diff options
| author | [email protected] <[email protected]> | 2024-11-28 15:12:59 +0800 |
|---|---|---|
| committer | [email protected] <[email protected]> | 2024-11-28 15:12:59 +0800 |
| commit | 6f11f6bdacfcffe07a266b8188fdf6c89f1c6479 (patch) | |
| tree | d2429dfedd983c76e912a2d02127e6fd5b5b2d16 | |
| parent | 91a7a2de1cd556ab32fe14ac742aab0e1cee531a (diff) | |
update mail cases to new format
163 files changed, 24153 insertions, 17397 deletions
diff --git a/tests/security/sec_deny_negate_srcip_dns_drop_hit_no.py b/tests/security/sec_deny_negate_srcip_dns_drop_hit_no.py index d33f7f40e..2d8f5f10d 100644 --- a/tests/security/sec_deny_negate_srcip_dns_drop_hit_no.py +++ b/tests/security/sec_deny_negate_srcip_dns_drop_hit_no.py @@ -34,7 +34,7 @@ def run(parameter): "attribute_name": "ATTR_SOURCE_IP", "type": "ip", "sub_type": "ip", - "name": "sec_extip", + "name": "sec_ip", "items": [ { "op": "add", diff --git a/tests/security/sec_deny_negate_srcip_dns_drop_hit_yes.py b/tests/security/sec_deny_negate_srcip_dns_drop_hit_yes.py index 8310d56db..190a2b25c 100644 --- a/tests/security/sec_deny_negate_srcip_dns_drop_hit_yes.py +++ b/tests/security/sec_deny_negate_srcip_dns_drop_hit_yes.py @@ -34,7 +34,7 @@ def run(parameter): "attribute_name": "ATTR_SOURCE_IP", "type": "ip", "sub_type": "ip", - "name": "sec_extip", + "name": "sec_sec_ip", "items": [ { "op": "add", diff --git a/tests/security/sec_deny_srcip_mail_exactly_subject_block_550.py b/tests/security/sec_deny_srcip_mail_exactly_subject_block_550.py index 0a8418b18..ecdb88969 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_subject_block_550.py +++ b/tests/security/sec_deny_srcip_mail_exactly_subject_block_550.py @@ -1,177 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["$Bestman"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 550 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "550", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^Bestman$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "block", + "code": 550, + "packet_capture": { + "enable": 0 + }, + + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "550", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { "username": "hebingning", "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_subject_block_551.py b/tests/security/sec_deny_srcip_mail_exactly_subject_block_551.py index bf3fcf703..76d4f11ce 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_subject_block_551.py +++ b/tests/security/sec_deny_srcip_mail_exactly_subject_block_551.py @@ -1,177 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_subject_block_551", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["$Bestman"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 551 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "551", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^Bestman$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "block", + "code": 551, + "packet_capture": { + "enable": 0 + }, + + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "551", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_subject_block_tamper.py b/tests/security/sec_deny_srcip_mail_exactly_subject_block_tamper.py index b286eba00..51020de65 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_subject_block_tamper.py +++ b/tests/security/sec_deny_srcip_mail_exactly_subject_block_tamper.py @@ -1,177 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_subject_block_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["$Bestman"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 551 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "551", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^Bestman$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_subject_drop.py b/tests/security/sec_deny_srcip_mail_exactly_subject_drop.py index 09565e56d..30b0d74de 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_subject_drop.py +++ b/tests/security/sec_deny_srcip_mail_exactly_subject_drop.py @@ -1,179 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_subject_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["$Bestman"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^Bestman$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_subject_rate_high.py b/tests/security/sec_deny_srcip_mail_exactly_subject_rate_high.py index 86bfcb63b..1a35d3b86 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_subject_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_exactly_subject_rate_high.py @@ -1,177 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_subject_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["$Bestman"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^Bestman$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_subject_rate_low.py b/tests/security/sec_deny_srcip_mail_exactly_subject_rate_low.py index 3ed350a54..80e2293e8 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_subject_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_exactly_subject_rate_low.py @@ -1,177 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_subject_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["$Bestman"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^Bestman$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_subject_rst.py b/tests/security/sec_deny_srcip_mail_exactly_subject_rst.py index 2a1c2f046..3ab2d038b 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_subject_rst.py +++ b/tests/security/sec_deny_srcip_mail_exactly_subject_rst.py @@ -1,179 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_subject_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["$Bestman"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^Bestman$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_to_drop.py b/tests/security/sec_deny_srcip_mail_exactly_to_drop.py index 0fc0d5e4d..5eed3df5b 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_to_drop.py +++ b/tests/security/sec_deny_srcip_mail_exactly_to_drop.py @@ -1,176 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_to_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_to", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "to", - "item_value": "[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_TO", + "type": "account", + "name": "sec_mail_to", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^[email protected]$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"}], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"}, + {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_to_rate_high.py b/tests/security/sec_deny_srcip_mail_exactly_to_rate_high.py index 5e763bffa..c64431e62 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_to_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_exactly_to_rate_high.py @@ -1,174 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_to_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_to", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "to", - "item_value": "[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_TO", + "type": "account", + "name": "sec_mail_to", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^[email protected]$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"}], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"}, + {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_to_rate_low.py b/tests/security/sec_deny_srcip_mail_exactly_to_rate_low.py index 53ef761d9..dd696935f 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_to_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_exactly_to_rate_low.py @@ -1,174 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_to_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_to", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "to", - "item_value": "[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_TO", + "type": "account", + "name": "sec_mail_to", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^[email protected]$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"}], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"}, + {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_to_rst.py b/tests/security/sec_deny_srcip_mail_exactly_to_rst.py index 24b51722d..fe91f1e4a 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_to_rst.py +++ b/tests/security/sec_deny_srcip_mail_exactly_to_rst.py @@ -1,176 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_to_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_to", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "to", - "item_value": "[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_TO", + "type": "account", + "name": "sec_mail_to", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^[email protected]$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"}], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"}, + {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_to_tamper.py b/tests/security/sec_deny_srcip_mail_exactly_to_tamper.py index a234bb9a1..3371915a6 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_to_tamper.py +++ b/tests/security/sec_deny_srcip_mail_exactly_to_tamper.py @@ -1,173 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_to_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_to", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "to", - "item_value": "[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_TO", + "type": "account", + "name": "sec_mail_to", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^[email protected]$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"}], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"}, + {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_attachment_name_block_550.py b/tests/security/sec_deny_srcip_mail_pre_attachment_name_block_550.py new file mode 100644 index 000000000..5e2b933c3 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_pre_attachment_name_block_550.py @@ -0,0 +1,223 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^/app/support/pac" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 550, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "550", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_attachment_name_block_551.py b/tests/security/sec_deny_srcip_mail_pre_attachment_name_block_551.py new file mode 100644 index 000000000..527210d95 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_pre_attachment_name_block_551.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^/app/support/pac" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 551, + "packet_capture": { + "enable": 0 + }, + + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "551", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_attachment_name_drop.py b/tests/security/sec_deny_srcip_mail_pre_attachment_name_drop.py new file mode 100644 index 000000000..19db031f3 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_pre_attachment_name_drop.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^/app/support/pac" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_attachment_name_drop_rst.py b/tests/security/sec_deny_srcip_mail_pre_attachment_name_drop_rst.py new file mode 100644 index 000000000..5ed581fc7 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_pre_attachment_name_drop_rst.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^/app/support/pac" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_block_550.py b/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_block_550.py deleted file mode 100644 index 363fd5faa..000000000 --- a/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_block_550.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "/app/support/packet_generator/mail_file/subjectEnglis*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 550 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "550", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_block_551.py b/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_block_551.py deleted file mode 100644 index 7ec9c500d..000000000 --- a/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_block_551.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "/app/support/packet_generator/mail_file/subjectEnglis*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 551 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "551", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_drop.py b/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_drop.py deleted file mode 100644 index 3d8473649..000000000 --- a/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_drop.py +++ /dev/null @@ -1,183 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "/app/support/packet_generator/mail_file/subjectEnglis*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_high.py b/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_high.py index fe51ebf25..71d7ddf86 100644 --- a/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_high.py @@ -1,181 +1,673 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "/app/support/packet_generator/mail_file/subjectEnglis*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^/app/support/pac" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "tman$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "tman$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_low.py b/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_low.py index 63b7992c3..136889867 100644 --- a/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_low.py @@ -1,181 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "/app/support/packet_generator/mail_file/subjectEnglis*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^/app/support/pac" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_rst.py b/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_rst.py deleted file mode 100644 index 3f7460be5..000000000 --- a/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_rst.py +++ /dev/null @@ -1,180 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "/app/support/packet_generator/mail_file/subjectEnglis*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_tamper.py b/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_tamper.py deleted file mode 100644 index fe51ebf25..000000000 --- a/tests/security/sec_deny_srcip_mail_pre_attachment_name_rate_tamper.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "/app/support/packet_generator/mail_file/subjectEnglis*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_attachment_name_tamper.py b/tests/security/sec_deny_srcip_mail_pre_attachment_name_tamper.py new file mode 100644 index 000000000..05c7ee526 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_pre_attachment_name_tamper.py @@ -0,0 +1,223 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^/app/support/pac" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_content_block_550.py b/tests/security/sec_deny_srcip_mail_pre_content_block_550.py new file mode 100644 index 000000000..2898d82d7 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_pre_content_block_550.py @@ -0,0 +1,223 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^conten" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 550, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "550", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_content_block_551.py b/tests/security/sec_deny_srcip_mail_pre_content_block_551.py new file mode 100644 index 000000000..3a6abce12 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_pre_content_block_551.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^conten" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 551, + "packet_capture": { + "enable": 0 + }, + + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "551", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_content_drop.py b/tests/security/sec_deny_srcip_mail_pre_content_drop.py new file mode 100644 index 000000000..474fff135 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_pre_content_drop.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^conten" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_content_drop_rst.py b/tests/security/sec_deny_srcip_mail_pre_content_drop_rst.py new file mode 100644 index 000000000..28f868257 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_pre_content_drop_rst.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^conten" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_content_rate_block_550.py b/tests/security/sec_deny_srcip_mail_pre_content_rate_block_550.py deleted file mode 100644 index a8103b55d..000000000 --- a/tests/security/sec_deny_srcip_mail_pre_content_rate_block_550.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "content*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 550 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "550", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_content_rate_block_551.py b/tests/security/sec_deny_srcip_mail_pre_content_rate_block_551.py deleted file mode 100644 index 01cda257c..000000000 --- a/tests/security/sec_deny_srcip_mail_pre_content_rate_block_551.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "content*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 551 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "551", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_content_rate_drop.py b/tests/security/sec_deny_srcip_mail_pre_content_rate_drop.py deleted file mode 100644 index 079050dd9..000000000 --- a/tests/security/sec_deny_srcip_mail_pre_content_rate_drop.py +++ /dev/null @@ -1,183 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "content*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_content_rate_high.py b/tests/security/sec_deny_srcip_mail_pre_content_rate_high.py index 7534f5ab4..aec76384f 100644 --- a/tests/security/sec_deny_srcip_mail_pre_content_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_pre_content_rate_high.py @@ -1,181 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "content*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^conten" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_content_rate_low.py b/tests/security/sec_deny_srcip_mail_pre_content_rate_low.py index c414c833e..0ef5a47c6 100644 --- a/tests/security/sec_deny_srcip_mail_pre_content_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_pre_content_rate_low.py @@ -1,181 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "content*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^conten" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_content_rate_rst.py b/tests/security/sec_deny_srcip_mail_pre_content_rate_rst.py deleted file mode 100644 index f02c8dc9b..000000000 --- a/tests/security/sec_deny_srcip_mail_pre_content_rate_rst.py +++ /dev/null @@ -1,180 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "content*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_content_rate_tamper.py b/tests/security/sec_deny_srcip_mail_pre_content_rate_tamper.py deleted file mode 100644 index 7534f5ab4..000000000 --- a/tests/security/sec_deny_srcip_mail_pre_content_rate_tamper.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "content*" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_content_tamper.py b/tests/security/sec_deny_srcip_mail_pre_content_tamper.py new file mode 100644 index 000000000..4ba5a6a8b --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_pre_content_tamper.py @@ -0,0 +1,223 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^conten" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_subject_block_550.py b/tests/security/sec_deny_srcip_mail_pre_subject_block_550.py index ceaa469a0..c1ce54661 100644 --- a/tests/security/sec_deny_srcip_mail_pre_subject_block_550.py +++ b/tests/security/sec_deny_srcip_mail_pre_subject_block_550.py @@ -1,176 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_subject_block_550", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["Best*"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^Best" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "block", + "code": 550, + "packet_capture": { + "enable": 0 + }, + + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "550", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { "username": "hebingning", "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_subject_block_551.py b/tests/security/sec_deny_srcip_mail_pre_subject_block_551.py index 95c0d3084..b09c1d0e3 100644 --- a/tests/security/sec_deny_srcip_mail_pre_subject_block_551.py +++ b/tests/security/sec_deny_srcip_mail_pre_subject_block_551.py @@ -1,177 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_subject_block_551", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["Best*"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 551 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "551", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^Best" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "block", + "code": 551, + "packet_capture": { + "enable": 0 + }, + + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "551", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_subject_block_tamper.py b/tests/security/sec_deny_srcip_mail_pre_subject_block_tamper.py index cd307bb02..ad5377394 100644 --- a/tests/security/sec_deny_srcip_mail_pre_subject_block_tamper.py +++ b/tests/security/sec_deny_srcip_mail_pre_subject_block_tamper.py @@ -1,177 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_subject_block_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["Best*"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 551 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "551", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^Best" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_subject_drop.py b/tests/security/sec_deny_srcip_mail_pre_subject_drop.py index ce0aa1526..6be502a10 100644 --- a/tests/security/sec_deny_srcip_mail_pre_subject_drop.py +++ b/tests/security/sec_deny_srcip_mail_pre_subject_drop.py @@ -1,179 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_subject_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["Best*"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^Best" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_subject_rate_high.py b/tests/security/sec_deny_srcip_mail_pre_subject_rate_high.py index b34f2a223..193f3039b 100644 --- a/tests/security/sec_deny_srcip_mail_pre_subject_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_pre_subject_rate_high.py @@ -1,177 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_subject_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["Best*"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^Best" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_subject_rate_low.py b/tests/security/sec_deny_srcip_mail_pre_subject_rate_low.py index f718e3d10..d6374e75d 100644 --- a/tests/security/sec_deny_srcip_mail_pre_subject_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_pre_subject_rate_low.py @@ -1,177 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_subject_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["Best*"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^Best" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_subject_rst.py b/tests/security/sec_deny_srcip_mail_pre_subject_rst.py index 3bb29be54..88c70cae3 100644 --- a/tests/security/sec_deny_srcip_mail_pre_subject_rst.py +++ b/tests/security/sec_deny_srcip_mail_pre_subject_rst.py @@ -1,179 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_subject_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["Best*"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^Best" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_to_drop.py b/tests/security/sec_deny_srcip_mail_pre_to_drop.py index 44d8c64b6..c161c5b53 100644 --- a/tests/security/sec_deny_srcip_mail_pre_to_drop.py +++ b/tests/security/sec_deny_srcip_mail_pre_to_drop.py @@ -1,176 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_to_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_to", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "to", - "item_value": "auto*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_TO", + "type": "account", + "name": "sec_mail_to", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^autotest@" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"}], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"}, + {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_to_rate_high.py b/tests/security/sec_deny_srcip_mail_pre_to_rate_high.py index d601e11e6..d866d60d3 100644 --- a/tests/security/sec_deny_srcip_mail_pre_to_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_pre_to_rate_high.py @@ -1,174 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_to_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_to", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "to", - "item_value": "auto*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_TO", + "type": "account", + "name": "sec_mail_to", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^autotest@" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"}], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"}, + {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_to_rate_low.py b/tests/security/sec_deny_srcip_mail_pre_to_rate_low.py index bc063ff8e..95b41c074 100644 --- a/tests/security/sec_deny_srcip_mail_pre_to_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_pre_to_rate_low.py @@ -1,174 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_to_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_to", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "to", - "item_value": "auto*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_TO", + "type": "account", + "name": "sec_mail_to", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^autotest@" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"}], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"}, + {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_to_rst.py b/tests/security/sec_deny_srcip_mail_pre_to_rst.py index 4b825475b..f965e21ac 100644 --- a/tests/security/sec_deny_srcip_mail_pre_to_rst.py +++ b/tests/security/sec_deny_srcip_mail_pre_to_rst.py @@ -1,176 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_to_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_to", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "to", - "item_value": "auto*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_TO", + "type": "account", + "name": "sec_mail_to", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^autotest@" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"}], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"}, + {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_to_tamper.py b/tests/security/sec_deny_srcip_mail_pre_to_tamper.py index a3cc5273f..d650a2a10 100644 --- a/tests/security/sec_deny_srcip_mail_pre_to_tamper.py +++ b/tests/security/sec_deny_srcip_mail_pre_to_tamper.py @@ -1,173 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_to_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_to", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "to", - "item_value": "auto*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_TO", + "type": "account", + "name": "sec_mail_to", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^autotest@" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"}], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"}, + {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_content_block_550.py b/tests/security/sec_deny_srcip_mail_sub_attachment_content_block_550.py new file mode 100644 index 000000000..d4a0fc42a --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_sub_attachment_content_block_550.py @@ -0,0 +1,223 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_att_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "Subject" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 550, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "550", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_content_block_551.py b/tests/security/sec_deny_srcip_mail_sub_attachment_content_block_551.py new file mode 100644 index 000000000..b434f2bb9 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_sub_attachment_content_block_551.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_att_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "Subject" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 551, + "packet_capture": { + "enable": 0 + }, + + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "551", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_content_drop.py b/tests/security/sec_deny_srcip_mail_sub_attachment_content_drop.py new file mode 100644 index 000000000..72b3e2605 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_sub_attachment_content_drop.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_att_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "Subject" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_content_drop_rst.py b/tests/security/sec_deny_srcip_mail_sub_attachment_content_drop_rst.py new file mode 100644 index 000000000..54f638919 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_sub_attachment_content_drop_rst.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_att_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "Subject" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_block_550.py b/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_block_550.py deleted file mode 100644 index b2af8be97..000000000 --- a/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_block_550.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_attachment_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_content", - "item_value": "TEXT", - "value": [ - "Subject" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 550 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "550", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_block_551.py b/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_block_551.py deleted file mode 100644 index 4aae62819..000000000 --- a/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_block_551.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_attachment_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_content", - "item_value": "TEXT", - "value": [ - "Subject" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 551 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "551", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_drop.py b/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_drop.py deleted file mode 100644 index 416678db2..000000000 --- a/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_drop.py +++ /dev/null @@ -1,183 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_attachment_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_content", - "item_value": "TEXT", - "value": [ - "Subject" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_high.py b/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_high.py index 0ac160ff2..016ced7dc 100644 --- a/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_high.py @@ -1,181 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_attachment_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_content", - "item_value": "TEXT", - "value": [ - "Subject" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_att_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "Subject" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_low.py b/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_low.py index 69861cb86..01f6de1bb 100644 --- a/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_low.py @@ -1,181 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_attachment_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_content", - "item_value": "TEXT", - "value": [ - "Subject" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_att_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "Subject" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_rst.py b/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_rst.py deleted file mode 100644 index b0a1afeff..000000000 --- a/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_rst.py +++ /dev/null @@ -1,180 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_attachment_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_content", - "item_value": "TEXT", - "value": [ - "Subject" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_tamper.py b/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_tamper.py deleted file mode 100644 index b6438c345..000000000 --- a/tests/security/sec_deny_srcip_mail_sub_attachment_content_rate_tamper.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_attachment_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_content", - "item_value": "TEXT", - "value": [ - "Subject" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_content_tamper.py b/tests/security/sec_deny_srcip_mail_sub_attachment_content_tamper.py new file mode 100644 index 000000000..4654fe0fc --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_sub_attachment_content_tamper.py @@ -0,0 +1,223 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_att_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "Subject" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_name_block_550.py b/tests/security/sec_deny_srcip_mail_sub_attachment_name_block_550.py new file mode 100644 index 000000000..5b5aa23d4 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_sub_attachment_name_block_550.py @@ -0,0 +1,223 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "support" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 550, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "550", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_name_block_551.py b/tests/security/sec_deny_srcip_mail_sub_attachment_name_block_551.py new file mode 100644 index 000000000..74fad8c38 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_sub_attachment_name_block_551.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "support" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 551, + "packet_capture": { + "enable": 0 + }, + + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "551", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_name_drop.py b/tests/security/sec_deny_srcip_mail_sub_attachment_name_drop.py new file mode 100644 index 000000000..4866d96f4 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_sub_attachment_name_drop.py @@ -0,0 +1,673 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "support" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "tman$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "tman$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_name_drop_rst.py b/tests/security/sec_deny_srcip_mail_sub_attachment_name_drop_rst.py new file mode 100644 index 000000000..ea4b83a01 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_sub_attachment_name_drop_rst.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "support" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_block_550.py b/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_block_550.py deleted file mode 100644 index e9d12af7e..000000000 --- a/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_block_550.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "/support/packet_generator/mail_file/" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 550 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "550", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_block_551.py b/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_block_551.py deleted file mode 100644 index 62aa28f18..000000000 --- a/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_block_551.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "/support/packet_generator/mail_file/" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 551 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "551", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_drop.py b/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_drop.py deleted file mode 100644 index 5a2090371..000000000 --- a/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_drop.py +++ /dev/null @@ -1,183 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "/support/packet_generator/mail_file/" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_high.py b/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_high.py index b294e7e29..d0cc55021 100644 --- a/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_high.py @@ -1,181 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "/support/packet_generator/mail_file/" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "support" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_low.py b/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_low.py index dcc560755..d0cc55021 100644 --- a/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_low.py @@ -1,181 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "/support/packet_generator/mail_file/" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "support" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_rst.py b/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_rst.py deleted file mode 100644 index 9c9924692..000000000 --- a/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_rst.py +++ /dev/null @@ -1,180 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "/support/packet_generator/mail_file/" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_tamper.py b/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_tamper.py deleted file mode 100644 index b294e7e29..000000000 --- a/tests/security/sec_deny_srcip_mail_sub_attachment_name_rate_tamper.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "/support/packet_generator/mail_file/" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_attachment_name_tamper.py b/tests/security/sec_deny_srcip_mail_sub_attachment_name_tamper.py new file mode 100644 index 000000000..f536264ac --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_sub_attachment_name_tamper.py @@ -0,0 +1,223 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "support" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_content_block_550.py b/tests/security/sec_deny_srcip_mail_sub_content_block_550.py new file mode 100644 index 000000000..2f03c3194 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_sub_content_block_550.py @@ -0,0 +1,223 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "content" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 550, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "550", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_content_block_551.py b/tests/security/sec_deny_srcip_mail_sub_content_block_551.py new file mode 100644 index 000000000..68c13af6f --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_sub_content_block_551.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "content" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 551, + "packet_capture": { + "enable": 0 + }, + + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "551", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_content_drop.py b/tests/security/sec_deny_srcip_mail_sub_content_drop.py new file mode 100644 index 000000000..f6e802216 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_sub_content_drop.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "content" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_content_drop_rst.py b/tests/security/sec_deny_srcip_mail_sub_content_drop_rst.py new file mode 100644 index 000000000..f18b7cac0 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_sub_content_drop_rst.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "content" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_content_rate_block_550.py b/tests/security/sec_deny_srcip_mail_sub_content_rate_block_550.py deleted file mode 100644 index 5a96305f5..000000000 --- a/tests/security/sec_deny_srcip_mail_sub_content_rate_block_550.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "content" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 550 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "550", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_content_rate_block_551.py b/tests/security/sec_deny_srcip_mail_sub_content_rate_block_551.py deleted file mode 100644 index 6242165cf..000000000 --- a/tests/security/sec_deny_srcip_mail_sub_content_rate_block_551.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "content" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 551 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "551", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_content_rate_drop.py b/tests/security/sec_deny_srcip_mail_sub_content_rate_drop.py deleted file mode 100644 index fd3f39c0d..000000000 --- a/tests/security/sec_deny_srcip_mail_sub_content_rate_drop.py +++ /dev/null @@ -1,183 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "content" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_content_rate_high.py b/tests/security/sec_deny_srcip_mail_sub_content_rate_high.py index e1422a264..68e3b7eb0 100644 --- a/tests/security/sec_deny_srcip_mail_sub_content_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_sub_content_rate_high.py @@ -1,181 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "content" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "content" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_content_rate_low.py b/tests/security/sec_deny_srcip_mail_sub_content_rate_low.py index 56d6ccce1..8865e41e6 100644 --- a/tests/security/sec_deny_srcip_mail_sub_content_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_sub_content_rate_low.py @@ -1,181 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "content" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "content" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_content_rate_rst.py b/tests/security/sec_deny_srcip_mail_sub_content_rate_rst.py deleted file mode 100644 index 47e2afbf9..000000000 --- a/tests/security/sec_deny_srcip_mail_sub_content_rate_rst.py +++ /dev/null @@ -1,180 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "content" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_content_rate_tamper.py b/tests/security/sec_deny_srcip_mail_sub_content_rate_tamper.py deleted file mode 100644 index e1422a264..000000000 --- a/tests/security/sec_deny_srcip_mail_sub_content_rate_tamper.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "content" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_sub_content_tamper.py b/tests/security/sec_deny_srcip_mail_sub_content_tamper.py new file mode 100644 index 000000000..ccea270ce --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_sub_content_tamper.py @@ -0,0 +1,223 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "content" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_subject_block_550.py b/tests/security/sec_deny_srcip_mail_substr_subject_block_550.py index 45d34014f..3de110817 100644 --- a/tests/security/sec_deny_srcip_mail_substr_subject_block_550.py +++ b/tests/security/sec_deny_srcip_mail_substr_subject_block_550.py @@ -1,176 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_subject_block_550", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["man"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "Best" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "block", + "code": 550, + "packet_capture": { + "enable": 0 + }, + + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "550", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { "username": "hebingning", "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_subject_block_551.py b/tests/security/sec_deny_srcip_mail_substr_subject_block_551.py index c6269ce0f..5ca8634a7 100644 --- a/tests/security/sec_deny_srcip_mail_substr_subject_block_551.py +++ b/tests/security/sec_deny_srcip_mail_substr_subject_block_551.py @@ -1,177 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_subject_block_551", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["man"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 551 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "551", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "Best" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "block", + "code": 551, + "packet_capture": { + "enable": 0 + }, + + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "551", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_subject_block_tamper.py b/tests/security/sec_deny_srcip_mail_substr_subject_block_tamper.py index 84623e0fa..ac4d9322f 100644 --- a/tests/security/sec_deny_srcip_mail_substr_subject_block_tamper.py +++ b/tests/security/sec_deny_srcip_mail_substr_subject_block_tamper.py @@ -1,177 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_subject_block_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["man"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 551 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "551", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "Best" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_subject_drop.py b/tests/security/sec_deny_srcip_mail_substr_subject_drop.py index 8a024e6c6..eaa974baa 100644 --- a/tests/security/sec_deny_srcip_mail_substr_subject_drop.py +++ b/tests/security/sec_deny_srcip_mail_substr_subject_drop.py @@ -1,179 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_subject_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["man"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "Best" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_subject_rate_high.py b/tests/security/sec_deny_srcip_mail_substr_subject_rate_high.py index 7a9d02184..55ebb9d98 100644 --- a/tests/security/sec_deny_srcip_mail_substr_subject_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_substr_subject_rate_high.py @@ -1,177 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_subject_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["man"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "Best" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_subject_rate_low.py b/tests/security/sec_deny_srcip_mail_substr_subject_rate_low.py index fe987f77c..f01302fe9 100644 --- a/tests/security/sec_deny_srcip_mail_substr_subject_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_substr_subject_rate_low.py @@ -1,177 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_subject_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["man"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "Best" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_subject_rst.py b/tests/security/sec_deny_srcip_mail_substr_subject_rst.py index 3f703020a..e76637961 100644 --- a/tests/security/sec_deny_srcip_mail_substr_subject_rst.py +++ b/tests/security/sec_deny_srcip_mail_substr_subject_rst.py @@ -1,179 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_subject_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["man"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "Best" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_to_drop.py b/tests/security/sec_deny_srcip_mail_substr_to_drop.py index d4d76ecd7..d51f8c61b 100644 --- a/tests/security/sec_deny_srcip_mail_substr_to_drop.py +++ b/tests/security/sec_deny_srcip_mail_substr_to_drop.py @@ -1,176 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_to_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_to", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "to", - "item_value": "autotest" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_TO", + "type": "account", + "name": "sec_mail_to", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "autotest@" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"}], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"}, + {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_to_rate_high.py b/tests/security/sec_deny_srcip_mail_substr_to_rate_high.py index fd73084d2..dc63cb57b 100644 --- a/tests/security/sec_deny_srcip_mail_substr_to_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_substr_to_rate_high.py @@ -1,174 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_to_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_to", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "to", - "item_value": "autotest" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_TO", + "type": "account", + "name": "sec_mail_to", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "autotest@" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"}], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/root/aaa.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"}, + {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { "username": "hebingning", "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "test_pc_ip": "192.168.64.65", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_to_rate_low.py b/tests/security/sec_deny_srcip_mail_substr_to_rate_low.py index fa35a6675..af4a2286a 100644 --- a/tests/security/sec_deny_srcip_mail_substr_to_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_substr_to_rate_low.py @@ -1,174 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_to_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_to", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "to", - "item_value": "autotest" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_TO", + "type": "account", + "name": "sec_mail_to", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "autotest@" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"}], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"}, + {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_to_rst.py b/tests/security/sec_deny_srcip_mail_substr_to_rst.py index fc0461c09..58784830f 100644 --- a/tests/security/sec_deny_srcip_mail_substr_to_rst.py +++ b/tests/security/sec_deny_srcip_mail_substr_to_rst.py @@ -1,176 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_to_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_to", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "to", - "item_value": "autotest" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_TO", + "type": "account", + "name": "sec_mail_to", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "autotest@" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"}], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"}, + {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_to_tamper.py b/tests/security/sec_deny_srcip_mail_substr_to_tamper.py index 0271da766..55f5527ed 100644 --- a/tests/security/sec_deny_srcip_mail_substr_to_tamper.py +++ b/tests/security/sec_deny_srcip_mail_substr_to_tamper.py @@ -1,173 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_to_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_to", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "to", - "item_value": "autotest" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_TO", + "type": "account", + "name": "sec_mail_to", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "autotest@" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"}], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"}, + {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_attachment_name_block_550.py b/tests/security/sec_deny_srcip_mail_suff_attachment_name_block_550.py new file mode 100644 index 000000000..9784947f8 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_suff_attachment_name_block_550.py @@ -0,0 +1,223 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "/subjectEnglish.txt$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 550, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "550", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_attachment_name_block_551.py b/tests/security/sec_deny_srcip_mail_suff_attachment_name_block_551.py new file mode 100644 index 000000000..aa2d2f74c --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_suff_attachment_name_block_551.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "/subjectEnglish.txt$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 551, + "packet_capture": { + "enable": 0 + }, + + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "551", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_attachment_name_drop.py b/tests/security/sec_deny_srcip_mail_suff_attachment_name_drop.py new file mode 100644 index 000000000..4cd1e387b --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_suff_attachment_name_drop.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "/subjectEnglish.txt$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_attachment_name_drop_rst.py b/tests/security/sec_deny_srcip_mail_suff_attachment_name_drop_rst.py new file mode 100644 index 000000000..87c71db8c --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_suff_attachment_name_drop_rst.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "/subjectEnglish.txt$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_block_550.py b/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_block_550.py deleted file mode 100644 index c8682df82..000000000 --- a/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_block_550.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "*/app/support/packet_generator/mail_file/subjectEnglish.txt" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 550 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "550", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_block_551.py b/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_block_551.py deleted file mode 100644 index 6b1ab082a..000000000 --- a/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_block_551.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "*/app/support/packet_generator/mail_file/subjectEnglish.txt" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 551 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "551", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_drop.py b/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_drop.py deleted file mode 100644 index d75ca03fd..000000000 --- a/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_drop.py +++ /dev/null @@ -1,183 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "*/app/support/packet_generator/mail_file/subjectEnglish.txt" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_high.py b/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_high.py index 99a3e95b9..644c87be0 100644 --- a/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_high.py @@ -1,181 +1,673 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "*/app/support/packet_generator/mail_file/subjectEnglish.txt" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "/subjectEnglish.txt$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "tman$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "tman$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_low.py b/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_low.py index 0413c3350..0d42bc0db 100644 --- a/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_low.py @@ -1,181 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "*/app/support/packet_generator/mail_file/subjectEnglish.txt" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "/subjectEnglish.txt$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_rst.py b/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_rst.py deleted file mode 100644 index c7c512659..000000000 --- a/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_rst.py +++ /dev/null @@ -1,180 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "*/app/support/packet_generator/mail_file/subjectEnglish.txt" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_tamper.py b/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_tamper.py deleted file mode 100644 index 99a3e95b9..000000000 --- a/tests/security/sec_deny_srcip_mail_suff_attachment_name_rate_tamper.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "*/app/support/packet_generator/mail_file/subjectEnglish.txt" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_attachment_name_tamper.py b/tests/security/sec_deny_srcip_mail_suff_attachment_name_tamper.py new file mode 100644 index 000000000..685909ca9 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_suff_attachment_name_tamper.py @@ -0,0 +1,223 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "/subjectEnglish.txt$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_content_block_550.py b/tests/security/sec_deny_srcip_mail_suff_content_block_550.py new file mode 100644 index 000000000..8b1d8623b --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_suff_content_block_550.py @@ -0,0 +1,223 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "ntent123$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 550, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "550", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_content_block_551.py b/tests/security/sec_deny_srcip_mail_suff_content_block_551.py new file mode 100644 index 000000000..d1a7e35c5 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_suff_content_block_551.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "ntent123$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 551, + "packet_capture": { + "enable": 0 + }, + + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "551", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_content_drop.py b/tests/security/sec_deny_srcip_mail_suff_content_drop.py new file mode 100644 index 000000000..af45bcdbf --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_suff_content_drop.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "ntent123$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_content_drop_rst.py b/tests/security/sec_deny_srcip_mail_suff_content_drop_rst.py new file mode 100644 index 000000000..8406767f2 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_suff_content_drop_rst.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "ntent123$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_content_rate_block_550.py b/tests/security/sec_deny_srcip_mail_suff_content_rate_block_550.py deleted file mode 100644 index cdd96aceb..000000000 --- a/tests/security/sec_deny_srcip_mail_suff_content_rate_block_550.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "*tent123" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 550 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "550", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_content_rate_block_551.py b/tests/security/sec_deny_srcip_mail_suff_content_rate_block_551.py deleted file mode 100644 index 9f980fef3..000000000 --- a/tests/security/sec_deny_srcip_mail_suff_content_rate_block_551.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "*tent123" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 551 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "551", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_content_rate_drop.py b/tests/security/sec_deny_srcip_mail_suff_content_rate_drop.py deleted file mode 100644 index d2fd80fff..000000000 --- a/tests/security/sec_deny_srcip_mail_suff_content_rate_drop.py +++ /dev/null @@ -1,183 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "*tent123" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_content_rate_high.py b/tests/security/sec_deny_srcip_mail_suff_content_rate_high.py index 5ca5e408d..66270b406 100644 --- a/tests/security/sec_deny_srcip_mail_suff_content_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_suff_content_rate_high.py @@ -1,181 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "*tent123" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "ntent123$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_content_rate_low.py b/tests/security/sec_deny_srcip_mail_suff_content_rate_low.py index 34328dcd4..94b9a8b84 100644 --- a/tests/security/sec_deny_srcip_mail_suff_content_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_suff_content_rate_low.py @@ -1,181 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "*tent123" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "ntent123$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_content_rate_rst.py b/tests/security/sec_deny_srcip_mail_suff_content_rate_rst.py deleted file mode 100644 index 310bae793..000000000 --- a/tests/security/sec_deny_srcip_mail_suff_content_rate_rst.py +++ /dev/null @@ -1,180 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "*tent123" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_content_rate_tamper.py b/tests/security/sec_deny_srcip_mail_suff_content_rate_tamper.py deleted file mode 100644 index 5ca5e408d..000000000 --- a/tests/security/sec_deny_srcip_mail_suff_content_rate_tamper.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "*tent123" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_content_tamper.py b/tests/security/sec_deny_srcip_mail_suff_content_tamper.py new file mode 100644 index 000000000..60333e9ac --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_suff_content_tamper.py @@ -0,0 +1,223 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "ntent123$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_subject_block_550.py b/tests/security/sec_deny_srcip_mail_suff_subject_block_550.py index 422859cff..9836fe71e 100644 --- a/tests/security/sec_deny_srcip_mail_suff_subject_block_550.py +++ b/tests/security/sec_deny_srcip_mail_suff_subject_block_550.py @@ -1,177 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_subject_block_550", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["*tman"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 550 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "550", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "tman$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "block", + "code": 550, + "packet_capture": { + "enable": 0 + }, + + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "550", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { "username": "hebingning", "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_subject_block_551.py b/tests/security/sec_deny_srcip_mail_suff_subject_block_551.py index 6a47bcb32..bb9d23817 100644 --- a/tests/security/sec_deny_srcip_mail_suff_subject_block_551.py +++ b/tests/security/sec_deny_srcip_mail_suff_subject_block_551.py @@ -1,177 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_subject_block_551", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["*tman"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 551 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "551", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "tman$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "block", + "code": 551, + "packet_capture": { + "enable": 0 + }, + + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "551", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_subject_block_tamper.py b/tests/security/sec_deny_srcip_mail_suff_subject_block_tamper.py deleted file mode 100644 index 05f919811..000000000 --- a/tests/security/sec_deny_srcip_mail_suff_subject_block_tamper.py +++ /dev/null @@ -1,177 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_subject_block_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["*tman"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 551 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "551", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_subject_drop.py b/tests/security/sec_deny_srcip_mail_suff_subject_drop.py index 9db06d36b..c7b3d0612 100644 --- a/tests/security/sec_deny_srcip_mail_suff_subject_drop.py +++ b/tests/security/sec_deny_srcip_mail_suff_subject_drop.py @@ -1,179 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_subject_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["*tman"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "tman$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_subject_drop_rst.py b/tests/security/sec_deny_srcip_mail_suff_subject_drop_rst.py new file mode 100644 index 000000000..7e2c59ec4 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_suff_subject_drop_rst.py @@ -0,0 +1,223 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "tman$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_subject_rate_high.py b/tests/security/sec_deny_srcip_mail_suff_subject_rate_high.py index 2d7ee3baa..2a0966058 100644 --- a/tests/security/sec_deny_srcip_mail_suff_subject_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_suff_subject_rate_high.py @@ -1,177 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_subject_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["*tman"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "tman$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_subject_rate_low.py b/tests/security/sec_deny_srcip_mail_suff_subject_rate_low.py index 422859cff..595e59c92 100644 --- a/tests/security/sec_deny_srcip_mail_suff_subject_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_suff_subject_rate_low.py @@ -1,177 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_subject_block_550", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_subject", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "mail_subject", - "item_value": "TEXT", - "value": ["*tman"] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 550 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "550", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_subject", "query_value": "Bestman"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "tman$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_subject_rst.py b/tests/security/sec_deny_srcip_mail_suff_subject_rst.py deleted file mode 100644 index 5d75a183e..000000000 --- a/tests/security/sec_deny_srcip_mail_suff_subject_rst.py +++ /dev/null @@ -1,141 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "allow", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [], - "server_fqdn": [], - "protocol_filed": [], - "ip_protocol":[ - "UDP" - ], - "sub_action_override": True, - "sub_action": [], - "packet_capture": [] - }, - "profile": [], - "expected_return": "facebook", - "counters": {"hits": 2}, - "log_query_param": [{"query_field_key":"ip_protocol", "query_value": "udp"}], - "traffic": { - "protocol": "dns", - "type": "nslookup", - "command": "nslookup www.facebook.com -timeout=1 8.8.8.8" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_subject_tamper.py b/tests/security/sec_deny_srcip_mail_suff_subject_tamper.py new file mode 100644 index 000000000..8b1b7cd9a --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_suff_subject_tamper.py @@ -0,0 +1,222 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "tman$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_to_drop.py b/tests/security/sec_deny_srcip_mail_suff_to_drop.py index 363ccb5c4..5edf9077b 100644 --- a/tests/security/sec_deny_srcip_mail_suff_to_drop.py +++ b/tests/security/sec_deny_srcip_mail_suff_to_drop.py @@ -1,176 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_to_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_to", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "to", - "item_value": "*@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_TO", + "type": "account", + "name": "sec_mail_to", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "[email protected]$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"}], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"}, + {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_to_rate_high.py b/tests/security/sec_deny_srcip_mail_suff_to_rate_high.py index 936bd7130..4976473f3 100644 --- a/tests/security/sec_deny_srcip_mail_suff_to_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_suff_to_rate_high.py @@ -1,174 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_src_mail_suff_to_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_to", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "to", - "item_value": "*@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_TO", + "type": "account", + "name": "sec_mail_to", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "[email protected]$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"}], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"}, + {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_to_rate_low.py b/tests/security/sec_deny_srcip_mail_suff_to_rate_low.py index df5b7653d..495ff0a9b 100644 --- a/tests/security/sec_deny_srcip_mail_suff_to_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_suff_to_rate_low.py @@ -1,174 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_to_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_to", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "to", - "item_value": "*@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_TO", + "type": "account", + "name": "sec_mail_to", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "[email protected]$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"}], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"}, + {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_to_rst.py b/tests/security/sec_deny_srcip_mail_suff_to_rst.py index 317077039..ff48beb70 100644 --- a/tests/security/sec_deny_srcip_mail_suff_to_rst.py +++ b/tests/security/sec_deny_srcip_mail_suff_to_rst.py @@ -1,176 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_to_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_to", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "to", - "item_value": "*@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_TO", + "type": "account", + "name": "sec_mail_to", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "[email protected]$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"}], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"}, + {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_to_tamper.py b/tests/security/sec_deny_srcip_mail_suff_to_tamper.py index 817782459..a13c39c60 100644 --- a/tests/security/sec_deny_srcip_mail_suff_to_tamper.py +++ b/tests/security/sec_deny_srcip_mail_suff_to_tamper.py @@ -1,173 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_to_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_to", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "to", - "item_value": "*@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_TO", + "type": "account", + "name": "sec_mail_to", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "[email protected]$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"}], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"}, + {"query_field_key":"mail_to_cmd", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_attachment_name_block_550.py b/tests/security/sec_deny_srcip_mail_xly_attachment_name_block_550.py new file mode 100644 index 000000000..4fad9cef7 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_xly_attachment_name_block_550.py @@ -0,0 +1,223 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^/app/support/packet_generator/mail_file/subjectEnglish.txt$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 550, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "550", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_attachment_name_block_551.py b/tests/security/sec_deny_srcip_mail_xly_attachment_name_block_551.py new file mode 100644 index 000000000..ce36effc5 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_xly_attachment_name_block_551.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^/app/support/packet_generator/mail_file/subjectEnglish.txt$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 551, + "packet_capture": { + "enable": 0 + }, + + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "551", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_attachment_name_drop.py b/tests/security/sec_deny_srcip_mail_xly_attachment_name_drop.py new file mode 100644 index 000000000..9136bc1d4 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_xly_attachment_name_drop.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^/app/support/packet_generator/mail_file/subjectEnglish.txt$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_attachment_name_drop_rst.py b/tests/security/sec_deny_srcip_mail_xly_attachment_name_drop_rst.py new file mode 100644 index 000000000..f3b629198 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_xly_attachment_name_drop_rst.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^/app/support/packet_generator/mail_file/subjectEnglish.txt$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_block_550.py b/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_block_550.py deleted file mode 100644 index dbdf98707..000000000 --- a/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_block_550.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "$/app/support/packet_generator/mail_file/subjectEnglish.txt" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 550 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "550", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_block_551.py b/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_block_551.py deleted file mode 100644 index 39b39b419..000000000 --- a/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_block_551.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "$/app/support/packet_generator/mail_file/subjectEnglish.txt" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 551 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "551", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_drop.py b/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_drop.py deleted file mode 100644 index 6018d8bfa..000000000 --- a/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_drop.py +++ /dev/null @@ -1,183 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "$/app/support/packet_generator/mail_file/subjectEnglish.txt" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_high.py b/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_high.py index feaf74d96..604a943b7 100644 --- a/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_high.py @@ -1,181 +1,673 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "$/app/support/packet_generator/mail_file/subjectEnglish.txt" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^/app/support/packet_generator/mail_file/subjectEnglish.txt$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "tman$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter) + +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_SUBJECT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_subject", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "tman$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_low.py b/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_low.py index 8c0fc1c6f..eacdd820a 100644 --- a/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_low.py @@ -1,181 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "$/app/support/packet_generator/mail_file/subjectEnglish.txt" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^/app/support/packet_generator/mail_file/subjectEnglish.txt$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_rst.py b/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_rst.py deleted file mode 100644 index e48ee95ad..000000000 --- a/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_rst.py +++ /dev/null @@ -1,180 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "$/app/support/packet_generator/mail_file/subjectEnglish.txt" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_tamper.py b/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_tamper.py deleted file mode 100644 index feaf74d96..000000000 --- a/tests/security/sec_deny_srcip_mail_xly_attachment_name_rate_tamper.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "monitor_mail_attachment_name", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "attachment_name", - "item_value": "TEXT", - "value": [ - "$/app/support/packet_generator/mail_file/subjectEnglish.txt" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_attachment_name_tamper.py b/tests/security/sec_deny_srcip_mail_xly_attachment_name_tamper.py new file mode 100644 index 000000000..bbd57219e --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_xly_attachment_name_tamper.py @@ -0,0 +1,223 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ATT_NAME", + "type": "keyword", + "member_type": "item", + "name": "monitor_mail_att_name", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^/app/support/packet_generator/mail_file/subjectEnglish.txt$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_content_block_550.py b/tests/security/sec_deny_srcip_mail_xly_content_block_550.py new file mode 100644 index 000000000..2728c9d82 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_xly_content_block_550.py @@ -0,0 +1,223 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^content123$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 550, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "550", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "hebingning", + "password": "hbn66AAA", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_content_block_551.py b/tests/security/sec_deny_srcip_mail_xly_content_block_551.py new file mode 100644 index 000000000..28a1c03ce --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_xly_content_block_551.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^content123$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 551, + "packet_capture": { + "enable": 0 + }, + + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "551", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_content_drop.py b/tests/security/sec_deny_srcip_mail_xly_content_drop.py new file mode 100644 index 000000000..39a31c530 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_xly_content_drop.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^content123$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_content_drop_rst.py b/tests/security/sec_deny_srcip_mail_xly_content_drop_rst.py new file mode 100644 index 000000000..9294b70ec --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_xly_content_drop_rst.py @@ -0,0 +1,224 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^content123$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_content_rate_block_550.py b/tests/security/sec_deny_srcip_mail_xly_content_rate_block_550.py deleted file mode 100644 index d11b3d0eb..000000000 --- a/tests/security/sec_deny_srcip_mail_xly_content_rate_block_550.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "$content123" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 550 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "550", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_content_rate_block_551.py b/tests/security/sec_deny_srcip_mail_xly_content_rate_block_551.py deleted file mode 100644 index ab2031d73..000000000 --- a/tests/security/sec_deny_srcip_mail_xly_content_rate_block_551.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "$content123" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 551 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "551", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_content_rate_drop.py b/tests/security/sec_deny_srcip_mail_xly_content_rate_drop.py deleted file mode 100644 index 9decd1328..000000000 --- a/tests/security/sec_deny_srcip_mail_xly_content_rate_drop.py +++ /dev/null @@ -1,183 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "$content123" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_content_rate_high.py b/tests/security/sec_deny_srcip_mail_xly_content_rate_high.py index aed0f16ea..6224d215b 100644 --- a/tests/security/sec_deny_srcip_mail_xly_content_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_xly_content_rate_high.py @@ -1,181 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "$content123" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^content123$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_content_rate_low.py b/tests/security/sec_deny_srcip_mail_xly_content_rate_low.py index b771983a1..66687a0fa 100644 --- a/tests/security/sec_deny_srcip_mail_xly_content_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_xly_content_rate_low.py @@ -1,181 +1,225 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "$content123" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^content123$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 1, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_content_rate_rst.py b/tests/security/sec_deny_srcip_mail_xly_content_rate_rst.py deleted file mode 100644 index 97c2a51d7..000000000 --- a/tests/security/sec_deny_srcip_mail_xly_content_rate_rst.py +++ /dev/null @@ -1,180 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "$content123" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_content_rate_tamper.py b/tests/security/sec_deny_srcip_mail_xly_content_rate_tamper.py deleted file mode 100644 index aed0f16ea..000000000 --- a/tests/security/sec_deny_srcip_mail_xly_content_rate_tamper.py +++ /dev/null @@ -1,181 +0,0 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "mail_content", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "plus": False, - "Statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "content", - "item_value": "TEXT", - "value": [ - "$content123" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [ - {"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} - ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "content123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_xly_content_tamper.py b/tests/security/sec_deny_srcip_mail_xly_content_tamper.py new file mode 100644 index 000000000..891629282 --- /dev/null +++ b/tests/security/sec_deny_srcip_mail_xly_content_tamper.py @@ -0,0 +1,223 @@ +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_CONTENT", + "type": "keyword", + "member_type": "item", + "name": "sec_mail_content", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^content123$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "content123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"server_ip", "query_value": "192.168.40.206"}, + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"}, + {"query_field_key":"mail_subject", "query_value": "Bestman"}, + {"query_field_key": "mail_attachment_name", "query_value": "/app/support/packet_generator/mail_file/subjectEnglish.txt"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 1, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_negate_substr_fqdn_http_alert_200_responsetext_hit_no.py b/tests/security/sec_deny_srcip_negate_substr_fqdn_http_alert_200_responsetext_hit_no.py index 1032ffc69..2408c046d 100644 --- a/tests/security/sec_deny_srcip_negate_substr_fqdn_http_alert_200_responsetext_hit_no.py +++ b/tests/security/sec_deny_srcip_negate_substr_fqdn_http_alert_200_responsetext_hit_no.py @@ -93,7 +93,7 @@ def run(parameter): verification_result = { "excepted_traffic_result": "POST", - "expected_metric": {}, + "expected_metric": {"hits": 0}, "expected_log": [] } diff --git a/tests/security/sec_deny_srcip_negate_substr_fqdn_http_substr_url_redirect_hit_yes.py b/tests/security/sec_deny_srcip_negate_substr_fqdn_http_substr_url_redirect_hit_yes.py index df75161c6..dd0f8060b 100644 --- a/tests/security/sec_deny_srcip_negate_substr_fqdn_http_substr_url_redirect_hit_yes.py +++ b/tests/security/sec_deny_srcip_negate_substr_fqdn_http_substr_url_redirect_hit_yes.py @@ -34,7 +34,7 @@ def run(parameter): "attribute_name": "ATTR_EXTERNAL_IP", "type": "ip", "sub_type": "ip", - "name": "sec_extip", + "name": "sec_sec_ip", "items": [ { "op": "add", diff --git a/tests/security/sec_shunt_extip_suff_fqdn_ssl.py b/tests/security/sec_shunt_extip_suff_fqdn_ssl.py index 1b86bb47b..c5d45e383 100644 --- a/tests/security/sec_shunt_extip_suff_fqdn_ssl.py +++ b/tests/security/sec_shunt_extip_suff_fqdn_ssl.py @@ -22,7 +22,7 @@ def run(parameter): "is_multi_priority": False, "rule_num": 1, "policy_type": "security", - "rule_name": "sec_shunt_extip_suff_serverfqdn_ssl", + "rule_name": "sec_shunt_sec_ip_suff_serverfqdn_ssl", "rule_action": "shunt", "rule_type": "create", "condition": { |