def test_http_check_uri_a2(self):

		# 下发配置
		fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path)
		fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
		fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
		# 检查配置下发是否成功
		for key in self.case2_step1:
			re = fun.wait_data(self.case2_step1[key][0], 'gw', self.case2_step1[key][1], '配置', 100)
			print(re)
			assert self.case2_step1[key][1] in re

		fun.send(rbmExc, message.httpcheck2['SetHttpCheck'], rbmDomain, base_path)
		fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
		fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
		for key in self.case2_step2:
			re = fun.wait_data(self.case2_step2[key][0], 'gw', self.case2_step2[key][1], '配置', 100)
			print(re)
			assert self.case2_step2[key][1] in re

		# 发送get请求,不包含黑名单内容的普通请求
		content = http_check.http_get(url)
		print('多个黑名单时get普通请求的请求内容为:{}'.format(content))
		assert content == http_content

		# 发送post请求,不包含黑名单内容的普通请求
		content = http_check.http_post(url)
		print('多个黑名单时get普通请求的请求内容为:{}'.format(content))
		assert content == http_content

		# 发送get请求,请求内容包含第一个黑名单
		status_code = http_check.http_get(self.case2_uri1,self.data)
		print('多个黑名单时get请求内容包含第一个黑名单返回的状态码为:{}'.format(status_code))
		assert status_code == 403

		# 发送post请求,请求内容包含第一个黑名单
		status_code = http_check.http_post(self.case2_uri1, self.data)
		print('多个黑名单时get请求内容包含第一个黑名单返回的状态码为:{}'.format(status_code))
		assert status_code == 403

		# 发送get请求,请求内容包含第二个黑名单
		status_code = http_check.http_get(self.case2_uri2, self.data)
		print('多个黑名单时get请求内容包含第二个黑名单返回的状态码为:{}'.format(status_code))
		assert status_code == 403

		# 发送post请求,请求内容包含第二个黑名单
		status_code = http_check.http_post(self.case2_uri2, self.data)
		print('多个黑名单时get请求内容包含第二个黑名单返回的状态码为:{}'.format(status_code))
		assert status_code == 403
    def test_http_check_get_a1(self):

        # 下发配置
        fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        # 检查配置下发是否成功
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0], 'gw',
                               self.case1_step1[key][1], '配置', 100)
            print('添加策略_re: ', re)
            assert self.case1_step1[key][1] in re

        # 数据检查
        fun.send(rbmExc, message.httpcheck1['SetHttpCheck'], rbmDomain,
                 base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        for key in self.case1_step2:
            re = fun.wait_data(self.case1_step2[key][0], 'gw',
                               self.case1_step2[key][1], '配置', 100)
            print("需包含字符串:", self.case1_step2[key][1])
            print('httpCheck_re: ', re)
            assert self.case1_step2[key][1] in re

        # 发送get请求,不包含黑名单内容的普通请求
        content = http_check.http_get(url)
        print('get普通请求的请求内容为:{}'.format(content))
        assert content == http_content

        result = fun.search('/opt', 'sh', 'gw')
        print('---------fun.search: \n', result)
Exemple #3
0
    def test_iso_http_basic_a1(self):

        # 下发配置
        fun.send(rbmExc, message.addhttp_front['AddCustomAppPolicy'],
                 FrontDomain, base_path)
        fun.send(rbmExc, message.addhttp_back['AddCustomAppPolicy'],
                 BackDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        fun.nginx_worker('ps -ef |grep nginx', 'FrontDut',
                         'nginx: worker process')
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        fun.nginx_worker('ps -ef |grep nginx', 'BackDut',
                         'nginx: worker process')
        # 检查配置下发是否成功
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0], 'FrontDut',
                               self.case1_step1[key][1], '配置', 100)
            print(re)
            assert self.case1_step1[key][1] in re

        for key in self.case1_step11:
            re = fun.wait_data(self.case1_step11[key][0], 'FrontDut',
                               self.case1_step11[key][1], '配置', 100)
            print(re)
            assert self.case1_step11[key][1] in re

        # 发送get请求,验证隔离下的http策略
        print('请求地址为{}'.format(self.http_url))
        content = http_check.http_get(self.http_url)
        print('验证隔离下的http策略请求内容为:{}'.format(content))
        assert content == http_content
Exemple #4
0
    def test_customapp_app_action_deny(self):

        # 下发配置
        fun.send(rbmExc, message.add_app_action_deny_front['AddCustomAppPolicy'], FrontDomain, base_path)
        fun.send(rbmExc, message.add_app_action_deny_back['AddCustomAppPolicy'], BackDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
        front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process',name='前置机nginx进程')
        assert front_res1 == 1
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        back_res1 = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process',name='后置机nginx进程')
        assert back_res1 == 1
        fun.send(rbmExc, message.set_app_default_action_allow['SetCustomAppAction'], FrontDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
        front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process',name='前置机nginx进程')
        assert front_res1 == 1
        # 检查配置下发是否成功
        for key in self.case4_step1:
            re = fun.wait_data(self.case4_step1[key][0], 'FrontDut', self.case4_step1[key][1], '前置机配置', 100)
            assert self.case4_step1[key][1] in re

        for key in self.case4_step2:
            re = fun.wait_data(self.case4_step2[key][0], 'FrontDut', self.case4_step2[key][1], '前置机配置', 100)
            assert self.case4_step2[key][1] in re

        for key in self.case0_step1:
            re = fun.wait_data(self.case0_step1[key][0],'BackDut',self.case0_step1[key][1],'后置机配置',100)
            assert  self.case0_step1[key][1] in re

        # 发送请求,检测定制应用通信策略是否生效
        status_code = http_check.http_get(url,flag=1)
        print('url:', url)
        print('验证应用动作为拒绝,默认动作、规则动作为允许时的定制应用通行策略,get请求的请求内容为:{}'.format(status_code),',请求被禁止。')
        assert status_code == 0

        # 文件查看audit日志
        # fun.wait_data(f"grep -n {proxy_port} /usr/local/nginx/logs/audit.log |tail -1", 'FrontDut',self.case4_step3['step1'][0], '检查Default Deny', 300, flag='存在')
        fun.wait_data(f"grep -n {proxy_port} /usr/local/nginx/logs/audit.log |tail -1", 'FrontDut',self.case4_step3['step1'][0], '检查Default Deny', 300)
        for key in self.case4_step3:
            re = fun.cmd(f"grep -n {proxy_port} /usr/local/nginx/logs/audit.log |tail -1 ", 'FrontDut')
            print('re:', re)
            assert self.case4_step3[key][0] in re

        #移除策略
        fun.send(rbmExc, message.del_app_action_front['DelCustomAppPolicy'], FrontDomain, base_path)
        fun.send(rbmExc, message.del_app_action_back['DelCustomAppPolicy'], BackDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
        front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
        assert front_res1 == 1
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        back_res1 = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
        assert back_res1 == 1
        #检查配置移除是否成功
        for key in self.case4_step4:
            re = fun.wait_data(self.case4_step4[key][0], 'FrontDut', self.case4_step4[key][1], '前置机配置', 100,flag='不存在')
            assert self.case4_step4[key][1] not in re

        for key in self.case0_step1:
            re = fun.wait_data(self.case0_step1[key][0], 'BackDut', self.case0_step1[key][1], '后置机配置', 100, flag='不存在')
            assert self.case0_step1[key][1] not in re
Exemple #5
0
    def test_customapp_default_action_allow(self):

        # 下发配置
        fun.send(rbmExc, message.add_app_default_action_front['AddCustomAppPolicy'], FrontDomain, base_path)
        fun.send(rbmExc, message.add_app_default_action_back['AddCustomAppPolicy'], BackDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
        front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process',name='前置机nginx进程')
        assert front_res1 ==1
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        back_res1 = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process',name='后置机nginx进程')
        assert back_res1 == 1
        fun.send(rbmExc, message.set_app_default_action_allow['SetCustomAppAction'], FrontDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
        front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
        assert front_res1 == 1
        # 检查配置下发是否成功
        for key in self.case1_step1:
            # re = fun.cmd(self.case1_step1[key][0], 'FrontDut')
            # print(re)
            re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '前置机配置', 100)
            assert self.case1_step1[key][1] in re

        for key in self.case1_step2:
            # re = fun.cmd(self.case1_step2[key][0], 'FrontDut')
            # print(re)
            re = fun.wait_data(self.case1_step2[key][0], 'FrontDut', self.case1_step2[key][1], '前置机配置', 100)
            assert self.case1_step2[key][1] in re

        for key in self.case0_step1:
            re = fun.wait_data(self.case0_step1[key][0],'BackDut',self.case0_step1[key][1],'后置机配置',100)
            assert  self.case0_step1[key][1] in re

        # 发送请求,检测定制应用通信策略是否生效
        status_code = http_check.http_get(url,flag=1)
        print('url:', url)
        print('验证默认动作为允许,应用、规则动作为允许时的定制应用通行策略,get请求的请求内容为:{}'.format(status_code))
        assert status_code == 200

        #移除策略
        fun.send(rbmExc, message.del_app_upstream_front['DelCustomAppPolicy'], FrontDomain, base_path)
        fun.send(rbmExc, message.del_app_upstream_back['DelCustomAppPolicy'], BackDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
        front_res1 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process',name='前置机nginx进程')
        assert front_res1 == 1
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        back_res1 = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process',name='后置机nginx进程')
        assert back_res1 == 1
        # 检查配置移除是否成功
        for key in self.case1_step3:
            # re = fun.cmd(self.case1_step1[key][0], 'FrontDut')
            # print(re)
            re = fun.wait_data(self.case1_step3[key][0], 'FrontDut', self.case1_step3[key][1], '前置机配置', 100,flag='不存在')
            assert self.case1_step3[key][1] not in re

        for key in self.case0_step1:
            re = fun.wait_data(self.case0_step1[key][0],'BackDut',self.case0_step1[key][1],'后置机配置',100,flag='不存在')
            assert self.case0_step1[key][1] not in re
    def test_http_check_MIME_deny_a1(self):

        # 下发配置
        fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        # 检查配置下发是否成功
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0], 'gw',
                               self.case1_step1[key][1], '配置', 100)
            print(re)
            assert self.case1_step1[key][1] in re

        fun.send(rbmExc, message.httpcheck1['SetHttpCheck'], rbmDomain,
                 base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        for key in self.case1_step2:
            re = fun.wait_data(self.case1_step2[key][0], 'gw',
                               self.case1_step2[key][1], '配置', 100)
            print(re)
            assert self.case1_step2[key][1] in re

        # 发送get请求,不指定内容的普通请求
        content = http_check.http_get(url)
        print('get普通请求的请求内容为:{}'.format(content))
        assert content == http_content

        # 发送get请求,请求内容不包含MIME黑名单
        status_code = http_check.http_get(self.base_uri, self.data, flag=1)
        print('get请求内容不包含MIME黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 200

        # 发送get请求,请求内容包含MIME黑名单
        status_code = http_check.http_get(self.case1_uri, self.data, flag=1)
        print('get请求内容包含MIME黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403
Exemple #7
0
    def test_iso_http_redirect_a1(self):

        # 下发配置
        fun.send(rbmExc, message.addhttp_redirect_front['AddCustomAppPolicy'], FrontDomain, base_path)
        fun.send(rbmExc, message.addhttp_redirect_back['AddCustomAppPolicy'], BackDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
        front_res = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
        assert front_res == 1
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        back_res = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
        assert back_res == 1
        # 检查配置下发是否成功
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '配置', 100)
            print(re)
            assert self.case1_step1[key][1] in re

        for key in self.case1_step11:
            re = fun.wait_data(self.case1_step11[key][0], 'FrontDut', self.case1_step11[key][1], '配置', 100)
            print(re)
            assert self.case1_step11[key][1] in re

        # 发送get请求,验证隔离下的http策略
        print('请求地址为{}'.format(self.http_url))
        status_code = http_check.http_get(self.http_url,flag=1)
        print('验证隔离下的http策略请求状态码为:{}'.format(status_code))
        assert status_code == 200

        # 移除策略,清空环境
        fun.send(rbmExc, message.delhttp_redirect_front['DelCustomAppPolicy'], FrontDomain, base_path)
        fun.send(rbmExc, message.delhttp_redirect_back['DelCustomAppPolicy'], BackDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
        fdel_res = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process',name='前置机nginx进程')
        assert fdel_res == 1
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        bdel_res = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process',name='后置机nginx进程')
        assert bdel_res == 1
        # 检查策略移除是否成功
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '配置', 100, flag='不存在')
            print(re)
            assert self.case1_step1[key][1] not in re
Exemple #8
0
    def test_iso_http_basic_a2(self):

        # 下发配置
        fun.send(rbmExc, message.addhttp_front['AddCustomAppPolicy'],
                 FrontDomain, base_path)
        fun.send(rbmExc, message.addhttp_back['AddCustomAppPolicy'],
                 BackDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        fun.nginx_worker('ps -ef |grep nginx', 'FrontDut',
                         'nginx: worker process')
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        fun.nginx_worker('ps -ef |grep nginx', 'BackDut',
                         'nginx: worker process')
        # 检查配置下发是否成功
        for key in self.case2_step1:
            re = fun.wait_data(self.case2_step1[key][0], 'FrontDut',
                               self.case2_step1[key][1], '配置', 100)
            print(re)
            assert self.case2_step1[key][1] in re

        for key in self.case2_step11:
            re = fun.wait_data(self.case2_step11[key][0], 'FrontDut',
                               self.case2_step11[key][1], '配置', 100)
            print(re)
            assert self.case2_step11[key][1] in re

        # 发送get请求,验证get请求是否正常
        print('请求地址为{}'.format(http_url))
        content = http_check.http_get(http_url)
        print('验证隔离下的get请求内容为:{}'.format(content))

        # 发送get请求,验证隔离下的http策略下载一个10M大小的文件
        print('下载的服务器地址为{}'.format(self.downfile_url))
        result = http_check.http_download(self.downfile_url,
                                          self.downlocalPath)
        assert result == 1
Exemple #9
0
    def test_iso_http_large_file_a1(self):

        # 下发配置
        fun.send(rbmExc, message.addhttp_front['AddCustomAppPolicy'],
                 FrontDomain, base_path)
        fun.send(rbmExc, message.addhttp_back['AddCustomAppPolicy'],
                 BackDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        front_res = fun.nginx_worker('ps -ef |grep nginx',
                                     'FrontDut',
                                     'nginx: worker process',
                                     name='前置机nginx进程')
        assert front_res == 1
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        back_res = fun.nginx_worker('ps -ef |grep nginx',
                                    'BackDut',
                                    'nginx: worker process',
                                    name='后置机nginx进程')
        assert back_res == 1
        # 检查配置下发是否成功
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0], 'FrontDut',
                               self.case1_step1[key][1], '配置', 100)
            print(re)
            assert self.case1_step1[key][1] in re

        for key in self.case1_step11:
            re = fun.wait_data(self.case1_step11[key][0], 'FrontDut',
                               self.case1_step11[key][1], '配置', 100)
            print(re)
            assert self.case1_step11[key][1] in re

        # 发送get请求,验证get请求是否正常
        print('请求地址为{}'.format(http_url))
        content = http_check.http_get(http_url)
        print('验证隔离下的get请求内容为:{}'.format(content))

        # 发送get请求,验证隔离下的http策略下载一个10G大小的文件
        print('下载的服务器地址为{}'.format(self.downfile_url))
        result = http_check.http_download(self.downfile_url,
                                          self.downlocalPath)
        assert result == 1

        # 判断文件大小是否是10G
        file_size = os.path.getsize(self.downlocalPath)
        file_size = file_size / float(1024 * 1024)  # 将单位转化为M
        print("file_size: ", file_size)
        assert 95.0 <= file_size <= 105.0

        # 移除策略,清空环境
        fun.send(rbmExc, message.delhttp_front['DelCustomAppPolicy'],
                 FrontDomain, base_path)
        fun.send(rbmExc, message.delhttp_back['DelCustomAppPolicy'],
                 BackDomain, base_path)
        fdel_res = fun.nginx_worker('ps -ef |grep nginx',
                                    'FrontDut',
                                    'nginx: worker process',
                                    name='前置机nginx进程')
        assert fdel_res == 1
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        bdel_res = fun.nginx_worker('ps -ef |grep nginx',
                                    'BackDut',
                                    'nginx: worker process',
                                    name='后置机nginx进程')
        assert bdel_res == 1
        # 检查策略移除是否成功
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0],
                               'FrontDut',
                               self.case1_step1[key][1],
                               '配置',
                               100,
                               flag='不存在')
            print(re)
            assert self.case1_step1[key][1] not in re
Exemple #10
0
    def test_http_check_MIME_deny_a3(self):

        # 下发配置
        fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        add_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
                                    'nginx: worker process')
        assert add_res1 == 1
        # 检查配置下发是否成功
        for key in self.case3_step1:
            re = fun.wait_data(self.case3_step1[key][0], 'gw',
                               self.case3_step1[key][1], '配置', 100)
            print(re)
            assert self.case3_step1[key][1] in re

        fun.send(rbmExc, message.httpcheck3['SetHttpCheck'], rbmDomain,
                 base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
                                    'nginx: worker process')
        assert add_res2 == 1
        for key in self.case3_step2:
            re = fun.wait_data(self.case3_step2[key][0], 'gw',
                               self.case3_step2[key][1], '配置', 100)
            print(re)
            assert self.case3_step2[key][1] in re

        # 发送get请求,不指定内容的普通请求
        content = http_check.http_get(url)
        print('get普通请求的请求内容为:{}'.format(content))
        assert content == http_content

        # 发送get请求,请求内容包含MIME黑名单
        status_code = http_check.http_get(self.base_uri, self.data, flag=1)
        print('get请求内容包含MIME黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 发送get请求,请求内容包含MIME第一个黑名单
        status_code1 = http_check.http_get(self.case2_uri1, self.data, flag=1)
        print('get请求内容包含MIM第一个黑名单{}返回的状态码为:{}'.format(self.case2_uri1,
                                                      status_code1))
        assert status_code1 == 403

        # 发送get请求,请求内容包含MIME第二个黑名单
        status_code2 = http_check.http_get(self.case2_uri2, self.data, flag=1)
        print('get请求内容包含MIM第二个黑名单{}返回的状态码为:{}'.format(self.case2_uri2,
                                                      status_code2))
        assert status_code2 == 403

        # 发送get请求,请求内容包含MIME第三个黑名单
        status_code3 = http_check.http_get(self.case2_uri3, self.data, flag=1)
        print('get请求内容包含MIM第三个黑名单{}返回的状态码为:{}'.format(self.case2_uri3,
                                                      status_code3))
        assert status_code3 == 403

        # 发送get请求,请求内容包含MIME第四个黑名单
        status_code4 = http_check.http_get(self.case2_uri4, self.data, flag=1)
        print('get请求内容包含MIM第四个黑名单{}返回的状态码为:{}'.format(self.case2_uri4,
                                                      status_code4))
        assert status_code4 == 403

        # 发送get请求,请求内容包含MIME第五个黑名单
        status_code5 = http_check.http_get(self.case2_uri5, self.data, flag=1)
        print('get请求内容包含MIM第五个黑名单{}返回的状态码为:{}'.format(self.case2_uri5,
                                                      status_code5))
        assert status_code5 == 403

        # 移除策略,还原环境
        fun.send(rbmExc, message.delhttp['DelAgent'], rbmDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        del_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
                                    'nginx: worker process')
        assert del_res1 == 1
        # 检查代理是否成功移除
        for key in self.case3_step1:
            re = fun.wait_data(self.case3_step1[key][0],
                               'gw',
                               self.case3_step1[key][1],
                               '配置',
                               100,
                               flag='不存在')
            assert self.case3_step1[key][1] not in re
        # 检查网页访问策略是否清空
        fun.send(rbmExc, message.delhttpcheck['DropHttpCheck'], rbmDomain,
                 base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
                                    'nginx: worker process')
        assert del_res2 == 1
        for key in self.delcheck:
            re = fun.wait_data(self.delcheck[key][0],
                               'gw',
                               self.delcheck[key][1],
                               '配置',
                               100,
                               flag='不存在')
            assert self.delcheck[key][1] not in re
Exemple #11
0
    def test_http_check_get_a1(self):

        # 下发配置
        fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        add_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
                                    'nginx: worker process')
        assert add_res1 == 1
        # 检查配置下发是否成功
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0], 'gw',
                               self.case1_step1[key][1], '配置', 100)
            print('添加策略_re: ', re)
            assert self.case1_step1[key][1] in re

        # 数据检查
        fun.send(rbmExc, message.httpcheck1['SetHttpCheck'], rbmDomain,
                 base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
                                    'nginx: worker process')
        assert add_res2 == 1
        for key in self.case1_step2:
            re = fun.wait_data(self.case1_step2[key][0], 'gw',
                               self.case1_step2[key][1], '配置', 100)
            print("需包含字符串:", self.case1_step2[key][1])
            print('httpCheck_re: ', re)
            assert self.case1_step2[key][1] in re

        # 发送get请求,不包含黑名单内容的普通请求
        content = http_check.http_get(url)
        print('get普通请求的请求内容为:{}'.format(content))
        assert content == http_content

        result = fun.search('/opt', 'sh', 'gw')
        print('---------fun.search: \n', result)

        # 发送get请求,请求内容不包含黑名单内容
        content = http_check.http_get(url, self.data)
        print('get请求内容不包含黑名单的请求应返回的内容为:{}'.format(content))
        assert content == http_content

        # 发送get请求,请求内容包含黑名单
        status_code = http_check.http_get(url, self.case1_data)
        print('get请求内容包含黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 移除策略,还原环境
        fun.send(rbmExc, message.delhttp['DelAgent'], rbmDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        del_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
                                    'nginx: worker process')
        assert del_res1 == 1
        # 检查代理是否成功移除
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0],
                               'gw',
                               self.case1_step1[key][1],
                               '配置',
                               100,
                               flag='不存在')
            assert self.case1_step1[key][1] not in re
        # 检查网页访问策略是否清空
        fun.send(rbmExc, message.delhttpcheck['DropHttpCheck'], rbmDomain,
                 base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
                                    'nginx: worker process')
        assert del_res2 == 1
        for key in self.delcheck:
            re = fun.wait_data(self.delcheck[key][0],
                               'gw',
                               self.delcheck[key][1],
                               '配置',
                               100,
                               flag='不存在')
            assert self.delcheck[key][1] not in re
Exemple #12
0
    def test_http_check_MIME_allow_a1(self):

        # 下发配置
        fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        add_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
                                    'nginx: worker process')
        assert add_res1 == 1
        # 检查配置下发是否成功
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0], 'gw',
                               self.case1_step1[key][1], '配置', 100)
            print(re)
            assert self.case1_step1[key][1] in re

        fun.send(rbmExc, message.httpcheck1['SetHttpCheck'], rbmDomain,
                 base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
                                    'nginx: worker process')
        assert add_res2 == 1
        for key in self.case1_step2:
            re = fun.wait_data(self.case1_step2[key][0], 'gw',
                               self.case1_step2[key][1], '配置', 100)
            print(re)
            assert self.case1_step2[key][1] in re

        # 发送get请求,不指定内容的普通请求
        content = http_check.http_get(url)
        print('get普通请求的请求内容为:{}'.format(content))
        assert content == http_content

        # 发送get请求,请求内容不包含MIME白名单
        status_code = http_check.http_get(self.base_uri, self.data, flag=1)
        print('get请求内容不包含MIME白名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 发送get请求,请求内容包含MIME白名单
        status_code = http_check.http_get(self.case1_uri, self.data, flag=1)
        print('get请求内容包含MIM第一个E白名单返回的状态码为:{}'.format(status_code))
        assert status_code == 200

        # 移除策略,还原环境
        fun.send(rbmExc, message.delhttp['DelAgent'], rbmDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        del_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
                                    'nginx: worker process')
        assert del_res1 == 1
        # 检查代理是否成功移除
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0],
                               'gw',
                               self.case1_step1[key][1],
                               '配置',
                               100,
                               flag='不存在')
            assert self.case1_step1[key][1] not in re
        # 检查网页访问策略是否清空
        fun.send(rbmExc, message.delhttpcheck['DropHttpCheck'], rbmDomain,
                 base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
                                    'nginx: worker process')
        assert del_res2 == 1
        for key in self.delcheck:
            re = fun.wait_data(self.delcheck[key][0],
                               'gw',
                               self.delcheck[key][1],
                               '配置',
                               100,
                               flag='不存在')
            assert self.delcheck[key][1] not in re
Exemple #13
0
    def test_http_check_get_post_uri_MIME_a1(self):

        # 下发配置
        fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        add_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
                                    'nginx: worker process')
        assert add_res1 == 1
        # 检查配置下发是否成功
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0], 'gw',
                               self.case1_step1[key][1], '配置', 100)
            print(re)
            assert self.case1_step1[key][1] in re

        fun.send(rbmExc, message.httpcheck1['SetHttpCheck'], rbmDomain,
                 base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
                                    'nginx: worker process')
        assert add_res2 == 1
        for key in self.case1_step2:
            re = fun.wait_data(self.case1_step2[key][0], 'gw',
                               self.case1_step2[key][1], '配置', 100)
            print(re)
            assert self.case1_step2[key][1] in re

        # 1、发送get请求,不包含黑名单内容的普通请求
        content = http_check.http_get(url)
        print('1、get普通请求的请求内容为:{}'.format(content))
        assert content == http_content

        # 2、发送post请求,不包含黑名单内容的普通请求
        content = http_check.http_post(url)
        print('2、post普通请求的请求内容为:{}'.format(content))
        assert content == http_content

        # 3、发送get请求,请求内容包含第一个get黑名单
        status_code1 = http_check.http_get(url, self.case1_get_data1)
        print('3、get请求内容包含第一个get黑名单返回的状态码为:{}'.format(status_code1))
        assert status_code1 == 403

        # 4、发送get请求,请求内容包含第二个get黑名单
        status_code2 = http_check.http_get(url, self.case1_get_data2)
        print('4、get请求内容包含第二个get黑名单返回的状态码为:{}'.format(status_code2))
        assert status_code2 == 403

        # 5、发送get请求,请求内容包含第一个uri黑名单
        status_code3 = http_check.http_get(self.case1_uri1, self.data)
        print('5、get请求内容包含第一个uri黑名单返回的状态码为:{}'.format(status_code3))
        assert status_code3 == 403

        # 6、发送get请求,请求内容包含第二个uri黑名单
        status_code4 = http_check.http_get(self.case1_uri2, self.data)
        print('6、get请求内容包含第二个uri黑名单返回的状态码为:{}'.format(status_code4))
        assert status_code4 == 403

        # 7、发送get请求,请求内容包含第一个post黑名单
        content = http_check.http_get(url, self.case1_post_data1)
        print('7、get请求内容包含第一个post黑名单的请求内容为:{}'.format(content))
        assert content == http_content

        # 8、发送get请求,请求内容包含第二个post黑名单
        content = http_check.http_get(url, self.case1_post_data2)
        print('8、get请求内容包含第二个post黑名单的请求内容为:{}'.format(content))
        assert content == http_content

        # 9、发送post请求,请求内容包含第一个post黑名单
        status_code5 = http_check.http_post(url, self.case1_post_data1)
        print('9、post请求内容包含第一个post黑名单返回的状态码为:{}'.format(status_code5))
        assert status_code5 == 403

        # 10、发送post请求,请求内容包含第二个post黑名单
        status_code6 = http_check.http_post(url, self.case1_post_data2)
        print('10、post请求内容包含第二个post黑名单返回的状态码为:{}'.format(status_code6))
        assert status_code6 == 403

        # 11、发送post请求,请求内容包含第一个uri黑名单
        status_code7 = http_check.http_post(self.case1_uri1, self.data)
        print('11、post请求内容包含第一个uri黑名单返回的状态码为:{}'.format(status_code7))
        assert status_code7 == 403

        # 12、发送post请求,请求内容包含第二个uri黑名单
        status_code8 = http_check.http_post(self.case1_uri2, self.data)
        print('12、post请求内容包含第二个uri黑名单返回的状态码为:{}'.format(status_code8))
        assert status_code8 == 403

        # 13、发送post请求,请求内容包含第一个get黑名单
        content = http_check.http_post(url, self.case1_get_data1)
        print('13、post请求内容包含第一个get黑名单的请求内容为:{}'.format(content))
        assert content == http_content

        # 14、发送post请求,请求内容包含第二个get黑名单
        content = http_check.http_post(url, self.case1_get_data2)
        print('14、post请求内容包含第二个get黑名单的请求内容为:{}'.format(content))
        assert content == http_content

        # 15、发送get请求,请求内容包含第一个MIME白名单
        status_code9 = http_check.http_get(self.case1_MIME1, self.data, flag=1)
        print('15、get请求内容包含第一个MIME白名单返回的状态码为:{}'.format(status_code9))
        assert status_code9 == 200

        # 16、发送get请求,请求内容包含第二个MIME白名单
        status_code10 = http_check.http_get(self.case1_MIME2,
                                            self.data,
                                            flag=1)
        print('16、get请求内容包含第二个MIME白名单返回的状态码为:{}'.format(status_code10))
        assert status_code10 == 200

        # 17、发送get请求,请求内容包含MIME类型不在白名单
        status_code11 = http_check.http_get(self.base_uri, self.data, flag=1)
        print('17、get请求内容包含MIME类型不在白名单返回的状态码为:{}'.format(status_code11))
        assert status_code11 == 403

        # 18、发送get请求,请求内容包含MIME白名单和get黑名单
        status_code12 = http_check.http_get(self.case1_MIME1,
                                            self.case1_get_data2,
                                            flag=1)
        print('18、get请求内容包含MIME白名单和get黑名单返回的状态码为:{}'.format(status_code12))
        assert status_code12 == 403

        # 19、发送get请求,请求内容包含MIME白名单和post黑名单
        status_code13 = http_check.http_get(self.case1_MIME2,
                                            self.case1_post_data1,
                                            flag=1)
        print('19、get请求内容包含MIME白名单和post黑名单返回的状态码为:{}'.format(status_code13))
        assert status_code13 == 200

        # 移除策略,还原环境
        fun.send(rbmExc, message.delhttp['DelAgent'], rbmDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        del_res1 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
                                    'nginx: worker process')
        assert del_res1 == 1
        # 检查代理是否成功移除
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0],
                               'gw',
                               self.case1_step1[key][1],
                               '配置',
                               100,
                               flag='不存在')
            assert self.case1_step1[key][1] not in re
        # 检查网页访问策略是否清空
        fun.send(rbmExc, message.delhttpcheck['DropHttpCheck'], rbmDomain,
                 base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'gw',
                                    'nginx: worker process')
        assert del_res2 == 1
        for key in self.delcheck:
            re = fun.wait_data(self.delcheck[key][0],
                               'gw',
                               self.delcheck[key][1],
                               '配置',
                               100,
                               flag='不存在')
            assert self.delcheck[key][1] not in re
Exemple #14
0
    def test_iso_http_check_MIME_allow_a1(self):

        # 下发配置
        print(
            '1、下发http的隔离代理:代理ip为前置机安全卡的ip,port为2287,等待nginx的24个进程起来;预期netstat -anp |grep tcp应该可以查看到监听ip和端口'
        )
        fun.send(rbmExc, message.addhttp_front['AddCustomAppPolicy'],
                 FrontDomain, base_path)
        fun.send(rbmExc, message.addhttp_back['AddCustomAppPolicy'],
                 BackDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        front_res = fun.nginx_worker('ps -ef |grep nginx',
                                     'FrontDut',
                                     'nginx: worker process',
                                     name='前置机nginx进程')
        assert front_res == 1
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        back_res = fun.nginx_worker('ps -ef |grep nginx',
                                    'BackDut',
                                    'nginx: worker process',
                                    name='后置机nginx进程')
        assert back_res == 1
        # 检查配置下发是否成功
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0], 'FrontDut',
                               self.case1_step1[key][1], '配置', 100)
            print(re)
            assert self.case1_step1[key][1] in re

        for key in self.case1_step11:
            re = fun.wait_data(self.case1_step11[key][0], 'FrontDut',
                               self.case1_step11[key][1], '配置', 100)
            print(re)
            assert self.case1_step11[key][1] in re

        # 数据检查
        print(
            '2、下发http的MIME白名单,参数为:pdf,等待nginx的24个进程起来;预期cat /etc/jsac/http.json文件应该包含:s_content_type和MIME白名单参数:pdf'
        )
        fun.send(rbmExc, message.httpcheck1['SetHttpCheck'], FrontDomain,
                 base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut',
                                    'nginx: worker process')
        assert add_res2 == 1
        for key in self.case1_step2:
            re = fun.wait_data(self.case1_step2[key][0], 'FrontDut',
                               self.case1_step2[key][1], '配置', 100)
            assert self.case1_step2[key][1] in re

        # 发送get请求,不指定内容的普通请求
        print('3、控制台发送get请求,不包含请求内容;请求成功,请求到的内容为server的index.html文件内包含的内容')
        content = http_check.http_get(http_url)
        print('get普通请求的请求内容为:{}'.format(content))
        assert content == http_content

        # 发送get请求,请求内容不包含MIME白名单
        print('4、控制台发送get请求,请求内容不包含MIME白名单;请求失败,状态码返回为403')
        status_code = http_check.http_get(self.base_uri, self.data, flag=1)
        print('get请求内容不包含MIME白名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 发送get请求,请求内容包含MIME白名单
        print('5、控制台发送get请求,请求内容包含MIME白名单:pdf;请求成功,状态码返回为200')
        status_code = http_check.http_get(self.case1_uri, self.data, flag=1)
        print('get请求内容包含MIM第一个E白名单返回的状态码为:{}'.format(status_code))
        assert status_code == 200

        # 移除策略,还原环境
        print(
            '6、移除代理策略,清空环境,等待nginx的24个进程起来;cat /etc/jsac/http.stream应该不包含代理ip和port'
        )
        fun.send(rbmExc, message.delhttp_front['DelCustomAppPolicy'],
                 FrontDomain, base_path)
        fun.send(rbmExc, message.delhttp_back['DelCustomAppPolicy'],
                 BackDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        fdel_res = fun.nginx_worker('ps -ef |grep nginx',
                                    'FrontDut',
                                    'nginx: worker process',
                                    name='前置机nginx进程')
        assert fdel_res == 1
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        bdel_res = fun.nginx_worker('ps -ef |grep nginx',
                                    'BackDut',
                                    'nginx: worker process',
                                    name='后置机nginx进程')
        assert bdel_res == 1
        # 检查策略移除是否成功
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0],
                               'FrontDut',
                               self.case1_step1[key][1],
                               '配置',
                               100,
                               flag='不存在')
            print(re)
            assert self.case1_step1[key][1] not in re

        # 检查网页访问策略是否清空
        print(
            '7、移除网页访问策略,等待nginx的24个进程起来;cat /etc/jsac/http.json文件应该不包含:http协议')
        fun.send(rbmExc, message.delhttpcheck['DropHttpCheck'], FrontDomain,
                 base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut',
                                    'nginx: worker process')
        assert del_res2 == 1
        for key in self.delcheck:
            re = fun.wait_data(self.delcheck[key][0],
                               'FrontDut',
                               self.delcheck[key][1],
                               '配置',
                               100,
                               flag='不存在')
            assert self.delcheck[key][1] not in re
Exemple #15
0
    def test_http_check_MIME_allow_a3(self):
        # 下发配置
        fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        # 检查配置下发是否成功
        for key in self.case3_step1:
            re = fun.wait_data(self.case3_step1[key][0], 'gw',
                               self.case3_step1[key][1], '配置', 100)
            print(re)
            assert self.case3_step1[key][1] in re

        fun.send(rbmExc, message.httpcheck3['SetHttpCheck'], rbmDomain,
                 base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        for key in self.case3_step2:
            re = fun.wait_data(self.case3_step2[key][0], 'gw',
                               self.case3_step2[key][1], '配置', 100)
            print(re)
            assert self.case3_step2[key][1] in re

        # 发送get请求,不指定内容的普通请求
        content = http_check.http_get(url)
        print('get普通请求的请求内容为:{}'.format(content))
        assert content == http_content

        # 发送get请求,请求内容包含MIME白名单
        status_code = http_check.http_get(self.base_uri, self.data, flag=1)
        print('get请求内容包含MIME白名单返回的状态码为:{}'.format(status_code))
        assert status_code == 200

        # 发送get请求,请求内容包含MIME第一个白名单
        status_code1 = http_check.http_get(self.case2_uri1, self.data, flag=1)
        print('get请求内容包含MIM第一个白名单{}返回的状态码为:{}'.format(self.case2_uri1,
                                                      status_code1))
        assert status_code1 == 200

        # 发送get请求,请求内容包含MIME第二个白名单
        status_code2 = http_check.http_get(self.case2_uri2, self.data, flag=1)
        print('get请求内容包含MIM第二个白名单{}返回的状态码为:{}'.format(self.case2_uri2,
                                                      status_code2))
        assert status_code2 == 200

        # 发送get请求,请求内容包含MIME第三个白名单
        status_code3 = http_check.http_get(self.case2_uri3, self.data, flag=1)
        print('get请求内容包含MIM第三个白名单{}返回的状态码为:{}'.format(self.case2_uri3,
                                                      status_code3))
        assert status_code3 == 200

        # 发送get请求,请求内容包含MIME第四个白名单
        status_code4 = http_check.http_get(self.case2_uri4, self.data, flag=1)
        print('get请求内容包含MIM第四个白名单{}返回的状态码为:{}'.format(self.case2_uri4,
                                                      status_code4))
        assert status_code4 == 200

        # 发送get请求,请求内容包含MIME第五个白名单
        status_code5 = http_check.http_get(self.case2_uri5, self.data, flag=1)
        print('get请求内容包含MIM第五个白名单{}返回的状态码为:{}'.format(self.case2_uri5,
                                                      status_code5))
        assert status_code5 == 200
Exemple #16
0
    def test_iso_tcp_basic_a3(self):

        # 下发配置
        fun.send(rbmExc, message.addtcp_front['AddCustomAppPolicy'],
                 FrontDomain, base_path)
        fun.send(rbmExc, message.addtcp_back['AddCustomAppPolicy'], BackDomain,
                 base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        front_res = fun.nginx_worker('ps -ef |grep nginx',
                                     'FrontDut',
                                     'nginx: worker process',
                                     name='前置机nginx进程')
        assert front_res == 1
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        back_res = fun.nginx_worker('ps -ef |grep nginx',
                                    'BackDut',
                                    'nginx: worker process',
                                    name='后置机nginx进程')
        assert back_res == 1
        # 检查配置下发是否成功
        for key in self.case3_step1:
            re = fun.wait_data(self.case3_step1[key][0], 'FrontDut',
                               self.case3_step1[key][1], '配置', 100)
            print(re)
            assert self.case3_step1[key][1] in re

        for key in self.case3_step11:
            re = fun.wait_data(self.case3_step11[key][0], 'FrontDut',
                               self.case3_step11[key][1], '配置', 100)
            print(re)
            assert self.case3_step11[key][1] in re

        # 发送get请求,验证隔离下的tcp策略(http)
        print('请求地址为{}'.format(http_url))
        content = http_check.http_get(http_url)
        print('验证隔离下的tcp策略(http)请求内容为:{}'.format(content))
        assert content == http_content

        # 移除策略,清空环境
        fun.send(rbmExc, message.deltcp_front['DelCustomAppPolicy'],
                 FrontDomain, base_path)
        fun.send(rbmExc, message.deltcp_back['DelCustomAppPolicy'], BackDomain,
                 base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        fdel_res = fun.nginx_worker('ps -ef |grep nginx',
                                    'FrontDut',
                                    'nginx: worker process',
                                    name='前置机nginx进程')
        assert fdel_res == 1
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        bdel_res = fun.nginx_worker('ps -ef |grep nginx',
                                    'BackDut',
                                    'nginx: worker process',
                                    name='后置机nginx进程')
        assert bdel_res == 1
        # 检查策略移除是否成功
        for key in self.case3_step1:
            re = fun.wait_data(self.case3_step1[key][0],
                               'FrontDut',
                               self.case3_step1[key][1],
                               '配置',
                               100,
                               flag='不存在')
            print(re)
            assert self.case3_step1[key][1] not in re
Exemple #17
0
    def test_iso_http_check_MIME_allow_a3(self):
        # 下发配置
        print(
            '1、下发http的隔离代理:代理ip为前置机安全卡的ip,port为2287,等待nginx的24个进程起来;预期cat /etc/jsac/http.stream应该包含代理ip和port,且netstat -anp |grep tcp应该可以查看到监听ip和端口'
        )
        fun.send(rbmExc, message.addhttp_front['AddCustomAppPolicy'],
                 FrontDomain, base_path)
        fun.send(rbmExc, message.addhttp_back['AddCustomAppPolicy'],
                 BackDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        front_res = fun.nginx_worker('ps -ef |grep nginx',
                                     'FrontDut',
                                     'nginx: worker process',
                                     name='前置机nginx进程')
        assert front_res == 1
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        back_res = fun.nginx_worker('ps -ef |grep nginx',
                                    'BackDut',
                                    'nginx: worker process',
                                    name='后置机nginx进程')
        assert back_res == 1
        # 检查配置下发是否成功
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0], 'FrontDut',
                               self.case1_step1[key][1], '配置', 100)
            print(re)
            assert self.case1_step1[key][1] in re

        for key in self.case1_step11:
            re = fun.wait_data(self.case1_step11[key][0], 'FrontDut',
                               self.case1_step11[key][1], '配置', 100)
            print(re)
            assert self.case1_step11[key][1] in re

        # 数据检查
        print(
            '2、下发http的MIME白名单,参数为:所有MIME类型,等待nginx的24个进程起来;cat /etc/jsac/http.json文件应该包含:s_content_type和MIME所有类型'
        )
        fun.send(rbmExc, message.httpcheck3['SetHttpCheck'], FrontDomain,
                 base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut',
                                    'nginx: worker process')
        assert add_res2 == 1
        for key in self.case3_step2:
            re = fun.wait_data(self.case3_step2[key][0], 'FrontDut',
                               self.case3_step2[key][1], '配置', 100)
            print(re)
            assert self.case3_step2[key][1] in re
        MIME_res = fun.cmd(
            r"cat /usr/local/nginx/lua/http.lua | grep =\{ | grep -v local",
            'FrontDut')
        print('查看MIME白名单为:{}'.format(MIME_res))

        # 发送get请求,不指定内容的普通请求
        print('3、控制台发送get请求,不包含请求内容;请求成功,请求到的内容为server的index.html文件内包含的内容')
        content = http_check.http_get(http_url)
        print('get普通请求的请求内容为:{}'.format(content))
        assert content == http_content

        # 发送get请求,请求内容包含MIME白名单
        print('4、控制台发送get请求,请求内容包含MIME白名单:doc;请求成功,状态码返回为200')
        status_code = http_check.http_get(self.base_uri, self.data, flag=1)
        print('get请求内容包含MIME白名单返回的状态码为:{}'.format(status_code))
        assert status_code == 200

        # 发送get请求,请求内容包含MIME第一个白名单
        print('5、控制台发送get请求,请求内容包含MIME白名单:js;请求成功,状态码返回为200')
        status_code1 = http_check.http_get(self.case2_uri1, self.data, flag=1)
        print('get请求内容包含MIM第一个白名单{}返回的状态码为:{}'.format(self.case2_uri1,
                                                      status_code1))
        assert status_code1 == 200

        # 发送get请求,请求内容包含MIME第二个白名单
        print('6、控制台发送get请求,请求内容包含MIME白名单:mps;请求成功,状态码返回为200')
        status_code2 = http_check.http_get(self.case2_uri2, self.data, flag=1)
        print('get请求内容包含MIM第二个白名单{}返回的状态码为:{}'.format(self.case2_uri2,
                                                      status_code2))
        assert status_code2 == 200

        # 发送get请求,请求内容包含MIME第三个白名单
        print('7、控制台发送get请求,请求内容包含MIME白名单:gif;请求成功,状态码返回为200')
        status_code3 = http_check.http_get(self.case2_uri3, self.data, flag=1)
        print('get请求内容包含MIM第三个白名单{}返回的状态码为:{}'.format(self.case2_uri3,
                                                      status_code3))
        assert status_code3 == 200

        # 发送get请求,请求内容包含MIME第四个白名单
        print('8、控制台发送get请求,请求内容包含MIME白名单:tsv;请求成功,状态码返回为200')
        status_code4 = http_check.http_get(self.case2_uri4, self.data, flag=1)
        print('get请求内容包含MIM第四个白名单{}返回的状态码为:{}'.format(self.case2_uri4,
                                                      status_code4))
        assert status_code4 == 200

        # 发送get请求,请求内容包含MIME第五个白名单
        print('9、控制台发送get请求,请求内容包含MIME白名单:avi;请求成功,状态码返回为200')
        status_code5 = http_check.http_get(self.case2_uri5, self.data, flag=1)
        print('get请求内容包含MIM第五个白名单{}返回的状态码为:{}'.format(self.case2_uri5,
                                                      status_code5))
        assert status_code5 == 200

        # 移除策略,还原环境
        print(
            '10、移除代理策略,清空环境,等待nginx的24个进程起来;netstat -anp |grep tcp应该查看不到监听ip和端口'
        )
        fun.send(rbmExc, message.delhttp_front['DelCustomAppPolicy'],
                 FrontDomain, base_path)
        fun.send(rbmExc, message.delhttp_back['DelCustomAppPolicy'],
                 BackDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        fdel_res = fun.nginx_worker('ps -ef |grep nginx',
                                    'FrontDut',
                                    'nginx: worker process',
                                    name='前置机nginx进程')
        assert fdel_res == 1
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        bdel_res = fun.nginx_worker('ps -ef |grep nginx',
                                    'BackDut',
                                    'nginx: worker process',
                                    name='后置机nginx进程')
        assert bdel_res == 1
        # 检查策略移除是否成功
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0],
                               'FrontDut',
                               self.case1_step1[key][1],
                               '配置',
                               100,
                               flag='不存在')
            print(re)
            assert self.case1_step1[key][1] not in re

        # 检查网页访问策略是否清空
        print(
            '11、移除网页访问策略,等待nginx的24个进程起来;cat /etc/jsac/http.json文件应该不包含:http协议'
        )
        fun.send(rbmExc, message.delhttpcheck['DropHttpCheck'], FrontDomain,
                 base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut',
                                    'nginx: worker process')
        assert del_res2 == 1
        for key in self.delcheck:
            re = fun.wait_data(self.delcheck[key][0],
                               'FrontDut',
                               self.delcheck[key][1],
                               '配置',
                               100,
                               flag='不存在')
            assert self.delcheck[key][1] not in re
Exemple #18
0
    def test_customapp_direction_twoway(self):

        # 下发配置
        fun.send(rbmExc, message.add_app_twoway_front['AddCustomAppPolicy'],
                 FrontDomain, base_path)
        fun.send(rbmExc, message.add_app_twoway_back['AddCustomAppPolicy'],
                 BackDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        front_res1 = fun.nginx_worker('ps -ef |grep nginx',
                                      'FrontDut',
                                      'nginx: worker process',
                                      name='前置机nginx进程')
        assert front_res1 == 1
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        back_res1 = fun.nginx_worker('ps -ef |grep nginx',
                                     'BackDut',
                                     'nginx: worker process',
                                     name='后置机nginx进程')
        assert back_res1 == 1
        # 检查配置下发是否成功
        for key in self.case3_step1:
            re = fun.wait_data(self.case3_step1[key][0], 'FrontDut',
                               self.case3_step1[key][1], '前置机配置', 100)
            assert self.case3_step1[key][1] in re

        for key in self.case3_step2:
            re = fun.wait_data(self.case3_step2[key][0], 'FrontDut',
                               self.case3_step2[key][1], '前置机配置', 100)
            assert self.case3_step2[key][1] in re

        for key in self.case0_step1:
            re = fun.wait_data(self.case0_step1[key][0], 'BackDut',
                               self.case0_step1[key][1], '后置机配置', 100)
            assert self.case0_step1[key][1] in re

        # 发送请求,检测定制应用双向通信策略是否生效
        status_code = http_check.http_get(url, flag=1)
        print('url:', url)
        print('定制应用下行、get请求的请求内容为:{}'.format(status_code))
        assert status_code == 200

        # 移除策略
        fun.send(rbmExc, message.del_app_action_front['DelCustomAppPolicy'],
                 FrontDomain, base_path)
        fun.send(rbmExc, message.del_app_action_back['DelCustomAppPolicy'],
                 BackDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        front_res1 = fun.nginx_worker('ps -ef |grep nginx',
                                      'FrontDut',
                                      'nginx: worker process',
                                      name='前置机nginx进程')
        assert front_res1 == 1
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        back_res1 = fun.nginx_worker('ps -ef |grep nginx',
                                     'BackDut',
                                     'nginx: worker process',
                                     name='后置机nginx进程')
        assert back_res1 == 1
        # 检查配置移除是否成功
        for key in self.case3_step1:
            re = fun.wait_data(self.case3_step1[key][0],
                               'FrontDut',
                               self.case3_step1[key][1],
                               '前置机配置',
                               100,
                               flag='不存在')
            assert self.case3_step1[key][1] not in re

        for key in self.case0_step1:
            re = fun.wait_data(self.case0_step1[key][0],
                               'BackDut',
                               self.case0_step1[key][1],
                               '后置机配置',
                               100,
                               flag='不存在')
            assert self.case0_step1[key][1] not in re
Exemple #19
0
    def test_iso_http_check_get_post_uri_MIME_a2(self):

        # 下发配置
        print(
            '1、下发http的隔离代理:代理ip为前置机安全卡的ip,port为2287,等待nginx的24个进程起来;预期netstat -anp |grep tcp应该可以查看到监听ip和端口'
        )
        fun.send(rbmExc, message.addhttp_front['AddCustomAppPolicy'],
                 FrontDomain, base_path)
        fun.send(rbmExc, message.addhttp_back['AddCustomAppPolicy'],
                 BackDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        front_res = fun.nginx_worker('ps -ef |grep nginx',
                                     'FrontDut',
                                     'nginx: worker process',
                                     name='前置机nginx进程')
        assert front_res == 1
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        back_res = fun.nginx_worker('ps -ef |grep nginx',
                                    'BackDut',
                                    'nginx: worker process',
                                    name='后置机nginx进程')
        assert back_res == 1
        # 检查配置下发是否成功
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0], 'FrontDut',
                               self.case1_step1[key][1], '配置', 100)
            print(re)
            assert self.case1_step1[key][1] in re

        for key in self.case1_step11:
            re = fun.wait_data(self.case1_step11[key][0], 'FrontDut',
                               self.case1_step11[key][1], '配置', 100)
            print(re)
            assert self.case1_step11[key][1] in re

        # 数据检查
        print(
            '2、下发http的get黑名单,参数为:hello、juson;post黑名单:123、456;uri黑名单:mzh、hkl;MIME黑名单:css、avi,等待nginx的24个进程起来;预期cat /etc/jsac/http.json文件应该包含:c_get_args和get黑名单参数:123'
        )
        fun.send(rbmExc, message.httpcheck2['SetHttpCheck'], FrontDomain,
                 base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut',
                                    'nginx: worker process')
        assert add_res2 == 1
        for key in self.case2_step2:
            re = fun.wait_data(self.case2_step2[key][0], 'FrontDut',
                               self.case2_step2[key][1], '配置', 100)
            assert self.case2_step2[key][1] in re

        # 1、发送get请求,不包含黑名单内容的普通请求
        print('3、控制台发送get请求,不包含请求内容;请求成功,请求到的内容为server的index.html文件内包含的内容')
        content = http_check.http_get(http_url)
        print('1、get普通请求的请求内容为:{}'.format(content))
        assert content == http_content

        # 2、发送post请求,不包含黑名单内容的普通请求
        print('4、控制台发送post请求,不包含请求内容;请求成功,请求到的内容为server的index.html文件内包含的内容')
        content = http_check.http_post(http_url)
        print('2、post普通请求的请求内容为:{}'.format(content))
        assert content == http_content

        # 3、发送get请求,请求内容包含第一个get黑名单
        print('5、控制台发送get请求,请求内容包含get黑名单hello;请求失败,状态码返回为403')
        status_code = http_check.http_get(http_url, self.case1_get_data1)
        print('3、get请求内容包含第一个get黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 4、发送get请求,请求内容包含第二个get黑名单
        print('6、控制台发送get请求,请求内容包含get黑名单juson;请求失败,状态码返回为403')
        status_code = http_check.http_get(http_url, self.case1_get_data2)
        print('4、get请求内容包含第二个get黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 5、发送get请求,请求内容包含第一个uri黑名单
        print('7、控制台发送get请求,请求内容包含uri黑名单mzh;请求失败,状态码返回为403')
        status_code = http_check.http_get(self.case1_uri1, self.data)
        print('5、get请求内容包含第一个uri黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 6、发送get请求,请求内容包含第二个uri黑名单
        print('8、控制台发送get请求,请求内容包含uri黑名单hkl;请求失败,状态码返回为403')
        status_code = http_check.http_get(self.case1_uri2, self.data)
        print('6、get请求内容包含第二个uri黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 7、发送get请求,请求内容包含第一个post黑名单
        print(
            '9、控制台发送get请求,请求内容包含post黑名单123;请求成功,请求到的内容为server的index.html文件内包含的内容'
        )
        content = http_check.http_get(http_url, self.case1_post_data1)
        print('7、get请求内容包含第一个post黑名单的请求内容为:{}'.format(content))
        assert content == http_content

        # 8、发送get请求,请求内容包含第二个post黑名单
        print(
            '10、控制台发送get请求,请求内容包含post黑名单456;请求成功,请求到的内容为server的index.html文件内包含的内容'
        )
        content = http_check.http_get(http_url, self.case1_post_data2)
        print('8、get请求内容包含第二个post黑名单的请求内容为:{}'.format(content))
        assert content == http_content

        # 9、发送post请求,请求内容包含第一个post黑名单
        print('11、控制台发送post请求,请求内容包含post黑名单123;请求失败,状态码返回为403')
        status_code = http_check.http_post(http_url, self.case1_post_data1)
        print('9、post请求内容包含第一个post黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 10、发送post请求,请求内容包含第二个post黑名单
        print('12、控制台发送post请求,请求内容包含post黑名单456;请求失败,状态码返回为403')
        status_code = http_check.http_post(http_url, self.case1_post_data2)
        print('10、post请求内容包含第二个post黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 11、发送post请求,请求内容包含第一个uri黑名单
        print('13、控制台发送post请求,请求内容包含uri黑名单mzh;请求失败,状态码返回为403')
        status_code = http_check.http_post(self.case1_uri1, self.data)
        print('11、post请求内容包含第一个uri黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 12、发送post请求,请求内容包含第二个uri黑名单
        print('14、控制台发送post请求,请求内容包含uri黑名单hkl;请求失败,状态码返回为403')
        status_code = http_check.http_post(self.case1_uri2, self.data)
        print('12、post请求内容包含第二个uri黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 13、发送post请求,请求内容包含第一个get黑名单
        print(
            '15、控制台发送post请求,请求内容包含get黑名单hello;请求成功,请求到的内容为server的index.html文件内包含的内容'
        )
        content = http_check.http_post(http_url, self.case1_get_data1)
        print('13、post请求内容包含第一个get黑名单的请求内容为:{}'.format(content))
        assert content == http_content

        # 14、发送post请求,请求内容包含第二个get黑名单
        print(
            '16、控制台发送post请求,请求内容包含get黑名单juson;请求成功,请求到的内容为server的index.html文件内包含的内容'
        )
        content = http_check.http_post(http_url, self.case1_get_data2)
        print('14、post请求内容包含第二个get黑名单的请求内容为:{}'.format(content))
        assert content == http_content

        # 15、发送get请求,请求内容包含第一个MIME黑名单
        print('17、控制台发送get请求,请求内容包含MIME黑名单css;请求失败,状态码返回为403')
        status_code = http_check.http_get(self.case1_MIME1, self.data, flag=1)
        print('15、get请求内容包含第一个MIME黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 16、发送get请求,请求内容包含第二个MIME黑名单
        print('18、控制台发送get请求,请求内容包含MIME黑名单avi;请求失败,状态码返回为403')
        status_code = http_check.http_get(self.case1_MIME2, self.data, flag=1)
        print('16、get请求内容包含第二个MIME黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 17、发送get请求,请求内容包含MIME类型不在黑名单
        print('19、控制台发送get请求,请求内容包含MIME类型但不在黑白名单:pdf;请求成功,状态码返回为200')
        status_code = http_check.http_get(self.base_uri, self.data, flag=1)
        print('17、get请求内容包含MIME类型不在白名单返回的状态码为:{}'.format(status_code))
        assert status_code == 200

        # 18、发送get请求,请求内容包含MIME黑名单和post黑名单
        print('20、控制台发送get请求,请求内容包含MIME黑名单:avi和post黑名单:123;请求失败,状态码返回为403')
        status_code = http_check.http_get(self.case1_MIME2,
                                          self.case1_post_data1,
                                          flag=1)
        print('18、get请求内容包含MIME黑名单和post黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 18、发送get请求,请求内容包含MIME类型不为黑名单和get黑名单
        print(
            '21、控制台发送get请求,请求内容包含MIME类型但不在黑名单:pdf和get黑名单:hello;请求失败,状态码返回为403')
        status_code = http_check.http_get(self.base_uri,
                                          self.case1_get_data1,
                                          flag=1)
        print('18、get请求内容包含MIME类型不为黑名单和get黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 移除策略,还原环境
        print(
            '22、移除代理策略,清空环境,等待nginx的24个进程起来;netstat -anp |grep tcp应该查看不到监听ip和端口;'
        )
        fun.send(rbmExc, message.delhttp_front['DelCustomAppPolicy'],
                 FrontDomain, base_path)
        fun.send(rbmExc, message.delhttp_back['DelCustomAppPolicy'],
                 BackDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        fdel_res = fun.nginx_worker('ps -ef |grep nginx',
                                    'FrontDut',
                                    'nginx: worker process',
                                    name='前置机nginx进程')
        assert fdel_res == 1
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        bdel_res = fun.nginx_worker('ps -ef |grep nginx',
                                    'BackDut',
                                    'nginx: worker process',
                                    name='后置机nginx进程')
        assert bdel_res == 1
        # 检查策略移除是否成功
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0],
                               'FrontDut',
                               self.case1_step1[key][1],
                               '配置',
                               100,
                               flag='不存在')
            print(re)
            assert self.case1_step1[key][1] not in re

        # 检查网页访问策略是否清空
        print(
            '23、移除网页访问策略,等待nginx的24个进程起来;cat /etc/jsac/http.json文件应该不包含:http协议'
        )
        fun.send(rbmExc, message.delhttpcheck['DropHttpCheck'], FrontDomain,
                 base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut',
                                    'nginx: worker process')
        assert del_res2 == 1
        for key in self.delcheck:
            re = fun.wait_data(self.delcheck[key][0],
                               'FrontDut',
                               self.delcheck[key][1],
                               '配置',
                               100,
                               flag='不存在')
            assert self.delcheck[key][1] not in re
Exemple #20
0
    def test_http_check_get_post_uri_a1(self):

        # 下发配置
        fun.send(rbmExc, message.addhttp['AddAgent'], rbmDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        # 检查配置下发是否成功
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0], 'gw',
                               self.case1_step1[key][1], '配置', 100)
            print(re)
            assert self.case1_step1[key][1] in re

        fun.send(rbmExc, message.httpcheck1['SetHttpCheck'], rbmDomain,
                 base_path)
        fun.wait_data('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        fun.nginx_worker('ps -ef |grep nginx', 'gw', 'nginx: worker process')
        for key in self.case1_step2:
            re = fun.wait_data(self.case1_step2[key][0], 'gw',
                               self.case1_step2[key][1], '配置', 100)
            print(re)
            assert self.case1_step2[key][1] in re

        # 1、发送get请求,不包含黑名单内容的普通请求
        content = http_check.http_get(url)
        print('1、get普通请求的请求内容为:{}'.format(content))
        assert content == http_content

        # 2、发送post请求,不包含黑名单内容的普通请求
        content = http_check.http_post(url)
        print('2、post普通请求的请求内容为:{}'.format(content))
        assert content == http_content

        # 3、发送get请求,请求内容包含第一个get黑名单
        status_code = http_check.http_get(url, self.case1_get_data1)
        print('3、get请求内容包含第一个get黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 4、发送get请求,请求内容包含第二个get黑名单
        status_code = http_check.http_get(url, self.case1_get_data2)
        print('4、get请求内容包含第二个get黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 5、发送get请求,请求内容包含第一个uri黑名单
        status_code = http_check.http_get(self.case1_uri1, self.data)
        print('5、get请求内容包含第一个uri黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 6、发送get请求,请求内容包含第二个uri黑名单
        status_code = http_check.http_get(self.case1_uri2, self.data)
        print('6、get请求内容包含第二个uri黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 7、发送get请求,请求内容包含第一个post黑名单
        content = http_check.http_get(url, self.case1_post_data1)
        print('7、get请求内容包含第一个post黑名单的请求内容为:{}'.format(content))
        assert content == http_content

        # 8、发送get请求,请求内容包含第二个post黑名单
        content = http_check.http_get(url, self.case1_post_data2)
        print('8、get请求内容包含第二个post黑名单的请求内容为:{}'.format(content))
        assert content == http_content

        # 9、发送post请求,请求内容包含第一个post黑名单
        status_code = http_check.http_post(url, self.case1_post_data1)
        print('9、post请求内容包含第一个post黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 10、发送post请求,请求内容包含第二个post黑名单
        status_code = http_check.http_post(url, self.case1_post_data2)
        print('10、post请求内容包含第二个post黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 11、发送post请求,请求内容包含第一个uri黑名单
        status_code = http_check.http_post(self.case1_uri1, self.data)
        print('11、post请求内容包含第一个uri黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 12、发送post请求,请求内容包含第二个uri黑名单
        status_code = http_check.http_post(self.case1_uri2, self.data)
        print('12、post请求内容包含第二个uri黑名单返回的状态码为:{}'.format(status_code))
        assert status_code == 403

        # 13、发送post请求,请求内容包含第一个get黑名单
        content = http_check.http_post(url, self.case1_get_data1)
        print('13、post请求内容包含第一个get黑名单的请求内容为:{}'.format(content))
        assert content == http_content

        # 14、发送post请求,请求内容包含第二个get黑名单
        content = http_check.http_post(url, self.case1_get_data2)
        print('14、post请求内容包含第二个get黑名单的请求内容为:{}'.format(content))
        assert content == http_content
Exemple #21
0
    def test_customapp_massage_value_equal(self):

        # 下发配置
        fun.send(
            rbmExc,
            message.add_app_massage_value_equal_front['AddCustomAppPolicy'],
            FrontDomain, base_path)
        fun.send(
            rbmExc,
            message.add_app_massage_value_equal_back['AddCustomAppPolicy'],
            BackDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        front_res1 = fun.nginx_worker('ps -ef |grep nginx',
                                      'FrontDut',
                                      'nginx: worker process',
                                      name='前置机nginx进程')
        assert front_res1 == 1
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        back_res1 = fun.nginx_worker('ps -ef |grep nginx',
                                     'BackDut',
                                     'nginx: worker process',
                                     name='后置机nginx进程')
        assert back_res1 == 1
        # 检查配置下发是否成功
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0], 'FrontDut',
                               self.case1_step1[key][1], '前置机配置', 100)
            assert self.case1_step1[key][1] in re

        for key in self.case1_step2:
            re = fun.wait_data(self.case1_step2[key][0], 'FrontDut',
                               self.case1_step2[key][1], '前置机配置', 100)
            assert self.case1_step2[key][1] in re

        for key in self.case0_step1:
            re = fun.wait_data(self.case0_step1[key][0], 'BackDut',
                               self.case0_step1[key][1], '后置机配置', 100)
            assert self.case0_step1[key][1] in re

        # 发送请求,检测定制应用通信策略是否生效
        status_code = http_check.http_get(url, flag=1)
        print('url:', url)
        print('验证过滤类型为数值时,测试报文值等于比较值时定制应用通信情况,get请求的请求内容为:{}'.format(
            status_code))
        assert status_code == 200

        # 文件查看audit日志
        fun.wait_data(
            f"grep -n {proxy_port} /usr/local/nginx/logs/audit.log |tail -2",
            'FrontDut',
            self.case1_step3['step1'][0],
            '检查数值0x50545448',
            300,
            flag='存在')
        for key in self.case1_step3:
            re = fun.cmd(
                f"grep -n {proxy_port} /usr/local/nginx/logs/audit.log |tail -2 ",
                'FrontDut')
            print('re:', re)
            assert self.case1_step3[key][0] in re

        #移除策略
        fun.send(rbmExc, message.del_app_end_deny_front['DelCustomAppPolicy'],
                 FrontDomain, base_path)
        fun.send(rbmExc, message.del_app_end_deny_back['DelCustomAppPolicy'],
                 BackDomain, base_path)
        fun.wait_data('ps -ef |grep nginx', 'FrontDut',
                      'nginx: worker process')
        front_res1 = fun.nginx_worker('ps -ef |grep nginx',
                                      'FrontDut',
                                      'nginx: worker process',
                                      name='前置机nginx进程')
        assert front_res1 == 1
        fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
        back_res1 = fun.nginx_worker('ps -ef |grep nginx',
                                     'BackDut',
                                     'nginx: worker process',
                                     name='后置机nginx进程')
        assert back_res1 == 1

        #检查配置移除是否成功
        for key in self.case1_step1:
            re = fun.wait_data(self.case1_step1[key][0],
                               'FrontDut',
                               self.case1_step1[key][1],
                               '前置机配置',
                               100,
                               flag='不存在')
            assert self.case1_step1[key][1] not in re

        for key in self.case0_step1:
            re = fun.wait_data(self.case0_step1[key][0],
                               'BackDut',
                               self.case0_step1[key][1],
                               '后置机配置',
                               100,
                               flag='不存在')
            assert self.case0_step1[key][1] not in re
Exemple #22
0
	def test_iso_http_check_uri_a2(self):

		# 下发配置
		print('1、下发http的隔离代理:代理ip为前置机安全卡的ip,port为2287,等待nginx的24个进程起来;预期netstat -anp |grep tcp应该可以查看到监听ip和端口')
		fun.send(rbmExc, message.addhttp_front['AddCustomAppPolicy'], FrontDomain, base_path)
		fun.send(rbmExc, message.addhttp_back['AddCustomAppPolicy'], BackDomain, base_path)
		fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
		front_res = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
		assert front_res == 1
		fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
		back_res = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
		assert back_res == 1
		# 检查配置下发是否成功
		for key in self.case1_step1:
			re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '配置', 100)
			print(re)
			assert self.case1_step1[key][1] in re

		for key in self.case1_step11:
			re = fun.wait_data(self.case1_step11[key][0], 'FrontDut', self.case1_step11[key][1], '配置', 100)
			print(re)
			assert self.case1_step11[key][1] in re

		# 数据检查
		print('2、下发多个http的get黑名单,参数1为:test,参数2为juson,等待nginx的24个进程起来;cat /etc/jsac/http.json文件应该包含:c_http_uri和uri黑名单参数:test和juson')
		fun.send(rbmExc, message.httpcheck2['SetHttpCheck'], FrontDomain, base_path)
		fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
		add_res2 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
		assert add_res2 == 1
		for key in self.case2_step2:
			re = fun.wait_data(self.case2_step2[key][0], 'FrontDut', self.case2_step2[key][1], '配置', 100)
			print(re)
			assert self.case2_step2[key][1] in re

		# 发送get请求,不包含黑名单内容的普通请求
		print('3、控制台发送get请求,不包含请求内容;请求成功,请求到的内容为server的index.html文件内包含的内容')
		content = http_check.http_get(http_url)
		print('多个黑名单时get普通请求的请求内容为:{}'.format(content))
		assert content == http_content

		# 发送post请求,不包含黑名单内容的普通请求
		print('4、控制台发送post请求,不包含请求内容;请求成功,请求到的内容为server的index.html文件内包含的内容')
		content = http_check.http_post(http_url)
		print('多个黑名单时get普通请求的请求内容为:{}'.format(content))
		assert content == http_content

		# 发送get请求,请求内容包含第一个黑名单
		print('5、控制台发送get请求,请求内容包含黑名单test;请求失败,状态码返回为403')
		status_code = http_check.http_get(self.case2_uri1,self.data)
		print('多个黑名单时get请求内容包含第一个黑名单返回的状态码为:{}'.format(status_code))
		assert status_code == 403

		# 发送post请求,请求内容包含第一个黑名单
		print('6、控制台发送post请求,请求内容包含黑名单test;请求失败,状态码返回为403')
		status_code = http_check.http_post(self.case2_uri1, self.data)
		print('多个黑名单时get请求内容包含第一个黑名单返回的状态码为:{}'.format(status_code))
		assert status_code == 403

		# 发送get请求,请求内容包含第二个黑名单
		print('7、控制台发送get请求,请求内容包含黑名单juson;请求失败,状态码返回为403')
		status_code = http_check.http_get(self.case2_uri2, self.data)
		print('多个黑名单时get请求内容包含第二个黑名单返回的状态码为:{}'.format(status_code))
		assert status_code == 403

		# 发送post请求,请求内容包含第二个黑名单
		print('8、控制台发送post请求,请求内容包含黑名单juson;请求失败,状态码返回为403')
		status_code = http_check.http_post(self.case2_uri2, self.data)
		print('多个黑名单时get请求内容包含第二个黑名单返回的状态码为:{}'.format(status_code))
		assert status_code == 403

		# 移除策略,还原环境
		print('9、移除代理策略,清空环境,等待nginx的24个进程起来;netstat -anp |grep tcp应该查看不到监听ip和端口')
		fun.send(rbmExc, message.delhttp_front['DelCustomAppPolicy'], FrontDomain, base_path)
		fun.send(rbmExc, message.delhttp_back['DelCustomAppPolicy'], BackDomain, base_path)
		fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
		fdel_res = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process', name='前置机nginx进程')
		assert fdel_res == 1
		fun.wait_data('ps -ef |grep nginx', 'BackDut', 'nginx: worker process')
		bdel_res = fun.nginx_worker('ps -ef |grep nginx', 'BackDut', 'nginx: worker process', name='后置机nginx进程')
		assert bdel_res == 1
		# 检查策略移除是否成功
		for key in self.case1_step1:
			re = fun.wait_data(self.case1_step1[key][0], 'FrontDut', self.case1_step1[key][1], '配置', 100, flag='不存在')
			print(re)
			assert self.case1_step1[key][1] not in re

		# 检查网页访问策略是否清空
		print('10、移除网页访问策略,等待nginx的24个进程起来;cat /etc/jsac/http.json文件应该不包含:c_http_uri和uri黑名单参数:test、juson')
		fun.send(rbmExc, message.delhttpcheck['DropHttpCheck'], FrontDomain, base_path)
		fun.wait_data('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
		del_res2 = fun.nginx_worker('ps -ef |grep nginx', 'FrontDut', 'nginx: worker process')
		assert del_res2 == 1
		for key in self.delcheck:
			re = fun.wait_data(self.delcheck[key][0], 'FrontDut', self.delcheck[key][1], '配置', 100, flag='不存在')
			assert self.delcheck[key][1] not in re