def test_sqlinject_update(self): '''sql注入特征库规则-编辑''' name = sqlinject.sqlinject_dict['update_diy_rule']['body']['chsName'] id = SqlInject_Case.sqlinject_add(name=name) # 新增-查询 SqlInject_Case.update_rule(id=id) # 编辑 LOG.info('启用验证成功,等待删除。。。') SqlInject_Case.sqlinject_del_rule(name=name)
def test_sqlinject_sel_stop(self): '''sql注入特征库-停用''' id = SqlInject_Case.sqlinject_add( name=self.name, status=self.param['vpStatus'][2]) # 新增-查询 LOG.info('开始停用。。。') SqlInject_Case.sqlinject_startORstop_rule(operate='stop', id=id, param=self.name) # 停用 LOG.info('停用结束。。。') SqlInject_Case.sqlinject_del_rule(name=self.name)
def test_sqlinject_sel_start(self): '''sql注入特征库查询-启用''' id = SqlInject_Case.sqlinject_add( name=self.name, status=self.param['vpStatus'][1]) # 新增-查询 LOG.info('开始启用。。。') SqlInject_Case.sqlinject_startORstop_rule(operate='start', id=id, param=self.name) # 启用 LOG.info('启用结束。。。') SqlInject_Case.sqlinject_del_rule(name=self.name)
def test_sqlinject_all_Veryhigh_start(self): '''sql注入特征库-通用类型数据库,风险等级为极高,状态启用''' rulename = self.rule[0] + self.name SqlInject_Case.check_rule(isAll=1, name=self.name, risk_level=self.param['riskLevel'][4], status=self.param['vpStatus'][2], dbtype='oracle', sql=self.sql, rulename=rulename, cn_risk_level=self.param['风险级别']['极高'], cn_res_behavior=self.param['响应行为']['阻断行为'])
def test_sqlinject_oracle_low_start(self): '''sql注入特征库-oracle类型数据库,风险等级为低,状态启用''' rulename = self.rule[0] + self.name SqlInject_Case.check_rule(isAll=2, name=self.name, risk_level=self.param['riskLevel'][1], status=self.param['vpStatus'][2], dbtype='oracle', sql=self.sql, rulename=rulename, cn_risk_level=self.param['风险级别']['低'], cn_res_behavior=self.param['响应行为']['告警']) SqlInject_Case.execsql_rule(dbtype='mysql', sql=self.sql, rulename=self.rule[1], cn_risk_level=self.param['风险级别']['安全'], cn_res_behavior=self.param['响应行为']['通过'])
def test_sqlinject_dm_veryhigh_start(self): '''sql注入特征库-dm类型数据库,风险等级为高,状态启用''' rulename = self.rule[0] + self.name SqlInject_Case.check_rule(isAll=2, name=self.name, risk_level=self.param['riskLevel'][4], status=self.param['vpStatus'][2], dbtype='dm', sql=self.sql, rulename=rulename, cn_risk_level=self.param['风险级别']['极高'], cn_res_behavior=self.param['响应行为']['阻断行为']) SqlInject_Case.execsql_rule(dbtype='mysql', sql=self.sql, rulename=self.rule[1], cn_risk_level=self.param['风险级别']['安全'], cn_res_behavior=self.param['响应行为']['通过'])
def test_sqlinject_gbase_middle_start(self): '''sql注入特征库-gbase类型数据库,风险等级为中,状态启用''' rulename = self.rule[0] + self.name SqlInject_Case.check_rule(isAll=2, name=self.name, risk_level=self.param['riskLevel'][2], status=self.param['vpStatus'][2], dbtype='gbase_s83', sql=self.sql, rulename=rulename, cn_risk_level=self.param['风险级别']['中'], cn_res_behavior=self.param['响应行为']['阻断行为']) SqlInject_Case.execsql_rule(dbtype='sqlserver', sql=self.sql, rulename=self.rule[1], cn_risk_level=self.param['风险级别']['安全'], cn_res_behavior=self.param['响应行为']['通过'])
def tearDown(self): LOG.info('启用验证成功,等待删除。。。') SqlInject_Case.sqlinject_del_rule(name=self.name)
def test_sqlinject_view(self): '''sql注入特征库-查看''' id = SqlInject_Case.sqlinject_add(name=self.name) # 新增-查询 SqlInject_Case.view_rule(name=self.name, id=id) # 查看 SqlInject_Case.sqlinject_del_rule(name=self.name) # 删除 LOG.info('sql注入特征库查看规则--成功')
def test_sqlinject_sel_superhigh(self): '''sql注入特征库查询-启用''' SqlInject_Case.sqlinject_select(byparam=self.param['vpStatus'][0], param=self.param['vpStatus'][2]) LOG.info('sql注入特征库查询-启用--成功')
def test_sqlinject_sel_superhigh(self): '''sql注入特征库查询-极高风险''' SqlInject_Case.sqlinject_select(byparam=self.param['riskLevel'][0], param=self.param['riskLevel'][4]) LOG.info('sql注入特征库查询-极高风险--成功')
def test_sqlinject_sel_middle(self): '''sql注入特征库查询-中风险''' SqlInject_Case.sqlinject_select(byparam=self.param['riskLevel'][0], param=self.param['riskLevel'][2]) LOG.info('sql注入特征库查询-中风险--成功')
def test_sqlinject_add(self): '''sql注入特征库新增规则''' SqlInject_Case.sqlinject_add(name=self.name) LOG.info('sql注入特征库新增---成功') SqlInject_Case.sqlinject_del_rule(name=self.name)