ip": [], + "external_port": [], + "source_geography": [], + "destination_geography": [], + "sub_id": [], + "device": [], + "tunnel": [], + "tunnel_level": [], + "flag": [], + "application": [ + { + "name": "http", # + "object_type": "application", + "negate": False + } + ], + "server_fqdn": [], + "protocol_filed": [ + { + "name": "sec_url", + "object_type": "url", + "item_operation": "add", + "select_type": False, + "negate": False, + "items": [ + { + "item_operation": "add", + "item_type": "url", + "item_value": "open.node*" + } + ], + } + ], + "sub_action_override": True, + "sub_action": [ + { + "type": "alert", + "code": 200, + "content_type": "Profile", + "content": "sec_respage" + } + ], + "packet_capture": [] + }, + "action_parameter": { + "response_page": [ + { + "profile_type": "response_page", + "response_code": 200, + "response_content_type": "Profile", + "profile_file": { + "name": "sec_respage", + "model": "create", + "file": "response_testa.html" + }, + } + ] + }, + "profile": [], + "expected_return": "200", + "counters": {"hits": 1}, + "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"}], + "traffic": { + "protocol": "http", + "type": "wget", + "command": "wget -q --debug http://open.node.com:180" + }, + "token": "" + } + # 测试用例实例化 + create = CreatePolicy(test_data, parameter) + result = create.create_policy() + + return result + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) + return "Error: " + str(e) + finally: + # 清理环境并删除配置 + if isinstance(create, CreatePolicy): + create.clean_up() + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + # ui + # parameter = { + # "username": "hebingning", + # "password": "hbn66AAA", + # "test_pc_ip": "192.168.64.65", + # "test_subcriber_id": "test6776", + # "api_server": "http://192.168.44.72", + # "debug_flag": "local", + # "script_type": "ui", + # "env": "tsgx", + # "vsys_id": 1, + # "is_log": 1, + # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", + # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", + # "module_name": "security", + # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" + # } + # run(parameter) + # api + from support.ui_utils.element_position.map_element_position_library import replace_paras + from support.ui_utils.workpath import workdir + + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.93", + "test_subcriber_id": "test6491", + "api_server": "http://192.168.44.72", + "debug_flag": "local", + "script_type": "api", # api ui 空字符串 + "is_log": 1, + "env": "tsgx", + "vsys_id": 1, + "root_path": workdir, + "path": workdir + "/tests/api", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 5, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_url_block_404_profile.py b/tests/security/sec_deny_srcip_http_pre_url_block_404_profile.py index 344a7b94b..6b57f1e28 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_block_404_profile.py +++ b/tests/security/sec_deny_srcip_http_pre_url_block_404_profile.py @@ -180,4 +180,403 @@ if __name__ == '__main__': "test_case_name": os.path.basename(__file__)[:-3] } parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import time +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +from datetime import datetime +from support.report_update import ReportUpdate +from support.common_utils.create_policy import CreatePolicy + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 + exception_result = "" + result = {} + + # 脚本启动时间 + script_start_time = time.time() + + # 测试数据 + test_data = { + "is_multi_priority": False, + "rule_num": 1, + "policy_type": "security", + "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", + "rule_action": "deny", + "rule_type": "create", + "condition": { + "source_ip": [ + { + "name": "sec_srcip", + "object_type": "ip", + "select_type": False, + "negate": False, + "item": [ + { + "item_operation": "add", + "item_type": "ipv4", + "item_value": parameter['test_pc_ip'], + } + ] + } + ], + "source_port": [], + "destination_ip": [], + "destination_port": [], + "internal_ip": [], + "internal_port": [], + "external_ip": [], + "external_port": [], + "source_geography": [], + "destination_geography": [], + "sub_id": [], + "device": [], + "tunnel": [], + "tunnel_level": [], + "flag": [], + "application": [ + { + "name": "http", # + "object_type": "application", + "negate": False + } + ], + "server_fqdn": [], + "protocol_filed": [ + { + "name": "sec_url", + "object_type": "url", + "item_operation": "add", + "select_type": False, + "negate": False, + "items": [ + { + "item_operation": "add", + "item_type": "url", + "item_value": "open.node*" + } + ], + } + ], + "sub_action_override": True, + "sub_action": [ + { + "type": "alert", + "code": 200, + "content_type": "Profile", + "content": "sec_respage" + } + ], + "packet_capture": [] + }, + "action_parameter": { + "response_page": [ + { + "profile_type": "response_page", + "response_code": 200, + "response_content_type": "Profile", + "profile_file": { + "name": "sec_respage", + "model": "create", + "file": "response_testa.html" + }, + } + ] + }, + "profile": [], + "expected_return": "200", + "counters": {"hits": 1}, + "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"}], + "traffic": { + "protocol": "http", + "type": "wget", + "command": "wget -q --debug http://open.node.com:180" + }, + "token": "" + } + # 测试用例实例化 + create = CreatePolicy(test_data, parameter) + result = create.create_policy() + + return result + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) + return "Error: " + str(e) + finally: + # 清理环境并删除配置 + if isinstance(create, CreatePolicy): + create.clean_up() + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + # ui + # parameter = { + # "username": "hebingning", + # "password": "hbn66AAA", + # "test_pc_ip": "192.168.64.65", + # "test_subcriber_id": "test6776", + # "api_server": "http://192.168.44.72", + # "debug_flag": "local", + # "script_type": "ui", + # "env": "tsgx", + # "vsys_id": 1, + # "is_log": 1, + # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", + # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", + # "module_name": "security", + # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" + # } + # run(parameter) + # api + from support.ui_utils.element_position.map_element_position_library import replace_paras + from support.ui_utils.workpath import workdir + + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.93", + "test_subcriber_id": "test6491", + "api_server": "http://192.168.44.72", + "debug_flag": "local", + "script_type": "api", # api ui 空字符串 + "is_log": 1, + "env": "tsgx", + "vsys_id": 1, + "root_path": workdir, + "path": workdir + "/tests/api", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 5, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_url_block_404_text.py b/tests/security/sec_deny_srcip_http_pre_url_block_404_text.py index f625fdd93..ddbbfdb2d 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_block_404_text.py +++ b/tests/security/sec_deny_srcip_http_pre_url_block_404_text.py @@ -166,4 +166,403 @@ if __name__ == '__main__': "test_case_name": os.path.basename(__file__)[:-3] } parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import time +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +from datetime import datetime +from support.report_update import ReportUpdate +from support.common_utils.create_policy import CreatePolicy + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 + exception_result = "" + result = {} + + # 脚本启动时间 + script_start_time = time.time() + + # 测试数据 + test_data = { + "is_multi_priority": False, + "rule_num": 1, + "policy_type": "security", + "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", + "rule_action": "deny", + "rule_type": "create", + "condition": { + "source_ip": [ + { + "name": "sec_srcip", + "object_type": "ip", + "select_type": False, + "negate": False, + "item": [ + { + "item_operation": "add", + "item_type": "ipv4", + "item_value": parameter['test_pc_ip'], + } + ] + } + ], + "source_port": [], + "destination_ip": [], + "destination_port": [], + "internal_ip": [], + "internal_port": [], + "external_ip": [], + "external_port": [], + "source_geography": [], + "destination_geography": [], + "sub_id": [], + "device": [], + "tunnel": [], + "tunnel_level": [], + "flag": [], + "application": [ + { + "name": "http", # + "object_type": "application", + "negate": False + } + ], + "server_fqdn": [], + "protocol_filed": [ + { + "name": "sec_url", + "object_type": "url", + "item_operation": "add", + "select_type": False, + "negate": False, + "items": [ + { + "item_operation": "add", + "item_type": "url", + "item_value": "open.node*" + } + ], + } + ], + "sub_action_override": True, + "sub_action": [ + { + "type": "alert", + "code": 200, + "content_type": "Profile", + "content": "sec_respage" + } + ], + "packet_capture": [] + }, + "action_parameter": { + "response_page": [ + { + "profile_type": "response_page", + "response_code": 200, + "response_content_type": "Profile", + "profile_file": { + "name": "sec_respage", + "model": "create", + "file": "response_testa.html" + }, + } + ] + }, + "profile": [], + "expected_return": "200", + "counters": {"hits": 1}, + "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"}], + "traffic": { + "protocol": "http", + "type": "wget", + "command": "wget -q --debug http://open.node.com:180" + }, + "token": "" + } + # 测试用例实例化 + create = CreatePolicy(test_data, parameter) + result = create.create_policy() + + return result + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) + return "Error: " + str(e) + finally: + # 清理环境并删除配置 + if isinstance(create, CreatePolicy): + create.clean_up() + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + # ui + # parameter = { + # "username": "hebingning", + # "password": "hbn66AAA", + # "test_pc_ip": "192.168.64.65", + # "test_subcriber_id": "test6776", + # "api_server": "http://192.168.44.72", + # "debug_flag": "local", + # "script_type": "ui", + # "env": "tsgx", + # "vsys_id": 1, + # "is_log": 1, + # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", + # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", + # "module_name": "security", + # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" + # } + # run(parameter) + # api + from support.ui_utils.element_position.map_element_position_library import replace_paras + from support.ui_utils.workpath import workdir + + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.93", + "test_subcriber_id": "test6491", + "api_server": "http://192.168.44.72", + "debug_flag": "local", + "script_type": "api", # api ui 空字符串 + "is_log": 1, + "env": "tsgx", + "vsys_id": 1, + "root_path": workdir, + "path": workdir + "/tests/api", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 5, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_url_drop.py b/tests/security/sec_deny_srcip_http_pre_url_drop.py index a03ff02e4..2fc305204 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_drop.py +++ b/tests/security/sec_deny_srcip_http_pre_url_drop.py @@ -166,4 +166,403 @@ if __name__ == '__main__': "test_case_name": os.path.basename(__file__)[:-3] } parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import time +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +from datetime import datetime +from support.report_update import ReportUpdate +from support.common_utils.create_policy import CreatePolicy + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 + exception_result = "" + result = {} + + # 脚本启动时间 + script_start_time = time.time() + + # 测试数据 + test_data = { + "is_multi_priority": False, + "rule_num": 1, + "policy_type": "security", + "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", + "rule_action": "deny", + "rule_type": "create", + "condition": { + "source_ip": [ + { + "name": "sec_srcip", + "object_type": "ip", + "select_type": False, + "negate": False, + "item": [ + { + "item_operation": "add", + "item_type": "ipv4", + "item_value": parameter['test_pc_ip'], + } + ] + } + ], + "source_port": [], + "destination_ip": [], + "destination_port": [], + "internal_ip": [], + "internal_port": [], + "external_ip": [], + "external_port": [], + "source_geography": [], + "destination_geography": [], + "sub_id": [], + "device": [], + "tunnel": [], + "tunnel_level": [], + "flag": [], + "application": [ + { + "name": "http", # + "object_type": "application", + "negate": False + } + ], + "server_fqdn": [], + "protocol_filed": [ + { + "name": "sec_url", + "object_type": "url", + "item_operation": "add", + "select_type": False, + "negate": False, + "items": [ + { + "item_operation": "add", + "item_type": "url", + "item_value": "open.node*" + } + ], + } + ], + "sub_action_override": True, + "sub_action": [ + { + "type": "alert", + "code": 200, + "content_type": "Profile", + "content": "sec_respage" + } + ], + "packet_capture": [] + }, + "action_parameter": { + "response_page": [ + { + "profile_type": "response_page", + "response_code": 200, + "response_content_type": "Profile", + "profile_file": { + "name": "sec_respage", + "model": "create", + "file": "response_testa.html" + }, + } + ] + }, + "profile": [], + "expected_return": "200", + "counters": {"hits": 1}, + "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"}], + "traffic": { + "protocol": "http", + "type": "wget", + "command": "wget -q --debug http://open.node.com:180" + }, + "token": "" + } + # 测试用例实例化 + create = CreatePolicy(test_data, parameter) + result = create.create_policy() + + return result + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) + return "Error: " + str(e) + finally: + # 清理环境并删除配置 + if isinstance(create, CreatePolicy): + create.clean_up() + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + # ui + # parameter = { + # "username": "hebingning", + # "password": "hbn66AAA", + # "test_pc_ip": "192.168.64.65", + # "test_subcriber_id": "test6776", + # "api_server": "http://192.168.44.72", + # "debug_flag": "local", + # "script_type": "ui", + # "env": "tsgx", + # "vsys_id": 1, + # "is_log": 1, + # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", + # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", + # "module_name": "security", + # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" + # } + # run(parameter) + # api + from support.ui_utils.element_position.map_element_position_library import replace_paras + from support.ui_utils.workpath import workdir + + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.93", + "test_subcriber_id": "test6491", + "api_server": "http://192.168.44.72", + "debug_flag": "local", + "script_type": "api", # api ui 空字符串 + "is_log": 1, + "env": "tsgx", + "vsys_id": 1, + "root_path": workdir, + "path": workdir + "/tests/api", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 5, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_url_drop_rst.py b/tests/security/sec_deny_srcip_http_pre_url_drop_rst.py index 76991aec4..28fae375d 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_drop_rst.py +++ b/tests/security/sec_deny_srcip_http_pre_url_drop_rst.py @@ -166,4 +166,403 @@ if __name__ == '__main__': "test_case_name": os.path.basename(__file__)[:-3] } parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import time +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +from datetime import datetime +from support.report_update import ReportUpdate +from support.common_utils.create_policy import CreatePolicy + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 + exception_result = "" + result = {} + + # 脚本启动时间 + script_start_time = time.time() + + # 测试数据 + test_data = { + "is_multi_priority": False, + "rule_num": 1, + "policy_type": "security", + "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", + "rule_action": "deny", + "rule_type": "create", + "condition": { + "source_ip": [ + { + "name": "sec_srcip", + "object_type": "ip", + "select_type": False, + "negate": False, + "item": [ + { + "item_operation": "add", + "item_type": "ipv4", + "item_value": parameter['test_pc_ip'], + } + ] + } + ], + "source_port": [], + "destination_ip": [], + "destination_port": [], + "internal_ip": [], + "internal_port": [], + "external_ip": [], + "external_port": [], + "source_geography": [], + "destination_geography": [], + "sub_id": [], + "device": [], + "tunnel": [], + "tunnel_level": [], + "flag": [], + "application": [ + { + "name": "http", # + "object_type": "application", + "negate": False + } + ], + "server_fqdn": [], + "protocol_filed": [ + { + "name": "sec_url", + "object_type": "url", + "item_operation": "add", + "select_type": False, + "negate": False, + "items": [ + { + "item_operation": "add", + "item_type": "url", + "item_value": "open.node*" + } + ], + } + ], + "sub_action_override": True, + "sub_action": [ + { + "type": "alert", + "code": 200, + "content_type": "Profile", + "content": "sec_respage" + } + ], + "packet_capture": [] + }, + "action_parameter": { + "response_page": [ + { + "profile_type": "response_page", + "response_code": 200, + "response_content_type": "Profile", + "profile_file": { + "name": "sec_respage", + "model": "create", + "file": "response_testa.html" + }, + } + ] + }, + "profile": [], + "expected_return": "200", + "counters": {"hits": 1}, + "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"}], + "traffic": { + "protocol": "http", + "type": "wget", + "command": "wget -q --debug http://open.node.com:180" + }, + "token": "" + } + # 测试用例实例化 + create = CreatePolicy(test_data, parameter) + result = create.create_policy() + + return result + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) + return "Error: " + str(e) + finally: + # 清理环境并删除配置 + if isinstance(create, CreatePolicy): + create.clean_up() + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + # ui + # parameter = { + # "username": "hebingning", + # "password": "hbn66AAA", + # "test_pc_ip": "192.168.64.65", + # "test_subcriber_id": "test6776", + # "api_server": "http://192.168.44.72", + # "debug_flag": "local", + # "script_type": "ui", + # "env": "tsgx", + # "vsys_id": 1, + # "is_log": 1, + # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", + # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", + # "module_name": "security", + # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" + # } + # run(parameter) + # api + from support.ui_utils.element_position.map_element_position_library import replace_paras + from support.ui_utils.workpath import workdir + + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.93", + "test_subcriber_id": "test6491", + "api_server": "http://192.168.44.72", + "debug_flag": "local", + "script_type": "api", # api ui 空字符串 + "is_log": 1, + "env": "tsgx", + "vsys_id": 1, + "root_path": workdir, + "path": workdir + "/tests/api", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 5, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_url_rate_high.py b/tests/security/sec_deny_srcip_http_pre_url_rate_high.py index 5ca2f8283..44637ee8d 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_rate_high.py +++ b/tests/security/sec_deny_srcip_http_pre_url_rate_high.py @@ -164,4 +164,403 @@ if __name__ == '__main__': "test_case_name": os.path.basename(__file__)[:-3] } parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import time +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +from datetime import datetime +from support.report_update import ReportUpdate +from support.common_utils.create_policy import CreatePolicy + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 + exception_result = "" + result = {} + + # 脚本启动时间 + script_start_time = time.time() + + # 测试数据 + test_data = { + "is_multi_priority": False, + "rule_num": 1, + "policy_type": "security", + "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", + "rule_action": "deny", + "rule_type": "create", + "condition": { + "source_ip": [ + { + "name": "sec_srcip", + "object_type": "ip", + "select_type": False, + "negate": False, + "item": [ + { + "item_operation": "add", + "item_type": "ipv4", + "item_value": parameter['test_pc_ip'], + } + ] + } + ], + "source_port": [], + "destination_ip": [], + "destination_port": [], + "internal_ip": [], + "internal_port": [], + "external_ip": [], + "external_port": [], + "source_geography": [], + "destination_geography": [], + "sub_id": [], + "device": [], + "tunnel": [], + "tunnel_level": [], + "flag": [], + "application": [ + { + "name": "http", # + "object_type": "application", + "negate": False + } + ], + "server_fqdn": [], + "protocol_filed": [ + { + "name": "sec_url", + "object_type": "url", + "item_operation": "add", + "select_type": False, + "negate": False, + "items": [ + { + "item_operation": "add", + "item_type": "url", + "item_value": "open.node*" + } + ], + } + ], + "sub_action_override": True, + "sub_action": [ + { + "type": "alert", + "code": 200, + "content_type": "Profile", + "content": "sec_respage" + } + ], + "packet_capture": [] + }, + "action_parameter": { + "response_page": [ + { + "profile_type": "response_page", + "response_code": 200, + "response_content_type": "Profile", + "profile_file": { + "name": "sec_respage", + "model": "create", + "file": "response_testa.html" + }, + } + ] + }, + "profile": [], + "expected_return": "200", + "counters": {"hits": 1}, + "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"}], + "traffic": { + "protocol": "http", + "type": "wget", + "command": "wget -q --debug http://open.node.com:180" + }, + "token": "" + } + # 测试用例实例化 + create = CreatePolicy(test_data, parameter) + result = create.create_policy() + + return result + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) + return "Error: " + str(e) + finally: + # 清理环境并删除配置 + if isinstance(create, CreatePolicy): + create.clean_up() + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + # ui + # parameter = { + # "username": "hebingning", + # "password": "hbn66AAA", + # "test_pc_ip": "192.168.64.65", + # "test_subcriber_id": "test6776", + # "api_server": "http://192.168.44.72", + # "debug_flag": "local", + # "script_type": "ui", + # "env": "tsgx", + # "vsys_id": 1, + # "is_log": 1, + # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", + # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", + # "module_name": "security", + # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" + # } + # run(parameter) + # api + from support.ui_utils.element_position.map_element_position_library import replace_paras + from support.ui_utils.workpath import workdir + + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.93", + "test_subcriber_id": "test6491", + "api_server": "http://192.168.44.72", + "debug_flag": "local", + "script_type": "api", # api ui 空字符串 + "is_log": 1, + "env": "tsgx", + "vsys_id": 1, + "root_path": workdir, + "path": workdir + "/tests/api", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 5, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_url_rate_low.py b/tests/security/sec_deny_srcip_http_pre_url_rate_low.py index 8d813fc51..aa68ebfda 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_rate_low.py +++ b/tests/security/sec_deny_srcip_http_pre_url_rate_low.py @@ -164,4 +164,403 @@ if __name__ == '__main__': "test_case_name": os.path.basename(__file__)[:-3] } parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import time +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +from datetime import datetime +from support.report_update import ReportUpdate +from support.common_utils.create_policy import CreatePolicy + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 + exception_result = "" + result = {} + + # 脚本启动时间 + script_start_time = time.time() + + # 测试数据 + test_data = { + "is_multi_priority": False, + "rule_num": 1, + "policy_type": "security", + "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", + "rule_action": "deny", + "rule_type": "create", + "condition": { + "source_ip": [ + { + "name": "sec_srcip", + "object_type": "ip", + "select_type": False, + "negate": False, + "item": [ + { + "item_operation": "add", + "item_type": "ipv4", + "item_value": parameter['test_pc_ip'], + } + ] + } + ], + "source_port": [], + "destination_ip": [], + "destination_port": [], + "internal_ip": [], + "internal_port": [], + "external_ip": [], + "external_port": [], + "source_geography": [], + "destination_geography": [], + "sub_id": [], + "device": [], + "tunnel": [], + "tunnel_level": [], + "flag": [], + "application": [ + { + "name": "http", # + "object_type": "application", + "negate": False + } + ], + "server_fqdn": [], + "protocol_filed": [ + { + "name": "sec_url", + "object_type": "url", + "item_operation": "add", + "select_type": False, + "negate": False, + "items": [ + { + "item_operation": "add", + "item_type": "url", + "item_value": "open.node*" + } + ], + } + ], + "sub_action_override": True, + "sub_action": [ + { + "type": "alert", + "code": 200, + "content_type": "Profile", + "content": "sec_respage" + } + ], + "packet_capture": [] + }, + "action_parameter": { + "response_page": [ + { + "profile_type": "response_page", + "response_code": 200, + "response_content_type": "Profile", + "profile_file": { + "name": "sec_respage", + "model": "create", + "file": "response_testa.html" + }, + } + ] + }, + "profile": [], + "expected_return": "200", + "counters": {"hits": 1}, + "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"}], + "traffic": { + "protocol": "http", + "type": "wget", + "command": "wget -q --debug http://open.node.com:180" + }, + "token": "" + } + # 测试用例实例化 + create = CreatePolicy(test_data, parameter) + result = create.create_policy() + + return result + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) + return "Error: " + str(e) + finally: + # 清理环境并删除配置 + if isinstance(create, CreatePolicy): + create.clean_up() + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + # ui + # parameter = { + # "username": "hebingning", + # "password": "hbn66AAA", + # "test_pc_ip": "192.168.64.65", + # "test_subcriber_id": "test6776", + # "api_server": "http://192.168.44.72", + # "debug_flag": "local", + # "script_type": "ui", + # "env": "tsgx", + # "vsys_id": 1, + # "is_log": 1, + # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", + # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", + # "module_name": "security", + # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" + # } + # run(parameter) + # api + from support.ui_utils.element_position.map_element_position_library import replace_paras + from support.ui_utils.workpath import workdir + + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.93", + "test_subcriber_id": "test6491", + "api_server": "http://192.168.44.72", + "debug_flag": "local", + "script_type": "api", # api ui 空字符串 + "is_log": 1, + "env": "tsgx", + "vsys_id": 1, + "root_path": workdir, + "path": workdir + "/tests/api", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 5, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_url_redirect.py b/tests/security/sec_deny_srcip_http_pre_url_redirect.py index 566efbb8e..d7d190be3 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_redirect.py +++ b/tests/security/sec_deny_srcip_http_pre_url_redirect.py @@ -167,4 +167,403 @@ if __name__ == '__main__': "test_case_name": os.path.basename(__file__)[:-3] } parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import time +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +from datetime import datetime +from support.report_update import ReportUpdate +from support.common_utils.create_policy import CreatePolicy + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 + exception_result = "" + result = {} + + # 脚本启动时间 + script_start_time = time.time() + + # 测试数据 + test_data = { + "is_multi_priority": False, + "rule_num": 1, + "policy_type": "security", + "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", + "rule_action": "deny", + "rule_type": "create", + "condition": { + "source_ip": [ + { + "name": "sec_srcip", + "object_type": "ip", + "select_type": False, + "negate": False, + "item": [ + { + "item_operation": "add", + "item_type": "ipv4", + "item_value": parameter['test_pc_ip'], + } + ] + } + ], + "source_port": [], + "destination_ip": [], + "destination_port": [], + "internal_ip": [], + "internal_port": [], + "external_ip": [], + "external_port": [], + "source_geography": [], + "destination_geography": [], + "sub_id": [], + "device": [], + "tunnel": [], + "tunnel_level": [], + "flag": [], + "application": [ + { + "name": "http", # + "object_type": "application", + "negate": False + } + ], + "server_fqdn": [], + "protocol_filed": [ + { + "name": "sec_url", + "object_type": "url", + "item_operation": "add", + "select_type": False, + "negate": False, + "items": [ + { + "item_operation": "add", + "item_type": "url", + "item_value": "open.node*" + } + ], + } + ], + "sub_action_override": True, + "sub_action": [ + { + "type": "alert", + "code": 200, + "content_type": "Profile", + "content": "sec_respage" + } + ], + "packet_capture": [] + }, + "action_parameter": { + "response_page": [ + { + "profile_type": "response_page", + "response_code": 200, + "response_content_type": "Profile", + "profile_file": { + "name": "sec_respage", + "model": "create", + "file": "response_testa.html" + }, + } + ] + }, + "profile": [], + "expected_return": "200", + "counters": {"hits": 1}, + "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"}], + "traffic": { + "protocol": "http", + "type": "wget", + "command": "wget -q --debug http://open.node.com:180" + }, + "token": "" + } + # 测试用例实例化 + create = CreatePolicy(test_data, parameter) + result = create.create_policy() + + return result + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) + return "Error: " + str(e) + finally: + # 清理环境并删除配置 + if isinstance(create, CreatePolicy): + create.clean_up() + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + # ui + # parameter = { + # "username": "hebingning", + # "password": "hbn66AAA", + # "test_pc_ip": "192.168.64.65", + # "test_subcriber_id": "test6776", + # "api_server": "http://192.168.44.72", + # "debug_flag": "local", + # "script_type": "ui", + # "env": "tsgx", + # "vsys_id": 1, + # "is_log": 1, + # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", + # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", + # "module_name": "security", + # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" + # } + # run(parameter) + # api + from support.ui_utils.element_position.map_element_position_library import replace_paras + from support.ui_utils.workpath import workdir + + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.93", + "test_subcriber_id": "test6491", + "api_server": "http://192.168.44.72", + "debug_flag": "local", + "script_type": "api", # api ui 空字符串 + "is_log": 1, + "env": "tsgx", + "vsys_id": 1, + "root_path": workdir, + "path": workdir + "/tests/api", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 5, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_url_tamper.py b/tests/security/sec_deny_srcip_http_pre_url_tamper.py index 3e4a40547..894e0372e 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_tamper.py +++ b/tests/security/sec_deny_srcip_http_pre_url_tamper.py @@ -163,4 +163,403 @@ if __name__ == '__main__': "test_case_name": os.path.basename(__file__)[:-3] } parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import time +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +from datetime import datetime +from support.report_update import ReportUpdate +from support.common_utils.create_policy import CreatePolicy + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 + exception_result = "" + result = {} + + # 脚本启动时间 + script_start_time = time.time() + + # 测试数据 + test_data = { + "is_multi_priority": False, + "rule_num": 1, + "policy_type": "security", + "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", + "rule_action": "deny", + "rule_type": "create", + "condition": { + "source_ip": [ + { + "name": "sec_srcip", + "object_type": "ip", + "select_type": False, + "negate": False, + "item": [ + { + "item_operation": "add", + "item_type": "ipv4", + "item_value": parameter['test_pc_ip'], + } + ] + } + ], + "source_port": [], + "destination_ip": [], + "destination_port": [], + "internal_ip": [], + "internal_port": [], + "external_ip": [], + "external_port": [], + "source_geography": [], + "destination_geography": [], + "sub_id": [], + "device": [], + "tunnel": [], + "tunnel_level": [], + "flag": [], + "application": [ + { + "name": "http", # + "object_type": "application", + "negate": False + } + ], + "server_fqdn": [], + "protocol_filed": [ + { + "name": "sec_url", + "object_type": "url", + "item_operation": "add", + "select_type": False, + "negate": False, + "items": [ + { + "item_operation": "add", + "item_type": "url", + "item_value": "open.node*" + } + ], + } + ], + "sub_action_override": True, + "sub_action": [ + { + "type": "alert", + "code": 200, + "content_type": "Profile", + "content": "sec_respage" + } + ], + "packet_capture": [] + }, + "action_parameter": { + "response_page": [ + { + "profile_type": "response_page", + "response_code": 200, + "response_content_type": "Profile", + "profile_file": { + "name": "sec_respage", + "model": "create", + "file": "response_testa.html" + }, + } + ] + }, + "profile": [], + "expected_return": "200", + "counters": {"hits": 1}, + "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"}], + "traffic": { + "protocol": "http", + "type": "wget", + "command": "wget -q --debug http://open.node.com:180" + }, + "token": "" + } + # 测试用例实例化 + create = CreatePolicy(test_data, parameter) + result = create.create_policy() + + return result + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) + return "Error: " + str(e) + finally: + # 清理环境并删除配置 + if isinstance(create, CreatePolicy): + create.clean_up() + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + # ui + # parameter = { + # "username": "hebingning", + # "password": "hbn66AAA", + # "test_pc_ip": "192.168.64.65", + # "test_subcriber_id": "test6776", + # "api_server": "http://192.168.44.72", + # "debug_flag": "local", + # "script_type": "ui", + # "env": "tsgx", + # "vsys_id": 1, + # "is_log": 1, + # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", + # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", + # "module_name": "security", + # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" + # } + # run(parameter) + # api + from support.ui_utils.element_position.map_element_position_library import replace_paras + from support.ui_utils.workpath import workdir + + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.93", + "test_subcriber_id": "test6491", + "api_server": "http://192.168.44.72", + "debug_flag": "local", + "script_type": "api", # api ui 空字符串 + "is_log": 1, + "env": "tsgx", + "vsys_id": 1, + "root_path": workdir, + "path": workdir + "/tests/api", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 5, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_rate_high.py b/tests/security/sec_deny_srcip_http_rate_high.py index 3b339f7d6..2b93f991c 100644 --- a/tests/security/sec_deny_srcip_http_rate_high.py +++ b/tests/security/sec_deny_srcip_http_rate_high.py @@ -146,4 +146,403 @@ if __name__ == '__main__': "test_case_name": os.path.basename(__file__)[:-3] } parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import time +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +from datetime import datetime +from support.report_update import ReportUpdate +from support.common_utils.create_policy import CreatePolicy + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 + exception_result = "" + result = {} + + # 脚本启动时间 + script_start_time = time.time() + + # 测试数据 + test_data = { + "is_multi_priority": False, + "rule_num": 1, + "policy_type": "security", + "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", + "rule_action": "deny", + "rule_type": "create", + "condition": { + "source_ip": [ + { + "name": "sec_srcip", + "object_type": "ip", + "select_type": False, + "negate": False, + "item": [ + { + "item_operation": "add", + "item_type": "ipv4", + "item_value": parameter['test_pc_ip'], + } + ] + } + ], + "source_port": [], + "destination_ip": [], + "destination_port": [], + "internal_ip": [], + "internal_port": [], + "external_ip": [], + "external_port": [], + "source_geography": [], + "destination_geography": [], + "sub_id": [], + "device": [], + "tunnel": [], + "tunnel_level": [], + "flag": [], + "application": [ + { + "name": "http", # + "object_type": "application", + "negate": False + } + ], + "server_fqdn": [], + "protocol_filed": [ + { + "name": "sec_url", + "object_type": "url", + "item_operation": "add", + "select_type": False, + "negate": False, + "items": [ + { + "item_operation": "add", + "item_type": "url", + "item_value": "open.node*" + } + ], + } + ], + "sub_action_override": True, + "sub_action": [ + { + "type": "alert", + "code": 200, + "content_type": "Profile", + "content": "sec_respage" + } + ], + "packet_capture": [] + }, + "action_parameter": { + "response_page": [ + { + "profile_type": "response_page", + "response_code": 200, + "response_content_type": "Profile", + "profile_file": { + "name": "sec_respage", + "model": "create", + "file": "response_testa.html" + }, + } + ] + }, + "profile": [], + "expected_return": "200", + "counters": {"hits": 1}, + "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"}], + "traffic": { + "protocol": "http", + "type": "wget", + "command": "wget -q --debug http://open.node.com:180" + }, + "token": "" + } + # 测试用例实例化 + create = CreatePolicy(test_data, parameter) + result = create.create_policy() + + return result + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) + return "Error: " + str(e) + finally: + # 清理环境并删除配置 + if isinstance(create, CreatePolicy): + create.clean_up() + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + # ui + # parameter = { + # "username": "hebingning", + # "password": "hbn66AAA", + # "test_pc_ip": "192.168.64.65", + # "test_subcriber_id": "test6776", + # "api_server": "http://192.168.44.72", + # "debug_flag": "local", + # "script_type": "ui", + # "env": "tsgx", + # "vsys_id": 1, + # "is_log": 1, + # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", + # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", + # "module_name": "security", + # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" + # } + # run(parameter) + # api + from support.ui_utils.element_position.map_element_position_library import replace_paras + from support.ui_utils.workpath import workdir + + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.93", + "test_subcriber_id": "test6491", + "api_server": "http://192.168.44.72", + "debug_flag": "local", + "script_type": "api", # api ui 空字符串 + "is_log": 1, + "env": "tsgx", + "vsys_id": 1, + "root_path": workdir, + "path": workdir + "/tests/api", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 5, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_rate_low.py b/tests/security/sec_deny_srcip_http_rate_low.py index fc06d956d..c78ddd4bc 100644 --- a/tests/security/sec_deny_srcip_http_rate_low.py +++ b/tests/security/sec_deny_srcip_http_rate_low.py @@ -146,4 +146,403 @@ if __name__ == '__main__': "test_case_name": os.path.basename(__file__)[:-3] } parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import time +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +from datetime import datetime +from support.report_update import ReportUpdate +from support.common_utils.create_policy import CreatePolicy + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 + exception_result = "" + result = {} + + # 脚本启动时间 + script_start_time = time.time() + + # 测试数据 + test_data = { + "is_multi_priority": False, + "rule_num": 1, + "policy_type": "security", + "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", + "rule_action": "deny", + "rule_type": "create", + "condition": { + "source_ip": [ + { + "name": "sec_srcip", + "object_type": "ip", + "select_type": False, + "negate": False, + "item": [ + { + "item_operation": "add", + "item_type": "ipv4", + "item_value": parameter['test_pc_ip'], + } + ] + } + ], + "source_port": [], + "destination_ip": [], + "destination_port": [], + "internal_ip": [], + "internal_port": [], + "external_ip": [], + "external_port": [], + "source_geography": [], + "destination_geography": [], + "sub_id": [], + "device": [], + "tunnel": [], + "tunnel_level": [], + "flag": [], + "application": [ + { + "name": "http", # + "object_type": "application", + "negate": False + } + ], + "server_fqdn": [], + "protocol_filed": [ + { + "name": "sec_url", + "object_type": "url", + "item_operation": "add", + "select_type": False, + "negate": False, + "items": [ + { + "item_operation": "add", + "item_type": "url", + "item_value": "open.node*" + } + ], + } + ], + "sub_action_override": True, + "sub_action": [ + { + "type": "alert", + "code": 200, + "content_type": "Profile", + "content": "sec_respage" + } + ], + "packet_capture": [] + }, + "action_parameter": { + "response_page": [ + { + "profile_type": "response_page", + "response_code": 200, + "response_content_type": "Profile", + "profile_file": { + "name": "sec_respage", + "model": "create", + "file": "response_testa.html" + }, + } + ] + }, + "profile": [], + "expected_return": "200", + "counters": {"hits": 1}, + "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"}], + "traffic": { + "protocol": "http", + "type": "wget", + "command": "wget -q --debug http://open.node.com:180" + }, + "token": "" + } + # 测试用例实例化 + create = CreatePolicy(test_data, parameter) + result = create.create_policy() + + return result + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) + return "Error: " + str(e) + finally: + # 清理环境并删除配置 + if isinstance(create, CreatePolicy): + create.clean_up() + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + # ui + # parameter = { + # "username": "hebingning", + # "password": "hbn66AAA", + # "test_pc_ip": "192.168.64.65", + # "test_subcriber_id": "test6776", + # "api_server": "http://192.168.44.72", + # "debug_flag": "local", + # "script_type": "ui", + # "env": "tsgx", + # "vsys_id": 1, + # "is_log": 1, + # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", + # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", + # "module_name": "security", + # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" + # } + # run(parameter) + # api + from support.ui_utils.element_position.map_element_position_library import replace_paras + from support.ui_utils.workpath import workdir + + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.93", + "test_subcriber_id": "test6491", + "api_server": "http://192.168.44.72", + "debug_flag": "local", + "script_type": "api", # api ui 空字符串 + "is_log": 1, + "env": "tsgx", + "vsys_id": 1, + "root_path": workdir, + "path": workdir + "/tests/api", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + parameter = replace_paras(parameter) + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 5, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_403_responseprofile_hit_no.py b/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_403_responseprofile_hit_no.py index 0e6215a69..06146c74e 100644 --- a/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_403_responseprofile_hit_no.py +++ b/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_403_responseprofile_hit_no.py @@ -74,7 +74,7 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "alert", + "sub_action": "block", "code": 403, "html_profile": { "name": "test", diff --git a/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_403_responseprofile_hit_yes.py b/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_403_responseprofile_hit_yes.py index 4c77e44c5..9e30a2711 100644 --- a/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_403_responseprofile_hit_yes.py +++ b/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_403_responseprofile_hit_yes.py @@ -74,7 +74,7 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "alert", + "sub_action": "block", "code": 403, "html_profile": { "name": "test", diff --git a/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_403_responsetext_hit_no.py b/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_403_responsetext_hit_no.py index f7075ac99..27bdd6d32 100644 --- a/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_403_responsetext_hit_no.py +++ b/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_403_responsetext_hit_no.py @@ -74,7 +74,7 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "alert", + "sub_action": "block", "code": 403, "message": "deny_autest_403", "packet_capture": { diff --git a/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_403_responsetext_hit_yes.py b/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_403_responsetext_hit_yes.py index c1def4c7b..2515c36f6 100644 --- a/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_403_responsetext_hit_yes.py +++ b/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_403_responsetext_hit_yes.py @@ -74,7 +74,7 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "alert", + "sub_action": "block", "code": 403, "message": "deny_autest_403", "packet_capture": { diff --git a/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_404_responseprofile_hit_no.py b/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_404_responseprofile_hit_no.py index 31ca66516..d5e428f93 100644 --- a/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_404_responseprofile_hit_no.py +++ b/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_404_responseprofile_hit_no.py @@ -74,7 +74,7 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "alert", + "sub_action": "block", "code": 404, "html_profile": { "name": "test", diff --git a/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_404_responseprofile_hit_yes.py b/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_404_responseprofile_hit_yes.py index 986697c68..7b1f582df 100644 --- a/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_404_responseprofile_hit_yes.py +++ b/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_404_responseprofile_hit_yes.py @@ -74,7 +74,7 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "alert", + "sub_action": "block", "code": 404, "html_profile": { "name": "test", diff --git a/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_404_responsetext_hit_no.py b/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_404_responsetext_hit_no.py index d09fa2a5c..3f42d51f5 100644 --- a/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_404_responsetext_hit_no.py +++ b/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_404_responsetext_hit_no.py @@ -74,7 +74,7 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "alert", + "sub_action": "block", "code": 404, "message": "deny_autest_404", "packet_capture": { diff --git a/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_404_responsetext_hit_yes.py b/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_404_responsetext_hit_yes.py index bde338215..62d5eaca0 100644 --- a/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_404_responsetext_hit_yes.py +++ b/tests/security/sec_deny_srcip_negate_substr_fqdn_http_block_404_responsetext_hit_yes.py @@ -74,7 +74,7 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "alert", + "sub_action": "block", "code": 404, "message": "deny_autest_404", "packet_capture": { |