def test_bats_000_disable_blacklist(sut_handle, shieldx_constants): blacklist = Blacklist(sut_handle) is_disabled = blacklist.disable_ip_blacklist() # Allow passage to cleanup tables time.sleep(2 * shieldx_constants["USER_WAIT"]) assert is_disabled == True, "IP Blacklist is disabled successfully."
def test_bats_003_import_by_feed(sut_handle, import_feed, shieldx_constants): blacklist = Blacklist(sut_handle) is_imported = blacklist.import_listed_feed(import_feed) # Allow passage to import the file and commit the config change time.sleep(2 * shieldx_constants["USER_WAIT"]) assert is_imported == True, "Import by URL feed failed."
def test_bats_002_import_by_file(sut_handle, datadir, import_file, shieldx_constants): # Get the full path and convert it to string file_name = str((datadir/import_file).resolve()) blacklist = Blacklist(sut_handle) is_imported = blacklist.import_listed_ip(file_name) # Allow passage to import the file and commit the config change time.sleep(2 * shieldx_constants["USER_WAIT"]) assert is_imported == True, "Import by file failed."
def update(self, url): # Is imported? is_imported = False if url is not None: # System Management bl = BL(self.rest_session) is_imported = bl.import_listed_feed(url) else: self.logger.error("URL not provided.") return is_imported
def test_bats_005_export_blacklist(sut_handle, datadir, export_file, shieldx_constants, shieldx_logger): # Get the full path and convert it to string file_name = str(datadir/export_file) shieldx_logger.info("Export file: {}".format(file_name)) blacklist = Blacklist(sut_handle) is_exported = blacklist.export_listed_ip(file_name) # Allow passage to export the blacklist config to a file time.sleep(2 * shieldx_constants["USER_WAIT"]) assert is_exported == True, "Export config file failed."
def test_bats_004_change_response_action(sut_handle, response_action, shieldx_constants): blacklist = Blacklist(sut_handle) is_action_set = blacklist.set_ip_blacklist_action(response_action) # Allow passage to change response action time.sleep(2 * shieldx_constants["USER_WAIT"]) assert is_action_set == True, "Change response action failed." # Check that action is set successfully before verifying settings if is_action_set: ip_blacklist_global_settings = blacklist.get_ip_blacklist_global_settings() if "action" in ip_blacklist_global_settings: response_action_from_config = ip_blacklist_global_settings["action"] assert int(response_action_from_config) == int(response_action), "Response action does not match." else: assert False, "Global settings action not found." else: assert False, "Issue with setting response action"
def test_bats_001_blacklist_is_disabled(sut_handle): blacklist = Blacklist(sut_handle) status = blacklist.get_ip_blacklist() assert status == [], "IP Blacklist is not disabled."
def test_func_block_traffic(sut_handle, datadir, import_file, ixia_handle, traffic_profile, shieldx_constants, shieldx_logger): """ Suite 1 1. Start with IP Blacklist disabled 2. Send Traffic - Expect to go through 3. Enable and Import blacklist from a file 4. Send Traffic - Expect to be blocked 5. Check Settings: Response Action (default - Block and Alert) 6. Check Settings: Imported File 7. Change Response Action from "Block and Alert" to "Alert Only" 8. Check Settings: Response Action (Alert Only) 9. Send Traffic - Expect to go through 10. Disable IP Blacklist """ # Initialize # DUT sps_mgmt = SPS_Mgmt(sut_handle) tpp_mgmt = TPP_Mgmt(sut_handle) acl_mgmt = ACL_Mgmt(sut_handle) sys_mgmt = SysMgmt(sut_handle) # Initialize # Blacklist blacklist = Blacklist(sut_handle) # Traffic - Breaking Point handle breaking_point = BreakingPoint(ixia_handle) # Get the system info system_info = sys_mgmt.get_system_info() software_version = system_info["version"] content_version = system_info["contentVersion"] # Get the license info license_info = sys_mgmt.get_license() # Get SPS in default ACL default_acl = "Default ACL Policy" acl_policy = acl_mgmt.get_acl_by_name(default_acl) sps_id = acl_policy["aclRules"][0]["spsId"] sps = sps_mgmt.get_sps_by_id(sps_id) if sps is not None: sps_name = sps["name"] else: sps_name = "None" # Reporting result_dir = "{}{}{}".format(shieldx_constants["SX_REPORT_REPO"], shieldx_constants["SX_ABURAME_REPO"], "IP_Blacklist/") column_names = ["Build", "SPS", "Test Name", "Result"] column_widths = [26, 16, 80, 10] shieldx_results = Result_Mgmt(result_dir, column_names, column_widths) build = "Mgmt{}Content{}".format(software_version, content_version) # Start with IP Blacklist disabled. test_name = "Is IP Blacklist disabled?" shieldx_logger.info(test_name) is_disabled = blacklist.disable_ip_blacklist() time.sleep(2 * shieldx_constants["USER_WAIT"]) status = "PASSED" if is_disabled else "FAILED" result = [build, sps_name, test_name, status] shieldx_results.add(result) # Get IP Blacklist Global settings test_name = "Get IP Blacklist global settings - DISABLED." shieldx_logger.info(test_name) global_settings = blacklist.get_ip_blacklist_global_settings() shieldx_logger.info("IP Blacklist Global Setttings: {}".format(global_settings)) status = "QTAD-5378" result = [build, sps_name, test_name, status] shieldx_results.add(result) # Send traffic and expect the traffic go through (Blacklist Disabled). test_name = "Send traffic and expect the traffic go through (Blacklist Disabled)." shieldx_logger.info(test_name) stats = breaking_point.send_strikes_traffic(shieldx_constants["IXIA_SLOT"], shieldx_constants["IXIA_PORTS"], traffic_profile) status = "PASSED" if int(stats["total_blocked"]) == 0 else "FAILED" result = [build, sps_name, test_name, status] shieldx_results.add(result) # Enable IP Blacklist, import from file. test_name = "Enable IP Blacklist, import from file." shieldx_logger.info(test_name) # Get the full path and convert it to string file_name = str((datadir/import_file).resolve()) # Import Blacklist - IP Set is_imported = blacklist.import_listed_ip(file_name) time.sleep(2 * shieldx_constants["USER_WAIT"]) status = "PASSED" if is_imported else "FAILED" result = [build, sps_name, test_name, status] shieldx_results.add(result) # Get IP Blacklist Global settings test_name = "Get IP Blacklist global settings - ENABLED." shieldx_logger.info(test_name) global_settings = blacklist.get_ip_blacklist_global_settings() shieldx_logger.info("IP Blacklist Global Setttings: {}".format(global_settings)) status = "QTAD-5378" result = [build, sps_name, test_name, status] shieldx_results.add(result) # Send traffic and expect the traffic blocked (DENY-Blacklist). test_name = "Send traffic and expect the traffic blocked (DENY-Blacklist)." shieldx_logger.info(test_name) stats = breaking_point.send_strikes_traffic(shieldx_constants["IXIA_SLOT"], shieldx_constants["IXIA_PORTS"], traffic_profile) status = "PASSED" if int(stats["total_allowed"]) == 0 else "FAILED" result = [build, sps_name, test_name, status] shieldx_results.add(result) # Change Response Action from 'Block and Alert(default)' to 'Alert Only'. test_name = "Change Response Action from 'Block and Alert(default)' to 'Alert Only'." shieldx_logger.info(test_name) is_action_set = blacklist.set_ip_blacklist_action(shieldx_constants["SX_BL_ALERT_ONLY"]) time.sleep(2 * shieldx_constants["USER_WAIT"]) status = "PASSED" if is_action_set else "FAILED" result = [build, sps_name, test_name, status] shieldx_results.add(result) # Get IP Blacklist Global settings test_name = "Get IP Blacklist global settings - ENABLED." shieldx_logger.info(test_name) global_settings = blacklist.get_ip_blacklist_global_settings() shieldx_logger.info("IP Blacklist Global Setttings: {}".format(global_settings)) status = "QTAD-5378" result = [build, sps_name, test_name, status] shieldx_results.add(result) # Send traffic and expect the traffic go through (Response Action: Alert Only). test_name = "Send traffic and expect the traffic go through (Response Action: Alert Only)." shieldx_logger.info(test_name) stats = breaking_point.send_strikes_traffic(shieldx_constants["IXIA_SLOT"], shieldx_constants["IXIA_PORTS"], traffic_profile) status = "PASSED" if int(stats["total_blocked"]) == 0 else "FAILED" result = [build, sps_name, test_name, status] shieldx_results.add(result) # Cleanup - Disable IP Blacklist. test_name = "Cleanup - Disable IP Blacklist." shieldx_logger.info(test_name) is_disabled = blacklist.disable_ip_blacklist() time.sleep(2 * shieldx_constants["USER_WAIT"]) status = "PASSED" if is_disabled else "FAILED" result = [build, sps_name, test_name, status] shieldx_results.add(result) # Get IP Blacklist Global settings test_name = "Get IP Blacklist global settings - DISABLED." shieldx_logger.info(test_name) global_settings = blacklist.get_ip_blacklist_global_settings() shieldx_logger.info("IP Blacklist Global Setttings: {}".format(global_settings)) status = "QTAD-5378" result = [build, sps_name, test_name, status] shieldx_results.add(result)