class TestRules(unittest.TestCase):
def setUp(self):
self.helper = Secure_Track_Helper("127.0.0.1",
("username", "password"))
self.patcher = patch(
'pytos.common.rest_requests.requests.Session.send')
self.mock_get_uri = self.patcher.start()
self.mock_get_uri.return_value.status_code = 200
def tearDown(self):
self.patcher.stop()
def test_01_get_shadowed_rules(self):
self.mock_get_uri.return_value.content = fake_request_response(
"cleanup_set")
cleanup = self.helper.get_shadowed_rules_for_device_by_id(155)
self.assertIsInstance(cleanup, Cleanup_Set)
def test_02_get_rule_by_device_and_rule_id(self):
self.mock_get_uri.return_value.content = fake_request_response("rules")
rules = self.helper.get_rule_by_device_and_rule_id(155, 1318013)
self.assertEqual(rules[0].id, 1318013)
def test_03_get_rules_for_device(self):
self.mock_get_uri.return_value.content = fake_request_response("rules")
rules = self.helper.get_rules_for_device(155)
self.assertIsInstance(rules, Rules_List)
self.assertTrue(len(rules) > 0)
def test_04_failed_to_get_rules_for_device(self):
self.mock_get_uri.return_value.content = fake_request_response(
"empty_rules")
rules = self.helper.get_rules_for_device(155)
self.assertIsInstance(rules, Rules_List)
self.assertTrue(len(rules) == 0)
def test_05_get_shadowing_rules_for_device_id_and_rule_uids(self):
self.mock_get_uri.return_value.content = fake_request_response(
"cleanup_set")
uid = "{53b95431-73ee-43de-a153-d299f4eb4804}"
shadowing_rules = self.helper.get_shadowing_rules_for_device_id_and_rule_uids(
155, uid)
self.assertIsInstance(shadowing_rules, Cleanup_Set)
def test_06_failed_get_shadowing_rules_for_device_id_and_rule_uids(self):
self.mock_get_uri.return_value.content = fake_request_response(
"bad_request_error")
self.mock_get_uri.return_value.status_code = 400
with self.assertRaises(REST_Bad_Request_Error):
self.helper.get_shadowing_rules_for_device_id_and_rule_uids(
155, [])
def test_07_get_devices_by_rule_search(self):
self.mock_get_uri.return_value.content = fake_request_response(
"device_list_by_rule_search")
devices = self.helper.get_devices_by_rule_search()
self.assertIsInstance(devices, RuleSearchDeviceList)
def test_08_rule_search_for_device(self):
self.mock_get_uri.return_value.content = fake_request_response("rules")
rules = self.helper.rule_search_for_device(155)
self.assertIsInstance(rules, Rules_List)
self.assertTrue(len(rules) > 0)
def test_09_get_rules_for_revision(self):
self.mock_get_uri.return_value.content = fake_request_response("rules")
rules = self.helper.get_rules_for_revision(1, True)
self.assertIsInstance(rules, Rules_List)
self.assertTrue(len(rules) > 0)
def test_10_rule_documentation_format(self):
src_xml = fake_request_response("rule_documentation")
src_tree = lxml.etree.fromstring(src_xml)
src_b = io.BytesIO()
src_tree.getroottree().write_c14n(src_b)
# create a new record set fot the rule documentation
record_sets = [
Record_Set("*****@*****.**", "admin",
"2019-01-08T00:00:00+02:00", 1235, "this is a comment",
"")
]
rd = Rule_Documentation("admin", 'Comment for unittest suit',
record_sets, '', True)
dst_tree = lxml.etree.fromstring(rd.to_xml_string())
dst_b = io.BytesIO()
dst_tree.getroottree().write_c14n(dst_b)
self.assertEqual(src_b.getvalue(), dst_b.getvalue())
def test_11_get_rule_documentation_by_device_id_and_rule_id(self):
self.mock_get_uri.return_value.content = fake_request_response(
"rule_documentation")
rd = self.helper.get_rule_documentation_by_device_id_and_rule_id(
155, 1330304)
self.assertIsInstance(rd, Rule_Documentation)
def test_12_failed_to_get_rule_documentation_by_device_id_and_rule_id(
self):
self.mock_get_uri.return_value.content = fake_request_response(
"not_found_error")
self.mock_get_uri.return_value.status_code = 404
with self.assertRaises(ValueError):
self.helper.get_rule_documentation_by_device_id_and_rule_id(
155, 1330303)
def test_13_get_network_objects(self):
self.mock_get_uri.return_value.content = fake_request_response(
"network_objects_search")
network_objects = self.helper.network_object_text_search(
"81.81.81.5", "any_field")
self.assertIsInstance(network_objects, Network_Objects_List)
def main():
cli_args = get_cli_args()
device = cli_args.device or input('Enter device ID or name: ')
hostname = cli_args.hostname or input('Enter SecureTrack hostname or IP: ')
username = cli_args.username or input('Enter SecureTrack username: '******'Enter SecureTrack password: '******'.', end='')
sys.stdout.flush()
rules = {
cleanup.rule.uid: cleanup.rule.rule_text
for cleanup in st_helper.get_shadowed_rules_for_device_by_id(
device.id).shadowed_rules_cleanup.shadowed_rules
}
print('.', end='')
sys.stdout.flush()
shadowed_rules = st_helper.\
get_shadowing_rules_for_device_id_and_rule_uids(device.id,
[u for u in rules]).shadowed_rules_cleanup.shadowed_rules
print('.')
sys.stdout.flush()
print('Rules to remove for device: {}'.format(device.name))
shadowing_warning = {
cleanup.rule.uid: [
shadowing_rule.rule_text
for shadowing_rule in cleanup.shadowing_rules
]
for cleanup in shadowed_rules if any([
shadowing_rule.src_services
for shadowing_rule in cleanup.shadowing_rules
])
}
shadowed_warning = {
cleanup.rule.uid: [
shadowing_rule.rule_text
for shadowing_rule in cleanup.shadowing_rules
]
for cleanup in shadowed_rules if cleanup.rule.src_services
}
print('no {}'.format('\nno '.join([
rules[uid]
for uid in set(rules) - set(shadowed_warning) - set(shadowing_warning)
])))
print(
'***THE BELOW SHADOWING RULES CONTAIN SOURCE PORTS/SERVICES, MANUAL REVIEW IS STRONGLY RECOMMENDED***'
)
print('\n'.join([
'{}\n -> no {}'.format('\n'.join(shadowed_rules), rules[uid])
for uid, shadowed_rules in shadowing_warning.items()
]))
print(
'***THE BELOW SHADOWED RULES CONTAIN SOURCE PORTS/SERVICES, MANUAL REVIEW IS STRONGLY RECOMMENDED***'
)
print('\n'.join([
'{}\n -> no {}'.format('\n'.join(shadowed_rules), rules[uid])
for uid, shadowed_rules in shadowed_warning.items()
]))
