From de4ef3e4c5229ffd9007ca43b8cb5d838b6d6b0a Mon Sep 17 00:00:00 2001 From: youzhijiang Date: Wed, 27 Nov 2024 19:27:37 +0800 Subject: object逻辑调整 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- support/ui_utils/create_objects_example.py | 54 ----- support/ui_utils/delete_objects_example.py | 33 --- support/ui_utils/edit_objects_example.py | 35 --- .../map_element_position_library.py | 60 +++++- .../element_position/object_element_position.py | 8 +- support/ui_utils/objects/create_objects_example.py | 93 ++++---- support/ui_utils/objects/delete_objects_example.py | 18 ++ support/ui_utils/objects/edit_objects_example.py | 239 ++++++++++++++------- support/ui_utils/ui_client.py | 3 - tests/object/test_temp/create_application_temp.py | 127 ++++++++--- tests/object/test_temp/create_flag_temp.py | 24 ++- tests/object/test_temp/create_tunnel_temp.py | 120 ++++++++--- 12 files changed, 499 insertions(+), 315 deletions(-) delete mode 100644 support/ui_utils/create_objects_example.py delete mode 100644 support/ui_utils/delete_objects_example.py delete mode 100644 support/ui_utils/edit_objects_example.py diff --git a/support/ui_utils/create_objects_example.py b/support/ui_utils/create_objects_example.py deleted file mode 100644 index bd10c54b3..000000000 --- a/support/ui_utils/create_objects_example.py +++ /dev/null @@ -1,54 +0,0 @@ -# -*- coding: UTF-8 -*- -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) -from support.general_ui_utils.object.create_objects_temp import CreateObjects -from support.general_ui_utils.object.search_objects import SearchObjects -from support.ui_utils.element_position.map_element_position_library import * -from datetime import datetime - -class CreateObjectsExample: - def create_objects(self, object_configuration, driver): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3],"Begin to run ui test case", flush=True) - - result = "" - object_uuids_list = [] - object_uuids_temp_dict = {} - - for object in object_configuration["or_conditions"]: - #获取当前所需的element - if "sub_type" in object.keys(): - object_type = object["sub_type"] - else: - object_type = object["type"] - element_position_library = get_element_position(object_type) - #执行创建操作 - create_objects = CreateObjects(driver) - created_object_code = create_objects.create(object, element_position_library) - if created_object_code == 200: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Create {} object successfully.".format(object["type"], flush=True)) - elif created_object_code != 200: - result = "Fail to create {} rule.".format(object_configuration["type"]) - return "", "", result - - search_objects = SearchObjects(driver) - element_position_library = get_element_position(object_type) - searched_object_code, object_uuid, object_description = search_objects.get_object_uuid(object["name"], element_position_library) - if searched_object_code == 200: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Search {} object successfully.".format(object["type"], flush=True)) - elif searched_object_code == 200: - result = "Fail to search {} rule uuid.".format(object_configuration["type"]) - return "", "", result - - object_uuids_temp_dict["type"] = object["type"] - object_uuids_temp_dict["uuid"] = object_uuid - object_uuids_temp_dict["name"] = object["name"] - object_uuids_temp_dict["description"] = object_description - object_uuids_list.append(object_uuids_temp_dict) - rule_uuids_tuple = tuple(object_uuids_list) - - return rule_uuids_tuple,result - except Exception as e: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When creating object by ui, the exception error: ", str(e), flush=True) - return "", "When creating object by ui, the exception error: " + str(e) diff --git a/support/ui_utils/delete_objects_example.py b/support/ui_utils/delete_objects_example.py deleted file mode 100644 index 41cf40990..000000000 --- a/support/ui_utils/delete_objects_example.py +++ /dev/null @@ -1,33 +0,0 @@ -# -*- coding: UTF-8 -*- -import os -import sys - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) -import support.ui_utils.env -from support.api_utils.log_in import LogIn -from support.api_utils.delete_objects import DeleteObjects as DeleteObjectsAPI -from support.general_ui_utils.object.search_objects import SearchObjects -from support.general_ui_utils.object.delete_objects import DeleteObjects -from support.ui_utils.element_position.map_element_position_library import * -from datetime import datetime - -class DeleteObjectsExample: - def __init__(self, driver): - self.driver = driver - - def delete_objects(self, parameter, objects_tuple): - result = "" - for obj in objects_tuple: - # 删除object - search_object = SearchObjects(self.driver) - element_position_map = get_element_position(obj["type"]) - search_object_code, first_row_checkbox_element = search_object.get_first_object(obj["uuid"],element_position_map) - if search_object_code == 200: - delete_Object = DeleteObjects(self.driver) - delete_object_code = delete_Object.delete(element_position_map,first_row_checkbox_element) - if delete_object_code == 200: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3],"Delete {} object successfully.".format(obj["type"]), flush=True) - elif delete_object_code != 200: - result = result + " In addition, fail to delete {} object.".format(obj["type"]) - else: - result = result + " In addition, fail to search {} object.".format(obj["type"]) diff --git a/support/ui_utils/edit_objects_example.py b/support/ui_utils/edit_objects_example.py deleted file mode 100644 index 8b3207325..000000000 --- a/support/ui_utils/edit_objects_example.py +++ /dev/null @@ -1,35 +0,0 @@ -# -*- coding: UTF-8 -*- -import os -import sys - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) -from support.general_ui_utils.object.edit_objects_temp import EditObjects -from support.general_ui_utils.object.search_objects import SearchObjects -from support.ui_utils.element_position.map_element_position_library import * -from datetime import datetime - - -class EditObjectsExample: - def edit_objects(self, objects_tuple,first_row_checkbox_element,object_configuration, driver): - try: - for obj in objects_tuple: - # 删除object - search_object = SearchObjects(driver) - element_position_map = get_element_position(obj["type"]) - search_object_code, first_row_checkbox_element = search_object.get_first_object(obj["uuid"],element_position_map) - if search_object_code == 200: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3],"Search {} object successfully.".format(obj["type"], flush=True)) - edit_objects = EditObjects(driver) - edit_object_code = edit_objects.edit(object_configuration, element_position_map,first_row_checkbox_element) - if edit_object_code == 200: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3],"Edit {} object successfully.".format(obj["type"], flush=True)) - elif edit_object_code != 200: - result = "Fail to create {} rule.".format(obj["type"]) - return "", "", result - elif search_object_code == 200: - result = "Fail to search {} rule uuid.".format(obj["type"]) - return "", "", result - - except Exception as e: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3],"When creating rule by ui, the exception error: ", str(e), flush=True) - return "", "When creating rule by ui, the exception error: " + str(e) diff --git a/support/ui_utils/element_position/map_element_position_library.py b/support/ui_utils/element_position/map_element_position_library.py index 7c18668cb..de3b70531 100644 --- a/support/ui_utils/element_position/map_element_position_library.py +++ b/support/ui_utils/element_position/map_element_position_library.py @@ -1025,6 +1025,7 @@ object_ip_object_element_position = { }, "search": { "objectListPage_searchLabel_posXpath": ipObjectListPage_searchLabel_posXpath, + "objectListPage_searchLabel_selectName_posXpath":ipObjectListPage_searchLabel_selectName_posXpath, "objectListPage_searchLabel_selectID_posXpath": objectListPage_search_select_Id_posXpath, "objectListPage_tableTbody_posXpath": ipObjectListPage_tableTbody_posXpath, "objectListPage_search_input_posXpath": ipObjectListPage_search_input_posXpath, @@ -1571,11 +1572,26 @@ object_application_object_element_position = { "signature_artibute_protocols":app_signature_artibute_protocols__posXpath, "objectPage_okButton_posXpath": application_ok_button_posXpath, "attribute_add_object_posXpath":app_signature_attribute_add_object_posXpath, - + }, + "edit": { + "signature_inputName_posXpath": app_signature_input_name_posXpath, + "signature_add_artibutem_posXpath": app_signature_add_button_posXpath, + "signature_condition_select_up_posXpath": app_signature_condition_select_up_posXpath, + "signature_new_condition__posXpath": app_signature_new_condition__posXpath, + "signature_new_not_condition__posXpath":app_signature_new_not_condition__posXpath, + "signature_add_artibute_button_posXpath":app_signature_add_artibute_button_posXpath, + "signature_artibute_protocols":app_signature_artibute_protocols__posXpath, + "objectPage_okButton_posXpath": application_ok_button_posXpath, + "attribute_add_object_posXpath":app_signature_attribute_add_object_posXpath, }, "search": { - "objectListPage_searchLabel_posId": ObjectListPage_searchLabel_posId, - "objectListPage_tableTbody_posXpath": ObjectListPage_tableTbody_posXpath + "objectListPage_searchLabel_posXpath": ipObjectListPage_searchLabel_posXpath, + "objectListPage_searchLabel_selectName_posXpath":ipObjectListPage_searchLabel_selectName_posXpath, + "objectListPage_searchLabel_selectID_posXpath": objectListPage_search_select_Id_posXpath, + "objectListPage_tableTbody_posXpath": ipObjectListPage_tableTbody_posXpath, + "objectListPage_search_input_posXpath": ipObjectListPage_search_input_posXpath, + "objectListPage_search_dropDown_item_posXpath": ipObjectListPage_search_dropDown_item_posXpath, + "objectListPage_search_button_posXpath": ipObjectListPage_search_button_posXpath }, "delete": { "objectListPage_allSelect_posXpath": ObjectListPage_allSelect_posXpath, @@ -1643,9 +1659,20 @@ object_flag_object_element_position = { "ObjectPage_sameItem_addItem_posXpath": urlObjectPage_sameItem_addItem_posXpath, "ObjectPage_sameItem_inputItem_posXpath": urlObjectPage_sameItem_inputItem_posXpath, }, + "edit": { + "ObjectListPage_editButton_posXpath": ipObjectListPage_editButton_posXpath, + "objectPage_addItem_posXpath": flagObjectPage_addItem_posXpath, + "ObjectPage_edit_item_posXpath": ipObjectPage_edit_item_posXpath, + "ObjectPage_search_item_posXpath": ipObjectPage_search_item_posXpath, + "objectPage_inputItem_posXpath": accountObjectPage_inputItem_posXpath, + "objectPage_button_saveItem_posXpath": accountObjectPage_button_saveItem_posXpath, + "objectPage_okButton_posXpath": accountObjectPage_okButton_posXpath, + }, "search": { + "objectListPage_search_button_posXpath":apnObjectListPage_search_button_posXpath, "objectListPage_searchLabel_posXpath": accountObjectPage_searchLabel_posXpath, "objectListPage_searchLabel_selectName_posXpath": '//*[@class="base-Popper-root MuiAutocomplete-listbox css-18r31z0"]//li[1]', + "objectListPage_searchLabel_selectID_posXpath": objectListPage_search_select_Id_posXpath, "objectListPage_tableTbody_posXpath": accountObjectListPage_tableTbody_posXpath, }, @@ -1713,6 +1740,33 @@ object_tunnel_object_element_position = { "objectPage_side_slic_create_button_posXpath":tunnelObjectPage_create_ip_button_posXpath, "ObjectPage_side_slic_Cancel_posXpath":tunnelObjectPage_side_slic_Cancel_posXpath }, + "edit": { + "ObjectListPage_editButton_posXpath": ipObjectListPage_editButton_posXpath, + "objectPage_endition_a_addItem_posXpath": tunnelObjectListPage_endition_a_add_item_button, + "objectPage_endition_b_addItem_posXpath": tunnelObjectListPage_endition_b_add_item_button, + "objectPage_endition_a_editItem_posXpath":tunnelObjectListPage_endition_a_edit_item_button, + "objectPage_endition_b_editItem_posXpath":tunnelObjectListPage_endition_b_edit_item_button, + "ObjectPage_edit_item_posXpath": ipObjectPage_edit_item_posXpath, + "ObjectPage_search_item_posXpath": ipObjectPage_search_item_posXpath, + "objectPage_okButton_posXpath": tunnelObjectPage_okButton_posXpath, + "objectPage_side_slic_create_button_posXpath":tunnelObjectPage_create_ip_button_posXpath, + "ObjectPage_side_slic_Cancel_posXpath":tunnelObjectPage_side_slic_Cancel_posXpath + }, + "search": { + "objectListPage_searchLabel_posXpath": imsiObjectListPage_searchLabel_posXpath, + "objectListPage_searchLabel_selectName_posXpath": ipObjectListPage_searchLabel_selectName_posXpath, + "objectListPage_searchLabel_selectID_posXpath": objectListPage_search_select_Id_posXpath, + "objectListPage_tableTbody_posXpath": ipObjectListPage_tableTbody_posXpath, + "objectListPage_search_input_posXpath": ipObjectListPage_search_input_posXpath, + "objectListPage_search_dropDown_item_posXpath": ipObjectListPage_search_dropDown_item_posXpath, + "objectListPage_search_button_posXpath": ipObjectListPage_search_button_posXpath + }, + "delete": { + "objectListPage_allSelect_posXpath": ipObjectListPage_allSelect_posXpath, + "objectListPage_deleteButton_posXpath": ipObjectListPage_deleteButton_posXpath, + "objectListPage_deleteButton_warningYes_posXpath": ipObjectListPage_deleteButton_warningYes_posXpath + } + } object_interval_object_element_position = { diff --git a/support/ui_utils/element_position/object_element_position.py b/support/ui_utils/element_position/object_element_position.py index 99af9aaec..9c7143e64 100644 --- a/support/ui_utils/element_position/object_element_position.py +++ b/support/ui_utils/element_position/object_element_position.py @@ -82,7 +82,7 @@ ipObjectListPage_editButton_posXpath = "//span[@class='action-edit inline-flex m ipObjectListPage_dropDown_createButton_posXpath = "//ul[@class='base-Popper-root MuiMenu-root Mui-expanded MuiMenu-variantOutlined MuiMenu-colorNeutral MuiMenu-sizeMd css-1iuehdr']//li[1]" # 从下拉菜单中选择Address ipObjectListPage_dropDown_createGroupButton_posId = "//ul[@class='base-Popper-root MuiMenu-root Mui-expanded MuiMenu-variantOutlined MuiMenu-colorNeutral MuiMenu-sizeMd css-1iuehdr']//li[2]" ipObjectListPage_searchLabel_posXpath = '//*[@class="MuiAutocomplete-wrapper MuiAutocomplete-multiple css-1h1ala5"]/input' # 查询框id -ipObjectListPage_searchLabel_selectName_posXpath = '//*[@class="MuiInput-input css-1u0jcuo"]' # 查询Name +ipObjectListPage_searchLabel_selectName_posXpath = objectListPage_search_select_Name_posXpath # 查询Name ipObjectListPage_deleteButton_posXpath = '//*[@class="action-delete inline-flex mr-[8px] "]' ipObjectListPage_deleteButton_warningYes_posXpath = '//button[normalize-space(text())="Yes"]' ipObjectListPage_deleteButton_warningNo_posCss = "body>.el-dialog__wrapper .delComponents-close span" @@ -410,8 +410,10 @@ application_ok_button_posXpath = "(//div[@class='form-action bg-[--color-backgro #tunnel tunnelObjectListPage_createButton_posXpath = "//div[@class='flex justify-start items-center mr-[20px]']//span[text()='Create']" tunnelObjectListPage_inputName_posXpath ="//*[@class='tunnel-object-name']//input" -tunnelObjectListPage_endition_a_add_item_button="//div[@class='tunnel-object-endpointA']//i[@class='iconfont icon-Create1 font-[700]']" -tunnelObjectListPage_endition_b_add_item_button="//div[@class='tunnel-object-endpointB']//i[@class='iconfont icon-Create1 font-[700]']" +tunnelObjectListPage_endition_a_add_item_button="//div[@class='tunnel-object-endpointA']//i[contains(@class,'iconfont icon-Create1')]" +tunnelObjectListPage_endition_b_add_item_button="//div[@class='tunnel-object-endpointB']//i[contains(@class,'iconfont icon-Create1')]" +tunnelObjectListPage_endition_a_edit_item_button = "//div[@class='tunnel-object-endpointA']//i[@class='iconfont icon-Edit absolute right-[24px] cursor-pointer']" +tunnelObjectListPage_endition_b_edit_item_button = "//div[@class='tunnel-object-endpointB']//i[@class='iconfont icon-Edit absolute right-[24px] cursor-pointer']" tunnelObjectListPage_edit_Type_posXpath="//div[@class='tunnel-object-type']//button[@class='MuiSelect-button css-1qmzz5g']" tunnelObjectListPage_type_gre_posXpath="//ul[@class='base-Popper-root MuiSelect-listbox Mui-expanded css-icfck1']//*[normalize-space(text())='GRE']" tunnelObjectListPage_type_ip_posXpath="//ul[@class='base-Popper-root MuiSelect-listbox Mui-expanded css-icfck1']//*[normalize-space(text())='IPv4/IPv6']" diff --git a/support/ui_utils/objects/create_objects_example.py b/support/ui_utils/objects/create_objects_example.py index 16fe1ad09..8e939a8a0 100644 --- a/support/ui_utils/objects/create_objects_example.py +++ b/support/ui_utils/objects/create_objects_example.py @@ -220,47 +220,50 @@ class CreateObjects: self.driver.find_element(By.XPATH,creation_element_position["objectPage_inputItem_upBoundary_posXpath"]).send_keys(eval(str(data_int))[1]) # 于item 下up_boundary value输入框键入item_value self.driver.find_element(By.XPATH, creation_element_position["objectPage_button_saveItem_posXpath"]).click() # 点击保存按钮 elif object_type == "application": - self.driver.find_element(By.XPATH, creation_element_position["objectPage_inputLongName_posXpath"]).send_keys(object["application"]["app_longname"]) # input long name - # self.driver.find_element(By.XPATH, creation_element_position[""]).send_keys("Your description") # input description - self.driver.find_element(By.XPATH, creation_element_position["objectPage_select_category_dropwmn_posXpath"]).click() # category - self.driver.find_element(By.XPATH, creation_element_position["objectPage_category_xpath"].format(replaceValue=object["application"]["app_properties"]["category"])).click() # - self.driver.find_element(By.XPATH, creation_element_position["objectPage_select_subcategory_dropwmn_posXpath"]).click() # subcategory - self.driver.find_element(By.XPATH, creation_element_position["objectPage_sub_category_xpath"].format(replaceValue=object["application"]["app_properties"]["subcategory"])).click() # - self.driver.find_element(By.XPATH, creation_element_position["objectPage_select_content_dropwmn_posXpath"]).click() # content - self.driver.find_element(By.XPATH, creation_element_position["objectPage_content_xpath"].format(replaceValue=object["application"]["app_properties"]["content"])).click() # - self.driver.find_element(By.XPATH, creation_element_position["objectPage_select_risk_dropwmn_posXpath"]).click() # risk 0 - self.driver.find_element(By.XPATH, creation_element_position["objectPage_risi_xpath"].format(replaceValue=object["application"]["app_properties"]["risk"])).click() - self.driver.find_element(By.XPATH, creation_element_position["objectPage_characteristics_xpath"].format(replaceValue=object["application"]["app_properties"]["characteristics"])).click() - #添加signature - self.driver.find_element(By.XPATH, creation_element_position["objectPage_addItem_posXpath"]).click() - self.driver.find_element(By.XPATH, creation_element_position["objectPage_create_signature_posXpath"]).click() - for m in range(len(object["app_surrogates"])): - app_surrogates= object["app_surrogates"][m] - for i in range(len(app_surrogates["signature_sequence"])): - app_signature= app_surrogates["signature_sequence"][i] - self.driver.find_element(By.XPATH,creation_element_position["signature_inputName_posXpath"]).send_keys(app_signature["signature"]["name"]) - self.driver.find_element(By.XPATH, creation_element_position["signature_add_artibutem_posXpath"]).click() - for j in range(len(app_signature["signature"]["and_conditions"])): - app_and_condition= app_signature["signature"]["and_conditions"][j] - self.driver.find_element(By.XPATH, creation_element_position["signature_condition_select_up_posXpath"]).click() - if app_and_condition["negate_option"] == False: - self.driver.find_element(By.XPATH, creation_element_position["signature_new_condition__posXpath"]).click() - else:self.driver.find_element(By.XPATH, creation_element_position["signature_new_not_condition__posXpath"]).click() - self.driver.find_element(By.XPATH, creation_element_position["signature_add_artibute_button_posXpath"]).click() - for n in range(len(app_and_condition["or_conditions"])): - app_or_condition= app_and_condition["or_conditions"][n] - self.driver.find_element(By.XPATH,"//li[@class = 'MuiTreeItem-root css-105mfs8']//div[text()='common']").click() - self.driver.find_element(By.XPATH,creation_element_position["signature_artibute_protocols"].format(replaceValue=app_or_condition["attribute_name"])).click() - self.driver.find_element(By.XPATH,"(//div[@class='MuiDrawer-content css-10lcz44'])[4]//button[text()='Cancel']").click() - self.driver.find_element(By.XPATH,creation_element_position["attribute_add_object_posXpath"]).click() - self.driver.find_element(By.XPATH,creation_element_position["objectPage_create_signature_posXpath"]+"[2]").click() - common_object_element_position = get_element_position(app_or_condition["type"]) - self.create_common_objects(app_or_condition,common_object_element_position) - self.driver.find_element(By.XPATH,creation_element_position["objectPage_okButton_posXpath"]+"[4]").click() - self.driver.find_element(By.XPATH,"(//div[@class='MuiDrawer-content css-10lcz44'])[4]//button[text()='Cancel']").click() - self.driver.find_element(By.XPATH,creation_element_position["objectPage_okButton_posXpath"]+"[3]").click() - self.driver.find_element(By.XPATH,creation_element_position["objectPage_okButton_posXpath"]+"[2]").click() - self.driver.find_element(By.XPATH,"(//div[@class='MuiDrawer-content css-10lcz44'])[1]//button[text()='Cancel']").click() + if "items" in object.keys(): + return 200 + elif "application" in object.keys(): + self.driver.find_element(By.XPATH, creation_element_position["objectPage_inputLongName_posXpath"]).send_keys(object["application"]["app_longname"]) # input long name + # self.driver.find_element(By.XPATH, creation_element_position[""]).send_keys("Your description") # input description + self.driver.find_element(By.XPATH, creation_element_position["objectPage_select_category_dropwmn_posXpath"]).click() # category + self.driver.find_element(By.XPATH, creation_element_position["objectPage_category_xpath"].format(replaceValue=object["application"]["app_properties"]["category"])).click() # + self.driver.find_element(By.XPATH, creation_element_position["objectPage_select_subcategory_dropwmn_posXpath"]).click() # subcategory + self.driver.find_element(By.XPATH, creation_element_position["objectPage_sub_category_xpath"].format(replaceValue=object["application"]["app_properties"]["subcategory"])).click() # + self.driver.find_element(By.XPATH, creation_element_position["objectPage_select_content_dropwmn_posXpath"]).click() # content + self.driver.find_element(By.XPATH, creation_element_position["objectPage_content_xpath"].format(replaceValue=object["application"]["app_properties"]["content"])).click() # + self.driver.find_element(By.XPATH, creation_element_position["objectPage_select_risk_dropwmn_posXpath"]).click() # risk 0 + self.driver.find_element(By.XPATH, creation_element_position["objectPage_risi_xpath"].format(replaceValue=object["application"]["app_properties"]["risk"])).click() + self.driver.find_element(By.XPATH, creation_element_position["objectPage_characteristics_xpath"].format(replaceValue=object["application"]["app_properties"]["characteristics"])).click() + #添加signature + self.driver.find_element(By.XPATH, creation_element_position["objectPage_addItem_posXpath"]).click() + self.driver.find_element(By.XPATH, creation_element_position["objectPage_create_signature_posXpath"]).click() + for m in range(len(object["app_surrogates"])): + app_surrogates= object["app_surrogates"][m] + for i in range(len(app_surrogates["signature_sequence"])): + app_signature= app_surrogates["signature_sequence"][i] + self.driver.find_element(By.XPATH,creation_element_position["signature_inputName_posXpath"]).send_keys(app_signature["signature"]["name"]) + self.driver.find_element(By.XPATH, creation_element_position["signature_add_artibutem_posXpath"]).click() + for j in range(len(app_signature["signature"]["and_conditions"])): + app_and_condition= app_signature["signature"]["and_conditions"][j] + self.driver.find_element(By.XPATH, creation_element_position["signature_condition_select_up_posXpath"]).click() + if app_and_condition["negate_option"] == False: + self.driver.find_element(By.XPATH, creation_element_position["signature_new_condition__posXpath"]).click() + else:self.driver.find_element(By.XPATH, creation_element_position["signature_new_not_condition__posXpath"]).click() + self.driver.find_element(By.XPATH, creation_element_position["signature_add_artibute_button_posXpath"]).click() + for n in range(len(app_and_condition["or_conditions"])): + app_or_condition= app_and_condition["or_conditions"][n] + self.driver.find_element(By.XPATH,"//li[@class = 'MuiTreeItem-root css-105mfs8']//div[text()='common']").click() + self.driver.find_element(By.XPATH,creation_element_position["signature_artibute_protocols"].format(replaceValue=app_or_condition["attribute_name"])).click() + self.driver.find_element(By.XPATH,"(//div[@class='MuiDrawer-content css-10lcz44'])[4]//button[text()='Cancel']").click() + self.driver.find_element(By.XPATH,creation_element_position["attribute_add_object_posXpath"]).click() + self.driver.find_element(By.XPATH,creation_element_position["objectPage_create_signature_posXpath"]+"[2]").click() + common_object_element_position = get_element_position(app_or_condition["type"]) + self.create_objects_by_side_slide(app_or_condition,common_object_element_position) + self.driver.find_element(By.XPATH,creation_element_position["objectPage_okButton_posXpath"]+"[4]").click() + self.driver.find_element(By.XPATH,"(//div[@class='MuiDrawer-content css-10lcz44'])[4]//button[text()='Cancel']").click() + self.driver.find_element(By.XPATH,creation_element_position["objectPage_okButton_posXpath"]+"[3]").click() + self.driver.find_element(By.XPATH,creation_element_position["objectPage_okButton_posXpath"]+"[2]").click() + self.driver.find_element(By.XPATH,"(//div[@class='MuiDrawer-content css-10lcz44'])[1]//button[text()='Cancel']").click() elif object_type == "tunnel": if len(object["tunnel"]["and_conditions"]) == 1: tunnel_endition_a = object["tunnel"]["and_conditions"][0] @@ -277,8 +280,9 @@ class CreateObjects: for i in range(len(tunnel_endition_a["or_conditions"])): self.driver.find_element(By.XPATH,creation_element_position["objectPage_endition_a_addItem_posXpath"]).click() self.driver.find_element(By.XPATH, creation_element_position["objectPage_side_slic_create_button_posXpath"]).click() + time.sleep(1) common_object_element_position = get_element_position(tunnel_endition_a["or_conditions"][i]["type"]) - self.create_common_objects(tunnel_endition_a["or_conditions"][i],common_object_element_position) + self.create_objects_by_side_slide(tunnel_endition_a["or_conditions"][i],common_object_element_position) self.driver.find_element(By.XPATH,creation_element_position["objectPage_okButton_posXpath"]+"[2]").click() self.driver.find_element(By.XPATH,creation_element_position["ObjectPage_side_slic_Cancel_posXpath"]).click() if len(object["tunnel"]["and_conditions"]) == 2: @@ -287,12 +291,9 @@ class CreateObjects: self.driver.find_element(By.XPATH, creation_element_position["objectPage_side_slic_create_button_posXpath"]).click() for i in range(len(tunnel_endition_b["or_conditions"])): - self.create_common_objects(tunnel_endition_b["or_conditions"][i], common_object_element_position) + self.create_objects_by_side_slide(tunnel_endition_b["or_conditions"][i], common_object_element_position) self.driver.find_element(By.XPATH,creation_element_position["objectPage_okButton_posXpath"] + "[2]").click() self.driver.find_element(By.XPATH,creation_element_position["ObjectPage_side_slic_Cancel_posXpath"]).click() - - - elif object_type == "port": for i in range(len(object["items"])): if object["items"][i]["op"] == "add": diff --git a/support/ui_utils/objects/delete_objects_example.py b/support/ui_utils/objects/delete_objects_example.py index fa9122626..626278538 100644 --- a/support/ui_utils/objects/delete_objects_example.py +++ b/support/ui_utils/objects/delete_objects_example.py @@ -33,6 +33,24 @@ class DeleteObjects: self.driver.find_element(By.XPATH, deletion_element_position["objectListPage_deleteButton_posXpath"]).click() self.driver.find_element(By.XPATH,deletion_element_position["objectListPage_deleteButton_warningYes_posXpath"]).click() time.sleep(3) + if object["type"] == "tunnel": + element_position_library = get_element_position("ip") + page_jump_element_position = element_position_library["page_jump"] + search_element_position = element_position_library["search"] + page_jump = PageJump(self.driver) + time.sleep(0.5) + page_jump.jump_sub_object_page(page_jump_element_position) + time.sleep(3) + self.driver.find_element(By.XPATH,search_element_position["objectListPage_searchLabel_posXpath"]).click() + self.driver.find_element(By.XPATH,search_element_position["objectListPage_searchLabel_posXpath"]).send_keys("tunnel") + self.driver.find_element(By.XPATH, search_element_position["objectListPage_searchLabel_selectName_posXpath"]).click() + self.driver.find_element(By.XPATH,search_element_position["objectListPage_search_button_posXpath"]).click() + time.sleep(2) + objects_list_elements = self.driver.find_elements(By.XPATH,"//div[@class='MuiDataGrid-virtualScrollerContent css-0']/div/div") + if len(objects_list_elements) != 0: + self.driver.find_element(By.XPATH,"//input[@class='MuiCheckbox-input css-1jj0cvj']").click() + self.driver.find_element(By.XPATH,deletion_element_position["objectListPage_deleteButton_posXpath"]).click() + self.driver.find_element(By.XPATH, deletion_element_position["objectListPage_deleteButton_warningYes_posXpath"]).click() return 200 except Exception as e: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], f"Exception: {e}",flush=True) diff --git a/support/ui_utils/objects/edit_objects_example.py b/support/ui_utils/objects/edit_objects_example.py index 7b2f30f9a..9ceb6c17c 100644 --- a/support/ui_utils/objects/edit_objects_example.py +++ b/support/ui_utils/objects/edit_objects_example.py @@ -129,7 +129,94 @@ class EditObjects: self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[16]").click() elif key_flag == "Tunneling" and new_item[key_flag] == True: self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[17]").click() - self.driver.find_element(By.XPATH,edit_element_position["objectPage_button_saveItem_posXpath"]).click() + self.driver.find_element(By.XPATH,edit_element_position["objectPage_button_saveItem_posXpath"]).click() + elif src_item != "": + self.driver.find_element(By.XPATH,edit_element_position["ObjectPage_edit_item_posXpath"]).click() + #对源item双击取消 + for key_flag in src_item: + if key_flag == "Bulky": + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[2]").click() + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[2]").click() + elif key_flag == "CBR Streaming": + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[3]").click() + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[3]").click() + elif key_flag == "Client is Local" : + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[4]").click() + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[4]").click() + elif key_flag == "Server is Local": + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[5]").click() + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[5]").click() + elif key_flag == "Download": + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[6]").click() + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[6]").click() + elif key_flag == "Interactive": + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[7]").click() + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[7]").click() + elif key_flag == "Inbound" : + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[8]").click() + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[8]").click() + elif key_flag == "Outbound": + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[9]").click() + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[9]").click() + elif key_flag == "Pseudo Unidirectional": + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[10]").click() + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[10]").click() + elif key_flag == "Streaming": + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[11]").click() + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[11]").click() + elif key_flag == "Unidirectional": + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[12]").click() + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[12]").click() + elif key_flag == "Random looking": + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[13]").click() + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[13]").click() + elif key_flag == "C2S": + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[14]").click() + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[14]").click() + elif key_flag == "S2C": + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[15]").click() + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[15]").click() + elif key_flag == "Bidirectional" : + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[16]").click() + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[16]").click() + elif key_flag == "Tunneling": + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[17]").click() + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[17]").click() + #添加新item + for key_flag in new_item: + if key_flag == "Bulky" and new_item[key_flag] == True: + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[2]").click() + elif key_flag == "CBR Streaming": + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[3]").click() + elif key_flag == "Client is Local" and new_item[key_flag] == True: + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[4]").click() + elif key_flag == "Server is Local" and new_item[key_flag] == True: + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[5]").click() + elif key_flag == "Download" and new_item[key_flag] == True: + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[6]").click() + elif key_flag == "Interactive" and new_item[key_flag] == True: + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[7]").click() + elif key_flag == "Inbound" and new_item[key_flag] == True: + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[8]").click() + elif key_flag == "Outbound" and new_item[key_flag] == True: + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[9]").click() + elif key_flag == "Pseudo Unidirectional" and new_item[key_flag] == True: + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[10]").click() + elif key_flag == "Streaming" and new_item[key_flag] == True: + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[11]").click() + elif key_flag == "Unidirectional" and new_item[key_flag] == True: + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[12]").click() + elif key_flag == "Random looking" and new_item[key_flag] == True: + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[13]").click() + elif key_flag == "C2S" and new_item[key_flag] == True: + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[14]").click() + elif key_flag == "S2C" and new_item[key_flag] == True: + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[15]").click() + elif key_flag == "Bidirectional" and new_item[key_flag] == True: + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[16]").click() + elif key_flag == "Tunneling" and new_item[key_flag] == True: + self.driver.find_element(By.XPATH, "//*[@class='flag-object-flag']//span[17]").click() + self.driver.find_element(By.XPATH,edit_element_position["objectPage_button_saveItem_posXpath"]).click() elif object_type == "interval": if src_item == "": data_int = new_item.split("-") @@ -152,76 +239,81 @@ class EditObjects: self.driver.find_element(By.XPATH, edit_element_position["objectPage_inputItem_upBoundary_posXpath"]).send_keys(eval(str(data_int))[1]) # 于item 下up_boundary value输入框键入item_value self.driver.find_element(By.XPATH, edit_element_position["objectPage_button_saveItem_posXpath"]).click() # 点击保存按钮 elif object_type == "application": - self.driver.find_element(By.XPATH, edit_element_position["objectPage_inputLongName_posXpath"]).send_keys(object["application"]["app_longname"]) # input long name - # self.driver.find_element(By.XPATH, edit_element_position[""]).send_keys("Your description") # input description - self.driver.find_element(By.XPATH, edit_element_position["objectPage_select_category_dropwmn_posXpath"]).click() # category - self.driver.find_element(By.XPATH, edit_element_position["objectPage_category_xpath"].format(replaceValue=object["application"]["app_properties"]["category"])).click() # - self.driver.find_element(By.XPATH, edit_element_position["objectPage_select_subcategory_dropwmn_posXpath"]).click() # subcategory - self.driver.find_element(By.XPATH, edit_element_position["objectPage_sub_category_xpath"].format(replaceValue=object["application"]["app_properties"]["subcategory"])).click() # - self.driver.find_element(By.XPATH, edit_element_position["objectPage_select_content_dropwmn_posXpath"]).click() # content - self.driver.find_element(By.XPATH, edit_element_position["objectPage_content_xpath"].format(replaceValue=object["application"]["app_properties"]["content"])).click() # - self.driver.find_element(By.XPATH, edit_element_position["objectPage_select_risk_dropwmn_posXpath"]).click() # risk 0 - self.driver.find_element(By.XPATH, edit_element_position["objectPage_risi_xpath"].format(replaceValue=object["application"]["app_properties"]["risk"])).click() - self.driver.find_element(By.XPATH, edit_element_position["objectPage_characteristics_xpath"].format(replaceValue=object["application"]["app_properties"]["characteristics"])).click() - #添加signature - self.driver.find_element(By.XPATH, edit_element_position["objectPage_addItem_posXpath"]).click() - self.driver.find_element(By.XPATH, edit_element_position["objectPage_create_signature_posXpath"]).click() - for m in range(len(object["app_surrogates"])): - app_surrogates= object["app_surrogates"][m] - for i in range(len(app_surrogates["signature_sequence"])): - app_signature= app_surrogates["signature_sequence"][i] - self.driver.find_element(By.XPATH,edit_element_position["signature_inputName_posXpath"]).send_keys(app_signature["signature"]["name"]) - self.driver.find_element(By.XPATH, edit_element_position["signature_add_artibutem_posXpath"]).click() - for j in range(len(app_signature["signature"]["and_conditions"])): - app_and_condition= app_signature["signature"]["and_conditions"][j] - self.driver.find_element(By.XPATH, edit_element_position["signature_condition_select_up_posXpath"]).click() - if app_and_condition["negate_option"] == False: - self.driver.find_element(By.XPATH, edit_element_position["signature_new_condition__posXpath"]).click() - else:self.driver.find_element(By.XPATH, edit_element_position["signature_new_not_condition__posXpath"]).click() - self.driver.find_element(By.XPATH, edit_element_position["signature_add_artibute_button_posXpath"]).click() - for n in range(len(app_and_condition["or_conditions"])): - app_or_condition= app_and_condition["or_conditions"][n] - self.driver.find_element(By.XPATH,"//li[@class = 'MuiTreeItem-root css-105mfs8']//div[text()='common']").click() - self.driver.find_element(By.XPATH,edit_element_position["signature_artibute_protocols"].format(replaceValue=app_or_condition["attribute_name"])).click() - self.driver.find_element(By.XPATH,"(//div[@class='MuiDrawer-content css-10lcz44'])[4]//button[text()='Cancel']").click() - self.driver.find_element(By.XPATH,edit_element_position["attribute_add_object_posXpath"]).click() - self.driver.find_element(By.XPATH,edit_element_position["objectPage_create_signature_posXpath"]+"[2]").click() - common_object_element_position = get_element_position(app_or_condition["type"]) - self.create_common_objects(app_or_condition,common_object_element_position) - self.driver.find_element(By.XPATH,edit_element_position["objectPage_okButton_posXpath"]+"[4]").click() - self.driver.find_element(By.XPATH,"(//div[@class='MuiDrawer-content css-10lcz44'])[4]//button[text()='Cancel']").click() - self.driver.find_element(By.XPATH,edit_element_position["objectPage_okButton_posXpath"]+"[3]").click() - self.driver.find_element(By.XPATH,edit_element_position["objectPage_okButton_posXpath"]+"[2]").click() - self.driver.find_element(By.XPATH,"(//div[@class='MuiDrawer-content css-10lcz44'])[1]//button[text()='Cancel']").click() - elif object_type == "tunnel": - if len(object["tunnel"]["and_conditions"]) == 1: - tunnel_endition_a = object["tunnel"]["and_conditions"][0] - elif len(object["tunnel"]["and_conditions"]) == 2: - tunnel_endition_a = object["tunnel"]["and_conditions"][0] - tunnel_endition_b = object["tunnel"]["and_conditions"][1] - - self.driver.find_element(By.XPATH, edit_element_position["objectPage_edit_tunnel_type_posXpath"]).click() - if object["tunnel"]["action_parameter"]["type"] == "IP": - self.driver.find_element(By.XPATH, edit_element_position["objectListPage_type_ip_posXpath"]).click() - elif object["tunnel"]["action_parameter"]["type"] == "GRE": - self.driver.find_element(By.XPATH, edit_element_position["objectListPage_type_gre_posXpath"]).click() - - for i in range(len(tunnel_endition_a["or_conditions"])): - self.driver.find_element(By.XPATH,edit_element_position["objectPage_endition_a_addItem_posXpath"]).click() - self.driver.find_element(By.XPATH, edit_element_position["objectPage_side_slic_create_button_posXpath"]).click() - common_object_element_position = get_element_position(tunnel_endition_a["or_conditions"][i]["type"]) - self.create_common_objects(tunnel_endition_a["or_conditions"][i],common_object_element_position) + if src_item == "": + #添加signature + self.driver.find_element(By.XPATH, edit_element_position["objectPage_addItem_posXpath"]).click() + self.driver.find_element(By.XPATH, edit_element_position["objectPage_create_signature_posXpath"]).click() + for m in range(len(new_item)): + app_surrogates= new_item[m] + for i in range(len(app_surrogates["signature_sequence"])): + app_signature= app_surrogates["signature_sequence"][i] + self.driver.find_element(By.XPATH,edit_element_position["signature_inputName_posXpath"]).send_keys(app_signature["signature"]["name"]) + self.driver.find_element(By.XPATH, edit_element_position["signature_add_artibutem_posXpath"]).click() + for j in range(len(app_signature["signature"]["and_conditions"])): + app_and_condition= app_signature["signature"]["and_conditions"][j] + self.driver.find_element(By.XPATH, edit_element_position["signature_condition_select_up_posXpath"]).click() + if app_and_condition["negate_option"] == False: + self.driver.find_element(By.XPATH, edit_element_position["signature_new_condition__posXpath"]).click() + else:self.driver.find_element(By.XPATH, edit_element_position["signature_new_not_condition__posXpath"]).click() + self.driver.find_element(By.XPATH, edit_element_position["signature_add_artibute_button_posXpath"]).click() + for n in range(len(app_and_condition["or_conditions"])): + app_or_condition= app_and_condition["or_conditions"][n] + self.driver.find_element(By.XPATH,"//li[@class = 'MuiTreeItem-root css-105mfs8']//div[text()='common']").click() + self.driver.find_element(By.XPATH,edit_element_position["signature_artibute_protocols"].format(replaceValue=app_or_condition["attribute_name"])).click() + self.driver.find_element(By.XPATH,"(//div[@class='MuiDrawer-content css-10lcz44'])[4]//button[text()='Cancel']").click() + self.driver.find_element(By.XPATH,edit_element_position["attribute_add_object_posXpath"]).click() + self.driver.find_element(By.XPATH,edit_element_position["objectPage_create_signature_posXpath"]+"[2]").click() + common_object_element_position = get_element_position(app_or_condition["type"]) + self.create_objects_by_side_slide(app_or_condition,common_object_element_position) + self.driver.find_element(By.XPATH,edit_element_position["objectPage_okButton_posXpath"]+"[4]").click() + self.driver.find_element(By.XPATH,"(//div[@class='MuiDrawer-content css-10lcz44'])[4]//button[text()='Cancel']").click() + self.driver.find_element(By.XPATH,edit_element_position["objectPage_okButton_posXpath"]+"[3]").click() self.driver.find_element(By.XPATH,edit_element_position["objectPage_okButton_posXpath"]+"[2]").click() - self.driver.find_element(By.XPATH,edit_element_position["ObjectPage_side_slic_Cancel_posXpath"]).click() - if len(object["tunnel"]["and_conditions"]) == 2: - self.driver.find_element(By.XPATH,edit_element_position["objectPage_endition_b_addItem_posXpath"]).click() - self.driver.find_element(By.XPATH,edit_element_position["objectPage_endition_b_addItem_posXpath"]).click() - self.driver.find_element(By.XPATH, edit_element_position["objectPage_side_slic_create_button_posXpath"]).click() - - for i in range(len(tunnel_endition_b["or_conditions"])): - self.create_common_objects(tunnel_endition_b["or_conditions"][i], common_object_element_position) - self.driver.find_element(By.XPATH,edit_element_position["objectPage_okButton_posXpath"] + "[2]").click() + self.driver.find_element(By.XPATH,"(//div[@class='MuiDrawer-content css-10lcz44'])[1]//button[text()='Cancel']").click() + elif src_item != "": + self.driver.find_element(By.XPATH, edit_element_position["objectPage_addItem_posXpath"]).click() + self.driver.find_element(By.XPATH,"//input[@class='MuiInput-input css-za5rna']").send_keys(src_item["signature_sequence"][0]["signature"]["name"] + Keys.ENTER) + self.driver.find_element(By.XPATH,"//i[@class='iconfont icon-Edit !text-[var(--color-text)]']").click() + name_input_field = self.driver.find_element(By.XPATH, edit_element_position["signature_inputName_posXpath"]) + name_input_field.send_keys(Keys.CONTROL, 'a') # 或使用 Keys.COMMAND 在 macOS + name_input_field.send_keys(Keys.DELETE) + name_input_field.send_keys("signature_edit_name") + self.driver.find_element(By.XPATH,edit_element_position["objectPage_okButton_posXpath"] + "[2]").click() + + elif object_type == "tunnel": + if src_item == "": + if len(new_item) == 1: + tunnel_endition_a = new_item[0] + elif len(new_item) == 2: + tunnel_endition_a = new_item[0] + tunnel_endition_b = new_item[1] + + for i in range(len(tunnel_endition_a["or_conditions"])): + self.driver.find_element(By.XPATH,edit_element_position["objectPage_endition_a_addItem_posXpath"]).click() + self.driver.find_element(By.XPATH, edit_element_position["objectPage_side_slic_create_button_posXpath"]).click() + time.sleep(1) + common_object_element_position = get_element_position(tunnel_endition_a["or_conditions"][i]["type"]) + self.create_objects_by_side_slide(tunnel_endition_a["or_conditions"][i],common_object_element_position) + self.driver.find_element(By.XPATH,edit_element_position["objectPage_okButton_posXpath"]+"[2]").click() self.driver.find_element(By.XPATH,edit_element_position["ObjectPage_side_slic_Cancel_posXpath"]).click() + if len(new_item) == 2: + self.driver.find_element(By.XPATH,edit_element_position["objectPage_endition_b_addItem_posXpath"]).click() + self.driver.find_element(By.XPATH,edit_element_position["objectPage_endition_b_addItem_posXpath"]).click() + self.driver.find_element(By.XPATH, edit_element_position["objectPage_side_slic_create_button_posXpath"]).click() + + for i in range(len(tunnel_endition_b["or_conditions"])): + self.create_objects_by_side_slide(tunnel_endition_b["or_conditions"][i], common_object_element_position) + self.driver.find_element(By.XPATH,edit_element_position["objectPage_okButton_posXpath"] + "[2]").click() + self.driver.find_element(By.XPATH,edit_element_position["ObjectPage_side_slic_Cancel_posXpath"]).click() + elif src_item != "": + if len(src_item) == 1: + self.driver.find_element(By.XPATH,edit_element_position["objectPage_endition_a_editItem_posXpath"]).click() + name_input_field = self.driver.find_element(By.XPATH,"//div[@class='ip-object-name']//input") + name_input_field.send_keys(Keys.CONTROL, 'a') # 或使用 Keys.COMMAND 在 macOS + name_input_field.send_keys(Keys.DELETE) + name_input_field.send_keys("tunnel_edit_A") + self.driver.find_element(By.XPATH, edit_element_position["objectPage_okButton_posXpath"] + "[2]").click() + self.driver.find_element(By.XPATH, edit_element_position["ObjectPage_side_slic_Cancel_posXpath"]).click() elif object_type == "ip_learning": self.driver.find_element(By.XPATH,edit_element_position["objectPage_ipLearningType_posXpath"]).click() if object["op"] == "add": @@ -243,13 +335,6 @@ class EditObjects: self.driver.find_element(By.XPATH,edit_element_position["objectPage_voteClients_posXpath"]).send_keys(object["learning_plan"]["fqdn_ip_learning_plan"]["vote_client_num"]) self.driver.find_element(By.XPATH,edit_element_position["objectPage_learnedIPLimits_posXpath"]).send_keys(object["learning_plan"]["fqdn_ip_learning_plan"]["goal_upper_limit"]) else: - # if object_type == "ip": - # send_data = object["items"]["ip"] - # edit_data = object["items"][i]["edit_ip"] - # if object_type == "imsi": - # send_data = object["items"][i]["expression"] - # elif object_type == "imei": - # send_data = object["items"][i]["expression"] if src_item == "": self.driver.find_element(By.XPATH,edit_element_position["objectPage_addItem_posXpath"]).click() # 适配24.10 版本,需要逐个字符输入 @@ -372,7 +457,7 @@ class EditObjects: # return 400 - def create_common_objects(self,object,common_object_element_position): + def create_objects_by_side_slide(self,object,common_object_element_position): object_type = object["type"] edit_element_position = common_object_element_position["create"] self.driver.find_element(By.XPATH,'//ul[@class="base-Popper-root MuiMenu-root Mui-expanded MuiMenu-variantOutlined MuiMenu-colorNeutral MuiMenu-sizeMd css-131n2dh"]/li[1]').click() diff --git a/support/ui_utils/ui_client.py b/support/ui_utils/ui_client.py index 203944bd0..ee18b7d2e 100644 --- a/support/ui_utils/ui_client.py +++ b/support/ui_utils/ui_client.py @@ -3,9 +3,6 @@ import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) import support.ui_utils.env -from support.ui_utils.create_objects_example import CreateObjectsExample -from support.ui_utils.delete_objects_example import DeleteObjectsExample -from support.ui_utils.edit_objects_example import EditObjectsExample from support.ui_utils.objects.create_objects_example import CreateObjects from support.ui_utils.policies.create_rules import CreateRules from support.ui_utils.policies.search_rules import SearchRules diff --git a/tests/object/test_temp/create_application_temp.py b/tests/object/test_temp/create_application_temp.py index 9265f8df3..d3ce6762f 100644 --- a/tests/object/test_temp/create_application_temp.py +++ b/tests/object/test_temp/create_application_temp.py @@ -16,8 +16,7 @@ def run(parameter): script_start_time = time.time() #测试数据 - object_configuration = { - "or_conditions": [ + object_configuration = [ { "name": "common_server_fqdn", "type": "application", @@ -78,25 +77,109 @@ def run(parameter): } ], } - ], - "search": { - "is_fuzzy": False, - "type": "name" - }, + ] - "audit_log": False # system - } + ui_client = UIClient(parameter) # 创建 - ui_client = UIClient() - objects_tuple, ui_error = ui_client.create_objects(object_configuration) - if len(ui_error) > 0: - return ui_error + code = ui_client.create_objects(object_configuration) + if code != 200: + return "Fail to create object." + else: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3],"Create Object successful ") + + search_type = { + "is_fuzzy": False, + "type": "", + } + # 查询 + objects_tuple, code = ui_client.search_objects("create_account_object", object_configuration, search_type) objects_list = list(objects_tuple) - if len(objects_list) > 0 and len(objects_list[0]["uuid"]) > 0: - return "" + if len(objects_list) == 0: + return "Fail to get object uuid." + if code != 200: + return "Fail to search object." + else: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3],"Search Object successful ") + # 编辑 + src_app_signature = { + "group_by": "session", + "signature_sequence": [ + { + "exclude": 0, + "signature": { + "name": "common_server_fqdn1", + "is_enabled": True, + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "common.server_fqdn", + "type": "fqdn", + "name": "sec_fqdn", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "youtube.com" + } + ] + } + ] + } + ] + } + } + ] + } + code = ui_client.edit_objects(objects_tuple, src_item=src_app_signature, new_item="") + if code != 200: + return "Fail to edit object." + else: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3],"Edit Object successful ") + + new_app_surrogates = [ + { + "group_by": "session", + "signature_sequence": [ + { + "exclude": 0, + "signature": { + "name": "common_server_fqdn1", + "is_enabled": True, + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "common.server_fqdn", + "type": "fqdn", + "name": "sec_fqdn", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "baidu.com" + } + ] + } + ] + } + ] + } + } + ] + } + ] + code = ui_client.edit_objects(objects_tuple, src_item="", new_item=new_app_surrogates) + if code != 200: + return "Fail to edit object." + else: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3],"Edit Object successful ") + return "" except Exception as e: exception_result = str(e) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3],"When running test case, the exception error: ", str(e), flush=True) @@ -104,15 +187,10 @@ def run(parameter): finally: # 删除 - if parameter["initiation_method"] == "ui": - if objects_tuple is not None: - ui_client.delete_objects(parameter, objects_tuple, object_configuration["search"]) - # elif parameter["initiation_method"] == "api": - # if not objects_tuple: - # api_client.delete_rules(rules_tuple) - # if not objects_tuple: - # api_client.delete_objects(objects_tuple) - + if objects_tuple: + ui_client.delete_objects(objects_tuple) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3],"Delete Object successful ") + # ui_client.cleanup() # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time @@ -120,6 +198,7 @@ def run(parameter): "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) diff --git a/tests/object/test_temp/create_flag_temp.py b/tests/object/test_temp/create_flag_temp.py index 8813db9b4..5f32ad81f 100644 --- a/tests/object/test_temp/create_flag_temp.py +++ b/tests/object/test_temp/create_flag_temp.py @@ -18,7 +18,7 @@ def run(parameter): #测试数据 object_configuration = [ { - "name": "test", + "name": "create_flag_object", "type": "flag", "member_type": "item", "statistics_option": "", # random @@ -49,7 +49,7 @@ def run(parameter): } # 查询 - objects_tuple, code = ui_client.search_objects("create_apn_object", object_configuration, search_type) + objects_tuple, code = ui_client.search_objects("create_flag_object", object_configuration, search_type) objects_list = list(objects_tuple) if len(objects_list) == 0: return "Fail to get object uuid." @@ -59,14 +59,26 @@ def run(parameter): print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3],"Search Object successful ") # 编辑 - # 如果src_item是空,则表示该item是新加 - code = ui_client.edit_objects(objects_tuple, src_item="", new_item="testapn$") + src_flag = { + "Client is Local": True, + "Server is Local": True + } + + new_flag = { + "Pseudo Unidirectional":True + } + + code = ui_client.edit_objects(objects_tuple, src_item=src_flag, new_item=new_flag) if code != 200: return "Fail to edit object." else: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3],"Edit Object successful ") - # 如果src_item是不是空,在item输入框,输入src_item,找到item,点击item的编辑按钮,删除src_item,输入new_item,点击保存按钮 - code = ui_client.edit_objects(objects_tuple, src_item="acdcd$", new_item="^xrwom.fu$") + # 如果src_item是空,则表示该item是新加 + + new_flag = { + "Outbound":True + } + code = ui_client.edit_objects(objects_tuple, src_item="", new_item=new_flag) if code != 200: return "Fail to edit object." else: diff --git a/tests/object/test_temp/create_tunnel_temp.py b/tests/object/test_temp/create_tunnel_temp.py index 783407291..ecdff410e 100644 --- a/tests/object/test_temp/create_tunnel_temp.py +++ b/tests/object/test_temp/create_tunnel_temp.py @@ -16,10 +16,9 @@ def run(parameter): script_start_time = time.time() #测试数据 - object_configuration = { - "or_conditions":[ + object_configuration = [ { - "name": "test", + "name": "create_tunnel_object", "type": "tunnel", "statistics_option": "", # random "tunnel": { @@ -34,7 +33,7 @@ def run(parameter): "attribute_name": "ATTR_TUNNEL_GTP_ENDPOINT", "type": "ip", "sub_type": "ip", - "name": "sec_srcipA", + "name": "tunnel_ipA", "items": [ { "op": "add", @@ -52,7 +51,7 @@ def run(parameter): "attribute_name": "ATTR_TUNNEL_GTP_ENDPOINT", "type": "ip", "sub_type": "ip", - "name": "sec_srcipB", + "name": "tunnel_ipB", "items": [ { "op": "add", @@ -66,22 +65,87 @@ def run(parameter): ] }, } - ], - "search": { - "is_fuzzy": False, - "type": "uuid" - }, - "audit_log": False # system - } + ] + + ui_client = UIClient(parameter) # 创建 - ui_client = UIClient() - objects_tuple, ui_error = ui_client.create_objects(object_configuration) - if len(ui_error) > 0: - return ui_error + code = ui_client.create_objects(object_configuration) + if code != 200: + return "Fail to create object." + else: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3],"Create Object successful ") + + search_type = { + "is_fuzzy": False, + "type": "", + } + + # 查询 + objects_tuple, code = ui_client.search_objects("create_tunnel_object", object_configuration, search_type) objects_list = list(objects_tuple) - if len(objects_list) > 0 and len(objects_list[0]["uuid"]) > 0: - return "" + if len(objects_list) == 0: + return "Fail to get object uuid." + if code != 200: + return "Fail to search object." + else: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3],"Search Object successful ") + + src_tunnel_ip = [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_TUNNEL_GTP_ENDPOINT", + "type": "ip", + "sub_type": "ip", + "name": "tunnel_ipA", + "items": [ + { + "op": "add", + "ip": "1.1.1.1", + "interval": "0-65535" + } + ] + } + ] + }, + ] + code = ui_client.edit_objects(objects_tuple, src_item=src_tunnel_ip,new_item="") + if code != 200: + return "Fail to edit object." + else: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3],"Edit Object successful") + + # 编辑 + new_tunnel_ip = [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_TUNNEL_GTP_ENDPOINT", + "type": "ip", + "sub_type": "ip", + "name": "tunnel_ipC", + "items": [ + { + "op": "add", + "ip": "6.6.6.6", + "interval": "0-65535" + } + ] + } + ] + }, + ] + code = ui_client.edit_objects(objects_tuple, src_item="", new_item=new_tunnel_ip) + if code != 200: + return "Fail to edit object." + else: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3],"Edit Object successful ") + # 如果src_item是不是空,在item输入框,输入src_item,找到item,点击item的编辑按钮,删除src_item,输入new_item,点击保存按钮 + + return "" except Exception as e: @@ -91,22 +155,16 @@ def run(parameter): finally: # 删除 - if parameter["initiation_method"] == "ui": - if objects_tuple is not None: - ui_client.delete_objects(parameter, objects_tuple, object_configuration["search"]) - # elif parameter["initiation_method"] == "api": - # if not objects_tuple: - # api_client.delete_rules(rules_tuple) - # if not objects_tuple: - # api_client.delete_objects(objects_tuple) - + if objects_tuple: + ui_client.delete_objects(objects_tuple) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3],"Delete Object successful ") + # ui_client.cleanup() # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3],"Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3],"Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) -- cgit v1.2.3 From d4c5a4cb9bd156e090b803cc85288bbf002e90e3 Mon Sep 17 00:00:00 2001 From: yang liu Date: Wed, 27 Nov 2024 19:46:05 +0800 Subject: update sc case --- ..._asn_library_fqdn_ssl_mirror_block_vlan_none.py | 339 +++++++++++++-------- 1 file changed, 220 insertions(+), 119 deletions(-) diff --git a/tests/service_chaining/sc_decrypted_srcip_ext_cidr_geoip_asn_library_fqdn_ssl_mirror_block_vlan_none.py b/tests/service_chaining/sc_decrypted_srcip_ext_cidr_geoip_asn_library_fqdn_ssl_mirror_block_vlan_none.py index 3002e1476..fca8a92ee 100644 --- a/tests/service_chaining/sc_decrypted_srcip_ext_cidr_geoip_asn_library_fqdn_ssl_mirror_block_vlan_none.py +++ b/tests/service_chaining/sc_decrypted_srcip_ext_cidr_geoip_asn_library_fqdn_ssl_mirror_block_vlan_none.py @@ -23,127 +23,229 @@ def run(parameter): script_start_time = time.time() # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "service_chaining", - "rule_name": "sc_decrypted_srcip_ext_cidr_geoip_asn_library_fqdn_ssl_mirror_block_vlan_none", - "rule_action": "service_chaining", - "targeted_traffic": "decrypted", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "service_chaining_source_ip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter["test_pc_ip"] - } - ] - } - ], - "source_library":[], - "source_port": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_library": [ - { - "category":"geoip_asn", - "catalogs":[ - { - "op":"add", - "ip_entries":"93.184.215.14/32" - } - ], - "tags":[ - { - "tag_key":"AutoTest", - "tag_value":"49284324", - "op":"add" - } - ], - "negate": False, - } - ], - "external_port": [], - "geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "ssl", - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - { - "name": "service_chaining_fqdn", - "object_type": "fqdn", - "select_type": False, - "negate": False, - "plus": False, - "items": [ - { - "item_operation": "add", - "item_value": "$www.example.com", - } - ] - } - ], - "protocol_filed": [], - "sub_action_override": False, - "sub_action": [], - "packet_capture": [], - }, - "multiProfile": True, - "profile": [ + policy_configuration = { + "type": "service_chaining", + "name": "sc_decrypted_scrip_fqdnblock_disabled_vxlan_activeip_bfd", + "action": "service_chaining", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "name": "service_chaining_source_ip", + "items": [ + { + "op": "add", + "ip": parameter["test_pc_ip"], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_EXTERNAL_IP", + "type":"library", + "catalog":[ + { + "category" : "geoip_asn", + "ip_entries":[ + { + "op" : "add", + "ip" : "93.184.215.14/32" + } + ], + "tag": [ + { + "category": "geoip_asn", + "parent_uuid": 0, + "tag_key": "AutoTest", + "tag_value": "49284324" + } + ] + } + ] + } + ] + }, { - "name": "mirror_block_vlan_none", - "profile_type": "create", - "type": "mirroring", - "load_balance_method": "hash_innermost_int-ip", - "load_balance_localization": "nearby", - "failure_action": "Block", - "service_functions": [ + "negate_option": False, + "or_conditions": [ { - "name": "vlan_none", - "profile_type": "create", - "device_group": "Device_Group:group-xxg-tsgx", - "connectivity": "Layer_2_Switch:random:random", - "health_check": "none", - "enable": "on" + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["ssl"] } ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SERVER_FQDN", + "type": "fqdn", + "member_type": "item", + "name": "service_chaining_fqdn", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^www.example.com$", + } + ] + } + ], } ], - "log_query_param": [{"query_field_key": "sc_rsp_decrypted_uuid_list", "query_value": ""}], - "traffic":{ - "protocol": "ssl", - "type": "curl", - "command": "curl --connect-timeout 10 --max-time 30 -kv https://www.example.com" - }, - "expected_return":"example", - "token": "" + "action_parameter": { + "targeted_traffic": "decrypted", + "sff_profiles": + [ + { + "vsys": 1, + "return_data": 1, + "name": "mirror_block_vlan_none", + "type": 2, + "load_balance_method": "hash-innermost-int-ip", + "load_balance_localization": "nearby", + "failure_action": "block", + "service_func_profiles":[ + { + "name":"vlan_none", + "admin_status": 1, + "device_group":{ + "value": "group-xxg-tsgx", + "tag": "device_group" + }, + "connectivity": { + "method": "layer2_switch", + "int_vlan_tag": "200", + "ext_vlan_tag": "100" + }, + "health_check": { + "method": "none", + "interval_ms": 200, + "retires": 5 + } + } + ] + } + ] + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "ssl", # or trex/http + "command": "curl --connect-timeout 10 --max-time 30 -kv https://www.example.com/" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() + verification_result = { + "excepted_traffic_result": "example", + "expected_metric": {"hits": 1}, + "expected_log": [{"query_field_key": "sc_rsp_decrypted_uuid_list", "query_value": ""}] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + tags_tuple, api_error = api_client.create_libraries(policy_configuration) + if len(api_error) > 0: + return api_error + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, tags_tuple, profiles_tuple) + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) - # 脚本结束时间和耗时 - end_time = time.time() - duration = end_time - start_time + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if not rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if tags_tuple: + api_client.delete_libraries(tags_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], @@ -157,17 +259,16 @@ if __name__ == '__main__': parameter = { "username": "lytest", "password": "123456ly", - "test_pc_ip": "192.168.50.88", + "test_pc_ip": "192.168.64.87", "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, - "is_log": 1, - "root_path": "C:/automation_project/tsg_test", - "path": "C:/automation_project/tsg_test/tests/ui", - "module_name": "service_chaining", - "test_case_name": "sc_decrypted_srcip_ext_cidr_geoip_asn_library_fqdn_ssl_mirror_block_vlan_none" + "vsys": 5, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "monitor", + "test_case_name": os.path.basename(__file__)[:-3] } run(parameter) """ -- cgit v1.2.3 From 44852e7bf153232d156a0d931e40b5ac874a0d55 Mon Sep 17 00:00:00 2001 From: "hebingning@geedgenetworks.com" Date: Wed, 27 Nov 2024 19:51:46 +0800 Subject: --- support/packet_generator/traffic_generator.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/support/packet_generator/traffic_generator.py b/support/packet_generator/traffic_generator.py index c11902e7d..ddbe762ad 100644 --- a/support/packet_generator/traffic_generator.py +++ b/support/packet_generator/traffic_generator.py @@ -23,7 +23,7 @@ from datetime import datetime class TrafficGenerator: def run(self, policy_configuration, traffic_generation): self.traffic_generation = traffic_generation - debug = "local" + debug = "traffic" if debug == "local": #traffic_generation["type"]=traffic_generation["tool"] traffic_generation_json_str = json.dumps(traffic_generation) -- cgit v1.2.3 From 8f92bda5528fa5059b60ac500f3bf0599993be55 Mon Sep 17 00:00:00 2001 From: dongxiaoyan Date: Wed, 27 Nov 2024 19:55:49 +0800 Subject: 1、测试数据适配重构代码 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...cip_dstip_http_muti_resheader_line_all_bytes.py | 673 ++++++++++++------ ...ats_srcip_dstip_http_pre_fqdn_line_all_bytes.py | 662 ++++++++++++----- ...http_sub_fqdn_table_syn_pkts_dim_s_ip_object.py | 443 +++++++----- ...stip_http_sub_url_table_all_bytes_dim_c_s_ip.py | 725 +++++++++++++------ ...dstip_http_sub_url_table_all_pkts_dim_c_s_ip.py | 623 ++++++++++------ ...p_dstip_http_sub_url_table_syn_pkts_dim_s_ip.py | 519 +++++++++----- ...ts_srcip_dstip_http_suff_fqdn_line_all_bytes.py | 662 ++++++++++++----- ..._srcip_dstip_http_table_all_bytes_decoded_as.py | 642 ++++++++++++----- ...ats_srcip_dstip_http_table_all_bytes_dim_app.py | 652 ++++++++++++----- ...tip_http_table_all_bytes_dim_app_appcategory.py | 697 +++++++++++++----- ...rcip_dstip_http_table_all_bytes_dim_app_fqdn.py | 655 ++++++++++++----- ...p_dstip_http_table_all_bytes_dim_appcategory.py | 652 ++++++++++++----- ...p_dstip_http_table_all_bytes_dim_c2s_link_id.py | 653 ++++++++++++----- ...tip_http_table_all_bytes_dim_c2s_s2c_link_id.py | 696 +++++++++++++----- ...p_dstip_http_table_all_bytes_dim_c2s_s2c_ttl.py | 697 +++++++++++++----- ...srcip_dstip_http_table_all_bytes_dim_c2s_ttl.py | 653 ++++++++++++----- ...cip_dstip_http_table_all_bytes_dim_c_country.py | 652 ++++++++++++----- ...ts_srcip_dstip_http_table_all_bytes_dim_c_ip.py | 653 ++++++++++++----- ..._dstip_http_table_all_bytes_dim_c_ip_objects.py | 649 ++++++++++++----- ...cip_dstip_http_table_all_bytes_dim_c_ip_s_ip.py | 697 +++++++++++++----- ..._srcip_dstip_http_table_all_bytes_dim_c_port.py | 652 ++++++++++++----- ...p_dstip_http_table_all_bytes_dim_c_s_country.py | 697 +++++++++++++----- ...tip_http_table_all_bytes_dim_c_s_country_app.py | 739 ++++++++++++++----- ...le_all_bytes_dim_c_s_country_app_appcategory.py | 787 +++++++++++++++------ ...stip_http_table_all_bytes_dim_c_s_ip_objects.py | 697 +++++++++++++----- ...rcip_dstip_http_table_all_bytes_dim_c_s_port.py | 697 +++++++++++++----- ...ip_dstip_http_table_all_bytes_dim_decoded_as.py | 642 ++++++++++++----- ..._dstip_http_table_all_bytes_dim_device_group.py | 620 +++++++++++----- ..._table_all_bytes_dim_device_group_decoded_as.py | 697 +++++++++++++----- ...cip_dstip_http_table_all_bytes_dim_direction.py | 646 ++++++++++++----- ..._srcip_dstip_http_table_all_bytes_dim_domain.py | 652 ++++++++++++----- ...s_srcip_dstip_http_table_all_bytes_dim_flags.py | 652 ++++++++++++----- ...ts_srcip_dstip_http_table_all_bytes_dim_fqdn.py | 674 ++++++++++++------ ...p_dstip_http_table_all_bytes_dim_fqdn_domain.py | 697 +++++++++++++----- ...cip_dstip_http_table_all_bytes_dim_http_host.py | 652 ++++++++++++----- ...p_dstip_http_table_all_bytes_dim_s2c_link_id.py | 652 ++++++++++++----- ...srcip_dstip_http_table_all_bytes_dim_s2c_ttl.py | 652 ++++++++++++----- ...cip_dstip_http_table_all_bytes_dim_s_country.py | 652 ++++++++++++----- ...ts_srcip_dstip_http_table_all_bytes_dim_s_ip.py | 651 ++++++++++++----- ...rcip_dstip_http_table_all_bytes_dim_s_ip_app.py | 719 +++++++++++++------ ...cip_dstip_http_table_all_bytes_dim_s_ip_fqdn.py | 719 +++++++++++++------ ..._dstip_http_table_all_bytes_dim_s_ip_objects.py | 651 ++++++++++++----- ..._srcip_dstip_http_table_all_bytes_dim_s_port.py | 652 ++++++++++++----- ...srcip_dstip_http_table_all_bytes_dim_sled_ip.py | 646 ++++++++++++----- ..._srcip_dstip_http_table_all_bytes_dim_sub_id.py | 646 ++++++++++++----- 45 files changed, 21135 insertions(+), 8661 deletions(-) diff --git a/tests/statistics/stats_srcip_dstip_http_muti_resheader_line_all_bytes.py b/tests/statistics/stats_srcip_dstip_http_muti_resheader_line_all_bytes.py index 4e254b6d6..b12045628 100644 --- a/tests/statistics/stats_srcip_dstip_http_muti_resheader_line_all_bytes.py +++ b/tests/statistics/stats_srcip_dstip_http_muti_resheader_line_all_bytes.py @@ -1,248 +1,521 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_http_reqheader", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "curl/&8.0.1" + } + ] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "line", + "table_type": "" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Time", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "__time" + ], + "function": { + "name": "DATETIME_FLOOR_WITH_FILL", + "expression": "", + "variables": [ + + ] + }, + "label": "Time", + "is_drill_down": 0 + } + ], + "limit": 65536, + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.14", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "line", + "table_type": "" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Time", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "__time" + ], + "function": { + "name": "DATETIME_FLOOR_WITH_FILL", + "expression": "", + "variables": [ + + ] + }, + "label": "Time", + "is_drill_down": 0 + } + ], + "limit": 65536, + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1).replace("_xly_fqdn_xly_url", "", 1).replace("_multi_sub_resheader_sub_resbody", "", 1), - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ { - "item_operation": "add", - "item_type": "request_header", - "item_key": "User-Agent", - "item_value": "TEXT", - "value": [ - "curl/", - "8.0.1" - ] + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "line", + "table_type": "" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Time", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "__time" + ], + "function": { + "name": "DATETIME_FLOOR_WITH_FILL", + "expression": "", + "variables": [ + + ] + }, + "label": "Time", + "is_drill_down": 0 + } + ], + "limit": 65536, + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "", + "source": "statistics_rule", + "series_limit": "" + } } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Line", - "metrics": [ - "sent_bytes:BITRATE:in bytes", - "received_bytes:BITRATE:out bytes", - "sent_bytes+received_bytes:BITRATE:bytes" - ], - "dimensions": [], - "order_by": "", - "row_limit": "", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": "default name", - "visualization_type": "Line", - "metrics": [ - "sent_bytes:RATE:in bytes", - "received_bytes:RATE:out bytes", - "sent_bytes+received_bytes:RATE:bytes" - ], - "dimensions": [], - "order_by": "", - "row_limit": "", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": "default name", - "visualization_type": "Line", - "metrics": [ - "sent_bytes:SUM:in bytes", - "received_bytes:SUM:out bytes", - "sent_bytes+received_bytes:SUM:bytes" - ], - "dimensions": [], - "order_by": "", - "row_limit": "", - "min_in_size": "1", - "min_out_size": "1" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.14", - "clients_end_ip": "10.64.224.14", - "servers_start_ip": "2.1.1.14", - "servers_end_ip": "2.1.1.14", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" + ] + }, + "vsys": 1 + } }, - "statists_metric_results": [ - {"time": "2024-07-24T01:36:19Z", "out_bytes": 745744, "in_bytes": 9120, "bytes": 754864} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" } parameter = replace_paras(parameter) diff --git a/tests/statistics/stats_srcip_dstip_http_pre_fqdn_line_all_bytes.py b/tests/statistics/stats_srcip_dstip_http_pre_fqdn_line_all_bytes.py index 8606aed93..59f3a97e5 100644 --- a/tests/statistics/stats_srcip_dstip_http_pre_fqdn_line_all_bytes.py +++ b/tests/statistics/stats_srcip_dstip_http_pre_fqdn_line_all_bytes.py @@ -1,241 +1,519 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SERVER_FQDN", + "type": "fqdn", + "name": "sec_fqdn", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^www.yumi." + } + ] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "line", + "table_type": "" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Time", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "__time" + ], + "function": { + "name": "DATETIME_FLOOR_WITH_FILL", + "expression": "", + "variables": [ + + ] + }, + "label": "Time", + "is_drill_down": 0 + } + ], + "limit": 65536, + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.14", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "line", + "table_type": "" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Time", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "__time" + ], + "function": { + "name": "DATETIME_FLOOR_WITH_FILL", + "expression": "", + "variables": [ + + ] + }, + "label": "Time", + "is_drill_down": 0 + } + ], + "limit": 65536, + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - { - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1).replace("_xly_url_sub_reqheader_multi_sub_resheader_sub_resbody", "", 1), - "object_type": "fqdn", - "select_type": False, - "negate": False, - "plus": False, - "items": [ { - "item_operation": "add", - "item_value": "^www.yumi.", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "line", + "table_type": "" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Time", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "__time" + ], + "function": { + "name": "DATETIME_FLOOR_WITH_FILL", + "expression": "", + "variables": [ + + ] + }, + "label": "Time", + "is_drill_down": 0 + } + ], + "limit": 65536, + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "", + "source": "statistics_rule", + "series_limit": "" + } } ] - } - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] + }, + "vsys": 1 + } }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Line", - "metrics": [ - "sent_bytes:BITRATE:in bytes", - "received_bytes:BITRATE:out bytes", - "sent_bytes+received_bytes:BITRATE:bytes" - ], - "dimensions": [], - "order_by": "", - "row_limit": "", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": "default name", - "visualization_type": "Line", - "metrics": [ - "sent_bytes:RATE:in bytes", - "received_bytes:RATE:out bytes", - "sent_bytes+received_bytes:RATE:bytes" - ], - "dimensions": [], - "order_by": "", - "row_limit": "", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": "default name", - "visualization_type": "Line", - "metrics": [ - "sent_bytes:SUM:in bytes", - "received_bytes:SUM:out bytes", - "sent_bytes+received_bytes:SUM:bytes" - ], - "dimensions": [], - "order_by": "", - "row_limit": "", - "min_in_size": "1", - "min_out_size": "1" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.14", - "clients_end_ip": "10.64.224.14", - "servers_start_ip": "2.1.1.14", - "servers_end_ip": "2.1.1.14", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [ - {"time": "2024-07-24T01:36:19Z", "out_bytes": 745744, "in_bytes": 9120, "bytes": 754864} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" } parameter = replace_paras(parameter) diff --git a/tests/statistics/stats_srcip_dstip_http_sub_fqdn_table_syn_pkts_dim_s_ip_object.py b/tests/statistics/stats_srcip_dstip_http_sub_fqdn_table_syn_pkts_dim_s_ip_object.py index a53170f9d..cf39dad0b 100644 --- a/tests/statistics/stats_srcip_dstip_http_sub_fqdn_table_syn_pkts_dim_s_ip_object.py +++ b/tests/statistics/stats_srcip_dstip_http_sub_fqdn_table_syn_pkts_dim_s_ip_object.py @@ -1,213 +1,322 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", - }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "statistics_option": "Brief", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.9", - }, - ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - { - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "object_type": "fqdn", - "select_type": False, - "negate": False, - "plus": False, - "items": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SERVER_FQDN", + "type": "fqdn", + "name": "sec_fqdn", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": ".yumi.com" + } + ] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_value": ".yumi.com", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "line", + "table_type": "" + }, + "uuid": "", + "name": "SUM(SYN Packets) Distributed by Time, Server IP Object List", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_ip_object_list" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP Object List", + "is_drill_down": 0 + }, + { + "source_fields": [ + "__time" + ], + "function": { + "name": "DATETIME_FLOOR_WITH_FILL", + "expression": "", + "variables": [ + + ] + }, + "label": "Time", + "is_drill_down": 0 + } + ], + "limit": 65536, + "metrics": [ + { + "source_fields": [ + "syn_pkts" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(SYN Packets)", + "unit": "packets" + } + ], + "order_by": "", + "source": "statistics_rule", + "series_limit": "" + } } ] - } - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "visualization_type": "Table", - "metrics": [ - "syn_pkts:SUM:Syn Pkts" - ], - "dimensions": [ - "server_ip_object_list" - ], - "order_by": "Syn Pkts", - "row_limit": "10", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.9", - "clients_end_ip": "10.64.224.9", - "servers_start_ip": "2.1.1.9", - "servers_end_ip": "2.1.1.9", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" + }, + "vsys": 1 + } }, - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ diff --git a/tests/statistics/stats_srcip_dstip_http_sub_url_table_all_bytes_dim_c_s_ip.py b/tests/statistics/stats_srcip_dstip_http_sub_url_table_all_bytes_dim_c_s_ip.py index 344059b70..d4157fedb 100644 --- a/tests/statistics/stats_srcip_dstip_http_sub_url_table_all_bytes_dim_c_s_ip.py +++ b/tests/statistics/stats_srcip_dstip_http_sub_url_table_all_bytes_dim_c_s_ip.py @@ -1,256 +1,565 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "www.ct.cn" + } + ] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Client IP, Server IP", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client IP", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.3", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Client IP, Server IP", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client IP", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [ - { - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ { - "item_operation": "add", - "item_type": "url", - "item_value": "www.ct.cn" + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Client IP, Server IP", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client IP", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "client_ip", - "server_ip" - ], - "order_by": "Bytes Received", - "row_limit": "10", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "client_ip", - "server_ip" - ], - "order_by": "Bytes Received", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "client_ip", - "server_ip" - ], - "order_by": "Bytes", - "row_limit": "100", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.3", - "clients_end_ip": "10.64.224.3", - "servers_start_ip": "2.1.1.3", - "servers_end_ip": "2.1.1.3", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_get_347pkts" + ] + }, + "vsys": 1 + } }, - "statists_metric_results": [#如果Bytes Aggregate为:BITRATE则Bytes*8 - {"app_category_id": "255","in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_get_347pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 339823, "total_bytes_received": 333931, "total_bytes_sent": 5892, "total_packets": 347, "total_packets_received": 250, "total_packets_sent": 97, "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.ct.cn"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ diff --git a/tests/statistics/stats_srcip_dstip_http_sub_url_table_all_pkts_dim_c_s_ip.py b/tests/statistics/stats_srcip_dstip_http_sub_url_table_all_pkts_dim_c_s_ip.py index a71218b0b..0ab3c16ec 100644 --- a/tests/statistics/stats_srcip_dstip_http_sub_url_table_all_pkts_dim_c_s_ip.py +++ b/tests/statistics/stats_srcip_dstip_http_sub_url_table_all_pkts_dim_c_s_ip.py @@ -1,254 +1,461 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", - }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "statistics_option": "Brief", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.3", - }, - ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [ - { - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "www.ct.cn" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "visualization_type": "Table", - "metrics": [ - "sent_pkts:SUM:Packets Sent", - "received_pkts:SUM:Packets Received", - "sent_pkts+received_pkts:SUM:All Pkts" - ], - "dimensions": [ - "client_ip", - "server_ip" - ], - "order_by": "All Pkts", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": parameter["test_case_name"].replace("_srcip_dstip", "_1", 1), - "visualization_type": "Table", - "metrics": [ - "sent_pkts:SUM:Packets Sent", - "received_pkts:SUM:Packets Received", - "sent_pkts+received_pkts:SUM:All Pkts" - ], - "dimensions": [ - "client_ip", - "server_ip" - ], - "order_by": "Packets Received", - "row_limit": "50", - "min_in_size": "0", - "min_out_size": "0" - }, + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": parameter["test_case_name"].replace("_srcip_dstip", "_2", 1), - "visualization_type": "Table", - "metrics": [ - "sent_pkts:SUM:Packets Sent", - "received_pkts:SUM:Packets Received", - "sent_pkts+received_pkts:SUM:All Pkts" - ], - "dimensions": [ - "client_ip", - "server_ip" - ], - "order_by": "Packets Sent", - "row_limit": "100", - "min_in_size": "0", - "min_out_size": "0" + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "www.ct.cn" + } + ] } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.ct.cn"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.3", - "clients_end_ip": "10.64.224.3", - "servers_start_ip": "2.1.1.3", - "servers_end_ip": "2.1.1.3", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_get_347pkts" + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Packets Sent, Packets Received), RATE(Packets Sent) and RATE(Packets Received) Distributed by Client IP, Server IP", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client IP", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_pkts", + "received_pkts" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Packets Sent, Packets Received)", + "unit": "pps" + }, + { + "source_fields": [ + "sent_pkts" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Packets Sent)", + "unit": "pps" + }, + { + "source_fields": [ + "received_pkts" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Packets Received)", + "unit": "pps" + } + ], + "order_by": "RATE(Packets Sent, Packets Received)", + "source": "statistics_rule", + "series_limit": "" + } + }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Packets Sent, Packets Received), SUM(Packets Sent) and SUM(Packets Received) Distributed by Client IP, Server IP", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client IP", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_pkts", + "received_pkts" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Packets Sent, Packets Received)", + "unit": "packets" + }, + { + "source_fields": [ + "sent_pkts" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Packets Sent)", + "unit": "packets" + }, + { + "source_fields": [ + "received_pkts" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Packets Received)", + "unit": "packets" + } + ], + "order_by": "SUM(Packets Sent, Packets Received)", + "source": "statistics_rule", + "series_limit": "" + } + } + ] + }, + "vsys": 1 + } }, - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_get_347pkts" + } + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.ct.cn"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ diff --git a/tests/statistics/stats_srcip_dstip_http_sub_url_table_syn_pkts_dim_s_ip.py b/tests/statistics/stats_srcip_dstip_http_sub_url_table_syn_pkts_dim_s_ip.py index 541042520..625c0606f 100644 --- a/tests/statistics/stats_srcip_dstip_http_sub_url_table_syn_pkts_dim_s_ip.py +++ b/tests/statistics/stats_srcip_dstip_http_sub_url_table_syn_pkts_dim_s_ip.py @@ -1,216 +1,395 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", - }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "statistics_option":"Brief", - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "www.ct.cn" + } + ] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.9", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(SYN Packets) Distributed by Client IP, Server IP", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client IP", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "syn_pkts" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(SYN Packets)", + "unit": "Bps" + } + ], + "order_by": "RATE(SYN Packets)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ { - "item_operation": "add", - "item_type": "url", - "item_value": "www.yumi.com" + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(SYN Packets) Distributed by Client IP, Server IP", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client IP", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "syn_pkts" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(SYN Packets)", + "unit": "bytes" + } + ], + "order_by": "SUM(SYN Packets)", + "source": "statistics_rule", + "series_limit": "" + } } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "visualization_type": "Table", - "metrics": [ - "syn_pkts:SUM:Syn Pkts" - ], - "dimensions": [ - "server_ip" - ], - "order_by": "Syn Pkts", - "row_limit": "100", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.9", - "clients_end_ip": "10.64.224.9", - "servers_start_ip": "2.1.1.9", - "servers_end_ip": "2.1.1.9", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" + ] + }, + "vsys": 1 + } }, - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_get_347pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.ct.cn"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ diff --git a/tests/statistics/stats_srcip_dstip_http_suff_fqdn_line_all_bytes.py b/tests/statistics/stats_srcip_dstip_http_suff_fqdn_line_all_bytes.py index 417796d87..4101cc680 100644 --- a/tests/statistics/stats_srcip_dstip_http_suff_fqdn_line_all_bytes.py +++ b/tests/statistics/stats_srcip_dstip_http_suff_fqdn_line_all_bytes.py @@ -1,241 +1,519 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SERVER_FQDN", + "type": "fqdn", + "name": "sec_fqdn", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "yumi.com$" + } + ] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "line", + "table_type": "" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Time", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "__time" + ], + "function": { + "name": "DATETIME_FLOOR_WITH_FILL", + "expression": "", + "variables": [ + + ] + }, + "label": "Time", + "is_drill_down": 0 + } + ], + "limit": 65536, + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.14", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "line", + "table_type": "" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Time", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "__time" + ], + "function": { + "name": "DATETIME_FLOOR_WITH_FILL", + "expression": "", + "variables": [ + + ] + }, + "label": "Time", + "is_drill_down": 0 + } + ], + "limit": 65536, + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - { - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1).replace("_xly_url_sub_reqheader_multi_sub_resheader_sub_resbody", "", 1), - "object_type": "fqdn", - "select_type": False, - "negate": False, - "plus": False, - "items": [ { - "item_operation": "add", - "item_value": "yumi.com$", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "line", + "table_type": "" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Time", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "__time" + ], + "function": { + "name": "DATETIME_FLOOR_WITH_FILL", + "expression": "", + "variables": [ + + ] + }, + "label": "Time", + "is_drill_down": 0 + } + ], + "limit": 65536, + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "", + "source": "statistics_rule", + "series_limit": "" + } } ] - } - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] + }, + "vsys": 1 + } }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Line", - "metrics": [ - "sent_bytes:BITRATE:in bytes", - "received_bytes:BITRATE:out bytes", - "sent_bytes+received_bytes:BITRATE:bytes" - ], - "dimensions": [], - "order_by": "", - "row_limit": "", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": "default name", - "visualization_type": "Line", - "metrics": [ - "sent_bytes:RATE:in bytes", - "received_bytes:RATE:out bytes", - "sent_bytes+received_bytes:RATE:bytes" - ], - "dimensions": [], - "order_by": "", - "row_limit": "", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": "default name", - "visualization_type": "Line", - "metrics": [ - "sent_bytes:SUM:in bytes", - "received_bytes:SUM:out bytes", - "sent_bytes+received_bytes:SUM:bytes" - ], - "dimensions": [], - "order_by": "", - "row_limit": "", - "min_in_size": "1", - "min_out_size": "1" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.14", - "clients_end_ip": "10.64.224.14", - "servers_start_ip": "2.1.1.14", - "servers_end_ip": "2.1.1.14", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [ - {"time": "2024-07-24T01:36:19Z", "out_bytes": 745744, "in_bytes": 9120, "bytes": 754864} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" } parameter = replace_paras(parameter) diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_decoded_as.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_decoded_as.py index f7f52b513..3d855b546 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_decoded_as.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_decoded_as.py @@ -1,234 +1,502 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Decoded AS", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "decoded_as" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Decoded AS", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.14", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Decoded AS", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "decoded_as" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Decoded AS", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Decoded AS", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "decoded_as" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Decoded AS", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] + }, + "vsys": 1 + } }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "decoded_as" - ], - "order_by": "Bytes", - "row_limit": "10", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "decoded_as" - ], - "order_by": "Bytes Sent", - "row_limit": "20", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "decoded_as" - ], - "order_by": "Bytes Received", - "row_limit": "50", - "min_in_size": "1", - "min_out_size": "1" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.14", - "clients_end_ip": "10.64.224.14", - "servers_start_ip": "2.1.1.14", - "servers_end_ip": "2.1.1.14", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [ - {"time": "2024-07-24T01:36:19Z", "out_bytes": 745744, "in_bytes": 9120, "bytes": 754864} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_get_347pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 339823, "total_bytes_received": 333931, "total_bytes_sent": 5892, "total_packets": 347, "total_packets_received": 250, "total_packets_sent": 97, "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.ct.cn"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" } parameter = replace_paras(parameter) diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_app.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_app.py index 6647e04a1..03f2044f3 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_app.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_app.py @@ -1,238 +1,506 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", - }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", - }, - ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "app" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "app" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "app" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] } ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [#如果Bytes Aggregate为:BITRATE则Bytes*8 - {"applicatoin": "2407TCP","in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} + } ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Application", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "app" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Application", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "app" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Application", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "app" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } + ] + }, + "vsys": 1 + } + }, + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -241,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_app_appcategory.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_app_appcategory.py index b7ffaadbd..fb81be56f 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_app_appcategory.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_app_appcategory.py @@ -1,241 +1,548 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Application, Application Category", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "app" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application", + "is_drill_down": 0 + }, + { + "source_fields": [ + "app_category" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application Category", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Application, Application Category", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "app" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application", + "is_drill_down": 0 + }, + { + "source_fields": [ + "app_category" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application Category", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Application, Application Category", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "app" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application", + "is_drill_down": 0 + }, + { + "source_fields": [ + "app_category" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application Category", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] + }, + "vsys": 1 + } }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "app", - "app_category" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "app", - "app_category" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "app", - "app_category" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [ - {"application": "2407TCP", "app_category": "4", "in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -244,4 +551,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_app_fqdn.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_app_fqdn.py index 596da78e0..6c1bb4ee1 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_app_fqdn.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_app_fqdn.py @@ -1,241 +1,506 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Server FQDN", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_fqdn" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server FQDN", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Server FQDN", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_fqdn" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server FQDN", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Server FQDN", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_fqdn" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server FQDN", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "app", - "server_fqdn" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "app", - "server_fqdn" - ], - "order_by": "Bytes Sent", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "app", - "server_fqdn" - ], - "order_by": "Bytes Received", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] + }, + "vsys": 1 + } }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [#如果Bytes Aggregate为:BITRATE则Bytes*8 - {"server_fqdn": "www.yumi.com","in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -244,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_appcategory.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_appcategory.py index 371d19ce8..35c84961d 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_appcategory.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_appcategory.py @@ -1,238 +1,506 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Application Category", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "app_category" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application Category", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Application Category", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "app_category" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application Category", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Application Category", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "app_category" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application Category", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "app_category" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "app_category" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "app_category" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] + }, + "vsys": 1 + } }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [#如果Bytes Aggregate为:BITRATE则Bytes*8 - {"app_category_id": "255","in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -241,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c2s_link_id.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c2s_link_id.py index fe864ad22..dc2bba9d7 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c2s_link_id.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c2s_link_id.py @@ -1,239 +1,506 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Client-to-Server Link ID", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "c2s_link_id" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client-to-Server Link ID", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Client-to-Server Link ID", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "c2s_link_id" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client-to-Server Link ID", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Client-to-Server Link ID", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "c2s_link_id" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client-to-Server Link ID", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "in_bytes+out_bytes:SUM:Bytes" - ], - "dimensions": [ - "c2s_link_id" - ], - "order_by": "bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "in_bytes+out_bytes:RATE:Bytes" - ], - "dimensions": [ - "c2s_link_id" - ], - "order_by": "bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "in_bytes+out_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "c2s_link_id" - ], - "order_by": "bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] + }, + "vsys": 1 + } }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [#如果Bytes Aggregate为:BITRATE则Bytes*8 - {"c2s_link_id": 720, "s2c_link_id": 720, "in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # name_list汇总 - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -242,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c2s_s2c_link_id.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c2s_s2c_link_id.py index 01a98acd8..24d5c4619 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c2s_s2c_link_id.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c2s_s2c_link_id.py @@ -1,242 +1,548 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Client-to-Server Link ID, Server-to-Client Link ID", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "c2s_link_id" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client-to-Server Link ID", + "is_drill_down": 0 + }, + { + "source_fields": [ + "s2c_link_id" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server-to-Client Link ID", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Client-to-Server Link ID, Server-to-Client Link ID", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "c2s_link_id" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client-to-Server Link ID", + "is_drill_down": 0 + }, + { + "source_fields": [ + "s2c_link_id" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server-to-Client Link ID", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Client-to-Server Link ID, Server-to-Client Link ID", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "c2s_link_id" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client-to-Server Link ID", + "is_drill_down": 0 + }, + { + "source_fields": [ + "s2c_link_id" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server-to-Client Link ID", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] + }, + "vsys": 1 + } }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ + "is_enabled": 1, + "log_option": "metadata" + } - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "c2s_link_id", - "s2c_link_id" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "c2s_link_id", - "s2c_link_id" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "c2s_link_id", - "s2c_link_id" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [ - {"c2s_link_id": 720, "s2c_link_id": 720, "in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -245,4 +551,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c2s_s2c_ttl.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c2s_s2c_ttl.py index 11e3b3d5f..22c9b4b82 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c2s_s2c_ttl.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c2s_s2c_ttl.py @@ -1,241 +1,548 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Client-to-Server TTL, Server-to-Client TTL", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "c2s_ttl" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client-to-Server TTL", + "is_drill_down": 0 + }, + { + "source_fields": [ + "s2c_ttl" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server-to-Client TTL", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Client-to-Server TTL, Server-to-Client TTL", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "c2s_ttl" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client-to-Server TTL", + "is_drill_down": 0 + }, + { + "source_fields": [ + "s2c_ttl" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server-to-Client TTL", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Client-to-Server TTL, Server-to-Client TTL", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "c2s_ttl" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client-to-Server TTL", + "is_drill_down": 0 + }, + { + "source_fields": [ + "s2c_ttl" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server-to-Client TTL", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] + }, + "vsys": 1 + } }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "received_bytes:SUM:Bytes Received", - "sent_bytes:SUM:Bytes Sent", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "c2s_ttl", - "s2c_ttl" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "received_bytes:RATE:Bytes Received", - "sent_bytes:RATE:Bytes Sent", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "c2s_ttl", - "s2c_ttl" - ], - "order_by": "Bytes Received", - "row_limit": "50", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "received_bytes:BITRATE:Bytes Received", - "sent_bytes:BITRATE:Bytes Sent", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "c2s_ttl", - "s2c_ttl" - ], - "order_by": "Bytes Sent", - "row_limit": "100", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [ - {"c2s_ttl": 64, "s2c_ttl": 40, "in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -244,4 +551,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c2s_ttl.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c2s_ttl.py index cdd128cb6..49ab8696c 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c2s_ttl.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c2s_ttl.py @@ -1,239 +1,506 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Client-to-Server TTL", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "c2s_ttl" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client-to-Server TTL", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Client-to-Server TTL", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "c2s_ttl" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client-to-Server TTL", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Client-to-Server TTL", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "c2s_ttl" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client-to-Server TTL", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "received_bytes:SUM:Bytes Received", - "sent_bytes:SUM:Bytes Sent", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "c2s_ttl" - ], - "order_by": "Bytes", - "row_limit": "200", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "received_bytes:RATE:Bytes Received", - "sent_bytes:RATE:Bytes Sent", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "c2s_ttl" - ], - "order_by": "Bytes", - "row_limit": "500", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "received_bytes:BITRATE:Bytes Received", - "sent_bytes:BITRATE:Bytes Sent", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "c2s_ttl" - ], - "order_by": "Bytes", - "row_limit": "1000", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" + }, + "vsys": 1 + } }, - "statists_metric_results": [ - {"c2s_ttl": 64, "s2c_ttl": 40, "in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - - if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1,#6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -242,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_country.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_country.py index aeeab1b03..d25bdeb6e 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_country.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_country.py @@ -1,238 +1,506 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", - }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", - }, - ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "client_country" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "client_country" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "client_country" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] } ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [#如果Bytes Aggregate为:BITRATE则Bytes*8 - {"applicatoin": "2407TCP","in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} + } ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Client Country", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client Country", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Client Country", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client Country", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Client Country", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client Country", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } + ] + }, + "vsys": 1 + } + }, + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -241,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_ip.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_ip.py index e3b3d07ce..6e404189f 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_ip.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_ip.py @@ -1,243 +1,512 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name":parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.38.240", - }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name":parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.66", - }, - ] - } - ], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:SUM(Send Bytes)", - "received_bytes:SUM:SUM(Received Bytes)", - "sent_bytes+received_bytes:SUM:SUM(Sent Bytes Received Bytes)" - ], - "dimensions": ["client_ip"], - "order_by": "SUM(Sent Bytes Received Bytes)", - "row_limit": "500", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:RATE(Send Bytes)", - "received_bytes:RATE:RATE(Received Bytes)", - "sent_bytes+received_bytes:RATE:RATE(Sent Bytes Received Bytes)" - ], - "dimensions": ["client_ip"], - "order_by": "RATE(Send Bytes)", - "row_limit": "500", - "min_in_size": "0", - "min_out_size": "0" - }, + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:BITRATE(Send Bytes)", - "received_bytes:BITRATE:BITRATE(Received Bytes)", - "sent_bytes+received_bytes:BITRATE:BITRATE(Sent Bytes Received Bytes)" - ], - "dimensions": ["client_ip"], - "order_by": "BITRATE(Received Bytes)", - "row_limit": "500", - "min_in_size": "0", - "min_out_size": "0" - }, + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Bar", - "metrics": [ - "sent_bytes+received_bytes:RATE:BITRATE(Sent Bytes Received Bytes)" - ], - "dimensions": ["app"], - "order_by": "RATE(Sent Bytes Received Bytes)", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] } ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.38.240", - "clients_end_ip": "10.64.38.240", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Client IP", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client IP", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Client IP", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client IP", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Client IP", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client IP", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } + ] + }, + "vsys": 1 + } }, - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - if __name__ == '__main__': parameter = { - "username": "admin", - "password": "admin", + "username": "zhaokun", + "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", "is_log": 0, "env": "tsgx", - "vsys_id": 5,#5 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) - """ # 在测试文件的当前路径执行如下命令执行测试用例: pytest –cache-clear -v pytest_json.py --alluredir ./allure # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_ip_objects.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_ip_objects.py index e1c9a8dda..9333e63d9 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_ip_objects.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_ip_objects.py @@ -1,237 +1,506 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "statistics_option": "Brief", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Client IP Object List", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_ip_object_list" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client IP Object List", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Client IP Object List", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_ip_object_list" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client IP Object List", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Client IP Object List", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_ip_object_list" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client IP Object List", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "in_bytes+out_bytes:SUM:bytes" - ], - "dimensions": [ - "client_ip_object_list" - ], - "order_by": "bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "in_bytes+out_bytes:RATE:Bytes" - ], - "dimensions": [ - "client_ip_object_list" - ], - "order_by": "Bytes Received", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "in_bytes+out_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "client_ip_object_list" - ], - "order_by": "Bytes Sent", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" + }, + "vsys": 1 + } }, - "statists_metric_results": [ - {"client_ip_object_list": "1573552", "in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -240,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_ip_s_ip.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_ip_s_ip.py index 41f6eebf5..7e0d49ce6 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_ip_s_ip.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_ip_s_ip.py @@ -1,241 +1,548 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Client IP, Server IP", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client IP", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Client IP, Server IP", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client IP", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Client IP, Server IP", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client IP", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] + }, + "vsys": 1 + } }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "client_ip", - "server_ip" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "client_ip", - "server_ip" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "client_ip", - "server_ip" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [ - {"client_ip": "10.64.21.243", "server_ip": "2.1.1.31", "in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -244,4 +551,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_port.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_port.py index da7b25370..17e281a05 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_port.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_port.py @@ -1,238 +1,506 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Client Port", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_port" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client Port", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Client Port", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_port" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client Port", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Client Port", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_port" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client Port", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "client_port" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "client_port" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "client_port" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] + }, + "vsys": 1 + } }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [ - {"client_port": 41668, "in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -241,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_s_country.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_s_country.py index 3b9a9e55e..780fe80b8 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_s_country.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_s_country.py @@ -1,241 +1,548 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", - }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", - }, - ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "client_country", - "server_country" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "client_country", - "server_country" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "client_country", - "server_country" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] } ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [#如果Bytes Aggregate为:BITRATE则Bytes*8 - {"applicatoin": "2407TCP","in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} + } ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Client Country, Server Country", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client Country", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Country", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Client Country, Server Country", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client Country", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Country", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Client Country, Server Country", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client Country", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Country", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } + ] + }, + "vsys": 1 + } + }, + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -244,4 +551,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_s_country_app.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_s_country_app.py index 3b9a9e55e..ffbcb1161 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_s_country_app.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_s_country_app.py @@ -1,241 +1,590 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", - }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", - }, - ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "client_country", - "server_country" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "client_country", - "server_country" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "client_country", - "server_country" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] } ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [#如果Bytes Aggregate为:BITRATE则Bytes*8 - {"applicatoin": "2407TCP","in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} + } ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Client Country, Server Country, Application", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client Country", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Country", + "is_drill_down": 0 + }, + { + "source_fields": [ + "app" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Client Country, Server Country, Application", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client Country", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Country", + "is_drill_down": 0 + }, + { + "source_fields": [ + "app" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Client Country, Server Country, Application", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client Country", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Country", + "is_drill_down": 0 + }, + { + "source_fields": [ + "app" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } + ] + }, + "vsys": 1 + } + }, + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -244,4 +593,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_s_country_app_appcategory.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_s_country_app_appcategory.py index 4d71be9de..db022fcbc 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_s_country_app_appcategory.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_s_country_app_appcategory.py @@ -1,247 +1,632 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", - }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", - }, - ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "client_country", - "server_country", - "app", - "app_category" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "client_country", - "server_country", - "app", - "app_category" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "client_country", - "server_country", - "app", - "app_category" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] } ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [#如果Bytes Aggregate为:BITRATE则Bytes*8 - {"applicatoin": "2407TCP","in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} + } ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Client Country, Server Country, Application, Application Category", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client Country", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Country", + "is_drill_down": 0 + }, + { + "source_fields": [ + "app" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application", + "is_drill_down": 0 + }, + { + "source_fields": [ + "app_category" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application Category", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Client Country, Server Country, Application, Application Category", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client Country", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Country", + "is_drill_down": 0 + }, + { + "source_fields": [ + "app" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application", + "is_drill_down": 0 + }, + { + "source_fields": [ + "app_category" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application Category", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Client Country, Server Country, Application, Application Category", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client Country", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Country", + "is_drill_down": 0 + }, + { + "source_fields": [ + "app" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application", + "is_drill_down": 0 + }, + { + "source_fields": [ + "app_category" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application Category", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } + ] + }, + "vsys": 1 + } + }, + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -250,4 +635,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_s_ip_objects.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_s_ip_objects.py index c4e8338ec..bab8738a6 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_s_ip_objects.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_s_ip_objects.py @@ -1,243 +1,548 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "statistics_option": "Brief", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Client IP Object List, Server IP Object List", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_ip_object_list" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client IP Object List", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_ip_object_list" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP Object List", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "statistics_option": "Brief", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Client IP Object List, Server IP Object List", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_ip_object_list" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client IP Object List", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_ip_object_list" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP Object List", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Client IP Object List, Server IP Object List", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_ip_object_list" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client IP Object List", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_ip_object_list" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP Object List", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "in_bytes+out_bytes:SUM:Bytes" - ], - "dimensions": [ - "client_ip_object_list", - "server_ip_object_list" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "in_bytes+out_bytes:RATE:Bytes" - ], - "dimensions": [ - "client_ip_object_list", - "server_ip_object_list" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "in_bytes+out_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "client_ip_object_list", - "server_ip_object_list" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] + }, + "vsys": 1 + } }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [ - {"client_ip_object_list": "1573552","server_ip_object_list": "1573552", "in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - - if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1,#6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -246,4 +551,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_s_port.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_s_port.py index 44205a263..80337f8cb 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_s_port.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_c_s_port.py @@ -1,241 +1,548 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Client Port, Server Port", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_port" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client Port", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_port" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Port", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Client Port, Server Port", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_port" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client Port", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_port" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Port", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Client Port, Server Port", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "client_port" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Client Port", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_port" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Port", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] + }, + "vsys": 1 + } }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "in_bytes+out_bytes:SUM:Bytes" - ], - "dimensions": [ - "client_port", - "server_port" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "in_bytes+out_bytes:RATE:Bytes" - ], - "dimensions": [ - "client_port", - "server_port" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "in_bytes+out_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "client_port", - "server_port" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [ - {"client_port": 41668, "server_port": 80, "in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -244,4 +551,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_decoded_as.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_decoded_as.py index 67e7b2ebf..3d855b546 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_decoded_as.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_decoded_as.py @@ -1,234 +1,502 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Decoded AS", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "decoded_as" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Decoded AS", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.14", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Decoded AS", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "decoded_as" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Decoded AS", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Decoded AS", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "decoded_as" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Decoded AS", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] + }, + "vsys": 1 + } }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "decoded_as" - ], - "order_by": "Bytes", - "row_limit": "100", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "decoded_as" - ], - "order_by": "Bytes Sent", - "row_limit": "200", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "decoded_as" - ], - "order_by": "Bytes Received", - "row_limit": "500", - "min_in_size": "1", - "min_out_size": "1" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.14", - "clients_end_ip": "10.64.224.14", - "servers_start_ip": "2.1.1.14", - "servers_end_ip": "2.1.1.14", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [ - {"time": "2024-07-24T01:36:19Z", "out_bytes": 745744, "in_bytes": 9120, "bytes": 754864} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_get_347pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 339823, "total_bytes_received": 333931, "total_bytes_sent": 5892, "total_packets": 347, "total_packets_received": 250, "total_packets_sent": 97, "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.ct.cn"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" } parameter = replace_paras(parameter) diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_device_group.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_device_group.py index 3ddcfb99c..161c23f38 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_device_group.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_device_group.py @@ -1,206 +1,506 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Device Group", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "device_group" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Device Group", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.13", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Device Group", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "device_group" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Device Group", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Device Group", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "device_group" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Device Group", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] + }, + "vsys": 1 + } }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "in_bytes:SUM:in bytes", - "out_bytes:SUM:out bytes", - "in_bytes+out_bytes:SUM:bytes" - ], - "dimensions": [ - "device_group" - ], - "order_by": "bytes", - "row_limit": "100", - "min_in_size": "1", - "min_out_size": "1" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.13", - "clients_end_ip": "10.64.224.13", - "servers_start_ip": "2.1.1.13", - "servers_end_ip": "2.1.1.13", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [ - {"device_group": "1", "server_country": "IN", "in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -209,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_device_group_decoded_as.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_device_group_decoded_as.py index 9ec8a2a7e..61a89a96a 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_device_group_decoded_as.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_device_group_decoded_as.py @@ -1,241 +1,548 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", - }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", - }, - ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "device_group", - "decoded_as" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "device_group", - "decoded_as" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "device_group", - "decoded_as" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] } ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [#如果Bytes Aggregate为:BITRATE则Bytes*8 - {"applicatoin": "2407TCP","in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} + } ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Device Group, Decoded AS", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "device_group" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Device Group", + "is_drill_down": 0 + }, + { + "source_fields": [ + "decoded_as" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Decoded AS", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Device Group, Decoded AS", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "device_group" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Device Group", + "is_drill_down": 0 + }, + { + "source_fields": [ + "decoded_as" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Decoded AS", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Device Group, Decoded AS", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "device_group" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Device Group", + "is_drill_down": 0 + }, + { + "source_fields": [ + "decoded_as" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Decoded AS", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } + ] + }, + "vsys": 1 + } + }, + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -244,4 +551,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_direction.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_direction.py index 3b5ca30e1..8649668e8 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_direction.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_direction.py @@ -1,234 +1,504 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Direction", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "direction" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Direction", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.14", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Direction", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "direction" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Direction", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Direction", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "direction" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Direction", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "direction" - ], - "order_by": "Bytes", - "row_limit": "100", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "direction" - ], - "order_by": "Bytes Sent", - "row_limit": "200", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "direction" - ], - "order_by": "Bytes Received", - "row_limit": "500", - "min_in_size": "1", - "min_out_size": "1" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.14", - "clients_end_ip": "10.64.224.14", - "servers_start_ip": "2.1.1.14", - "servers_end_ip": "2.1.1.14", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" + }, + "vsys": 1 + } }, - "statists_metric_results": [ - {"time": "2024-07-24T01:36:19Z", "out_bytes": 745744, "in_bytes": 9120, "bytes": 754864} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" } parameter = replace_paras(parameter) @@ -239,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_domain.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_domain.py index 917703005..d159a181b 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_domain.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_domain.py @@ -1,238 +1,506 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Server Domain", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_domain" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Domain", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Server Domain", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_domain" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Domain", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Server Domain", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_domain" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Domain", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "in_bytes+out_bytes:SUM:Bytes" - ], - "dimensions": [ - "server_domain" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "in_bytes+out_bytes:RATE:Bytes" - ], - "dimensions": [ - "server_domain" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "in_bytes+out_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "server_domain" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] + }, + "vsys": 1 + } }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [#如果Bytes Aggregate为:BITRATE则Bytes*8 - {"s2c_ttl": "255","in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -241,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_flags.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_flags.py index 49f70250b..cb7edbd48 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_flags.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_flags.py @@ -1,238 +1,506 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", - }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", - }, - ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "flags" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "flags" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "flags" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] } ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [#如果Bytes Aggregate为:BITRATE则Bytes*8 - {"applicatoin": "2407TCP","in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} + } ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Flags", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "flags" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Flags", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Flags", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "flags" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Flags", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Flags", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "flags" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Flags", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } + ] + }, + "vsys": 1 + } + }, + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -241,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_fqdn.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_fqdn.py index 9b5049905..6c1bb4ee1 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_fqdn.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_fqdn.py @@ -1,238 +1,506 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Server FQDN", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_fqdn" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server FQDN", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Server FQDN", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_fqdn" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server FQDN", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Server FQDN", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_fqdn" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server FQDN", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] + }, + "vsys": 1 + } }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "in_bytes:SUM:in bytes", - "out_bytes:SUM:out bytes", - "in_bytes+out_bytes:SUM:bytes" - ], - "dimensions": [ - "server_fqdn" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "in_bytes+out_bytes:RATE:Bytes" - ], - "dimensions": [ - "server_fqdn" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "in_bytes+out_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "server_fqdn" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [#如果Bytes Aggregate为:BITRATE则Bytes*8 - {"server_fqdn": "www.yumi.com","in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - if __name__ == '__main__': - parameter = { - - "username": "zhaokun", - "password": "zhaokun1", - "test_pc_ip": "192.168.64.73", - "api_server": "http://192.168.44.72", - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, # 6 - "root_path": "D:/tsgcode/tsg_test", - "path": "tsgcode/tsg_test/testcase/ui", - "module_name": "statistics", - "test_case_name": os.path.basename(__file__)[:-3], +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.73", + "api_server": "http://192.168.44.72", + "is_log": 0, + "env": "tsgx", + "vsys": 1, # 6 + "root_path": "D:/tsgcode/tsg_test", + "path": "tsgcode/tsg_test/testcase/ui", + "module_name": "statistics", + "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -241,4 +509,4 @@ def run(parameter): # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_fqdn_domain.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_fqdn_domain.py index 6d623efc7..6ac2ee821 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_fqdn_domain.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_fqdn_domain.py @@ -1,241 +1,548 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Server FQDN, Server Domain", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_fqdn" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server FQDN", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_domain" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Domain", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Server FQDN, Server Domain", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_fqdn" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server FQDN", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_domain" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Domain", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Server FQDN, Server Domain", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_fqdn" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server FQDN", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_domain" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Domain", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] + }, + "vsys": 1 + } }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "in_bytes:SUM:in bytes", - "out_bytes:SUM:out bytes", - "in_bytes+out_bytes:SUM:bytes" - ], - "dimensions": [ - "server_fqdn", - "server_domain" - ], - "order_by": "bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "in_bytes+out_bytes:RATE:Bytes" - ], - "dimensions": [ - "server_fqdn", - "server_domain" - ], - "order_by": "bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "in_bytes+out_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "server_fqdn", - "server_domain" - ], - "order_by": "bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [#如果Bytes Aggregate为:BITRATE则Bytes*8 - {"server_fqdn": "www.yumi.com","server_domain": "yumi.com","in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -244,4 +551,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_http_host.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_http_host.py index f6f77e509..6c48f2f73 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_http_host.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_http_host.py @@ -1,240 +1,506 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.16", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by HTTP Host", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "http_host" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "HTTP Host", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.16", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by HTTP Host", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "http_host" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "HTTP Host", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by HTTP Host", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "http_host" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "HTTP Host", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] + }, + "vsys": 1 + } }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "in_bytes+out_bytes:SUM:Bytes" - ], - "dimensions": [ - "http_host" - ], - "order_by": "Bytes", - "row_limit": "100", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "in_bytes+out_bytes:SUM:Bytes" - ], - "dimensions": [ - "http_host" - ], - "order_by": "Bytes Received", - "row_limit": "200", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "in_bytes+out_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "http_host" - ], - "order_by": "Bytes Received", - "row_limit": "20", - "min_in_size": "1", - "min_out_size": "1" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.16", - "clients_end_ip": "10.64.224.16", - "servers_start_ip": "2.1.1.16", - "servers_end_ip": "2.1.1.16", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [ - {"client_country": 64, "in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - - - if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", "is_log": 0, "env": "tsgx", - "vsys_id": 1,#6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -243,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s2c_link_id.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s2c_link_id.py index 3bf78e2f9..b12c2c3cf 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s2c_link_id.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s2c_link_id.py @@ -1,238 +1,506 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Server-to-Client Link ID", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "s2c_link_id" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server-to-Client Link ID", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.18", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Server-to-Client Link ID", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "s2c_link_id" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server-to-Client Link ID", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Server-to-Client Link ID", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "s2c_link_id" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server-to-Client Link ID", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "s2c_link_id" - ], - "order_by": "Bytes", - "row_limit": "50", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "s2c_link_id" - ], - "order_by": "Bytes", - "row_limit": "50", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "s2c_link_id" - ], - "order_by": "Bytes", - "row_limit": "50", - "min_in_size": "1", - "min_out_size": "1" - } - ] - }] + }, + "vsys": 1 + } }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.18", - "clients_end_ip": "10.64.224.18", - "servers_start_ip": "2.1.1.18", - "servers_end_ip": "2.1.1.18", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [ - {"c2s_link_id": 720, "s2c_link_id": 720, "in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -241,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s2c_ttl.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s2c_ttl.py index 19ce110ad..6a2c9e9d3 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s2c_ttl.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s2c_ttl.py @@ -1,238 +1,506 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Server-to-Client TTL", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "s2c_ttl" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server-to-Client TTL", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Server-to-Client TTL", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "s2c_ttl" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server-to-Client TTL", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Server-to-Client TTL", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "s2c_ttl" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server-to-Client TTL", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "in_bytes+out_bytes:SUM:Bytes" - ], - "dimensions": [ - "s2c_ttl" - ], - "order_by": "Bytes Received", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "in_bytes+out_bytes:RATE:Bytes" - ], - "dimensions": [ - "s2c_ttl" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "in_bytes+out_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "s2c_ttl" - ], - "order_by": "Bytes Sent", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] + }, + "vsys": 1 + } }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [#如果Bytes Aggregate为:BITRATE则Bytes*8 - {"s2c_ttl": "40","in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -241,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_country.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_country.py index 1aabb3ed9..42645f964 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_country.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_country.py @@ -1,238 +1,506 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", - }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", - }, - ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "server_country" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "server_country" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "server_country" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] } ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [#如果Bytes Aggregate为:BITRATE则Bytes*8 - {"applicatoin": "2407TCP","in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} + } ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Server Country", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Country", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Server Country", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Country", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Server Country", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_country" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Country", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } + ] + }, + "vsys": 1 + } + }, + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -241,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_ip.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_ip.py index 021bbf60f..1df4b0190 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_ip.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_ip.py @@ -1,237 +1,506 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Server IP", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.16", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Server IP", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Server IP", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] + }, + "vsys": 1 + } }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "in_bytes+out_bytes:SUM:Bytes" - ], - "dimensions": [ - "server_ip" - ], - "order_by": "Bytes", - "row_limit": "100", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "in_bytes+out_bytes:RATE:Bytes" - ], - "dimensions": [ - "server_ip" - ], - "order_by": "Bytes", - "row_limit": "100", - "min_in_size": "1", - "min_out_size": "1" - },{ - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "in_bytes+out_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "server_ip" - ], - "order_by": "Bytes", - "row_limit": "100", - "min_in_size": "1", - "min_out_size": "1" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.16", - "clients_end_ip": "10.64.224.16", - "servers_start_ip": "2.1.1.16", - "servers_end_ip": "2.1.1.16", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [#如果Bytes Aggregate为:BITRATE则Bytes*8 - {"s2c_ttl": "255","in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -240,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_ip_app.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_ip_app.py index 8c62eb46c..791dc3c4f 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_ip_app.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_ip_app.py @@ -1,241 +1,548 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Server IP, Application", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP", + "is_drill_down": 0 + }, + { + "source_fields": [ + "app" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Server IP, Application", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP", + "is_drill_down": 0 + }, + { + "source_fields": [ + "app" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Server IP, Application", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP", + "is_drill_down": 0 + }, + { + "source_fields": [ + "app" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Application", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "app", - "server_ip" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "app", - "server_ip" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "app", - "server_ip" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] + }, + "vsys": 1 + } }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [#如果Bytes Aggregate为:BITRATE则Bytes*8 - {"server_fqdn": "www.yumi.com","in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - if __name__ == '__main__': - parameter = { - - "username": "zhaokun", - "password": "zhaokun1", - "test_pc_ip": "192.168.64.73", - "api_server": "http://192.168.44.72", - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, # 6 - "root_path": "D:/tsgcode/tsg_test", - "path": "tsgcode/tsg_test/testcase/ui", - "module_name": "statistics", - "test_case_name": os.path.basename(__file__)[:-3], +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.73", + "api_server": "http://192.168.44.72", + "is_log": 0, + "env": "tsgx", + "vsys": 1, # 6 + "root_path": "D:/tsgcode/tsg_test", + "path": "tsgcode/tsg_test/testcase/ui", + "module_name": "statistics", + "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -244,4 +551,4 @@ def run(parameter): # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_ip_fqdn.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_ip_fqdn.py index ec39bef57..1cfa5b135 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_ip_fqdn.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_ip_fqdn.py @@ -1,241 +1,548 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Server IP, Server FQDN", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_fqdn" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server FQDN", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Server IP, Server FQDN", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_fqdn" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server FQDN", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Server IP, Server FQDN", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP", + "is_drill_down": 0 + }, + { + "source_fields": [ + "server_fqdn" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server FQDN", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "server_fqdn", - "server_ip" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "server_fqdn", - "server_ip" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "server_fqdn", - "server_ip" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] + }, + "vsys": 1 + } }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [#如果Bytes Aggregate为:BITRATE则Bytes*8 - {"server_fqdn": "www.yumi.com","in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - if __name__ == '__main__': - parameter = { - - "username": "zhaokun", - "password": "zhaokun1", - "test_pc_ip": "192.168.64.73", - "api_server": "http://192.168.44.72", - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, # 6 - "root_path": "D:/tsgcode/tsg_test", - "path": "tsgcode/tsg_test/testcase/ui", - "module_name": "statistics", - "test_case_name": os.path.basename(__file__)[:-3], +if __name__ == '__main__': + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.73", + "api_server": "http://192.168.44.72", + "is_log": 0, + "env": "tsgx", + "vsys": 1, # 6 + "root_path": "D:/tsgcode/tsg_test", + "path": "tsgcode/tsg_test/testcase/ui", + "module_name": "statistics", + "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -244,4 +551,4 @@ def run(parameter): # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_ip_objects.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_ip_objects.py index 86be74ca8..a1367fd87 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_ip_objects.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_ip_objects.py @@ -1,239 +1,506 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Server IP Object List", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_ip_object_list" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP Object List", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "statistics_option": "Brief", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Server IP Object List", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_ip_object_list" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP Object List", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Server IP Object List", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_ip_object_list" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server IP Object List", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] + }, + "vsys": 1 + } }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "in_bytes+out_bytes:SUM:Bytes" - ], - "dimensions": [ - "server_ip_object_list" - ], - "order_by": "bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "in_bytes+out_bytes:RATE:Bytes" - ], - "dimensions": [ - "server_ip_object_list" - ], - "order_by": "bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "in_bytes+out_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "server_ip_object_list" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [#如果Bytes Aggregate为:BITRATE则Bytes*8 - {"server_ip_object_list": "1154003","in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - - if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1,#6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -242,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_port.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_port.py index 06b2b3a8b..b09f6faac 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_port.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_s_port.py @@ -1,238 +1,506 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate - def run(parameter): try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Begin to run test case: " + parameter["test_case_name"], flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Server Port", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_port" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Port", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Server Port", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_port" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Port", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Server Port", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "server_port" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Server Port", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "in_bytes+out_bytes:SUM:Bytes" - ], - "dimensions": [ - "server_port" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "in_bytes+out_bytes:RATE:Bytes" - ], - "dimensions": [ - "server_port" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "in_bytes+out_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "server_port" - ], - "order_by": "Bytes", - "row_limit": "20", - "min_in_size": "0", - "min_out_size": "0" - } - ] - }] + }, + "vsys": 1 + } }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.31", - "clients_end_ip": "10.64.224.31", - "servers_start_ip": "2.1.1.31", - "servers_end_ip": "2.1.1.31", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" - }, - "statists_metric_results": [ - {"server_port": 80,"server_ip_object_list": "1573552", "in_bytes": 1140, "out_bytes": 93218, "bytes": 94358} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" - } + } parameter = replace_paras(parameter) run(parameter) """ @@ -241,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_sled_ip.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_sled_ip.py index e9b9ae246..d4805c5a5 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_sled_ip.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_sled_ip.py @@ -1,234 +1,504 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Sled IP", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "sled_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Sled IP", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.14", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Sled IP", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "sled_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Sled IP", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Sled IP", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "sled_ip" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Sled IP", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "sled_ip" - ], - "order_by": "Bytes", - "row_limit": "100", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "sled_ip" - ], - "order_by": "Bytes Sent", - "row_limit": "200", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "sled_ip" - ], - "order_by": "Bytes Received", - "row_limit": "500", - "min_in_size": "1", - "min_out_size": "1" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.14", - "clients_end_ip": "10.64.224.14", - "servers_start_ip": "2.1.1.14", - "servers_end_ip": "2.1.1.14", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" + }, + "vsys": 1 + } }, - "statists_metric_results": [ - {"time": "2024-07-24T01:36:19Z", "out_bytes": 745744, "in_bytes": 9120, "bytes": 754864} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" } parameter = replace_paras(parameter) @@ -239,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ diff --git a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_sub_id.py b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_sub_id.py index e8a46bb2b..4f14f56cf 100644 --- a/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_sub_id.py +++ b/tests/statistics/stats_srcip_dstip_http_table_all_bytes_dim_sub_id.py @@ -1,234 +1,504 @@ # -*- coding: UTF-8 -*- -import time import os import sys +import time +import pytz +from support.organize_config import OrganizeConfig from support.ui_utils.element_position.map_element_position_library import replace_paras - -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -import traceback -from datetime import datetime -from support.common_utils.create_policy import CreatePolicy +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "statistics", - "rule_name": parameter["test_case_name"], - "rule_action": "statistics", - "rule_type": "create", - "debug_flag": "local", - "test_subcriber_id": "test6489", - "script_type": "ui", - "condition": { - "source_ip": [ - { - "name": parameter["test_case_name"].replace("_dstip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ + policy_configuration = { + "name": parameter["test_case_name"], + "type": "statistics", + "action": "statistics", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_dstip", "", 1), + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "10.64.224.31", + "interval": "1-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "name": parameter["test_case_name"].replace("_srcip", "", 1), + "attribute_name": "ATTR_DESTINATION_IP", + "type": "ip", + "sub_type": "ip", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "ip": "2.1.1.9", + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ] + } + ], + "action_parameter": { + "template_profile":{ + "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), + "uuid": "", + "dataview": { + "charts": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "10.64.224.31", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "BITRATE(Bytes Sent, Bytes Received), BITRATE(Bytes Sent) and BITRATE(Bytes Received) Distributed by Subscriber ID", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "subscriber_id" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Subscriber ID", + "is_drill_down": 0 + } + ], + "limit": "20", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "BITRATE(Bytes Sent, Bytes Received)", + "unit": "bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "BITRATE(Bytes Sent)", + "unit": "bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "BITRATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "BITRATE(Bytes Received)", + "unit": "bps" + } + ], + "order_by": "BITRATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, - ] - } - ], - "source_port": [], - "destination_ip": [ - { - "name": parameter["test_case_name"].replace("_srcip", "", 1), - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ { - "item_operation": "add", - "item_type": "ipv4", - "item_value": "2.1.1.14", + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "RATE(Bytes Sent, Bytes Received), RATE(Bytes Sent) and RATE(Bytes Received) Distributed by Subscriber ID", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "subscriber_id" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Subscriber ID", + "is_drill_down": 0 + } + ], + "limit": "50", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "RATE(Bytes Sent, Bytes Received)", + "unit": "Bps" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "RATE(Bytes Sent)", + "unit": "Bps" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "RATE", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "RATE(Bytes Received)", + "unit": "Bps" + } + ], + "order_by": "RATE(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } }, + { + "id": "", + "display": { + "page_x": None, + "page_y": None, + "height": "", + "width": "", + "type": "table", + "table_type": "regular" + }, + "uuid": "", + "name": "SUM(Bytes Sent, Bytes Received), SUM(Bytes Sent) and SUM(Bytes Received) Distributed by Subscriber ID", + "threshold": { + "in_bytes": 0, + "out_bytes": 0 + }, + "query": { + "dimensions": [ + { + "source_fields": [ + "subscriber_id" + ], + "function": { + "name": "", + "expression": "", + "variables": [ + + ] + }, + "label": "Subscriber ID", + "is_drill_down": 0 + } + ], + "limit": "1000", + "metrics": [ + { + "source_fields": [ + "sent_bytes", + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_1", + "label": "SUM(Bytes Sent, Bytes Received)", + "unit": "bytes" + }, + { + "source_fields": [ + "sent_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_2", + "label": "SUM(Bytes Sent)", + "unit": "bytes" + }, + { + "source_fields": [ + "received_bytes" + ], + "function": { + "name": "SUM", + "expression": "", + "variables": [ + + ] + }, + "metric_type": "count", + "metric_name": "count_3", + "label": "SUM(Bytes Received)", + "unit": "bytes" + } + ], + "order_by": "SUM(Bytes Sent, Bytes Received)", + "source": "statistics_rule", + "series_limit": "" + } + } ] - }], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [ - ], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - ], - "packet_capture": [] - }, - "action_parameter": { - "statistics_template": [{ - "name": parameter["test_case_name"].replace("_srcip_dstip", "", 1), - "profile_type": "statistics_template", - "charts": [ - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:SUM:Bytes Sent", - "received_bytes:SUM:Bytes Received", - "sent_bytes+received_bytes:SUM:Bytes" - ], - "dimensions": [ - "subscriber_id" - ], - "order_by": "Bytes", - "row_limit": "100", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:RATE:Bytes Sent", - "received_bytes:RATE:Bytes Received", - "sent_bytes+received_bytes:RATE:Bytes" - ], - "dimensions": [ - "subscriber_id" - ], - "order_by": "Bytes Sent", - "row_limit": "200", - "min_in_size": "1", - "min_out_size": "1" - }, - { - "chart_name": "default name", - "visualization_type": "Table", - "metrics": [ - "sent_bytes:BITRATE:Bytes Sent", - "received_bytes:BITRATE:Bytes Received", - "sent_bytes+received_bytes:BITRATE:Bytes" - ], - "dimensions": [ - "subscriber_id" - ], - "order_by": "Bytes Received", - "row_limit": "500", - "min_in_size": "1", - "min_out_size": "1" - } - ] - }] - }, - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key": "server_fqdn", "query_value": "www.yumi.com"}], - "traffic": { - "protocol": "", - "type": "trex", - "clients_start_ip": "10.64.224.14", - "clients_end_ip": "10.64.224.14", - "servers_start_ip": "2.1.1.14", - "servers_end_ip": "2.1.1.14", - "m": 1, - "d": 1, - "yaml_name": "test", - "pcap_name": "http_87pkts" + }, + "vsys": 1 + } }, - "statists_metric_results": [ - {"time": "2024-07-24T01:36:19Z", "out_bytes": 745744, "in_bytes": 9120, "bytes": 754864} - ], - # "traffic": { - # "type": "trex", - # "clients_start_ip": "192.168.64.86", - # "clients_end_ip": "192.168.64.86", - # "servers_start_ip": "2.1.1.1", - # "servers_end_ip": "2.1.1.2", - # "m": 1, - # "d": 1, - # "yaml_name": "test", - # "pcap_name": "test_https" - # }, - # "traffic": { - # "type": "nslookup", - # "command": "nslookup www.facebook.com" - # }, - # "traffic": { - # "type": "wget", - # "command": "wget -q -O- http://open.node.com:180" - # }, - "token": "" + "is_enabled": 1, + "log_option": "metadata" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - # 脚本结束时间和耗时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], - "Finish test case: " + parameter["test_case_name"], flush=True) - return result + traffic_generation = { + "tool": "trex", # or trex/http + "clients_start_ip": "10.64.224.9", + "clients_end_ip": "10.64.224.9", + "servers_start_ip": "2.1.1.9", + "servers_end_ip": "2.1.1.9", + "m": 1, + "d": 1, + "yaml_name": "test", + "pcap_name": "http_87pkts" + } + + verification_result = { + "excepted_traffic_result": {"total_bytes": 94679, "total_bytes_received": 93284, "total_bytes_sent": 1395, + "total_packets": 87, "total_packets_received": 65, "total_packets_sent": 22, + "total_syn_pkt": 1}, + "expected_query": {"hits": 1}, + "expected_log": [ + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key": "server_fqdn", "query_value": "www.yumi.com"} + ] + } + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + rules_tuple, ui_error = ui_client.create_rules(policy_configuration) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + organize_config = OrganizeConfig(parameter, policy_configuration, api_client.token,()) + organize_config.generate_random_ip(parameter, policy_configuration, traffic_generation) + + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", profiles_tuple) + if len(api_error) > 0: + return api_error + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + #if rules_tuple: + # print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "DEBUG:Case:{},rule:{},log_result:{},excepted_traffic_result:{},metric_result:{}".format(os.path.basename(__file__)[:-3], list(rules_tuple)[0]["uuid"], log_result, excepted_traffic_result, metric_result), flush=True) + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, - flush=True) - traceback.print_exc() - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], + "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 脚本结束时间和耗时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) if __name__ == '__main__': parameter = { - "username": "zhaokun", "password": "zhaokun1", "test_pc_ip": "192.168.64.73", "api_server": "http://192.168.44.72", - "is_log": 1, + "is_log": 0, "env": "tsgx", - "vsys_id": 1, # 6 + "vsys": 1, # 6 "root_path": "D:/tsgcode/tsg_test", "path": "tsgcode/tsg_test/testcase/ui", "module_name": "statistics", "test_case_name": os.path.basename(__file__)[:-3], "debug_flag": "local", "test_subcriber_id": "test6489", - "script_type": "ui", + "initiation_method": "api", "policy_type": "statistics" } parameter = replace_paras(parameter) @@ -239,4 +509,4 @@ if __name__ == '__main__': # 执行如下命令生成测试报告(自动打开浏览器): allure serve allure - """ \ No newline at end of file + """ -- cgit v1.2.3 From 83e1423732b3bea0b44724c5de8eb6c8cc25f7e8 Mon Sep 17 00:00:00 2001 From: "hebingning@geedgenetworks.com" Date: Thu, 28 Nov 2024 00:11:57 +0800 Subject: update security cases to new format --- ...id_mail_substr_from_substr_to_substr_account.py | 6 +- ...name_redirect_qtype_aaaa_atype_cname_profile.py | 2 +- ...b_qname_redirect_qtype_aaaa_atype_cname_text.py | 2 +- .../sec_deny_srcip_http_alert_200_profile.py | 2 +- .../sec_deny_srcip_http_block_403_profile.py | 2 +- ...ec_deny_srcip_http_pre_url_alert_200_profile.py | 331 +++++++------ .../sec_deny_srcip_http_pre_url_alert_200_text.py | 362 +------------- .../sec_deny_srcip_http_pre_url_alert_204.py | 363 +------------- ...ec_deny_srcip_http_pre_url_block_403_profile.py | 391 +-------------- .../sec_deny_srcip_http_pre_url_block_403_text.py | 366 +------------- ...ec_deny_srcip_http_pre_url_block_404_profile.py | 390 +-------------- .../sec_deny_srcip_http_pre_url_block_404_text.py | 366 +------------- tests/security/sec_deny_srcip_http_pre_url_drop.py | 360 +------------- .../sec_deny_srcip_http_pre_url_drop_rst.py | 358 +------------- .../sec_deny_srcip_http_pre_url_rate_high.py | 363 +------------- .../sec_deny_srcip_http_pre_url_rate_low.py | 365 +------------- .../sec_deny_srcip_http_pre_url_redirect.py | 367 +------------- .../security/sec_deny_srcip_http_pre_url_tamper.py | 360 +------------- tests/security/sec_deny_srcip_http_rate_high.py | 364 +------------- tests/security/sec_deny_srcip_http_rate_low.py | 366 +------------- ...ec_deny_srcip_http_sub_url_alert_200_profile.py | 330 +++++++------ .../sec_deny_srcip_http_sub_url_alert_200_text.py | 309 +++++++----- .../sec_deny_srcip_http_sub_url_alert_204.py | 305 +++++++----- ...ec_deny_srcip_http_sub_url_block_403_profile.py | 331 +++++++------ .../sec_deny_srcip_http_sub_url_block_403_text.py | 309 +++++++----- ...ec_deny_srcip_http_sub_url_block_404_profile.py | 331 +++++++------ .../sec_deny_srcip_http_sub_url_block_404_text.py | 309 +++++++----- tests/security/sec_deny_srcip_http_sub_url_drop.py | 309 +++++++----- .../sec_deny_srcip_http_sub_url_drop_rst.py | 309 +++++++----- .../sec_deny_srcip_http_sub_url_rate_high.py | 315 +++++++----- .../sec_deny_srcip_http_sub_url_rate_low.py | 308 +++++++----- .../sec_deny_srcip_http_sub_url_redirect.py | 310 +++++++----- .../security/sec_deny_srcip_http_sub_url_tamper.py | 305 +++++++----- ...substr_reqheader_by_cookie_alert_200_profile.py | 329 ++++++------ ...tp_substr_reqheader_by_cookie_alert_200_text.py | 313 +++++++----- ...ip_http_substr_reqheader_by_cookie_alert_204.py | 311 +++++++----- ...substr_reqheader_by_cookie_block_403_profile.py | 329 ++++++------ ...tp_substr_reqheader_by_cookie_block_403_text.py | 313 +++++++----- ...substr_reqheader_by_cookie_block_404_profile.py | 329 ++++++------ ...tp_substr_reqheader_by_cookie_block_404_text.py | 313 +++++++----- ...ip_http_substr_reqheader_by_cookie_rate_high.py | 312 +++++++----- ...cip_http_substr_reqheader_by_cookie_rate_low.py | 312 +++++++----- ...srcip_http_substr_reqheader_by_cookie_tamper.py | 309 +++++++----- .../sec_deny_srcip_http_suff_reqbody_drop.py | 303 +++++++----- .../sec_deny_srcip_http_suff_reqbody_drop_rst.py | 303 +++++++----- .../sec_deny_srcip_http_suff_reqbody_rate_high.py | 302 ++++++----- .../sec_deny_srcip_http_suff_reqbody_rate_low.py | 302 ++++++----- .../sec_deny_srcip_http_suff_reqbody_tamper.py | 301 ++++++----- .../sec_deny_srcip_http_xly_reqbody_drop.py | 303 +++++++----- .../sec_deny_srcip_http_xly_reqbody_drop_rst.py | 303 +++++++----- .../sec_deny_srcip_http_xly_reqbody_rate_high.py | 302 ++++++----- .../sec_deny_srcip_http_xly_reqbody_rate_low.py | 302 ++++++----- .../sec_deny_srcip_http_xly_reqbody_tamper.py | 301 ++++++----- ...ec_deny_srcip_http_xly_url_alert_200_profile.py | 550 +++++++++++++++------ .../sec_deny_srcip_http_xly_url_alert_200_text.py | 309 +++++++----- .../sec_deny_srcip_http_xly_url_alert_204.py | 305 +++++++----- ...ec_deny_srcip_http_xly_url_block_403_profile.py | 331 +++++++------ .../sec_deny_srcip_http_xly_url_block_403_text.py | 309 +++++++----- ...ec_deny_srcip_http_xly_url_block_404_profile.py | 331 +++++++------ .../sec_deny_srcip_http_xly_url_block_404_text.py | 309 +++++++----- tests/security/sec_deny_srcip_http_xly_url_drop.py | 309 +++++++----- .../sec_deny_srcip_http_xly_url_drop_rst.py | 309 +++++++----- .../sec_deny_srcip_http_xly_url_rate_high.py | 315 +++++++----- .../sec_deny_srcip_http_xly_url_rate_low.py | 308 +++++++----- .../sec_deny_srcip_http_xly_url_redirect.py | 310 +++++++----- .../security/sec_deny_srcip_http_xly_url_tamper.py | 305 +++++++----- .../sec_deny_srcip_mail_exactly_account_drop.py | 322 ++++++------ ...ec_deny_srcip_mail_exactly_account_rate_high.py | 321 +++++++----- ...sec_deny_srcip_mail_exactly_account_rate_low.py | 321 +++++++----- .../sec_deny_srcip_mail_exactly_account_rst.py | 322 ++++++------ .../sec_deny_srcip_mail_exactly_account_tamper.py | 318 +++++++----- .../sec_deny_srcip_mail_exactly_from_drop.py | 322 ++++++------ .../sec_deny_srcip_mail_exactly_from_rate_high.py | 321 +++++++----- .../sec_deny_srcip_mail_exactly_from_rate_low.py | 321 +++++++----- .../sec_deny_srcip_mail_exactly_from_rst.py | 322 ++++++------ .../sec_deny_srcip_mail_exactly_from_tamper.py | 318 +++++++----- .../sec_deny_srcip_mail_pre_account_drop.py | 322 ++++++------ .../sec_deny_srcip_mail_pre_account_rate_high.py | 321 +++++++----- .../sec_deny_srcip_mail_pre_account_rate_low.py | 321 +++++++----- .../sec_deny_srcip_mail_pre_account_rst.py | 322 ++++++------ .../sec_deny_srcip_mail_pre_account_tamper.py | 318 +++++++----- .../security/sec_deny_srcip_mail_pre_from_drop.py | 322 ++++++------ .../sec_deny_srcip_mail_pre_from_rate_high.py | 321 +++++++----- .../sec_deny_srcip_mail_pre_from_rate_low.py | 321 +++++++----- tests/security/sec_deny_srcip_mail_pre_from_rst.py | 322 ++++++------ .../sec_deny_srcip_mail_pre_from_tamper.py | 318 +++++++----- .../sec_deny_srcip_mail_substr_account_drop.py | 322 ++++++------ ...sec_deny_srcip_mail_substr_account_rate_high.py | 321 +++++++----- .../sec_deny_srcip_mail_substr_account_rate_low.py | 321 +++++++----- .../sec_deny_srcip_mail_substr_account_rst.py | 322 ++++++------ .../sec_deny_srcip_mail_substr_account_tamper.py | 318 +++++++----- .../sec_deny_srcip_mail_substr_from_drop.py | 322 ++++++------ .../sec_deny_srcip_mail_substr_from_rate_high.py | 321 +++++++----- .../sec_deny_srcip_mail_substr_from_rate_low.py | 321 +++++++----- .../sec_deny_srcip_mail_substr_from_rst.py | 322 ++++++------ .../sec_deny_srcip_mail_substr_from_tamper.py | 318 +++++++----- .../sec_deny_srcip_mail_suff_account_drop.py | 322 ++++++------ .../sec_deny_srcip_mail_suff_account_rate_high.py | 321 +++++++----- .../sec_deny_srcip_mail_suff_account_rate_low.py | 321 +++++++----- .../sec_deny_srcip_mail_suff_account_rst.py | 322 ++++++------ .../sec_deny_srcip_mail_suff_account_tamper.py | 318 +++++++----- .../security/sec_deny_srcip_mail_suff_from_drop.py | 322 ++++++------ .../sec_deny_srcip_mail_suff_from_rate_high.py | 321 +++++++----- .../sec_deny_srcip_mail_suff_from_rate_low.py | 321 +++++++----- .../security/sec_deny_srcip_mail_suff_from_rst.py | 322 ++++++------ .../sec_deny_srcip_mail_suff_from_tamper.py | 318 +++++++----- 106 files changed, 16009 insertions(+), 16881 deletions(-) diff --git a/tests/security/sec_allow_subid_mail_substr_from_substr_to_substr_account.py b/tests/security/sec_allow_subid_mail_substr_from_substr_to_substr_account.py index 59416fce2..2a2433b11 100644 --- a/tests/security/sec_allow_subid_mail_substr_from_substr_to_substr_account.py +++ b/tests/security/sec_allow_subid_mail_substr_from_substr_to_substr_account.py @@ -55,7 +55,7 @@ def run(parameter): ], }, { - "negate_option": 0, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_MAIL_FROM", @@ -73,7 +73,7 @@ def run(parameter): ] }, { - "negate_option": 0, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_MAIL_TO", @@ -91,7 +91,7 @@ def run(parameter): ] }, { - "negate_option": 0, + "negate_option": False, "or_conditions": [ { "attribute_name": "ATTR_MAIL_ACCOUNT", diff --git a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_profile.py b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_profile.py index f5e91fd04..918776e9f 100644 --- a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_profile.py +++ b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_profile.py @@ -113,7 +113,7 @@ def run(parameter): verification_result = { "excepted_traffic_result": "aaa.bbb.ccc", - "expected_metric": {"hits": 1}, + "expected_metric": {"hits": 2}, "expected_log": [ {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, {"query_field_key":"decoded_as", "query_value": "DNS"}, diff --git a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_text.py b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_text.py index bc974215a..115045154 100644 --- a/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_text.py +++ b/tests/security/sec_deny_srcip_dns_sub_qname_redirect_qtype_aaaa_atype_cname_text.py @@ -107,7 +107,7 @@ def run(parameter): verification_result = { "excepted_traffic_result": "aaa.bbb.ccc", - "expected_metric": {"hits": 1}, + "expected_metric": {"hits": 2}, "expected_log": [ {"query_field_key":"server_ip", "query_value": "8.8.8.8"}, {"query_field_key":"decoded_as", "query_value": "DNS"}, diff --git a/tests/security/sec_deny_srcip_http_alert_200_profile.py b/tests/security/sec_deny_srcip_http_alert_200_profile.py index 66e151288..44ca94711 100644 --- a/tests/security/sec_deny_srcip_http_alert_200_profile.py +++ b/tests/security/sec_deny_srcip_http_alert_200_profile.py @@ -85,7 +85,7 @@ def run(parameter): "enable": 0 }, "send_icmp_unreachable": 0 - }, + }, "is_enabled": 1, "log_option": "metadata", } diff --git a/tests/security/sec_deny_srcip_http_block_403_profile.py b/tests/security/sec_deny_srcip_http_block_403_profile.py index a2df4abff..13449075e 100644 --- a/tests/security/sec_deny_srcip_http_block_403_profile.py +++ b/tests/security/sec_deny_srcip_http_block_403_profile.py @@ -75,7 +75,7 @@ def run(parameter): ], "action_parameter": { "sub_action": "block", - "code": 404, + "code": 403, "html_profile": { "name": "test", "format": "html", diff --git a/tests/security/sec_deny_srcip_http_pre_url_alert_200_profile.py b/tests/security/sec_deny_srcip_http_pre_url_alert_200_profile.py index 55f61c40d..f72711a54 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_alert_200_profile.py +++ b/tests/security/sec_deny_srcip_http_pre_url_alert_200_profile.py @@ -1,183 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node" + } + ] + } + ] + } + ], "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" + "sub_action": "alert", + "code": 200, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_pre_url_alert_200_text.py b/tests/security/sec_deny_srcip_http_pre_url_alert_200_text.py index 7ab509173..4b1371758 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_alert_200_text.py +++ b/tests/security/sec_deny_srcip_http_pre_url_alert_200_text.py @@ -1,357 +1,3 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "TEXT", - "content": "deny200" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - # -*- coding: UTF-8 -*- import os import sys @@ -430,13 +76,13 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "alert", + "code": 200, + "message": "deny_autest_200", "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, - "send_icmp_unreachable": 0, - "after_n_packets": 0 + "send_icmp_unreachable": 0 }, "is_enabled": 1, "log_option": "metadata", diff --git a/tests/security/sec_deny_srcip_http_pre_url_alert_204.py b/tests/security/sec_deny_srcip_http_pre_url_alert_204.py index d14ca459f..b8fb2c9de 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_alert_204.py +++ b/tests/security/sec_deny_srcip_http_pre_url_alert_204.py @@ -1,355 +1,3 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_204", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 204 - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "204", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - # -*- coding: UTF-8 -*- import os import sys @@ -428,13 +76,12 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "alert", + "code": 204, "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, - "send_icmp_unreachable": 0, - "after_n_packets": 0 + "send_icmp_unreachable": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -442,11 +89,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "204", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_pre_url_block_403_profile.py b/tests/security/sec_deny_srcip_http_pre_url_block_403_profile.py index 138836777..3ed8a56ce 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_block_403_profile.py +++ b/tests/security/sec_deny_srcip_http_pre_url_block_403_profile.py @@ -1,371 +1,3 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_block_403_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 403, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 403, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "403", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - # -*- coding: UTF-8 -*- import os import sys @@ -444,13 +76,17 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "block", + "code": 403, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, - "send_icmp_unreachable": 0, - "after_n_packets": 0 + "send_icmp_unreachable": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -458,11 +94,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "403", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, @@ -478,6 +114,10 @@ def run(parameter): objects_tuple, ui_error = ui_client.create_objects(policy_configuration) if len(ui_error) > 0: return ui_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) if len(ui_error) > 0: return ui_error @@ -553,7 +193,8 @@ def run(parameter): api_client.delete_rules(rules_tuple) if objects_tuple: api_client.delete_objects(objects_tuple) - + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time diff --git a/tests/security/sec_deny_srcip_http_pre_url_block_403_text.py b/tests/security/sec_deny_srcip_http_pre_url_block_403_text.py index 1ce8ff8b6..299b5fdaa 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_block_403_text.py +++ b/tests/security/sec_deny_srcip_http_pre_url_block_403_text.py @@ -1,357 +1,3 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_block_403_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 403, - "content_type": "TEXT", - "content": "hello403" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "403", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - # -*- coding: UTF-8 -*- import os import sys @@ -430,13 +76,13 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "block", + "code": 403, + "message": "deny_autest_403", "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, - "send_icmp_unreachable": 0, - "after_n_packets": 0 + "send_icmp_unreachable": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -444,11 +90,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "403", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_pre_url_block_404_profile.py b/tests/security/sec_deny_srcip_http_pre_url_block_404_profile.py index 6b57f1e28..71c09c5f4 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_block_404_profile.py +++ b/tests/security/sec_deny_srcip_http_pre_url_block_404_profile.py @@ -1,371 +1,3 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_block_404_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 404, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 404, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "404", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - # -*- coding: UTF-8 -*- import os import sys @@ -444,13 +76,17 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "block", + "code": 404, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, - "send_icmp_unreachable": 0, - "after_n_packets": 0 + "send_icmp_unreachable": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -458,11 +94,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "404", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, @@ -485,6 +121,10 @@ def run(parameter): api_client = APIClient(parameter) # {uuid, type}, i.e., {"12341-232-a21", "ip"} objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) if len(api_error) > 0: return api_error rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") @@ -553,6 +193,8 @@ def run(parameter): api_client.delete_rules(rules_tuple) if objects_tuple: api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() diff --git a/tests/security/sec_deny_srcip_http_pre_url_block_404_text.py b/tests/security/sec_deny_srcip_http_pre_url_block_404_text.py index ddbbfdb2d..314b3fae6 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_block_404_text.py +++ b/tests/security/sec_deny_srcip_http_pre_url_block_404_text.py @@ -1,357 +1,3 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_block_404_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 404, - "content_type": "TEXT", - "content": "hello404" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "404", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - # -*- coding: UTF-8 -*- import os import sys @@ -430,13 +76,13 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "block", + "code": 404, + "message": "deny_autest_404", "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, - "send_icmp_unreachable": 0, - "after_n_packets": 0 + "send_icmp_unreachable": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -444,11 +90,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "404", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_pre_url_drop.py b/tests/security/sec_deny_srcip_http_pre_url_drop.py index 2fc305204..1e21a320f 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_drop.py +++ b/tests/security/sec_deny_srcip_http_pre_url_drop.py @@ -1,357 +1,3 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - # -*- coding: UTF-8 -*- import os import sys @@ -434,7 +80,7 @@ def run(parameter): "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, + "send_tcp_reset": 0, "send_icmp_unreachable": 0, "after_n_packets": 0 }, @@ -444,11 +90,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "timed out", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_pre_url_drop_rst.py b/tests/security/sec_deny_srcip_http_pre_url_drop_rst.py index 28fae375d..718109c9a 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_drop_rst.py +++ b/tests/security/sec_deny_srcip_http_pre_url_drop_rst.py @@ -1,357 +1,3 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_drop_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - # -*- coding: UTF-8 -*- import os import sys @@ -444,11 +90,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "reset", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_pre_url_rate_high.py b/tests/security/sec_deny_srcip_http_pre_url_rate_high.py index 44637ee8d..23fe96268 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_rate_high.py +++ b/tests/security/sec_deny_srcip_http_pre_url_rate_high.py @@ -1,355 +1,3 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "POST", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - # -*- coding: UTF-8 -*- import os import sys @@ -428,13 +76,14 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, + "send_tcp_reset": 0, "send_icmp_unreachable": 0, - "after_n_packets": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -442,11 +91,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "POST", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_pre_url_rate_low.py b/tests/security/sec_deny_srcip_http_pre_url_rate_low.py index aa68ebfda..3ce1b3f88 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_rate_low.py +++ b/tests/security/sec_deny_srcip_http_pre_url_rate_low.py @@ -1,355 +1,3 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - # -*- coding: UTF-8 -*- import os import sys @@ -428,13 +76,14 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, - "send_icmp_unreachable": 0, - "after_n_packets": 0 + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -442,11 +91,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "timed out", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_pre_url_redirect.py b/tests/security/sec_deny_srcip_http_pre_url_redirect.py index d7d190be3..e9187bc15 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_redirect.py +++ b/tests/security/sec_deny_srcip_http_pre_url_redirect.py @@ -1,358 +1,3 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_redirect", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "to_url": "https://www.youtube.com", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "303", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - # -*- coding: UTF-8 -*- import os import sys @@ -431,13 +76,13 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "redirect", + "code": 303, + "to": "https://www.youtube.com", "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, - "send_icmp_unreachable": 0, - "after_n_packets": 0 + "send_icmp_unreachable": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -445,11 +90,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "303", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_pre_url_tamper.py b/tests/security/sec_deny_srcip_http_pre_url_tamper.py index 894e0372e..7f77790f1 100644 --- a/tests/security/sec_deny_srcip_http_pre_url_tamper.py +++ b/tests/security/sec_deny_srcip_http_pre_url_tamper.py @@ -1,354 +1,3 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - # -*- coding: UTF-8 -*- import os import sys @@ -427,13 +76,12 @@ def run(parameter): } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "tamper", "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, + "tamper_mode": "complete", "send_icmp_unreachable": 0, - "after_n_packets": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -441,11 +89,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "timed out", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_rate_high.py b/tests/security/sec_deny_srcip_http_rate_high.py index 2b93f991c..47c9f15f3 100644 --- a/tests/security/sec_deny_srcip_http_rate_high.py +++ b/tests/security/sec_deny_srcip_http_rate_high.py @@ -1,337 +1,3 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_block_404_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "POST", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - # -*- coding: UTF-8 -*- import os import sys @@ -388,35 +54,17 @@ def run(parameter): "items": ["http"] } ], - }, - { - "negate_option": False, - "or_conditions": [ - { - "attribute_name": "ATTR_HTTP_URL", - "name": "sec_url", - "type": "url", - "statistics_option": "none", - "member_type": "item", - "items": [ - { - "op": "add", - "expr_type": "and", - "expression": "^open.node" - } - ] - } - ] } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, + "send_tcp_reset": 0, "send_icmp_unreachable": 0, - "after_n_packets": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -424,11 +72,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "POST", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_rate_low.py b/tests/security/sec_deny_srcip_http_rate_low.py index c78ddd4bc..7c2d4ea0d 100644 --- a/tests/security/sec_deny_srcip_http_rate_low.py +++ b/tests/security/sec_deny_srcip_http_rate_low.py @@ -1,337 +1,3 @@ -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - -# -*- coding: UTF-8 -*- -import time -import os -import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) -from datetime import datetime -from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy - -def run(parameter): - try: - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) - # 参数初始化 - exception_result = "" - result = {} - - # 脚本启动时间 - script_start_time = time.time() - - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_pre_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, - "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" - }, - "token": "" - } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - - return result - except Exception as e: - exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) - finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() - # 统计脚本用时 - script_end_time = time.time() - duration = script_end_time - script_start_time - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) - # 生成csv报告 - update = ReportUpdate() - update.write_result(parameter, result, exception_result) - -if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", - "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, - "env": "tsgx", - "vsys_id": 1, - "root_path": workdir, - "path": workdir + "/tests/api", - "module_name": "security", - "test_case_name": os.path.basename(__file__)[:-3] - } - parameter = replace_paras(parameter) - run(parameter) - # -*- coding: UTF-8 -*- import os import sys @@ -388,35 +54,17 @@ def run(parameter): "items": ["http"] } ], - }, - { - "negate_option": False, - "or_conditions": [ - { - "attribute_name": "ATTR_HTTP_URL", - "name": "sec_url", - "type": "url", - "statistics_option": "none", - "member_type": "item", - "items": [ - { - "op": "add", - "expr_type": "and", - "expression": "^open.node" - } - ] - } - ] } ], "action_parameter": { - "sub_action": "drop", + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", "packet_capture": { "enable": 0 }, - "send_tcp_reset": 1, - "send_icmp_unreachable": 0, - "after_n_packets": 0 + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, "is_enabled": 1, "log_option": "metadata", @@ -424,11 +72,11 @@ def run(parameter): traffic_generation = { "tool": "http", # or trex/http - "command": "wget -q --debug http://open.node.com:180" + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } verification_result = { - "excepted_traffic_result": "200", + "excepted_traffic_result": "timed out", "expected_metric": {"hits": 1}, "expected_log": [ {"query_field_key":"http_host", "query_value": "open.node.com"}, diff --git a/tests/security/sec_deny_srcip_http_sub_url_alert_200_profile.py b/tests/security/sec_deny_srcip_http_sub_url_alert_200_profile.py index f014b6124..2c29d6fc2 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_alert_200_profile.py +++ b/tests/security/sec_deny_srcip_http_sub_url_alert_200_profile.py @@ -1,183 +1,223 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" + "sub_action": "alert", + "code": 200, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_alert_200_text.py b/tests/security/sec_deny_srcip_http_sub_url_alert_200_text.py index 2d0491dbe..58b63dc97 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_alert_200_text.py +++ b/tests/security/sec_deny_srcip_http_sub_url_alert_200_text.py @@ -1,169 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_alert_200_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "TEXT", - "content": "deny200" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "alert", + "code": 200, + "message": "deny_autest_200", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_alert_204.py b/tests/security/sec_deny_srcip_http_sub_url_alert_204.py index a2f6f3d1e..e64573e7e 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_alert_204.py +++ b/tests/security/sec_deny_srcip_http_sub_url_alert_204.py @@ -1,166 +1,213 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_alert_204", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 204 - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "alert", + "code": 204, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "expected_return": "204", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "204", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_block_403_profile.py b/tests/security/sec_deny_srcip_http_sub_url_block_403_profile.py index 557a97f2a..9a2027c25 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_block_403_profile.py +++ b/tests/security/sec_deny_srcip_http_sub_url_block_403_profile.py @@ -1,183 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_block_403_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 403, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 403, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "403", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" + "sub_action": "block", + "code": 403, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "403", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_block_403_text.py b/tests/security/sec_deny_srcip_http_sub_url_block_403_text.py index 52ba974f9..8ab9e3283 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_block_403_text.py +++ b/tests/security/sec_deny_srcip_http_sub_url_block_403_text.py @@ -1,169 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_block_403_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 403, - "content_type": "TEXT", - "content": "hello403" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 403, + "message": "deny_autest_403", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "403", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "403", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_block_404_profile.py b/tests/security/sec_deny_srcip_http_sub_url_block_404_profile.py index b782476cb..5aabc835f 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_block_404_profile.py +++ b/tests/security/sec_deny_srcip_http_sub_url_block_404_profile.py @@ -1,183 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_block_404_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 404, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 404, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "404", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" + "sub_action": "block", + "code": 404, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "404", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_block_404_text.py b/tests/security/sec_deny_srcip_http_sub_url_block_404_text.py index 6c74fcf19..f5e70f0d7 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_block_404_text.py +++ b/tests/security/sec_deny_srcip_http_sub_url_block_404_text.py @@ -1,169 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_block_404_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 404, - "content_type": "TEXT", - "content": "hello404" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 404, + "message": "deny_autest_404", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "404", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "404", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_drop.py b/tests/security/sec_deny_srcip_http_sub_url_drop.py index 770eac358..dc186a212 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_drop.py +++ b/tests/security/sec_deny_srcip_http_sub_url_drop.py @@ -1,169 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_drop_rst.py b/tests/security/sec_deny_srcip_http_sub_url_drop_rst.py index 2d0cab16d..7f1cd640c 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_drop_rst.py +++ b/tests/security/sec_deny_srcip_http_sub_url_drop_rst.py @@ -1,169 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_drop_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_rate_high.py b/tests/security/sec_deny_srcip_http_sub_url_rate_high.py index 47260e57d..08f669555 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_rate_high.py +++ b/tests/security/sec_deny_srcip_http_sub_url_rate_high.py @@ -1,167 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "POST", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "POST", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_rate_low.py b/tests/security/sec_deny_srcip_http_sub_url_rate_low.py index d9bbb1e72..1a2df644f 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_rate_low.py +++ b/tests/security/sec_deny_srcip_http_sub_url_rate_low.py @@ -1,167 +1,215 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_redirect.py b/tests/security/sec_deny_srcip_http_sub_url_redirect.py index ba4c505b0..40e2d6fbe 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_redirect.py +++ b/tests/security/sec_deny_srcip_http_sub_url_redirect.py @@ -1,170 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_redirect", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "to_url": "https://www.youtube.com", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "code": 303, + "to": "https://www.youtube.com", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "303", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "303", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_sub_url_tamper.py b/tests/security/sec_deny_srcip_http_sub_url_tamper.py index 194ad9560..e1785c3e1 100644 --- a/tests/security/sec_deny_srcip_http_sub_url_tamper.py +++ b/tests/security/sec_deny_srcip_http_sub_url_tamper.py @@ -1,166 +1,213 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_sub_url_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "open.node.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_200_profile.py b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_200_profile.py index 9d2327f5e..eac475cc8 100644 --- a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_200_profile.py +++ b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_200_profile.py @@ -1,186 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_substr_reqheader_by_cookie_alert_200_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_http_sig", - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_header", - "item_key": "Cookie", - "item_value": "TEXT", - "value": [ - "sec_cookie" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_req_header", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "sec_cookie&cookie" + }] + }] + } + ], "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + "sub_action": "alert", + "code": 200, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_200_text.py b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_200_text.py index 9783c8e09..b9e1f2513 100644 --- a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_200_text.py +++ b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_200_text.py @@ -1,172 +1,217 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_substr_reqheader_by_cookie_alert_200_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_http_sig", - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_header", - "item_key": "Cookie", - "item_value": "TEXT", - "value": [ - "sec_cookie" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ { - "type": "alert", - "code": 200, - "content_type": "TEXT", - "content": "deny200" - } - ], - "packet_capture": [] + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_req_header", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "sec_cookie&cookie" + }] + }] + } + ], + "action_parameter": { + "sub_action": "alert", + "code": 200, + "message": "deny_autest_200", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_204.py b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_204.py index 7e8da8970..e2b92e1a2 100644 --- a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_204.py +++ b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_alert_204.py @@ -1,171 +1,216 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_substr_reqheader_by_cookie_alert_204", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_http_sig", - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_header", - "item_key": "Cookie", - "item_value": "TEXT", - "value": [ - "sec_cookie" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ { - "type": "alert", - "code": 204, - "content_type": "Profile", - "content": "test_tsg_ui_profile_page" - } - ], - "packet_capture": [] + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_req_header", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "sec_cookie&cookie" + }] + }] + } + ], + "action_parameter": { + "sub_action": "alert", + "code": 204, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "expected_return": "204", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "204", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_403_profile.py b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_403_profile.py index edde61d35..c7d5aaeeb 100644 --- a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_403_profile.py +++ b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_403_profile.py @@ -1,186 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_substr_reqheader_by_cookie_block_403_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_http_sig", - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_header", - "item_key": "Cookie", - "item_value": "TEXT", - "value": [ - "sec_cookie" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 403, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_req_header", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "sec_cookie&cookie" + }] + }] + } + ], "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 403, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "403", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + "sub_action": "block", + "code": 403, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "403", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_403_text.py b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_403_text.py index 12ac99165..b859cc6e3 100644 --- a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_403_text.py +++ b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_403_text.py @@ -1,172 +1,217 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_substr_reqheader_by_cookie_block_403_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_http_sig", - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_header", - "item_key": "Cookie", - "item_value": "TEXT", - "value": [ - "sec_cookie" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ { - "type": "block", - "code": 403, - "content_type": "TEXT", - "content": "hello403" - } - ], - "packet_capture": [] + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_req_header", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "sec_cookie&cookie" + }] + }] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 403, + "message": "deny_autest_403", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "403", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "403", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_404_profile.py b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_404_profile.py index b70a4bd1d..dffc530d6 100644 --- a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_404_profile.py +++ b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_404_profile.py @@ -1,186 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_substr_reqheader_by_cookie_block_404_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_http_sig", - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_header", - "item_key": "Cookie", - "item_value": "TEXT", - "value": [ - "sec_cookie" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 404, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_req_header", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "sec_cookie&cookie" + }] + }] + } + ], "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 404, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "404", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + "sub_action": "block", + "code": 404, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "404", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_404_text.py b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_404_text.py index 6842d031b..ab204c2ad 100644 --- a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_404_text.py +++ b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_block_404_text.py @@ -1,172 +1,217 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_substr_reqheader_by_cookie_block_404_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_http_sig", - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_header", - "item_key": "Cookie", - "item_value": "TEXT", - "value": [ - "sec_cookie" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ { - "type": "block", - "code": 404, - "content_type": "TEXT", - "content": "hello404" - } - ], - "packet_capture": [] + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_req_header", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "sec_cookie&cookie" + }] + }] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 404, + "message": "deny_autest_404", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "404", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "404", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_rate_high.py b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_rate_high.py index 14288705a..628f83b46 100644 --- a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_rate_high.py +++ b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_rate_high.py @@ -1,170 +1,218 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_substr_reqheader_by_cookie_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_http_sig", - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_header", - "item_key": "Cookie", - "item_value": "TEXT", - "value": [ - "sec_cookie" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_req_header", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "sec_cookie&cookie" + }] + }] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "POST", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "POST", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_rate_low.py b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_rate_low.py index 84b2ff8cf..ede2f345a 100644 --- a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_rate_low.py +++ b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_rate_low.py @@ -1,170 +1,218 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_substr_reqheader_by_cookie_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_http_sig", - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_header", - "item_key": "Cookie", - "item_value": "TEXT", - "value": [ - "sec_cookie" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_req_header", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "sec_cookie&cookie" + }] + }] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_tamper.py b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_tamper.py index 4ed7dcfe6..56d5d0022 100644 --- a/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_tamper.py +++ b/tests/security/sec_deny_srcip_http_substr_reqheader_by_cookie_tamper.py @@ -1,169 +1,216 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_substr_reqheader_by_cookie_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_http_sig", - "object_type": "http_signature", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_header", - "item_key": "Cookie", - "item_value": "TEXT", - "value": [ - "sec_cookie" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ { - "type": "tamper" - } - ], - "packet_capture": [] + "attribute_name": "ATTR_HTTP_REQ_HDR", + "name": "sec_req_header", + "type": "keyword", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "sec_cookie&cookie" + }] + }] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 30 -m 60 -H \"Content-Type:application/json;charset=UTF-8\" -b \"test_name=sec_cookie\" -X POST -d \"{\\\"requestbody\\\":\\\"test_request_body\\\",\\\"setcook\\\":\\\"test_setcook\\\",\\\"contenttype\\\": \\\"test_cont\\\",\\\"responsebody\\\": \\\"test_resbody\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key": "http_cookie", "query_value": "test_name=sec_cookie"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_suff_reqbody_drop.py b/tests/security/sec_deny_srcip_http_suff_reqbody_drop.py index a4dc76c04..d611ed7ed 100644 --- a/tests/security/sec_deny_srcip_http_suff_reqbody_drop.py +++ b/tests/security/sec_deny_srcip_http_suff_reqbody_drop.py @@ -1,103 +1,100 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "*{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -105,74 +102,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_suff_reqbody_drop_rst.py b/tests/security/sec_deny_srcip_http_suff_reqbody_drop_rst.py index b4db7a146..782379d3a 100644 --- a/tests/security/sec_deny_srcip_http_suff_reqbody_drop_rst.py +++ b/tests/security/sec_deny_srcip_http_suff_reqbody_drop_rst.py @@ -1,103 +1,100 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "*{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -105,74 +102,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_suff_reqbody_rate_high.py b/tests/security/sec_deny_srcip_http_suff_reqbody_rate_high.py index 0b0853744..734010cbf 100644 --- a/tests/security/sec_deny_srcip_http_suff_reqbody_rate_high.py +++ b/tests/security/sec_deny_srcip_http_suff_reqbody_rate_high.py @@ -1,101 +1,101 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "*{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "100000", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "test", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "test", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -103,74 +103,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_suff_reqbody_rate_low.py b/tests/security/sec_deny_srcip_http_suff_reqbody_rate_low.py index 12eb6e0de..4a7e3d110 100644 --- a/tests/security/sec_deny_srcip_http_suff_reqbody_rate_low.py +++ b/tests/security/sec_deny_srcip_http_suff_reqbody_rate_low.py @@ -1,101 +1,101 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "*{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -103,74 +103,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_suff_reqbody_tamper.py b/tests/security/sec_deny_srcip_http_suff_reqbody_tamper.py index 8e18a3f34..4a7e3d110 100644 --- a/tests/security/sec_deny_srcip_http_suff_reqbody_tamper.py +++ b/tests/security/sec_deny_srcip_http_suff_reqbody_tamper.py @@ -1,100 +1,101 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "*{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -102,74 +103,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_reqbody_drop.py b/tests/security/sec_deny_srcip_http_xly_reqbody_drop.py index df4c1cc60..97b31b1d3 100644 --- a/tests/security/sec_deny_srcip_http_xly_reqbody_drop.py +++ b/tests/security/sec_deny_srcip_http_xly_reqbody_drop.py @@ -1,103 +1,100 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "${\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -105,74 +102,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_reqbody_drop_rst.py b/tests/security/sec_deny_srcip_http_xly_reqbody_drop_rst.py index bbea994f4..ece3bef0b 100644 --- a/tests/security/sec_deny_srcip_http_xly_reqbody_drop_rst.py +++ b/tests/security/sec_deny_srcip_http_xly_reqbody_drop_rst.py @@ -1,103 +1,100 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "${\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -105,74 +102,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_reqbody_rate_high.py b/tests/security/sec_deny_srcip_http_xly_reqbody_rate_high.py index b1cadd286..2a83b138e 100644 --- a/tests/security/sec_deny_srcip_http_xly_reqbody_rate_high.py +++ b/tests/security/sec_deny_srcip_http_xly_reqbody_rate_high.py @@ -1,101 +1,101 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "${\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "100000", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "test", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "test", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -103,74 +103,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_reqbody_rate_low.py b/tests/security/sec_deny_srcip_http_xly_reqbody_rate_low.py index 1e2e1c4d3..cb65b2d8e 100644 --- a/tests/security/sec_deny_srcip_http_xly_reqbody_rate_low.py +++ b/tests/security/sec_deny_srcip_http_xly_reqbody_rate_low.py @@ -1,101 +1,101 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "${\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -103,74 +103,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_reqbody_tamper.py b/tests/security/sec_deny_srcip_http_xly_reqbody_tamper.py index 241d8a717..cb65b2d8e 100644 --- a/tests/security/sec_deny_srcip_http_xly_reqbody_tamper.py +++ b/tests/security/sec_deny_srcip_http_xly_reqbody_tamper.py @@ -1,100 +1,101 @@ # -*- coding: UTF-8 -*- -import time import os import sys sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_keywords_reqbody", - "object_type": "keywords", - "item_operation": "add", - "select_type": False, - "negate": False, - "statistics": "None", - "item": [ - { - "item_operation": "add", - "item_type": "request_body", - "item_value": "TEXT", - "value": [ - "${\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}" - ] - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_REQ_BODY", + "type": "keyword", + "name": "sec_keyword", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^{\"requestbody\":\"test\",\"setcook\":\"\",\"contenttype\":\"\",\"responsebody\":\"\"}$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [ + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" + } + + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ {"query_field_key":"client_ip", "query_value":parameter['test_pc_ip']}, {"query_field_key":"decoded_as", "query_value": "HTTP"}, {"query_field_key":"security_action", "query_value":"deny"}, @@ -102,74 +103,114 @@ def run(parameter): {"query_field_key":"ip_protocol", "query_value": "tcp"}, {"query_field_key":"http_host", "query_value": "open.node.com"}, {"query_field_key":"http_url", "query_value": "open.node.com:180/go"} - ], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl --connect-timeout 10 -m 10 -H \"Content-Type:application/json;charset=UTF-8\" -X POST -d \"{\\\"requestbody\\\":\\\"test\\\",\\\"setcook\\\":\\\"\\\",\\\"contenttype\\\":\\\"\\\",\\\"responsebody\\\":\\\"\\\"}\" -kv --user-agent \"Wget (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36\" http://open.node.com:180/go" - }, - "token": "" + ] } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_alert_200_profile.py b/tests/security/sec_deny_srcip_http_xly_url_alert_200_profile.py index 5a4bdab81..bd25b36d2 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_alert_200_profile.py +++ b/tests/security/sec_deny_srcip_http_xly_url_alert_200_profile.py @@ -1,183 +1,445 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": os.path.splitext(os.path.basename(__file__))[0], - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 200, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "wget -q --debug http://open.node.com:180" + "sub_action": "alert", + "code": 200, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir + parameter = { + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", + "api_server": "http://192.168.44.72", + "initiation_method": "api", + "env": "tsgx", + "vsys": 5, + "root_path": workdir, + "path": workdir + "/tests", + "module_name": "security", + "test_case_name": os.path.basename(__file__)[:-3] + } + run(parameter) +# -*- coding: UTF-8 -*- +import os +import sys +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz +from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * +from support.report_update import ReportUpdate + +def run(parameter): + try: + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + + # 参数初始化 + result, exception_result = "", "" + test_summary = {} + + # 脚本启动时间 + script_start_time = time.time() + + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "open.node.com" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "alert", + "code": 200, + "message": "deny_autest_200", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 + }, + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary + except Exception as e: + exception_result = str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) + finally: + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + + # 统计脚本用时 + script_end_time = time.time() + duration = script_end_time - script_start_time + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + + # 生成csv报告 + update = ReportUpdate() + update.write_result(parameter, result, exception_result) + +if __name__ == '__main__': parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_alert_200_text.py b/tests/security/sec_deny_srcip_http_xly_url_alert_200_text.py index 2c7a28bdc..6899c667f 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_alert_200_text.py +++ b/tests/security/sec_deny_srcip_http_xly_url_alert_200_text.py @@ -1,169 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_alert_200_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 200, - "content_type": "TEXT", - "content": "deny200" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "alert", + "code": 200, + "message": "deny_autest_200", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "200", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "wget -q --debug http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "200", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_alert_204.py b/tests/security/sec_deny_srcip_http_xly_url_alert_204.py index 47ee898c1..4dce9d71b 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_alert_204.py +++ b/tests/security/sec_deny_srcip_http_xly_url_alert_204.py @@ -1,166 +1,213 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_alert_204", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "alert", - "code": 204 - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "alert", + "code": 204, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "expected_return": "204", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "204", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_block_403_profile.py b/tests/security/sec_deny_srcip_http_xly_url_block_403_profile.py index 3d5c459d1..85886a670 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_block_403_profile.py +++ b/tests/security/sec_deny_srcip_http_xly_url_block_403_profile.py @@ -1,183 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_block_403_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 403, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 403, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "403", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" + "sub_action": "block", + "code": 403, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "403", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_block_403_text.py b/tests/security/sec_deny_srcip_http_xly_url_block_403_text.py index 0fd0a6207..062eb7004 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_block_403_text.py +++ b/tests/security/sec_deny_srcip_http_xly_url_block_403_text.py @@ -1,169 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_block_403_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 403, - "content_type": "TEXT", - "content": "hello403" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 403, + "message": "deny_autest_403", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "403", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "403", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_block_404_profile.py b/tests/security/sec_deny_srcip_http_xly_url_block_404_profile.py index 53a39acfb..cda71b2bb 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_block_404_profile.py +++ b/tests/security/sec_deny_srcip_http_xly_url_block_404_profile.py @@ -1,183 +1,224 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_block_404_profile", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 404, - "content_type": "Profile", - "content": "sec_respage" - } - ], - "packet_capture": [] - }, + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], "action_parameter": { - "response_page": [ - { - "profile_type": "response_page", - "response_code": 404, - "response_content_type": "Profile", - "profile_file": { - "name": "sec_respage", - "model": "create", - "file": "response_testa.html" - }, - } - ] - }, - "profile": [], - "expected_return": "404", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" + "sub_action": "block", + "code": 404, + "html_profile": { + "name": "test", + "format": "html", + "file_path": "Response-Pages_1.html" + }, + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" + } + + verification_result = { + "excepted_traffic_result": "404", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_block_404_text.py b/tests/security/sec_deny_srcip_http_xly_url_block_404_text.py index fbac1e712..52c10957f 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_block_404_text.py +++ b/tests/security/sec_deny_srcip_http_xly_url_block_404_text.py @@ -1,169 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_block_404_text", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "block", - "code": 404, - "content_type": "TEXT", - "content": "hello404" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "block", + "code": 404, + "message": "deny_autest_404", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "404", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "404", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_drop.py b/tests/security/sec_deny_srcip_http_xly_url_drop.py index dcc76490a..cc5b7bb9f 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_drop.py +++ b/tests/security/sec_deny_srcip_http_xly_url_drop.py @@ -1,169 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_drop_rst.py b/tests/security/sec_deny_srcip_http_xly_url_drop_rst.py index ac541f117..e870a77c6 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_drop_rst.py +++ b/tests/security/sec_deny_srcip_http_xly_url_drop_rst.py @@ -1,169 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_drop_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_rate_high.py b/tests/security/sec_deny_srcip_http_xly_url_rate_high.py index 7d5b41bac..d05b55a12 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_rate_high.py +++ b/tests/security/sec_deny_srcip_http_xly_url_rate_high.py @@ -1,167 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "POST", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "wget", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "POST", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + # 处理Profiles + profiles_tuple, api_error = api_client.create_profiles(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + if profiles_tuple: + api_client.delete_profiles(profiles_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_rate_low.py b/tests/security/sec_deny_srcip_http_xly_url_rate_low.py index c8d59e144..0320c53fe 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_rate_low.py +++ b/tests/security/sec_deny_srcip_http_xly_url_rate_low.py @@ -1,167 +1,215 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_redirect.py b/tests/security/sec_deny_srcip_http_xly_url_redirect.py index 23dfe319a..e0332a7b2 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_redirect.py +++ b/tests/security/sec_deny_srcip_http_xly_url_redirect.py @@ -1,170 +1,214 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_redirect", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "redirect", - "to_url": "https://www.youtube.com", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "redirect", + "code": 303, + "to": "https://www.youtube.com", + "packet_capture": { + "enable": 0 + }, + "send_icmp_unreachable": 0 }, - "profile": [], - "expected_return": "303", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "303", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_http_xly_url_tamper.py b/tests/security/sec_deny_srcip_http_xly_url_tamper.py index bdeaa1682..ade8cb2de 100644 --- a/tests/security/sec_deny_srcip_http_xly_url_tamper.py +++ b/tests/security/sec_deny_srcip_http_xly_url_tamper.py @@ -1,166 +1,213 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_http_xly_url_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "http", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_url", - "object_type": "url", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "url", - "item_value": "$open.node.com:180/" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["http"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_HTTP_URL", + "name": "sec_url", + "type": "url", + "statistics_option": "none", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^open.node.com:180/$" + } + ] + } + ] + } + ], + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"http_host", "query_value": "open.node.com"}, - {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, - {"query_field_key": "decoded_as", "query_value": "HTTP"}, - {"query_field_key":"security_action","query_value":"deny"}], - "traffic": { - "protocol": "http", - "type": "curl", - "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" - }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "http", # or trex/http + "command": "curl -kv --connect-timeout 10 -m 10 http://open.node.com:180" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"http_host", "query_value": "open.node.com"}, + {"query_field_key":"http_url", "query_value": "open.node.com:180/"}, + {"query_field_key": "decoded_as", "query_value": "HTTP"}, + {"query_field_key":"security_action","query_value":"deny"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_account_drop.py b/tests/security/sec_deny_srcip_mail_exactly_account_drop.py index 21145228d..9a274ff5b 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_account_drop.py +++ b/tests/security/sec_deny_srcip_mail_exactly_account_drop.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_account_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "$hbn@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_account_rate_high.py b/tests/security/sec_deny_srcip_mail_exactly_account_rate_high.py index 3b3ba07dc..27de0bb1f 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_account_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_exactly_account_rate_high.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_account_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "$hbn@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_account_rate_low.py b/tests/security/sec_deny_srcip_mail_exactly_account_rate_low.py index dcb3ca78f..5d0f7a257 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_account_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_exactly_account_rate_low.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_account_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "$hbn@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_account_rst.py b/tests/security/sec_deny_srcip_mail_exactly_account_rst.py index 367475270..bbb84e867 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_account_rst.py +++ b/tests/security/sec_deny_srcip_mail_exactly_account_rst.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_account_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "$hbn@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_account_tamper.py b/tests/security/sec_deny_srcip_mail_exactly_account_tamper.py index 07c54d3fa..b2637d65a 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_account_tamper.py +++ b/tests/security/sec_deny_srcip_mail_exactly_account_tamper.py @@ -1,174 +1,220 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_account_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "$hbn@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_from_drop.py b/tests/security/sec_deny_srcip_mail_exactly_from_drop.py index 1ca63b9b2..c85be5c5e 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_from_drop.py +++ b/tests/security/sec_deny_srcip_mail_exactly_from_drop.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_from_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "$hbn@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_from_rate_high.py b/tests/security/sec_deny_srcip_mail_exactly_from_rate_high.py index 287e567a2..6f694c1f8 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_from_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_exactly_from_rate_high.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_from_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "$hbn@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_from_rate_low.py b/tests/security/sec_deny_srcip_mail_exactly_from_rate_low.py index 556cb0d22..0c5e12868 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_from_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_exactly_from_rate_low.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_from_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "$hbn@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_from_rst.py b/tests/security/sec_deny_srcip_mail_exactly_from_rst.py index 8bee30248..cbdf823b2 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_from_rst.py +++ b/tests/security/sec_deny_srcip_mail_exactly_from_rst.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_from_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "$hbn@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_exactly_from_tamper.py b/tests/security/sec_deny_srcip_mail_exactly_from_tamper.py index 0ad25c68f..d5abdbdfb 100644 --- a/tests/security/sec_deny_srcip_mail_exactly_from_tamper.py +++ b/tests/security/sec_deny_srcip_mail_exactly_from_tamper.py @@ -1,174 +1,220 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_exactly_from_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "$hbn@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_account_drop.py b/tests/security/sec_deny_srcip_mail_pre_account_drop.py index ff451456b..9a274ff5b 100644 --- a/tests/security/sec_deny_srcip_mail_pre_account_drop.py +++ b/tests/security/sec_deny_srcip_mail_pre_account_drop.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_account_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "hbn@163.*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_account_rate_high.py b/tests/security/sec_deny_srcip_mail_pre_account_rate_high.py index 965440123..9a964e179 100644 --- a/tests/security/sec_deny_srcip_mail_pre_account_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_pre_account_rate_high.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_account_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "hbn@163.*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_account_rate_low.py b/tests/security/sec_deny_srcip_mail_pre_account_rate_low.py index daef75ec0..d78cdbb27 100644 --- a/tests/security/sec_deny_srcip_mail_pre_account_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_pre_account_rate_low.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_account_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "hbn@163.*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_account_rst.py b/tests/security/sec_deny_srcip_mail_pre_account_rst.py index 83f4ecd93..3d75db032 100644 --- a/tests/security/sec_deny_srcip_mail_pre_account_rst.py +++ b/tests/security/sec_deny_srcip_mail_pre_account_rst.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_account_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "hbn@163.*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_account_tamper.py b/tests/security/sec_deny_srcip_mail_pre_account_tamper.py index 88135aa67..f5f46e10e 100644 --- a/tests/security/sec_deny_srcip_mail_pre_account_tamper.py +++ b/tests/security/sec_deny_srcip_mail_pre_account_tamper.py @@ -1,174 +1,220 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_account_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "hbn@163.*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_from_drop.py b/tests/security/sec_deny_srcip_mail_pre_from_drop.py index 73c90270f..538055101 100644 --- a/tests/security/sec_deny_srcip_mail_pre_from_drop.py +++ b/tests/security/sec_deny_srcip_mail_pre_from_drop.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_from_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "hbn@163.*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_from_rate_high.py b/tests/security/sec_deny_srcip_mail_pre_from_rate_high.py index b29770bea..3ff8f5b4f 100644 --- a/tests/security/sec_deny_srcip_mail_pre_from_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_pre_from_rate_high.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_from_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "hbn@163.*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_from_rate_low.py b/tests/security/sec_deny_srcip_mail_pre_from_rate_low.py index b5ee836ee..27836d0e2 100644 --- a/tests/security/sec_deny_srcip_mail_pre_from_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_pre_from_rate_low.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_from_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "hbn@163.*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_from_rst.py b/tests/security/sec_deny_srcip_mail_pre_from_rst.py index 9d746836c..da3eb6d05 100644 --- a/tests/security/sec_deny_srcip_mail_pre_from_rst.py +++ b/tests/security/sec_deny_srcip_mail_pre_from_rst.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_from_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "hbn@163.*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_pre_from_tamper.py b/tests/security/sec_deny_srcip_mail_pre_from_tamper.py index 5718f3cd9..c7f49ef03 100644 --- a/tests/security/sec_deny_srcip_mail_pre_from_tamper.py +++ b/tests/security/sec_deny_srcip_mail_pre_from_tamper.py @@ -1,174 +1,220 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_pre_from_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "hbn@163.*" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "^hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_account_drop.py b/tests/security/sec_deny_srcip_mail_substr_account_drop.py index 779fc79f3..029ca85b3 100644 --- a/tests/security/sec_deny_srcip_mail_substr_account_drop.py +++ b/tests/security/sec_deny_srcip_mail_substr_account_drop.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_account_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "hbn@163" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_account_rate_high.py b/tests/security/sec_deny_srcip_mail_substr_account_rate_high.py index 155a6baf3..2069755e5 100644 --- a/tests/security/sec_deny_srcip_mail_substr_account_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_substr_account_rate_high.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_account_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "hbn@163" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_account_rate_low.py b/tests/security/sec_deny_srcip_mail_substr_account_rate_low.py index 35c343d29..b07fba439 100644 --- a/tests/security/sec_deny_srcip_mail_substr_account_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_substr_account_rate_low.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_account_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "hbn@163" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_account_rst.py b/tests/security/sec_deny_srcip_mail_substr_account_rst.py index d4ba3446f..8fed3d443 100644 --- a/tests/security/sec_deny_srcip_mail_substr_account_rst.py +++ b/tests/security/sec_deny_srcip_mail_substr_account_rst.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_account_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "hbn@163" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_account_tamper.py b/tests/security/sec_deny_srcip_mail_substr_account_tamper.py index 3c93ea6f5..1a7237134 100644 --- a/tests/security/sec_deny_srcip_mail_substr_account_tamper.py +++ b/tests/security/sec_deny_srcip_mail_substr_account_tamper.py @@ -1,174 +1,220 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_account_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "hbn@163" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_from_drop.py b/tests/security/sec_deny_srcip_mail_substr_from_drop.py index cb8dfae7f..f67c12cd4 100644 --- a/tests/security/sec_deny_srcip_mail_substr_from_drop.py +++ b/tests/security/sec_deny_srcip_mail_substr_from_drop.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_from_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "hbn@163" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_from_rate_high.py b/tests/security/sec_deny_srcip_mail_substr_from_rate_high.py index 1e92e2b24..22f3bd9e1 100644 --- a/tests/security/sec_deny_srcip_mail_substr_from_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_substr_from_rate_high.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_from_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "hbn@163" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_from_rate_low.py b/tests/security/sec_deny_srcip_mail_substr_from_rate_low.py index f0cacc72e..cbe24699b 100644 --- a/tests/security/sec_deny_srcip_mail_substr_from_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_substr_from_rate_low.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_from_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "hbn@163" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_from_rst.py b/tests/security/sec_deny_srcip_mail_substr_from_rst.py index d85ac534a..c7a227cc8 100644 --- a/tests/security/sec_deny_srcip_mail_substr_from_rst.py +++ b/tests/security/sec_deny_srcip_mail_substr_from_rst.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_from_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "hbn@163" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_substr_from_tamper.py b/tests/security/sec_deny_srcip_mail_substr_from_tamper.py index e0039da4e..9ea8059e1 100644 --- a/tests/security/sec_deny_srcip_mail_substr_from_tamper.py +++ b/tests/security/sec_deny_srcip_mail_substr_from_tamper.py @@ -1,174 +1,220 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_substr_from_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "hbn@163" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "hbn@163." + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_account_drop.py b/tests/security/sec_deny_srcip_mail_suff_account_drop.py index cd6430881..0a2ea5255 100644 --- a/tests/security/sec_deny_srcip_mail_suff_account_drop.py +++ b/tests/security/sec_deny_srcip_mail_suff_account_drop.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_account_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "*hbn@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_account_rate_high.py b/tests/security/sec_deny_srcip_mail_suff_account_rate_high.py index 7f0538afd..aa04bd189 100644 --- a/tests/security/sec_deny_srcip_mail_suff_account_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_suff_account_rate_high.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_account_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "*hbn@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_account_rate_low.py b/tests/security/sec_deny_srcip_mail_suff_account_rate_low.py index fbef8da9e..7fb732a2a 100644 --- a/tests/security/sec_deny_srcip_mail_suff_account_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_suff_account_rate_low.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_account_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "*hbn@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_account_rst.py b/tests/security/sec_deny_srcip_mail_suff_account_rst.py index 31e21943e..cd53e3e4b 100644 --- a/tests/security/sec_deny_srcip_mail_suff_account_rst.py +++ b/tests/security/sec_deny_srcip_mail_suff_account_rst.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_account_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "*hbn@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_account_tamper.py b/tests/security/sec_deny_srcip_mail_suff_account_tamper.py index 182bdd1a5..618cc2fbf 100644 --- a/tests/security/sec_deny_srcip_mail_suff_account_tamper.py +++ b/tests/security/sec_deny_srcip_mail_suff_account_tamper.py @@ -1,174 +1,220 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_account_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_account", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_account", - "item_value": "*hbn@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_ACCOUNT", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_from_drop.py b/tests/security/sec_deny_srcip_mail_suff_from_drop.py index 3fc1d6be7..336cac8c4 100644 --- a/tests/security/sec_deny_srcip_mail_suff_from_drop.py +++ b/tests/security/sec_deny_srcip_mail_suff_from_drop.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_from_drop", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "*hbn@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": False, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_from_rate_high.py b/tests/security/sec_deny_srcip_mail_suff_from_rate_high.py index 5802f7180..a26ad86f1 100644 --- a/tests/security/sec_deny_srcip_mail_suff_from_rate_high.py +++ b/tests/security/sec_deny_srcip_mail_suff_from_rate_high.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_from_rate_high", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "*hbn@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "1000000", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "Email sent successfully", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10000000, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "Email sent successfully", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_from_rate_low.py b/tests/security/sec_deny_srcip_mail_suff_from_rate_low.py index 4d1e4bd10..f7c512085 100644 --- a/tests/security/sec_deny_srcip_mail_suff_from_rate_low.py +++ b/tests/security/sec_deny_srcip_mail_suff_from_rate_low.py @@ -1,175 +1,222 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_from_rate_low", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "*hbn@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "rate_limit", - "rate_value": "0.1", - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "rate_limit", + "bps": 10, + "limitUnit": "Kbps", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 0, + "send_icmp_unreachable": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_from_rst.py b/tests/security/sec_deny_srcip_mail_suff_from_rst.py index dd0e00b91..7f7faff18 100644 --- a/tests/security/sec_deny_srcip_mail_suff_from_rst.py +++ b/tests/security/sec_deny_srcip_mail_suff_from_rst.py @@ -1,177 +1,221 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_from_rst", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "*hbn@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "drop", - "drop_packet": 0, - "send_tcp_rst": True, - "send_icmp_unreachable": False - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "reset", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "drop", + "packet_capture": { + "enable": 0 + }, + "send_tcp_reset": 1, + "send_icmp_unreachable": 0, + "after_n_packets": 0 }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "reset", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file diff --git a/tests/security/sec_deny_srcip_mail_suff_from_tamper.py b/tests/security/sec_deny_srcip_mail_suff_from_tamper.py index d77ccb5d4..141e3a4d1 100644 --- a/tests/security/sec_deny_srcip_mail_suff_from_tamper.py +++ b/tests/security/sec_deny_srcip_mail_suff_from_tamper.py @@ -1,174 +1,220 @@ # -*- coding: UTF-8 -*- -import time import os import sys -sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))))) +sys.path.append(os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))) +import time +import pytz from datetime import datetime +from support.ui_utils.workpath import workdir +from support.ui_utils.ui_client import UIClient +from support.api_utils.api_client import APIClient +from support.packet_generator.traffic_generator import * from support.report_update import ReportUpdate -from support.common_utils.create_policy import CreatePolicy def run(parameter): try: print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Begin to run test case: " + parameter["test_case_name"], flush=True) + # 参数初始化 - exception_result = "" - result = {} + result, exception_result = "", "" + test_summary = {} # 脚本启动时间 script_start_time = time.time() - # 测试数据 - test_data = { - "is_multi_priority": False, - "rule_num": 1, - "policy_type": "security", - "rule_name": "sec_deny_srcip_mail_suff_from_tamper", - "rule_action": "deny", - "rule_type": "create", - "condition": { - "source_ip": [ - { - "name": "sec_srcip", - "object_type": "ip", - "select_type": False, - "negate": False, - "item": [ - { - "item_operation": "add", - "item_type": "ipv4", - "item_value": parameter['test_pc_ip'], - } - ] - } - ], - "source_port": [], - "destination_ip": [], - "destination_port": [], - "internal_ip": [], - "internal_port": [], - "external_ip": [], - "external_port": [], - "source_geography": [], - "destination_geography": [], - "sub_id": [], - "device": [], - "tunnel": [], - "tunnel_level": [], - "flag": [], - "application": [ - { - "name": "mail", # - "object_type": "application", - "negate": False - } - ], - "server_fqdn": [], - "protocol_filed": [ - { - "name": "sec_mail_from", - "object_type": "account", - "item_operation": "add", - "select_type": False, - "negate": False, - "items": [ - { - "item_operation": "add", - "item_type": "mail_from", - "item_value": "*hbn@163.com" - } - ], - } - ], - "sub_action_override": True, - "sub_action": [ - { - "type": "tamper" - } - ], - "packet_capture": [] - }, - "profile": [], - "expected_return": "timed out", - "counters": {"hits": 1}, - "log_query_param": [{"query_field_key":"decoded_as", "query_value": "MAIL"}, - {"query_field_key":"mail_from_cmd", "query_value": "hbn@163.com"} + policy_configuration = { + "name": os.path.splitext(os.path.basename(__file__))[0], + "type": "security", + "action": "deny", + "and_conditions": [ + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "type": "ip", + "sub_type": "ip", + "name": "sec_srcip", + "items": [ + { + "op": "add", + "ip": parameter['test_pc_ip'], + "interval": "0-65535" + } + ] + } + ] + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_APP_ID", + "type": "application", + "items": ["mail"] + } + ], + }, + { + "negate_option": False, + "or_conditions": [ + { + "attribute_name": "ATTR_MAIL_FROM", + "type": "account", + "name": "sec_mail_account", + "member_type": "item", + "items": [ + { + "op": "add", + "expr_type": "and", + "expression": "@163.com$" + } + ] + } + ] + } ], - "traffic": { - "protocol": "mail", - "type": "client", # client/curl - "mail_type": "smtp", # gmail or smtp or smtp_ssl - "mail_server": "192.168.40.206", # gmail: smtp.gmail.com - "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 - "mail_timeout": 20, - "sender": "hbn@163.com", - "password": "111111", - "receiver": "autotest@163.com", - "subject": "Bestman", - "body": "123", - "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" + "action_parameter": { + "sub_action": "tamper", + "packet_capture": { + "enable": 0 + }, + "tamper_mode": "complete", + "send_icmp_unreachable": 0, }, - "token": "" + "is_enabled": 1, + "log_option": "metadata", + } + + traffic_generation = { + "tool": "mail", # or trex/http + "type": "client", # client/curl + "mail_type": "smtp", # gmail or smtp or smtp_ssl + "mail_server": "192.168.40.206", # gmail: smtp.gmail.com + "mail_port": 25, # gmail:465(用于SSL)、587(用于启动TLS)。smtp默认:25 + "mail_timeout": 20, + "sender": "hbn@163.com", + "password": "111111", + "receiver": "autotest@163.com", + "subject": "Bestman", + "body": "123", + "attach": "/app/support/packet_generator/mail_file/subjectEnglish.txt" } - # 测试用例实例化 - create = CreatePolicy(test_data, parameter) - result = create.create_policy() - return result + verification_result = { + "excepted_traffic_result": "timed out", + "expected_metric": {"hits": 1}, + "expected_log": [ + {"query_field_key":"decoded_as", "query_value": "MAIL"}, + {"query_field_key":"mail_account", "query_value": "hbn@163.com"} + ] + } + + # 创建 + if parameter["initiation_method"] == "ui": + ui_client = UIClient() + objects_tuple, ui_error = ui_client.create_objects(policy_configuration) + if len(ui_error) > 0: + return ui_error + rules_tuple, ui_error = ui_client.create_rules(policy_configuration, objects_tuple) + if len(ui_error) > 0: + return ui_error + elif parameter["initiation_method"] == "api": + api_client = APIClient(parameter) + # {uuid, type}, i.e., {"12341-232-a21", "ip"} + objects_tuple, api_error = api_client.create_objects(policy_configuration) + if len(api_error) > 0: + return api_error + rules_tuple, api_error = api_client.create_rules(policy_configuration, objects_tuple, "", "") + if len(api_error) > 0: + return api_error + + # 等待下发配置生效 + time.sleep(3) + + # 类实例化 + generator = TrafficGenerator() + + # 获取当前时间 + utc_tz = pytz.timezone('UTC') + current_utc_time = datetime.now(utc_tz) + start_time = current_utc_time.strftime('%Y-%m-%dT%H:%M:%SZ') + + # 触发流量 + traffic_result = generator.run(policy_configuration, traffic_generation) + + # 验证流量生成器的返回值是否符合策略执行的预期 + excepted_traffic_result, error = generator.result(verification_result, traffic_result) + if excepted_traffic_result == False: + return error + + # 验证tsg的日志是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + log_result = ui_client.query_rule_log(verification_result, rules_tuple, traffic_result) + elif parameter["initiation_method"] == "api": + log_result = api_client.query_rule_log(traffic_generation, verification_result, rules_tuple, start_time, traffic_result) + if log_result == True: + test_summary["log"] = "Pass." + elif log_result == False: + test_summary["log"] = "The failure reason: the returned log does not match the expected result." + elif log_result == None: + test_summary["log"] = "The failure reason: the returned log is empty." + elif len(log_result) > 0: + test_summary["log"] = log_result + + # 验证tsg的metric是否符合策略执行的预期 + if parameter["initiation_method"] == "ui": + metric_result = ui_client.query_rule_metric(verification_result, traffic_result) + elif parameter["initiation_method"] == "api": + metric_result = api_client.query_rule_metric(verification_result, rules_tuple, start_time, traffic_result) + if metric_result == True: + test_summary["metric"] = "Pass." + elif metric_result == False: + test_summary["metric"] = "The failure reason: the returned metric does not match the expected result." + elif metric_result == None: + test_summary["metric"] = "The failure reason: the returned metric is empty." + elif len(metric_result) > 0: + test_summary["metric"] = metric_result + + return test_summary except Exception as e: exception_result = str(e) - print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Error: ", e, flush=True) - return "Error: " + str(e) + print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "When running test case, the exception error: ", str(e), flush=True) + return "When running test case, the exception error: " + str(e) finally: - # 清理环境并删除配置 - if isinstance(create, CreatePolicy): - create.clean_up() + # 删除 + if parameter["initiation_method"] == "ui": + if rules_tuple: + ui_client.delete_rules(parameter, policy_configuration) + elif parameter["initiation_method"] == "api": + if rules_tuple: + api_client.delete_rules(rules_tuple) + if objects_tuple: + api_client.delete_objects(objects_tuple) + # 统计脚本用时 script_end_time = time.time() duration = script_end_time - script_start_time print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Duration of running the test case: ", "{:.3f}".format(duration), flush=True) print(datetime.now().strftime("%Y-%m-%d %H:%M:%S"), str(datetime.now().microsecond)[:3], "Finish test case: " + parameter["test_case_name"], flush=True) + # 生成csv报告 update = ReportUpdate() update.write_result(parameter, result, exception_result) - + if __name__ == '__main__': - # ui - # parameter = { - # "username": "hebingning", - # "password": "hbn66AAA", - # "test_pc_ip": "192.168.64.65", - # "test_subcriber_id": "test6776", - # "api_server": "http://192.168.44.72", - # "debug_flag": "local", - # "script_type": "ui", - # "env": "tsgx", - # "vsys_id": 1, - # "is_log": 1, - # "root_path": "D:/Document/Project-TSG/Code/git/tsg_test", - # "path": "D:/Document/Project-TSG/Code/git/tsg_test/tests/ui", - # "module_name": "security", - # "test_case_name": "deny_srcip_fqdn_drop_rst_icmp" - # } - # run(parameter) - # api - from support.ui_utils.element_position.map_element_position_library import replace_paras - from support.ui_utils.workpath import workdir - parameter = { - "username": "hebingning", - "password": "hbn66AAA", - "test_pc_ip": "192.168.64.93", - "test_subcriber_id": "test6491", + "username": "zhaokun", + "password": "zhaokun1", + "test_pc_ip": "192.168.64.87", + "test_subcriber_id": "test6776", "api_server": "http://192.168.44.72", - "debug_flag": "local", - "script_type": "api", # api ui 空字符串 - "is_log": 1, + "initiation_method": "api", "env": "tsgx", - "vsys_id": 1, + "vsys": 5, "root_path": workdir, - "path": workdir + "/tests/api", + "path": workdir + "/tests", "module_name": "security", "test_case_name": os.path.basename(__file__)[:-3] } - parameter = replace_paras(parameter) run(parameter) \ No newline at end of file -- cgit v1.2.3