def __init__(self, name, dbType, dbId,dbType2=GlobalConfig.db_type_['mysql']):
self.payload = {}
self.payload["name"] = name
self.payload["description"] = name
self.payload["dbType"] = dbType
self.payload["dbId"] = dbId
self.dbType2 = dbType2
self.api_dict = commen.get_api("/PolicyManage.json")
def setobject_action(self, dbid, action):
api_dict = commen.get_api("/DDL.json")
api_dict = api_dict["oracle"]["objectpermission"]
print(api_dict["url"])
try:
api_request(api_dict['url'] % (dbid, action), api_dict['header'],
api_dict['method'])
except Exception as e:
assert e
def __init__(self):
self._conn = None
db_dict = commen.get_api(apifile='\DatabaseService.json')['connectDB']
self.oracle_dict = {
'ip': db_dict[oracle][gp.isproxy]['ip'],
'port': db_dict[oracle][gp.isproxy]['port'],
'user': db_dict[oracle]['username'],
'password': db_dict[oracle]['password'],
'instanceName': db_dict[oracle]['instanceName']
}
self.mysql_dict = {
'ip': db_dict[mysql][gp.isproxy]['ip'],
'port': db_dict[mysql][gp.isproxy]['port'],
'user': db_dict[mysql]['username'],
'password': db_dict[mysql]['password'],
'db': db_dict[mysql]['db']
}
self.gbase_dict = {
'ip': db_dict[gbase][gp.isproxy]['ip'],
'port': db_dict[gbase][gp.isproxy]['port'],
'user': db_dict[gbase]['username'],
'password': db_dict[gbase]['password'],
'db': db_dict[gbase]['db']
}
self.sqlserver_dict = {
'ip':
db_dict[sqlserver][gp.isproxy]['ip'] + ',' +
str(db_dict[sqlserver][gp.isproxy]['port']),
'user':
db_dict[sqlserver]['username'],
'password':
db_dict[sqlserver]['password'],
'db':
db_dict[sqlserver]['db']
}
self.db2_dict = {
'ip': db_dict[db2][gp.isproxy]['ip'],
'port': db_dict[db2][gp.isproxy]['port'],
'user': db_dict[db2]['username'],
'password': db_dict[db2]['password'],
'db': db_dict[db2]['db']
}
def setrisk(self, dbid=1, auditLevel=3, status=0, dangerownerId=1):
payload = {
"dbid": dbid,
"assetOwner": "",
"ownerType": "database account",
"additionRule": "",
"auditLevel": auditLevel,
"status": status,
"dangerownerId": dangerownerId,
"part": "danger"
}
api_dict = commen.get_api("/DDL.json")
api_dict = api_dict["riskconfig"]
try:
api_request(
api_dict['url'] %
(payload["dbid"], payload["ownerType"], payload["auditLevel"],
payload["status"], payload["dangerownerId"], payload["part"]),
api_dict['header'], api_dict['method'])
except Exception as e:
assert e
# 白名单业务的业务封装
import json
from public.RequestMode import api_request
from public import commen
import global_params as gp
api_dict = commen.get_api("/PolicyManage.json")
api_dict = api_dict["WhiteList"]
class WhitelistWay(object):
def addruler(self, payload):
res = api_request(api_dict["increase"]["url"],
api_dict["increase"]["header"],
api_dict["increase"]["method"], payload)
res = json.loads(res.content)
assert res['message'] == "success", "%s,新增白名单失败" % res['message']
def getlist(self):
res = api_request(api_dict["whitelist"]["url"],
api_dict["whitelist"]["header"],
api_dict["whitelist"]["method"])
res = json.loads(res.content)
return res
def clear(self):
payload = {}
res = api_request(api_dict["clear"]["url"],
api_dict["clear"]["header"],
api_dict["clear"]["method"],
payload=payload)
def __init__(self):
self.param_dict = get_api(apifile='\PolicyManage.json')['Virtualpatch']
'''
'''
import copy
from public.basicclass import SqlInjectClass
from public import commen
from public.log import LOG
sqlinject_dict = commen.get_api(
apifile='\PolicyManage.json')['SqlInject'] # 加载参数,文件名称前加\
def sqlinject_add(dbType=None,
name=None,
risk_level=None,
status=None,
ruleType=None):
'''
sql注入特征库新增自定义规则
'''
obj = SqlInjectClass.SqlInject() # 创建sql注入对象
param_dict = copy.deepcopy(sqlinject_dict['add_diy_rule'])
response = obj.diy_rule_add(dbType=dbType,
name=name,
risk_level=risk_level,
status=status,
ruleType=ruleType)
result = commen.load(response.text)
assert result == param_dict['expected'], '错误:响应结果比对失败' + response.text
'''
author:xujianzhong
'''
from public.basicclass import DBserviceClass
from public import commen
dbservice_dict = commen.get_api(
apifile='\DatabaseService.json') # 加载参数,文件名称前加\
def select_dbservice_byname(name):
'''
根据名称查询id
:param name:数据库保护对象名称
'''
obj = DBserviceClass.DBservice() # 创建数据库服务对象
response = obj.select_dbservice(byparam='byname', value=name)
result = commen.load(response.text)
assert len(result['data']['items']) == 1 and result['data']['items'][0][
'objName'] == name, '错误:响应结果比对失败' + response.text
return result['data']['items'][0]['objId']
def select_dbservice_bynullname(name):
'''
根据名称查询id
:param name:数据库保护对象名称
'''
obj = DBserviceClass.DBservice() # 创建数据库服务对象
from public.basicclass import DBSecurityconfClass
from public.commen import get_api, load, PutsqlName
from public import log
from casemap.basicfunc.policymanage import sqlinject
from DBLib import Connection
import time
dbservice_dict = get_api(apifile='\PolicyManage.json') # 加载参数,文件名称前加\
namelist = get_api(apifile='\PolicyManage.json')['Virtualpatch']['namelist']
def update_switch(dispose=None,
featuresStatus=None,
virStatus=None,
id=None,
dataMaskStatusOM=None):
'''
:param dispose:强制白名单
:param featuresStatus: SQL注入特征库开关
:param virStatus: 虚拟补丁开关
:param id: 数据库id
:param dataMaskStatusOM: 运维脱敏
'''
obj = DBSecurityconfClass.DBSecurityconfig() # 创建数据库服务对象
response = obj.update(dispose=dispose,
featuresStatus=featuresStatus,
virStatus=virStatus,
id=id,
dataMaskStatusOM=dataMaskStatusOM)
result = load(response.text)
def __init__(self):
self.param_dict = commen.get_api(
apifile='\PolicyManage.json')['SqlInject']
def __init__(self):
self.param_dict = commen.get_api(
apifile='\PolicyManage.json')['dbSecurityconfig']