def update_access(name=None,
action=None,
cyc=None,
rate=None,
riskLevel=None,
audit=None):
obj = DBSecurityconfClass.DBSecurityconfig() # 创建数据库服务对象
res = obj.select(dbname=name)
id = load(res.text)['data']['items'][0]['objId']
response = obj.update_access(id, action, cyc, rate, riskLevel, audit)
result = load(response.text)
assert dbservice_dict['dbSecurityconfig']['update'][
'expected'] == result, '错误:响应结果比对失败' + response.text
def sqlinject_select_bynullname(byparam, param):
'''
名称不存在-查询规则
'''
obj = SqlInjectClass.SqlInject() # 创建sql注入对象
response = obj.select_rule(byparam=byparam, param=param)
result = commen.load(response.text)
assert len(result['items']) == 0, '错误:响应结果比对失败' + response.text
def update_returnCount(name=None,
action=None,
rate=None,
riskLevel=None,
audit=None,
status=None):
obj = DBSecurityconfClass.DBSecurityconfig() # 创建数据库服务对象
log.LOG.info('查询数据库id')
res = obj.select(dbname=name)
id = load(res.text)['data']['items'][0]['dbserverId']
log.LOG.info('编辑防御规则')
response = obj.update_returnCount(id, action, rate, riskLevel, audit,
status)
result = load(response.text)
assert dbservice_dict['dbSecurityconfig']['update'][
'expected'] == result, '错误:响应结果比对失败' + response.text
time.sleep(10)
def virtual_select_bynullname(byparam, param):
'''
名称不存在-查询规则
'''
obj = VirtualpatchClass.Virtualpatch() # 创建sql注入对象
response = obj.select_rule(byparam=byparam, param=param)
result = load(response.text)
assert len(result['items']) == 0, '错误:响应结果比对失败' + response.text
def select_dbservice_bynullname(name):
'''
根据名称查询id
:param name:数据库保护对象名称
'''
obj = DBserviceClass.DBservice() # 创建数据库服务对象
response = obj.select_dbservice(byparam='byname', value=name)
result = commen.load(response.text)
return len(result['data']['items'])
def nopage():
obj = DBSecurityconfClass.DBSecurityconfig() # 创建数据库服务对象
response = obj.nopage()
result = load(response.text)
rs = True
for i in result['dbservers']:
if i['dbserverDisplayName'] not in namelist:
rs = False
break
assert rs, '错误:响应结果比对失败' + response.text
def select_dbservice_byname(name):
'''
根据名称查询id
:param name:数据库保护对象名称
'''
obj = DBserviceClass.DBservice() # 创建数据库服务对象
response = obj.select_dbservice(byparam='byname', value=name)
result = commen.load(response.text)
assert len(result['data']['items']) == 1 and result['data']['items'][0][
'objName'] == name, '错误:响应结果比对失败' + response.text
return result['data']['items'][0]['objId']
def operate_rule(operate, id):
'''
操作规则
:param id: 规则唯一id
operate:操作类型
'''
obj = SqlInjectClass.SqlInject() # 创建sql注入对象
del_dict = sqlinject_dict['mutiOperate_diy_rule']
response = obj.operate_rule(operate=operate, id=id)
result = commen.load(response.text)
assert result == del_dict['expected'][
operate], '错误:响应结果比对失败' + response.text
def update_rule(id):
obj = SqlInjectClass.SqlInject() # 创建sql注入对象
update_dict = sqlinject_dict['update_diy_rule']
response = obj.update_rule(id=id)
result = commen.load(response.text)
assert result == update_dict['expected'], '错误:响应结果比对失败' + response.text
update_dict['body'].pop('content')
view_response = obj.view_rule(id=id)
rs = True
for k in update_dict['body']:
if str(update_dict['body'][k]) not in view_response.text:
# print(view_response.text)
# print(str(update_dict['body'][k]))
rs = False
break
assert rs, '错误:查看结果修改结果失败' + view_response.text
def sqlinject_add(dbType=None,
name=None,
risk_level=None,
status=None,
ruleType=None):
'''
sql注入特征库新增自定义规则
'''
obj = SqlInjectClass.SqlInject() # 创建sql注入对象
param_dict = copy.deepcopy(sqlinject_dict['add_diy_rule'])
response = obj.diy_rule_add(dbType=dbType,
name=name,
risk_level=risk_level,
status=status,
ruleType=ruleType)
result = commen.load(response.text)
assert result == param_dict['expected'], '错误:响应结果比对失败' + response.text
def select(dbname=None, featuresStatus=None, virStatus=None):
obj = DBSecurityconfClass.DBSecurityconfig() # 创建数据库服务对象
response = obj.select(dbname, featuresStatus, virStatus)
result = load(response.text)
rs = result['data']['items']
r = True
if dbname != None:
if len(rs) != 1 or rs[0]['dbserverDisplayName'] != dbname:
r = False
if featuresStatus != None:
for i in rs:
if i['featuresStatus'] != featuresStatus:
r = False
break
if virStatus != None:
for i in rs:
if i['virStatus'] != virStatus:
r = False
break
assert r, '错误:响应结果比对失败' + response.text
def update_switch(dispose=None,
featuresStatus=None,
virStatus=None,
id=None,
dataMaskStatusOM=None):
'''
:param dispose:强制白名单
:param featuresStatus: SQL注入特征库开关
:param virStatus: 虚拟补丁开关
:param id: 数据库id
:param dataMaskStatusOM: 运维脱敏
'''
obj = DBSecurityconfClass.DBSecurityconfig() # 创建数据库服务对象
response = obj.update(dispose=dispose,
featuresStatus=featuresStatus,
virStatus=virStatus,
id=id,
dataMaskStatusOM=dataMaskStatusOM)
result = load(response.text)
assert dbservice_dict['dbSecurityconfig']['update'][
'expected'] == result, '错误:响应结果比对失败' + response.text
def sqlinject_select(byparam, param):
'''
sql注入条件查询
'''
obj = SqlInjectClass.SqlInject() # 创建sql注入对象
response = obj.select_rule(byparam=byparam, param=param)
rs = True
result = commen.load(response.text)
if byparam == 'byname':
assert len(result['items']) == 1 and result['items'][0][
'chsName'] == param, '错误:响应结果比对失败' + response.text
return result['items'][0]['id']
if byparam == 'byrisklevel':
for item in result['items']:
if item['riskLevel'] != param:
rs = False
break
assert rs, '错误:响应结果比对失败' + response.text
if byparam == 'bystatus':
for item in result['items']:
if item['vpStatus'] != param:
rs = False
break
assert rs, '错误:响应结果比对失败' + response.text
def startOrstop_dbservice(id, mode):
obj = DBserviceClass.DBservice()
response = obj.startOrstop_dbservice(id, mode)
result = commen.load(response.text)
assert result == dbservice_dict['startOrstopdbservice'][
'expected'], '错误:响应结果比对失败' + response.text
def create_dbservice(name):
obj = DBserviceClass.DBservice()
response = obj.create_dbservice(name)
result = commen.load(response.text)
assert result == dbservice_dict['createdbserver'][
'expected'], '错误:响应结果比对失败' + response.text
def update_service(dbname, id, runmode):
obj = DBserviceClass.DBservice()
response = obj.update_dbservice(dbname=dbname, runmode=runmode, id=id)
result = commen.load(response.text)
assert result == dbservice_dict['updatedbserver'][
'expected'], '错误:响应结果比对失败' + response.text
