Beispiel #1
0
class MysqlSqlReOff(unittest.TestCase):
    def setUp(self):
        self.sqllist = commen.PutsqlNum()
        self.ruler_name = commen.PutsqlName("mysql_")
        LOG.info("规则名称:%s" % self.ruler_name)
        LOG.info("SQL语句:%s" % self.sqllist)
        self.sensql = SensitiveSql(
            self.ruler_name, GlobalConfig.db_type_['mysql'],
            dbservice.select_dbservice_byname(gp.run_db["mysql"]),
            GlobalConfig.db_type_['oracle'])
        self.sensitiveway = SensitiveWay()

    @logger('敏感mysql类型低风险禁用')
    def test_mysql_re_off_risk1(self):
        '''敏感mysql类型低风险禁用'''
        self.sensql.sqlrisk_re_off(gp.risk_level['risk_low'], self.sqllist)

    @logger('敏感mysql类型中风险禁用')
    def test_mysql_re_off_risk2(self):
        '''敏感mysql类型中风险禁用'''
        self.sensql.sqlrisk_re_off(gp.risk_level['risk_mid'], self.sqllist)

    @logger('敏感mysql类型高风险禁用')
    def test_mysql_re_off_risk3(self):
        '''敏感mysql类型高风险禁用'''
        self.sensql.sqlrisk_re_off(gp.risk_level['risk_high'], self.sqllist)

    @logger('敏感mysql类型极高风险禁用')
    def test_mysql_re_off_risk4(self):
        '''敏感mysql类型极高风险禁用'''
        self.sensql.sqlrisk_re_off(gp.risk_level['risk_higher'], self.sqllist)

    def tearDown(self):
        LOG.info("删除新增sql规则")
        self.sensitiveway.del_ruler(self.ruler_name)
Beispiel #2
0
class DmSqlReOff(unittest.TestCase):
    def setUp(self):
        self.dbtable = commen.PutsqlName("dbtable_")
        self.sqllist = "SELECT * FROM " + self.dbtable
        self.ruler_name = commen.PutsqlName("dm_")
        LOG.info("规则名称:%s" % self.ruler_name)
        LOG.info("SQL语句:%s" % self.sqllist)
        self.sensql = SensitiveSql(
            self.ruler_name, GlobalConfig.db_type_['dm'],
            dbservice.select_dbservice_byname(gp.run_db['dm']))
        self.sensitiveway = SensitiveWay()

    @logger('敏感dm类型低风险禁用')
    def test_dm_re_off_risk1(self):
        '''敏感dm类型低风险禁用'''
        self.sensql.sqlrisk_re_off(gp.risk_level['risk_low'], self.sqllist)

    @logger('敏感dm类型中风险禁用')
    def test_dm_re_off_risk2(self):
        '''敏感dm类型中风险禁用'''
        self.sensql.sqlrisk_re_off(gp.risk_level['risk_mid'], self.sqllist)

    @logger('敏感dm类型高风险禁用')
    def test_dm_re_off_risk3(self):
        '''敏感dm类型高风险禁用'''
        self.sensql.sqlrisk_re_off(gp.risk_level['risk_high'], self.sqllist)

    @logger('敏感dm类型极高风险禁用')
    def test_dm_re_off_risk4(self):
        '''敏感dm类型极高风险禁用'''
        self.sensql.sqlrisk_re_off(gp.risk_level['risk_higher'], self.sqllist)

    def tearDown(self):
        LOG.info("删除新增sql规则")
        self.sensitiveway.del_ruler(self.ruler_name)
Beispiel #3
0
class DB2SqlRe(unittest.TestCase):
    def setUp(self):
        self.sqllist = commen.PutsqlNum()
        self.ruler_name = commen.PutsqlName("db2_")
        LOG.info("规则名称:%s" % self.ruler_name)
        LOG.info("SQL语句:%s" % self.sqllist)
        self.sensql = SensitiveSql(self.ruler_name, GlobalConfig.db_type_['DB2'],
                                   dbservice.select_dbservice_byname(gp.run_db["db2"]))
        self.sensitiveway = SensitiveWay()

    @logger('敏感db2类型低风险')
    def test_db2_re_risk1(self):
        '''敏感db2类型低风险'''
        self.sensql.sqlrisk_re(gp.risk_level['risk_low'], self.sqllist, gp.risk_info[1])

    @logger('敏感db2类型中风险')
    def test_db2_re_risk2(self):
        '''敏感db2类型中风险'''
        self.sensql.sqlrisk_re(gp.risk_level['risk_mid'], self.sqllist, gp.risk_info[2])

    @logger('敏感db2类型高风险')
    def test_db2_re_risk3(self):
        '''敏感db2类型高风险'''
        self.sensql.sqlrisk_re(gp.risk_level['risk_high'], self.sqllist, gp.risk_info[3])

    @logger('敏感db2类型极高风险')
    def test_db2_re_risk4(self):
        '''敏感db2类型极高风险'''
        self.sensql.sqlrisk_re(gp.risk_level['risk_higher'], self.sqllist, gp.risk_info[4])

    def tearDown(self):
        LOG.info("删除新增sql规则")
        self.sensitiveway.del_ruler(self.ruler_name)
Beispiel #4
0
 def setUp(self):
     self.sqllist = commen.PutsqlNum()
     self.ruler_name = commen.PutsqlName("db2_")
     LOG.info("规则名称:%s" % self.ruler_name)
     LOG.info("SQL语句:%s" % self.sqllist)
     self.sensql = SensitiveSql(self.ruler_name, GlobalConfig.db_type_['DB2'],
                                dbservice.select_dbservice_byname(gp.run_db["db2"]))
     self.sensitiveway = SensitiveWay()
Beispiel #5
0
 def setUp(self):
     self.dbtable = commen.PutsqlName("dbtable_")
     self.sqllist = "SELECT * FROM " + self.dbtable
     self.ruler_name = commen.PutsqlName("dm_")
     LOG.info("规则名称:%s" % self.ruler_name)
     LOG.info("SQL语句:%s" % self.sqllist)
     self.sensql = SensitiveSql(
         self.ruler_name, GlobalConfig.db_type_['dm'],
         dbservice.select_dbservice_byname(gp.run_db['dm']))
     self.sensitiveway = SensitiveWay()
Beispiel #6
0
 def setUp(self):
     self.dbtable = commen.PutsqlName("dbtable_")
     sql_execute.db2_create_table('db2', self.dbtable)
     self.sqllist = "SELECT * FROM " + self.dbtable
     self.ruler_name = commen.PutsqlName("db2_")
     LOG.info("规则名称:%s" % self.ruler_name)
     LOG.info("SQL语句:%s" % self.sqllist)
     self.sensql = SensitiveSql(
         self.ruler_name, GlobalConfig.db_type_['DB2'],
         dbservice.select_dbservice_byname(gp.run_db["db2"]))
     self.sensitiveway = SensitiveWay()
Beispiel #7
0
 def sqlrisk_stand_off(self, risklevel, sqllist):
     self.payload["riskLevel"] = risklevel
     self.payload["status"] = 0
     self.payload["payloadType"] = "standardSQL"
     self.payload["payloadContent"] = sqllist
     self.api_dict = self.api_dict["SensitiveSql"]["increase"]
     self.SensitiveWay = SensitiveWay()
     LOG.info(self.api_dict)
     LOG.info("规则名称:%s" % self.payload["name"])
     LOG.info("当前sql类型:%s" % self.payload["payloadType"])
     LOG.info("新增一条%s类型的sql规则" % self.payload["dbType"])
     self.SensitiveWay.add_ruler(self.api_dict, self.payload)
     time.sleep(10)
     LOG.info("在%s客户端执行该语句" % self.payload["dbType"])
     self.SensitiveWay.dbcon_way(sqllist, self.payload["dbType"])
     LOG.info("在审计查询里面查找,sql语句应不被阻断")
     self.SensitiveWay.shenji_check_safe("业务全审计", sqllist)
     LOG.info("在%s客户端执行该语句" % self.dbType2)
     self.SensitiveWay.dbcon_way(sqllist, self.dbType2)
     LOG.info("在审计查询里面查找,sql语句应不被阻断")
     self.SensitiveWay.shenji_check_safe("业务全审计", sqllist)
Beispiel #8
0
 def sqlrisk_re(self, risklevel, sqllist, respond):
     self.payload["riskLevel"] = risklevel
     self.payload["status"] = 1
     self.payload["payloadType"] = "fuzzySQL"
     self.payload["payloadContent"] = "select\\s*(from|\\s*)\\s+((?!where).)*$"
     self.api_dict = self.api_dict["SensitiveSql"]["increase"]
     self.SensitiveWay = SensitiveWay()
     LOG.info(self.api_dict)
     LOG.info("规则名称:%s" % self.payload["name"])
     LOG.info("当前sql类型:%s" % self.payload["payloadType"])
     LOG.info("新增一条%s类型的sql规则" % self.payload["dbType"])
     self.SensitiveWay.add_ruler(self.api_dict, self.payload)
     time.sleep(10)
     LOG.info("在%s客户端执行该语句" % self.payload["dbType"])
     self.SensitiveWay.dbcon_way(sqllist, self.payload["dbType"])
     LOG.info("在审计查询里面查找,sql语句应被阻断")
     self.SensitiveWay.shenji_check_risk(self.payload["name"], sqllist, respond, risklevel)
     LOG.info("在%s客户端执行该语句" % self.dbType2)
     self.SensitiveWay.dbcon_way(sqllist, self.dbType2)
     LOG.info("在审计查询里面查找,sql语句应不被阻断")
     self.SensitiveWay.shenji_check_safe("业务全审计", sqllist)
Beispiel #9
0
class SensitiveSql(object):
    def __init__(self, name, dbType, dbId,dbType2=GlobalConfig.db_type_['mysql']):
        self.payload = {}
        self.payload["name"] = name
        self.payload["description"] = name
        self.payload["dbType"] = dbType
        self.payload["dbId"] = dbId
        self.dbType2 = dbType2
        self.api_dict = commen.get_api("/PolicyManage.json")

    def sqlrisk_re(self, risklevel, sqllist, respond):
        self.payload["riskLevel"] = risklevel
        self.payload["status"] = 1
        self.payload["payloadType"] = "fuzzySQL"
        self.payload["payloadContent"] = "select\\s*(from|\\s*)\\s+((?!where).)*$"
        self.api_dict = self.api_dict["SensitiveSql"]["increase"]
        self.SensitiveWay = SensitiveWay()
        LOG.info(self.api_dict)
        LOG.info("规则名称:%s" % self.payload["name"])
        LOG.info("当前sql类型:%s" % self.payload["payloadType"])
        LOG.info("新增一条%s类型的sql规则" % self.payload["dbType"])
        self.SensitiveWay.add_ruler(self.api_dict, self.payload)
        time.sleep(10)
        LOG.info("在%s客户端执行该语句" % self.payload["dbType"])
        self.SensitiveWay.dbcon_way(sqllist, self.payload["dbType"])
        LOG.info("在审计查询里面查找,sql语句应被阻断")
        self.SensitiveWay.shenji_check_risk(self.payload["name"], sqllist, respond, risklevel)
        LOG.info("在%s客户端执行该语句" % self.dbType2)
        self.SensitiveWay.dbcon_way(sqllist, self.dbType2)
        LOG.info("在审计查询里面查找,sql语句应不被阻断")
        self.SensitiveWay.shenji_check_safe("业务全审计", sqllist)

    def sqlrisk_re_off(self, risklevel, sqllist):
        self.payload["riskLevel"] = risklevel
        self.payload["status"] = 0
        self.payload["payloadType"] = "fuzzySQL"
        self.payload["payloadContent"] = "select\\s*(from|\\s*)\\s+((?!where).)*$"
        self.api_dict = self.api_dict["SensitiveSql"]["increase"]
        self.SensitiveWay = SensitiveWay()
        LOG.info(self.api_dict)
        LOG.info("规则名称:%s" % self.payload["name"])
        LOG.info("当前sql类型:%s" % self.payload["payloadType"])
        LOG.info("新增一条%s类型的sql规则" % self.payload["dbType"])
        self.SensitiveWay.add_ruler(self.api_dict, self.payload)
        time.sleep(10)
        LOG.info("在%s客户端执行该语句" % self.payload["dbType"])
        self.SensitiveWay.dbcon_way(sqllist, self.payload["dbType"])
        LOG.info("在审计查询里面查找,sql语句应不被阻断")
        self.SensitiveWay.shenji_check_safe("业务全审计", sqllist)
        LOG.info("在%s客户端执行该语句" % self.dbType2)
        self.SensitiveWay.dbcon_way(sqllist, self.dbType2)
        LOG.info("在审计查询里面查找,sql语句应不被阻断")
        self.SensitiveWay.shenji_check_safe("业务全审计", sqllist)

    def sqlrisk_stand(self, risklevel, sqllist, respond):
        self.payload["riskLevel"] = risklevel
        self.payload["status"] = 1
        self.payload["payloadType"] = "standardSQL"
        self.payload["payloadContent"] = sqllist
        self.api_dict = self.api_dict["SensitiveSql"]["increase"]
        self.SensitiveWay = SensitiveWay()
        LOG.info(self.api_dict)
        LOG.info("规则名称:%s" % self.payload["name"])
        LOG.info("当前sql类型:%s" % self.payload["payloadType"])
        LOG.info("新增一条%s类型的sql规则" % self.payload["dbType"])
        self.SensitiveWay.add_ruler(self.api_dict, self.payload)
        time.sleep(10)
        LOG.info("在%s客户端执行该语句" % self.payload["dbType"])
        self.SensitiveWay.dbcon_way(sqllist, self.payload["dbType"])
        LOG.info("在审计查询里面查找,sql语句应被阻断")
        self.SensitiveWay.shenji_check_risk(self.payload["name"], sqllist, respond, risklevel)
        LOG.info("在%s客户端执行该语句" % self.dbType2)
        self.SensitiveWay.dbcon_way(sqllist, self.dbType2)
        LOG.info("在审计查询里面查找,sql语句应不被阻断")
        self.SensitiveWay.shenji_check_safe("业务全审计", sqllist)

    def sqlrisk_stand_off(self, risklevel, sqllist):
        self.payload["riskLevel"] = risklevel
        self.payload["status"] = 0
        self.payload["payloadType"] = "standardSQL"
        self.payload["payloadContent"] = sqllist
        self.api_dict = self.api_dict["SensitiveSql"]["increase"]
        self.SensitiveWay = SensitiveWay()
        LOG.info(self.api_dict)
        LOG.info("规则名称:%s" % self.payload["name"])
        LOG.info("当前sql类型:%s" % self.payload["payloadType"])
        LOG.info("新增一条%s类型的sql规则" % self.payload["dbType"])
        self.SensitiveWay.add_ruler(self.api_dict, self.payload)
        time.sleep(10)
        LOG.info("在%s客户端执行该语句" % self.payload["dbType"])
        self.SensitiveWay.dbcon_way(sqllist, self.payload["dbType"])
        LOG.info("在审计查询里面查找,sql语句应不被阻断")
        self.SensitiveWay.shenji_check_safe("业务全审计", sqllist)
        LOG.info("在%s客户端执行该语句" % self.dbType2)
        self.SensitiveWay.dbcon_way(sqllist, self.dbType2)
        LOG.info("在审计查询里面查找,sql语句应不被阻断")
        self.SensitiveWay.shenji_check_safe("业务全审计", sqllist)

    def sqlrisk_temp(self, risklevel, sqllist, respond):
        self.payload["riskLevel"] = risklevel
        self.payload["status"] = 1
        self.payload["payloadType"] = "templateSQL"
        self.payload["payloadContent"] = sqllist
        self.api_dict = self.api_dict["SensitiveSql"]["increase"]
        self.SensitiveWay = SensitiveWay()
        LOG.info(self.api_dict)
        LOG.info("规则名称:%s" % self.payload["name"])
        LOG.info("当前sql类型:%s" % self.payload["payloadType"])
        LOG.info("新增一条%s类型的sql规则" % self.payload["dbType"])
        self.SensitiveWay.add_ruler(self.api_dict, self.payload)
        time.sleep(10)
        LOG.info("在%s客户端执行该语句" % self.payload["dbType"])
        self.SensitiveWay.dbcon_way(sqllist, self.payload["dbType"])
        LOG.info("在审计查询里面查找,sql语句应被阻断")
        self.SensitiveWay.shenji_check_risk(self.payload["name"], sqllist, respond, risklevel)
        LOG.info("在%s客户端执行该语句" % self.dbType2)
        self.SensitiveWay.dbcon_way(sqllist, self.dbType2)
        LOG.info("在审计查询里面查找,sql语句应不被阻断")
        self.SensitiveWay.shenji_check_safe("业务全审计", sqllist)

    def sqlrisk_temp_off(self, risklevel, sqllist):
        self.payload["riskLevel"] = risklevel
        self.payload["status"] = 0
        self.payload["payloadType"] = "templateSQL"
        self.payload["payloadContent"] = sqllist
        self.api_dict = self.api_dict["SensitiveSql"]["increase"]
        self.SensitiveWay = SensitiveWay()
        LOG.info(self.api_dict)
        LOG.info("规则名称:%s" % self.payload["name"])
        LOG.info("当前sql类型:%s" % self.payload["payloadType"])
        LOG.info("新增一条%s类型的sql规则" % self.payload["dbType"])
        self.SensitiveWay.add_ruler(self.api_dict, self.payload)
        time.sleep(10)
        LOG.info("在%s客户端执行该语句" % self.payload["dbType"])
        self.SensitiveWay.dbcon_way(sqllist, self.payload["dbType"])
        LOG.info("在审计查询里面查找,sql语句应不被阻断")
        self.SensitiveWay.shenji_check_safe("业务全审计", sqllist)
        LOG.info("在%s客户端执行该语句" % self.dbType2)
        self.SensitiveWay.dbcon_way(sqllist, self.dbType2)
        LOG.info("在审计查询里面查找,sql语句应不被阻断")
        self.SensitiveWay.shenji_check_safe("业务全审计", sqllist)