diff options
| author | [email protected] <[email protected]> | 2024-11-28 00:11:57 +0800 |
|---|---|---|
| committer | [email protected] <[email protected]> | 2024-11-28 00:11:57 +0800 |
| commit | 83e1423732b3bea0b44724c5de8eb6c8cc25f7e8 (patch) | |
| tree | 237a777b02bd8138bb7e16279a7c0adacc8a6e04 | |
| parent | 8f92bda5528fa5059b60ac500f3bf0599993be55 (diff) | |
update security cases to new format
106 files changed, 16009 insertions, 16881 deletions
diff --git a/tests/security/sec_allow_subid_mail_substr_from_substr_to_substr_account.py b/tests/security/sec_allow_subid_mail_substr_from_substr_to_substr_account.py index 59416fce2..2a2433b11 100644 --- a/tests/security/sec_allow_subid_mail_substr_from_substr_to_substr_account.py +++ b/tests/security/sec_allow_subid_mail_substr_from_substr_to_substr_account.py @@ -55,7 +55,7 @@ def run(parameter): ], }, { - "negate_option": 0, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_MAIL_FROM", @@ -73,7 +73,7 @@ def run(parameter): ] }, { - "negate_option": 0, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_MAIL_TO", @@ -91,7 +91,7 @@ def run(parameter): ] }, { - "negate_option": 0, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_MAIL_ACCOUNT", diff --git a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_profile.py b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_profile.py index f5e91fd04..918776e9f 100644 --- a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_profile.py +++ b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_profile.py @@ -113,7 +113,7 @@ def run(parameter): verification_result = { "excepted_traffic_result": "aaa.bbb.ccc", - "expected_metric": {"hits": 1}, + "expected_metric": {"hits": 2}, "expected_log": [ {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, {"query_field_key":"decoded_as", "query_value": "DNS"}, diff --git a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_text.py b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_text.py index bc974215a..115045154 100644 --- a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_text.py +++ b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_text.py @@ -107,7 +107,7 @@ def run(parameter): verification_result = { "excepted_traffic_result": "aaa.bbb.ccc", - "expected_metric": {"hits": 1}, + "expected_metric": {"hits": 2}, "expected_log": [ {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, {"query_field_key":"decoded_as", "query_value": "DNS"}, diff --git a/tests/security/sec_deny_srcip_http_alert_200_profile.py b/tests/security/sec_deny_srcip_http_alert_200_profile.py index 66e151288..44ca94711 100644 --- a/tests/security/sec_deny_srcip_http_alert_200_profile.py +++ b/tests/security/sec_deny_srcip_http_alert_200_profile.py @@ -85,7 +85,7 @@ def run(parameter): "enable": 0 }, "send_icmp_unreachable": 0 - }, + }, "is_enabled": 1, "log_option": "metadata", } diff --git a/tests/security/sec_deny_srcip_http_block_403_profile.py b/tests/security/sec_deny_srcip_http_block_403_profile.py index a2df4abff..13449075e 100644 --- a/tests/security/sec_deny_srcip_http_block_403_profile.py +++ b/tests/security/sec_deny_srcip_http_block_403_profile.py @@ -75,7 +75,7 @@ def run(parameter): ], "action_parameter": { "sub_action": "block", - "code": 404, + "code": 403, "html_profile": { "name": "test", "format": "html", diff --git a/tests/security/sec_deny_srcip_http_pre_url_alert_200_profile.py b/tests/security/sec_deny_srcip_http_pre_url_alert_200_profile.py index 55f61c40d..f72711a54 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_alert_200_profile.py +++ b/tests/security/sec_deny_srcip_http_pre_url_alert_200_profile.py @@ -1,183 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node" + } + ] + } + ] + } + ], "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" + "sub_action": "alert", + "code": 200, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_url_alert_200_text.py b/tests/security/sec_deny_srcip_http_pre_url_alert_200_text.py index 7ab509173..4b1371758 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_alert_200_text.py +++ b/tests/security/sec_deny_srcip_http_pre_url_alert_200_text.py @@ -1,358 +1,4 @@ # -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "TEXT", - "content": "deny200" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) @@ -430,13 +76,13 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "alert", + "code": 200, + "message": "deny_autest_200", "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, - "send_icmp_unreachable": 0, - "after_n_packets": 0 + "send_icmp_unreachable": 0 }, "is_enabled": 1, "log_option": "metadata", diff --git a/tests/security/sec_deny_srcip_http_pre_url_alert_204.py b/tests/security/sec_deny_srcip_http_pre_url_alert_204.py index d14ca459f..b8fb2c9de 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_alert_204.py +++ b/tests/security/sec_deny_srcip_http_pre_url_alert_204.py @@ -1,356 +1,4 @@ # -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_204", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 204 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "204", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) @@ -428,13 +76,12 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "alert", + "code": 204, "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, - "send_icmp_unreachable": 0, - "after_n_packets": 0 + "send_icmp_unreachable": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -442,11 +89,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "204", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_pre_url_block_403_profile.py b/tests/security/sec_deny_srcip_http_pre_url_block_403_profile.py index 138836777..3ed8a56ce 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_block_403_profile.py +++ b/tests/security/sec_deny_srcip_http_pre_url_block_403_profile.py @@ -1,372 +1,4 @@ # -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_block_403_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 403, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 403, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "403", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) @@ -444,13 +76,17 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "block", + "code": 403, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, - "send_icmp_unreachable": 0, - "after_n_packets": 0 + "send_icmp_unreachable": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -458,11 +94,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "403", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, @@ -478,6 +114,10 @@ def run(parameter): objects_tuple, ui_error = ui_client.create_objects(policy_configuration) if len(ui_error) > 0: return ui_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) if len(ui_error) > 0: return ui_error @@ -553,7 +193,8 @@ def run(parameter): api_client.delete_rules(rules_tuple) if objects_tuple: api_client.delete_objects(objects_tuple) - + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time diff --git a/tests/security/sec_deny_srcip_http_pre_url_block_403_text.py b/tests/security/sec_deny_srcip_http_pre_url_block_403_text.py index 1ce8ff8b6..299b5fdaa 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_block_403_text.py +++ b/tests/security/sec_deny_srcip_http_pre_url_block_403_text.py @@ -1,358 +1,4 @@ # -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_block_403_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 403, - "content_type": "TEXT", - "content": "hello403" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "403", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) @@ -430,13 +76,13 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "block", + "code": 403, + "message": "deny_autest_403", "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, - "send_icmp_unreachable": 0, - "after_n_packets": 0 + "send_icmp_unreachable": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -444,11 +90,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "403", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_pre_url_block_404_profile.py b/tests/security/sec_deny_srcip_http_pre_url_block_404_profile.py index 6b57f1e28..71c09c5f4 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_block_404_profile.py +++ b/tests/security/sec_deny_srcip_http_pre_url_block_404_profile.py @@ -1,372 +1,4 @@ # -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_block_404_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 404, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 404, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "404", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) @@ -444,13 +76,17 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "block", + "code": 404, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, - "send_icmp_unreachable": 0, - "after_n_packets": 0 + "send_icmp_unreachable": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -458,11 +94,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "404", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, @@ -487,6 +123,10 @@ def run(parameter): objects_tuple, api_error = api_client.create_objects(policy_configuration) if len(api_error) > 0: return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") if len(api_error) > 0: return api_error @@ -553,6 +193,8 @@ def run(parameter): api_client.delete_rules(rules_tuple) if objects_tuple: api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() diff --git a/tests/security/sec_deny_srcip_http_pre_url_block_404_text.py b/tests/security/sec_deny_srcip_http_pre_url_block_404_text.py index ddbbfdb2d..314b3fae6 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_block_404_text.py +++ b/tests/security/sec_deny_srcip_http_pre_url_block_404_text.py @@ -1,358 +1,4 @@ # -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_block_404_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 404, - "content_type": "TEXT", - "content": "hello404" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "404", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) @@ -430,13 +76,13 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "block", + "code": 404, + "message": "deny_autest_404", "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, - "send_icmp_unreachable": 0, - "after_n_packets": 0 + "send_icmp_unreachable": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -444,11 +90,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "404", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_pre_url_drop.py b/tests/security/sec_deny_srcip_http_pre_url_drop.py index 2fc305204..1e21a320f 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_drop.py +++ b/tests/security/sec_deny_srcip_http_pre_url_drop.py @@ -1,358 +1,4 @@ # -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) @@ -434,7 +80,7 @@ def run(parameter): "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, + "send_tcp_reset": 0, "send_icmp_unreachable": 0, "after_n_packets": 0 }, @@ -444,11 +90,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "timed out", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_pre_url_drop_rst.py b/tests/security/sec_deny_srcip_http_pre_url_drop_rst.py index 28fae375d..718109c9a 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_drop_rst.py +++ b/tests/security/sec_deny_srcip_http_pre_url_drop_rst.py @@ -1,358 +1,4 @@ # -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_drop_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) @@ -444,11 +90,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "reset", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_pre_url_rate_high.py b/tests/security/sec_deny_srcip_http_pre_url_rate_high.py index 44637ee8d..23fe96268 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_rate_high.py +++ b/tests/security/sec_deny_srcip_http_pre_url_rate_high.py @@ -1,356 +1,4 @@ # -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "POST", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) @@ -428,13 +76,14 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, + "send_tcp_reset": 0, "send_icmp_unreachable": 0, - "after_n_packets": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -442,11 +91,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "POST", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_pre_url_rate_low.py b/tests/security/sec_deny_srcip_http_pre_url_rate_low.py index aa68ebfda..3ce1b3f88 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_rate_low.py +++ b/tests/security/sec_deny_srcip_http_pre_url_rate_low.py @@ -1,356 +1,4 @@ # -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) @@ -428,13 +76,14 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, - "send_icmp_unreachable": 0, - "after_n_packets": 0 + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -442,11 +91,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "timed out", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_pre_url_redirect.py b/tests/security/sec_deny_srcip_http_pre_url_redirect.py index d7d190be3..e9187bc15 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_redirect.py +++ b/tests/security/sec_deny_srcip_http_pre_url_redirect.py @@ -1,359 +1,4 @@ # -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_redirect", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "to_url": "https://www.youtube.com", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "303", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) @@ -431,13 +76,13 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "redirect", + "code": 303, + "to": "https://www.youtube.com", "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, - "send_icmp_unreachable": 0, - "after_n_packets": 0 + "send_icmp_unreachable": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -445,11 +90,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "303", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_pre_url_tamper.py b/tests/security/sec_deny_srcip_http_pre_url_tamper.py index 894e0372e..7f77790f1 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_tamper.py +++ b/tests/security/sec_deny_srcip_http_pre_url_tamper.py @@ -1,355 +1,4 @@ # -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) @@ -427,13 +76,12 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "tamper", "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, + "tamper_mode": "complete", "send_icmp_unreachable": 0, - "after_n_packets": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -441,11 +89,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "timed out", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_rate_high.py b/tests/security/sec_deny_srcip_http_rate_high.py index 2b93f991c..47c9f15f3 100644 --- a/tests/security/sec_deny_srcip_http_rate_high.py +++ b/tests/security/sec_deny_srcip_http_rate_high.py @@ -1,338 +1,4 @@ # -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_block_404_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "POST", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) @@ -388,35 +54,17 @@ def run(parameter): "items": ["http"] } ], - }, - { - "negate_option": False, - "or_conditions": [ - { - "attribute_name": "ATTR_HTTP_URL", - "name": "sec_url", - "type": "url", - "statistics_option": "none", - "member_type": "item", - "items": [ - { - "op": "add", - "expr_type": "and", - "expression": "^open.node" - } - ] - } - ] } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, + "send_tcp_reset": 0, "send_icmp_unreachable": 0, - "after_n_packets": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -424,11 +72,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "POST", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_rate_low.py b/tests/security/sec_deny_srcip_http_rate_low.py index c78ddd4bc..7c2d4ea0d 100644 --- a/tests/security/sec_deny_srcip_http_rate_low.py +++ b/tests/security/sec_deny_srcip_http_rate_low.py @@ -1,338 +1,4 @@ # -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) @@ -388,35 +54,17 @@ def run(parameter): "items": ["http"] } ], - }, - { - "negate_option": False, - "or_conditions": [ - { - "attribute_name": "ATTR_HTTP_URL", - "name": "sec_url", - "type": "url", - "statistics_option": "none", - "member_type": "item", - "items": [ - { - "op": "add", - "expr_type": "and", - "expression": "^open.node" - } - ] - } - ] } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, - "send_icmp_unreachable": 0, - "after_n_packets": 0 + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -424,11 +72,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "timed out", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_sub_url_alert_200_profile.py b/tests/security/sec_deny_srcip_http_sub_url_alert_200_profile.py index f014b6124..2c29d6fc2 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_alert_200_profile.py +++ b/tests/security/sec_deny_srcip_http_sub_url_alert_200_profile.py @@ -1,183 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" + "sub_action": "alert", + "code": 200, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_alert_200_text.py b/tests/security/sec_deny_srcip_http_sub_url_alert_200_text.py index 2d0491dbe..58b63dc97 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_alert_200_text.py +++ b/tests/security/sec_deny_srcip_http_sub_url_alert_200_text.py @@ -1,169 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_alert_200_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "TEXT", - "content": "deny200" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "alert", + "code": 200, + "message": "deny_autest_200", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_alert_204.py b/tests/security/sec_deny_srcip_http_sub_url_alert_204.py index a2f6f3d1e..e64573e7e 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_alert_204.py +++ b/tests/security/sec_deny_srcip_http_sub_url_alert_204.py @@ -1,166 +1,213 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_alert_204", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 204 - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "alert", + "code": 204, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "expected_return": "204", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "204", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_block_403_profile.py b/tests/security/sec_deny_srcip_http_sub_url_block_403_profile.py index 557a97f2a..9a2027c25 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_block_403_profile.py +++ b/tests/security/sec_deny_srcip_http_sub_url_block_403_profile.py @@ -1,183 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_block_403_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 403, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 403, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "403", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" + "sub_action": "block", + "code": 403, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "403", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_block_403_text.py b/tests/security/sec_deny_srcip_http_sub_url_block_403_text.py index 52ba974f9..8ab9e3283 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_block_403_text.py +++ b/tests/security/sec_deny_srcip_http_sub_url_block_403_text.py @@ -1,169 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_block_403_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 403, - "content_type": "TEXT", - "content": "hello403" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 403, + "message": "deny_autest_403", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "403", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "403", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_block_404_profile.py b/tests/security/sec_deny_srcip_http_sub_url_block_404_profile.py index b782476cb..5aabc835f 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_block_404_profile.py +++ b/tests/security/sec_deny_srcip_http_sub_url_block_404_profile.py @@ -1,183 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_block_404_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 404, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 404, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "404", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" + "sub_action": "block", + "code": 404, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "404", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_block_404_text.py b/tests/security/sec_deny_srcip_http_sub_url_block_404_text.py index 6c74fcf19..f5e70f0d7 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_block_404_text.py +++ b/tests/security/sec_deny_srcip_http_sub_url_block_404_text.py @@ -1,169 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_block_404_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 404, - "content_type": "TEXT", - "content": "hello404" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 404, + "message": "deny_autest_404", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "404", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "404", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_drop.py b/tests/security/sec_deny_srcip_http_sub_url_drop.py index 770eac358..dc186a212 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_drop.py +++ b/tests/security/sec_deny_srcip_http_sub_url_drop.py @@ -1,169 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_drop_rst.py b/tests/security/sec_deny_srcip_http_sub_url_drop_rst.py index 2d0cab16d..7f1cd640c 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_drop_rst.py +++ b/tests/security/sec_deny_srcip_http_sub_url_drop_rst.py @@ -1,169 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_drop_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_rate_high.py b/tests/security/sec_deny_srcip_http_sub_url_rate_high.py index 47260e57d..08f669555 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_rate_high.py +++ b/tests/security/sec_deny_srcip_http_sub_url_rate_high.py @@ -1,167 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "POST", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "POST", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_rate_low.py b/tests/security/sec_deny_srcip_http_sub_url_rate_low.py index d9bbb1e72..1a2df644f 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_rate_low.py +++ b/tests/security/sec_deny_srcip_http_sub_url_rate_low.py @@ -1,167 +1,215 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_redirect.py b/tests/security/sec_deny_srcip_http_sub_url_redirect.py index ba4c505b0..40e2d6fbe 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_redirect.py +++ b/tests/security/sec_deny_srcip_http_sub_url_redirect.py @@ -1,170 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_redirect", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "to_url": "https://www.youtube.com", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "code": 303, + "to": "https://www.youtube.com", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "303", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "303", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_tamper.py b/tests/security/sec_deny_srcip_http_sub_url_tamper.py index 194ad9560..e1785c3e1 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_tamper.py +++ b/tests/security/sec_deny_srcip_http_sub_url_tamper.py @@ -1,166 +1,213 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_200_profile.py b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_200_profile.py index 9d2327f5e..eac475cc8 100644 --- a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_200_profile.py +++ b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_200_profile.py @@ -1,186 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_substr_reqheader_by_cookie_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_http_sig", - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_header", - "item_key": "Cookie", - "item_value": "TEXT", - "value": [ - "sec_cookie" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_req_header", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "sec_cookie&cookie" + }] + }] + } + ], "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + "sub_action": "alert", + "code": 200, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_200_text.py b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_200_text.py index 9783c8e09..b9e1f2513 100644 --- a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_200_text.py +++ b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_200_text.py @@ -1,172 +1,217 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_substr_reqheader_by_cookie_alert_200_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_http_sig", - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_header", - "item_key": "Cookie", - "item_value": "TEXT", - "value": [ - "sec_cookie" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ { - "type": "alert", - "code": 200, - "content_type": "TEXT", - "content": "deny200" - } - ], - "packet_capture": [] + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_req_header", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "sec_cookie&cookie" + }] + }] + } + ], + "action_parameter": { + "sub_action": "alert", + "code": 200, + "message": "deny_autest_200", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_204.py b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_204.py index 7e8da8970..e2b92e1a2 100644 --- a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_204.py +++ b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_204.py @@ -1,171 +1,216 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_substr_reqheader_by_cookie_alert_204", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_http_sig", - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_header", - "item_key": "Cookie", - "item_value": "TEXT", - "value": [ - "sec_cookie" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ { - "type": "alert", - "code": 204, - "content_type": "Profile", - "content": "test_tsg_ui_profile_page" - } - ], - "packet_capture": [] + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_req_header", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "sec_cookie&cookie" + }] + }] + } + ], + "action_parameter": { + "sub_action": "alert", + "code": 204, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "expected_return": "204", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "204", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_403_profile.py b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_403_profile.py index edde61d35..c7d5aaeeb 100644 --- a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_403_profile.py +++ b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_403_profile.py @@ -1,186 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_substr_reqheader_by_cookie_block_403_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_http_sig", - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_header", - "item_key": "Cookie", - "item_value": "TEXT", - "value": [ - "sec_cookie" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 403, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_req_header", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "sec_cookie&cookie" + }] + }] + } + ], "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 403, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "403", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + "sub_action": "block", + "code": 403, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "403", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_403_text.py b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_403_text.py index 12ac99165..b859cc6e3 100644 --- a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_403_text.py +++ b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_403_text.py @@ -1,172 +1,217 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_substr_reqheader_by_cookie_block_403_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_http_sig", - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_header", - "item_key": "Cookie", - "item_value": "TEXT", - "value": [ - "sec_cookie" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ { - "type": "block", - "code": 403, - "content_type": "TEXT", - "content": "hello403" - } - ], - "packet_capture": [] + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_req_header", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "sec_cookie&cookie" + }] + }] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 403, + "message": "deny_autest_403", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "403", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "403", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_404_profile.py b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_404_profile.py index b70a4bd1d..dffc530d6 100644 --- a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_404_profile.py +++ b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_404_profile.py @@ -1,186 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_substr_reqheader_by_cookie_block_404_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_http_sig", - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_header", - "item_key": "Cookie", - "item_value": "TEXT", - "value": [ - "sec_cookie" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 404, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_req_header", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "sec_cookie&cookie" + }] + }] + } + ], "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 404, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "404", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + "sub_action": "block", + "code": 404, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "404", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_404_text.py b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_404_text.py index 6842d031b..ab204c2ad 100644 --- a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_404_text.py +++ b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_404_text.py @@ -1,172 +1,217 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_substr_reqheader_by_cookie_block_404_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_http_sig", - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_header", - "item_key": "Cookie", - "item_value": "TEXT", - "value": [ - "sec_cookie" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ { - "type": "block", - "code": 404, - "content_type": "TEXT", - "content": "hello404" - } - ], - "packet_capture": [] + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_req_header", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "sec_cookie&cookie" + }] + }] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 404, + "message": "deny_autest_404", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "404", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "404", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_rate_high.py b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_rate_high.py index 14288705a..628f83b46 100644 --- a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_rate_high.py +++ b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_rate_high.py @@ -1,170 +1,218 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_substr_reqheader_by_cookie_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_http_sig", - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_header", - "item_key": "Cookie", - "item_value": "TEXT", - "value": [ - "sec_cookie" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_req_header", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "sec_cookie&cookie" + }] + }] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "POST", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "POST", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_rate_low.py b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_rate_low.py index 84b2ff8cf..ede2f345a 100644 --- a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_rate_low.py +++ b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_rate_low.py @@ -1,170 +1,218 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_substr_reqheader_by_cookie_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_http_sig", - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_header", - "item_key": "Cookie", - "item_value": "TEXT", - "value": [ - "sec_cookie" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_req_header", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "sec_cookie&cookie" + }] + }] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_tamper.py b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_tamper.py index 4ed7dcfe6..56d5d0022 100644 --- a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_tamper.py +++ b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_tamper.py @@ -1,169 +1,216 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_substr_reqheader_by_cookie_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_http_sig", - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_header", - "item_key": "Cookie", - "item_value": "TEXT", - "value": [ - "sec_cookie" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ { - "type": "tamper" - } - ], - "packet_capture": [] + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_req_header", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "sec_cookie&cookie" + }] + }] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_suff_reqbody_drop.py b/tests/security/sec_deny_srcip_http_suff_reqbody_drop.py index a4dc76c04..d611ed7ed 100644 --- a/tests/security/sec_deny_srcip_http_suff_reqbody_drop.py +++ b/tests/security/sec_deny_srcip_http_suff_reqbody_drop.py @@ -1,103 +1,100 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "*{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -105,74 +102,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_suff_reqbody_drop_rst.py b/tests/security/sec_deny_srcip_http_suff_reqbody_drop_rst.py index b4db7a146..782379d3a 100644 --- a/tests/security/sec_deny_srcip_http_suff_reqbody_drop_rst.py +++ b/tests/security/sec_deny_srcip_http_suff_reqbody_drop_rst.py @@ -1,103 +1,100 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "*{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -105,74 +102,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_suff_reqbody_rate_high.py b/tests/security/sec_deny_srcip_http_suff_reqbody_rate_high.py index 0b0853744..734010cbf 100644 --- a/tests/security/sec_deny_srcip_http_suff_reqbody_rate_high.py +++ b/tests/security/sec_deny_srcip_http_suff_reqbody_rate_high.py @@ -1,101 +1,101 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "*{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "100000", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "test", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "test", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -103,74 +103,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_suff_reqbody_rate_low.py b/tests/security/sec_deny_srcip_http_suff_reqbody_rate_low.py index 12eb6e0de..4a7e3d110 100644 --- a/tests/security/sec_deny_srcip_http_suff_reqbody_rate_low.py +++ b/tests/security/sec_deny_srcip_http_suff_reqbody_rate_low.py @@ -1,101 +1,101 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "*{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -103,74 +103,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_suff_reqbody_tamper.py b/tests/security/sec_deny_srcip_http_suff_reqbody_tamper.py index 8e18a3f34..4a7e3d110 100644 --- a/tests/security/sec_deny_srcip_http_suff_reqbody_tamper.py +++ b/tests/security/sec_deny_srcip_http_suff_reqbody_tamper.py @@ -1,100 +1,101 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "*{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -102,74 +103,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_reqbody_drop.py b/tests/security/sec_deny_srcip_http_xly_reqbody_drop.py index df4c1cc60..97b31b1d3 100644 --- a/tests/security/sec_deny_srcip_http_xly_reqbody_drop.py +++ b/tests/security/sec_deny_srcip_http_xly_reqbody_drop.py @@ -1,103 +1,100 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "${\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -105,74 +102,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_reqbody_drop_rst.py b/tests/security/sec_deny_srcip_http_xly_reqbody_drop_rst.py index bbea994f4..ece3bef0b 100644 --- a/tests/security/sec_deny_srcip_http_xly_reqbody_drop_rst.py +++ b/tests/security/sec_deny_srcip_http_xly_reqbody_drop_rst.py @@ -1,103 +1,100 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "${\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -105,74 +102,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_reqbody_rate_high.py b/tests/security/sec_deny_srcip_http_xly_reqbody_rate_high.py index b1cadd286..2a83b138e 100644 --- a/tests/security/sec_deny_srcip_http_xly_reqbody_rate_high.py +++ b/tests/security/sec_deny_srcip_http_xly_reqbody_rate_high.py @@ -1,101 +1,101 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "${\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "100000", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "test", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "test", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -103,74 +103,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_reqbody_rate_low.py b/tests/security/sec_deny_srcip_http_xly_reqbody_rate_low.py index 1e2e1c4d3..cb65b2d8e 100644 --- a/tests/security/sec_deny_srcip_http_xly_reqbody_rate_low.py +++ b/tests/security/sec_deny_srcip_http_xly_reqbody_rate_low.py @@ -1,101 +1,101 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "${\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -103,74 +103,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_reqbody_tamper.py b/tests/security/sec_deny_srcip_http_xly_reqbody_tamper.py index 241d8a717..cb65b2d8e 100644 --- a/tests/security/sec_deny_srcip_http_xly_reqbody_tamper.py +++ b/tests/security/sec_deny_srcip_http_xly_reqbody_tamper.py @@ -1,100 +1,101 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "${\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -102,74 +103,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_alert_200_profile.py b/tests/security/sec_deny_srcip_http_xly_url_alert_200_profile.py index 5a4bdab81..bd25b36d2 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_alert_200_profile.py +++ b/tests/security/sec_deny_srcip_http_xly_url_alert_200_profile.py @@ -1,183 +1,445 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" + "sub_action": "alert", + "code": 200, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 5, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter) +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "alert", + "code": 200, + "message": "deny_autest_200", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_alert_200_text.py b/tests/security/sec_deny_srcip_http_xly_url_alert_200_text.py index 2c7a28bdc..6899c667f 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_alert_200_text.py +++ b/tests/security/sec_deny_srcip_http_xly_url_alert_200_text.py @@ -1,169 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_alert_200_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "TEXT", - "content": "deny200" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "alert", + "code": 200, + "message": "deny_autest_200", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_alert_204.py b/tests/security/sec_deny_srcip_http_xly_url_alert_204.py index 47ee898c1..4dce9d71b 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_alert_204.py +++ b/tests/security/sec_deny_srcip_http_xly_url_alert_204.py @@ -1,166 +1,213 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_alert_204", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 204 - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "alert", + "code": 204, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "expected_return": "204", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "204", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_block_403_profile.py b/tests/security/sec_deny_srcip_http_xly_url_block_403_profile.py index 3d5c459d1..85886a670 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_block_403_profile.py +++ b/tests/security/sec_deny_srcip_http_xly_url_block_403_profile.py @@ -1,183 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_block_403_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 403, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 403, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "403", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" + "sub_action": "block", + "code": 403, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "403", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_block_403_text.py b/tests/security/sec_deny_srcip_http_xly_url_block_403_text.py index 0fd0a6207..062eb7004 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_block_403_text.py +++ b/tests/security/sec_deny_srcip_http_xly_url_block_403_text.py @@ -1,169 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_block_403_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 403, - "content_type": "TEXT", - "content": "hello403" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 403, + "message": "deny_autest_403", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "403", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "403", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_block_404_profile.py b/tests/security/sec_deny_srcip_http_xly_url_block_404_profile.py index 53a39acfb..cda71b2bb 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_block_404_profile.py +++ b/tests/security/sec_deny_srcip_http_xly_url_block_404_profile.py @@ -1,183 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_block_404_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 404, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 404, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "404", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" + "sub_action": "block", + "code": 404, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "404", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_block_404_text.py b/tests/security/sec_deny_srcip_http_xly_url_block_404_text.py index fbac1e712..52c10957f 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_block_404_text.py +++ b/tests/security/sec_deny_srcip_http_xly_url_block_404_text.py @@ -1,169 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_block_404_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 404, - "content_type": "TEXT", - "content": "hello404" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 404, + "message": "deny_autest_404", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "404", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "404", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_drop.py b/tests/security/sec_deny_srcip_http_xly_url_drop.py index dcc76490a..cc5b7bb9f 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_drop.py +++ b/tests/security/sec_deny_srcip_http_xly_url_drop.py @@ -1,169 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_drop_rst.py b/tests/security/sec_deny_srcip_http_xly_url_drop_rst.py index ac541f117..e870a77c6 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_drop_rst.py +++ b/tests/security/sec_deny_srcip_http_xly_url_drop_rst.py @@ -1,169 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_drop_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_rate_high.py b/tests/security/sec_deny_srcip_http_xly_url_rate_high.py index 7d5b41bac..d05b55a12 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_rate_high.py +++ b/tests/security/sec_deny_srcip_http_xly_url_rate_high.py @@ -1,167 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "POST", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "POST", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_rate_low.py b/tests/security/sec_deny_srcip_http_xly_url_rate_low.py index c8d59e144..0320c53fe 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_rate_low.py +++ b/tests/security/sec_deny_srcip_http_xly_url_rate_low.py @@ -1,167 +1,215 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_redirect.py b/tests/security/sec_deny_srcip_http_xly_url_redirect.py index 23dfe319a..e0332a7b2 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_redirect.py +++ b/tests/security/sec_deny_srcip_http_xly_url_redirect.py @@ -1,170 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_redirect", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "to_url": "https://www.youtube.com", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "code": 303, + "to": "https://www.youtube.com", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "303", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "303", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_tamper.py b/tests/security/sec_deny_srcip_http_xly_url_tamper.py index bdeaa1682..ade8cb2de 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_tamper.py +++ b/tests/security/sec_deny_srcip_http_xly_url_tamper.py @@ -1,166 +1,213 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_account_drop.py b/tests/security/sec_deny_srcip_mail_exactly_account_drop.py index 21145228d..9a274ff5b 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_account_drop.py +++ b/tests/security/sec_deny_srcip_mail_exactly_account_drop.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_account_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^[email protected]$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_account_rate_high.py b/tests/security/sec_deny_srcip_mail_exactly_account_rate_high.py index 3b3ba07dc..27de0bb1f 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_account_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_exactly_account_rate_high.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_account_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^[email protected]$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_account_rate_low.py b/tests/security/sec_deny_srcip_mail_exactly_account_rate_low.py index dcb3ca78f..5d0f7a257 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_account_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_exactly_account_rate_low.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_account_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^[email protected]$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_account_rst.py b/tests/security/sec_deny_srcip_mail_exactly_account_rst.py index 367475270..bbb84e867 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_account_rst.py +++ b/tests/security/sec_deny_srcip_mail_exactly_account_rst.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_account_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^[email protected]$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_account_tamper.py b/tests/security/sec_deny_srcip_mail_exactly_account_tamper.py index 07c54d3fa..b2637d65a 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_account_tamper.py +++ b/tests/security/sec_deny_srcip_mail_exactly_account_tamper.py @@ -1,174 +1,220 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_account_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^[email protected]$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_from_drop.py b/tests/security/sec_deny_srcip_mail_exactly_from_drop.py index 1ca63b9b2..c85be5c5e 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_from_drop.py +++ b/tests/security/sec_deny_srcip_mail_exactly_from_drop.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_from_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^[email protected]$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_from_rate_high.py b/tests/security/sec_deny_srcip_mail_exactly_from_rate_high.py index 287e567a2..6f694c1f8 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_from_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_exactly_from_rate_high.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_from_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^[email protected]$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_from_rate_low.py b/tests/security/sec_deny_srcip_mail_exactly_from_rate_low.py index 556cb0d22..0c5e12868 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_from_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_exactly_from_rate_low.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_from_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^[email protected]$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_from_rst.py b/tests/security/sec_deny_srcip_mail_exactly_from_rst.py index 8bee30248..cbdf823b2 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_from_rst.py +++ b/tests/security/sec_deny_srcip_mail_exactly_from_rst.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_from_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^[email protected]$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_from_tamper.py b/tests/security/sec_deny_srcip_mail_exactly_from_tamper.py index 0ad25c68f..d5abdbdfb 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_from_tamper.py +++ b/tests/security/sec_deny_srcip_mail_exactly_from_tamper.py @@ -1,174 +1,220 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_from_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^[email protected]$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_account_drop.py b/tests/security/sec_deny_srcip_mail_pre_account_drop.py index ff451456b..9a274ff5b 100644 --- a/tests/security/sec_deny_srcip_mail_pre_account_drop.py +++ b/tests/security/sec_deny_srcip_mail_pre_account_drop.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_account_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "hbn@163.*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^[email protected]$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_account_rate_high.py b/tests/security/sec_deny_srcip_mail_pre_account_rate_high.py index 965440123..9a964e179 100644 --- a/tests/security/sec_deny_srcip_mail_pre_account_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_pre_account_rate_high.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_account_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "hbn@163.*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_account_rate_low.py b/tests/security/sec_deny_srcip_mail_pre_account_rate_low.py index daef75ec0..d78cdbb27 100644 --- a/tests/security/sec_deny_srcip_mail_pre_account_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_pre_account_rate_low.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_account_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "hbn@163.*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_account_rst.py b/tests/security/sec_deny_srcip_mail_pre_account_rst.py index 83f4ecd93..3d75db032 100644 --- a/tests/security/sec_deny_srcip_mail_pre_account_rst.py +++ b/tests/security/sec_deny_srcip_mail_pre_account_rst.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_account_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "hbn@163.*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_account_tamper.py b/tests/security/sec_deny_srcip_mail_pre_account_tamper.py index 88135aa67..f5f46e10e 100644 --- a/tests/security/sec_deny_srcip_mail_pre_account_tamper.py +++ b/tests/security/sec_deny_srcip_mail_pre_account_tamper.py @@ -1,174 +1,220 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_account_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "hbn@163.*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_from_drop.py b/tests/security/sec_deny_srcip_mail_pre_from_drop.py index 73c90270f..538055101 100644 --- a/tests/security/sec_deny_srcip_mail_pre_from_drop.py +++ b/tests/security/sec_deny_srcip_mail_pre_from_drop.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_from_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "hbn@163.*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_from_rate_high.py b/tests/security/sec_deny_srcip_mail_pre_from_rate_high.py index b29770bea..3ff8f5b4f 100644 --- a/tests/security/sec_deny_srcip_mail_pre_from_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_pre_from_rate_high.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_from_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "hbn@163.*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_from_rate_low.py b/tests/security/sec_deny_srcip_mail_pre_from_rate_low.py index b5ee836ee..27836d0e2 100644 --- a/tests/security/sec_deny_srcip_mail_pre_from_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_pre_from_rate_low.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_from_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "hbn@163.*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_from_rst.py b/tests/security/sec_deny_srcip_mail_pre_from_rst.py index 9d746836c..da3eb6d05 100644 --- a/tests/security/sec_deny_srcip_mail_pre_from_rst.py +++ b/tests/security/sec_deny_srcip_mail_pre_from_rst.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_from_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "hbn@163.*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_from_tamper.py b/tests/security/sec_deny_srcip_mail_pre_from_tamper.py index 5718f3cd9..c7f49ef03 100644 --- a/tests/security/sec_deny_srcip_mail_pre_from_tamper.py +++ b/tests/security/sec_deny_srcip_mail_pre_from_tamper.py @@ -1,174 +1,220 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_from_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "hbn@163.*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_account_drop.py b/tests/security/sec_deny_srcip_mail_substr_account_drop.py index 779fc79f3..029ca85b3 100644 --- a/tests/security/sec_deny_srcip_mail_substr_account_drop.py +++ b/tests/security/sec_deny_srcip_mail_substr_account_drop.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_account_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "hbn@163" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_account_rate_high.py b/tests/security/sec_deny_srcip_mail_substr_account_rate_high.py index 155a6baf3..2069755e5 100644 --- a/tests/security/sec_deny_srcip_mail_substr_account_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_substr_account_rate_high.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_account_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "hbn@163" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_account_rate_low.py b/tests/security/sec_deny_srcip_mail_substr_account_rate_low.py index 35c343d29..b07fba439 100644 --- a/tests/security/sec_deny_srcip_mail_substr_account_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_substr_account_rate_low.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_account_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "hbn@163" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_account_rst.py b/tests/security/sec_deny_srcip_mail_substr_account_rst.py index d4ba3446f..8fed3d443 100644 --- a/tests/security/sec_deny_srcip_mail_substr_account_rst.py +++ b/tests/security/sec_deny_srcip_mail_substr_account_rst.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_account_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "hbn@163" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_account_tamper.py b/tests/security/sec_deny_srcip_mail_substr_account_tamper.py index 3c93ea6f5..1a7237134 100644 --- a/tests/security/sec_deny_srcip_mail_substr_account_tamper.py +++ b/tests/security/sec_deny_srcip_mail_substr_account_tamper.py @@ -1,174 +1,220 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_account_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "hbn@163" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_from_drop.py b/tests/security/sec_deny_srcip_mail_substr_from_drop.py index cb8dfae7f..f67c12cd4 100644 --- a/tests/security/sec_deny_srcip_mail_substr_from_drop.py +++ b/tests/security/sec_deny_srcip_mail_substr_from_drop.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_from_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "hbn@163" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_from_rate_high.py b/tests/security/sec_deny_srcip_mail_substr_from_rate_high.py index 1e92e2b24..22f3bd9e1 100644 --- a/tests/security/sec_deny_srcip_mail_substr_from_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_substr_from_rate_high.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_from_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "hbn@163" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_from_rate_low.py b/tests/security/sec_deny_srcip_mail_substr_from_rate_low.py index f0cacc72e..cbe24699b 100644 --- a/tests/security/sec_deny_srcip_mail_substr_from_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_substr_from_rate_low.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_from_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "hbn@163" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_from_rst.py b/tests/security/sec_deny_srcip_mail_substr_from_rst.py index d85ac534a..c7a227cc8 100644 --- a/tests/security/sec_deny_srcip_mail_substr_from_rst.py +++ b/tests/security/sec_deny_srcip_mail_substr_from_rst.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_from_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "hbn@163" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_from_tamper.py b/tests/security/sec_deny_srcip_mail_substr_from_tamper.py index e0039da4e..9ea8059e1 100644 --- a/tests/security/sec_deny_srcip_mail_substr_from_tamper.py +++ b/tests/security/sec_deny_srcip_mail_substr_from_tamper.py @@ -1,174 +1,220 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_from_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "hbn@163" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_account_drop.py b/tests/security/sec_deny_srcip_mail_suff_account_drop.py index cd6430881..0a2ea5255 100644 --- a/tests/security/sec_deny_srcip_mail_suff_account_drop.py +++ b/tests/security/sec_deny_srcip_mail_suff_account_drop.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_account_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "*[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_account_rate_high.py b/tests/security/sec_deny_srcip_mail_suff_account_rate_high.py index 7f0538afd..aa04bd189 100644 --- a/tests/security/sec_deny_srcip_mail_suff_account_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_suff_account_rate_high.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_account_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "*[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_account_rate_low.py b/tests/security/sec_deny_srcip_mail_suff_account_rate_low.py index fbef8da9e..7fb732a2a 100644 --- a/tests/security/sec_deny_srcip_mail_suff_account_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_suff_account_rate_low.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_account_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "*[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_account_rst.py b/tests/security/sec_deny_srcip_mail_suff_account_rst.py index 31e21943e..cd53e3e4b 100644 --- a/tests/security/sec_deny_srcip_mail_suff_account_rst.py +++ b/tests/security/sec_deny_srcip_mail_suff_account_rst.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_account_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "*[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_account_tamper.py b/tests/security/sec_deny_srcip_mail_suff_account_tamper.py index 182bdd1a5..618cc2fbf 100644 --- a/tests/security/sec_deny_srcip_mail_suff_account_tamper.py +++ b/tests/security/sec_deny_srcip_mail_suff_account_tamper.py @@ -1,174 +1,220 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_account_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "*[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_from_drop.py b/tests/security/sec_deny_srcip_mail_suff_from_drop.py index 3fc1d6be7..336cac8c4 100644 --- a/tests/security/sec_deny_srcip_mail_suff_from_drop.py +++ b/tests/security/sec_deny_srcip_mail_suff_from_drop.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_from_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "*[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_from_rate_high.py b/tests/security/sec_deny_srcip_mail_suff_from_rate_high.py index 5802f7180..a26ad86f1 100644 --- a/tests/security/sec_deny_srcip_mail_suff_from_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_suff_from_rate_high.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_from_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "*[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_from_rate_low.py b/tests/security/sec_deny_srcip_mail_suff_from_rate_low.py index 4d1e4bd10..f7c512085 100644 --- a/tests/security/sec_deny_srcip_mail_suff_from_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_suff_from_rate_low.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_from_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "*[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_from_rst.py b/tests/security/sec_deny_srcip_mail_suff_from_rst.py index dd0e00b91..7f7faff18 100644 --- a/tests/security/sec_deny_srcip_mail_suff_from_rst.py +++ b/tests/security/sec_deny_srcip_mail_suff_from_rst.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_from_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "*[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_from_tamper.py b/tests/security/sec_deny_srcip_mail_suff_from_tamper.py index d77ccb5d4..141e3a4d1 100644 --- a/tests/security/sec_deny_srcip_mail_suff_from_tamper.py +++ b/tests/security/sec_deny_srcip_mail_suff_from_tamper.py @@ -1,174 +1,220 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_from_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "*[email protected]" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "[email protected]"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "[email protected]", - "password": "111111", - "receiver": "[email protected]", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "[email protected]", + "password": "111111", + "receiver": "[email protected]", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "[email protected]"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter)
\ No newline at end of file |