def test_bats_003_license_info(sut_handle, shieldx_logger):
system_mgmt = SysMgmt(sut_handle)
# Get the system info
license_info = system_mgmt.get_license()
shieldx_logger.info("License Info: {}".format(license_info))
def test_bats_002_enable_license(sut_handle, license_json, shieldx_constants,
datadir):
manage = SysMgmt(sut_handle)
config_reader = CCR()
# Get license info
resolved_input_json_file = str((datadir / license_json).resolve())
license_info = dict(
config_reader.read_json_config(resolved_input_json_file))
license_key = license_info.get("key", None)
license_type = license_info.get("type", None)
license_capacity = license_info.get("capacity", None)
# Set the license
is_license_set = manage.set_license(license_key)
# Allow passage to cleanup tables
time.sleep(shieldx_constants["USER_WAIT"])
# Check if license is set
assert is_license_set == True, "Failed to activate license."
# Get the license info
license_info = manage.get_license(license_key)
# Check expected to actual capacity
fetched_capacity = license_info["expected_capacity"]
assert license_capacity == fetched_capacity, "Capacity does not match."
# Check expected to actual license type
fetched_license_type = license_info["license_type"]
assert license_type == fetched_license_type, "License type does not match."
# Check if license is active
fetched_license_state = license_info["current_state"]
assert "active" == fetched_license_state, "License is not active."
def test_func_block_traffic(sut_handle, datadir, import_file, ixia_handle, traffic_profile, shieldx_constants, shieldx_logger):
"""
Suite 1
1. Start with IP Blacklist disabled
2. Send Traffic - Expect to go through
3. Enable and Import blacklist from a file
4. Send Traffic - Expect to be blocked
5. Check Settings: Response Action (default - Block and Alert)
6. Check Settings: Imported File
7. Change Response Action from "Block and Alert" to "Alert Only"
8. Check Settings: Response Action (Alert Only)
9. Send Traffic - Expect to go through
10. Disable IP Blacklist
"""
# Initialize
# DUT
sps_mgmt = SPS_Mgmt(sut_handle)
tpp_mgmt = TPP_Mgmt(sut_handle)
acl_mgmt = ACL_Mgmt(sut_handle)
sys_mgmt = SysMgmt(sut_handle)
# Initialize
# Blacklist
blacklist = Blacklist(sut_handle)
# Traffic - Breaking Point handle
breaking_point = BreakingPoint(ixia_handle)
# Get the system info
system_info = sys_mgmt.get_system_info()
software_version = system_info["version"]
content_version = system_info["contentVersion"]
# Get the license info
license_info = sys_mgmt.get_license()
# Get SPS in default ACL
default_acl = "Default ACL Policy"
acl_policy = acl_mgmt.get_acl_by_name(default_acl)
sps_id = acl_policy["aclRules"][0]["spsId"]
sps = sps_mgmt.get_sps_by_id(sps_id)
if sps is not None:
sps_name = sps["name"]
else:
sps_name = "None"
# Reporting
result_dir = "{}{}{}".format(shieldx_constants["SX_REPORT_REPO"], shieldx_constants["SX_ABURAME_REPO"], "IP_Blacklist/")
column_names = ["Build", "SPS", "Test Name", "Result"]
column_widths = [26, 16, 80, 10]
shieldx_results = Result_Mgmt(result_dir, column_names, column_widths)
build = "Mgmt{}Content{}".format(software_version, content_version)
# Start with IP Blacklist disabled.
test_name = "Is IP Blacklist disabled?"
shieldx_logger.info(test_name)
is_disabled = blacklist.disable_ip_blacklist()
time.sleep(2 * shieldx_constants["USER_WAIT"])
status = "PASSED" if is_disabled else "FAILED"
result = [build, sps_name, test_name, status]
shieldx_results.add(result)
# Get IP Blacklist Global settings
test_name = "Get IP Blacklist global settings - DISABLED."
shieldx_logger.info(test_name)
global_settings = blacklist.get_ip_blacklist_global_settings()
shieldx_logger.info("IP Blacklist Global Setttings: {}".format(global_settings))
status = "QTAD-5378"
result = [build, sps_name, test_name, status]
shieldx_results.add(result)
# Send traffic and expect the traffic go through (Blacklist Disabled).
test_name = "Send traffic and expect the traffic go through (Blacklist Disabled)."
shieldx_logger.info(test_name)
stats = breaking_point.send_strikes_traffic(shieldx_constants["IXIA_SLOT"], shieldx_constants["IXIA_PORTS"], traffic_profile)
status = "PASSED" if int(stats["total_blocked"]) == 0 else "FAILED"
result = [build, sps_name, test_name, status]
shieldx_results.add(result)
# Enable IP Blacklist, import from file.
test_name = "Enable IP Blacklist, import from file."
shieldx_logger.info(test_name)
# Get the full path and convert it to string
file_name = str((datadir/import_file).resolve())
# Import Blacklist - IP Set
is_imported = blacklist.import_listed_ip(file_name)
time.sleep(2 * shieldx_constants["USER_WAIT"])
status = "PASSED" if is_imported else "FAILED"
result = [build, sps_name, test_name, status]
shieldx_results.add(result)
# Get IP Blacklist Global settings
test_name = "Get IP Blacklist global settings - ENABLED."
shieldx_logger.info(test_name)
global_settings = blacklist.get_ip_blacklist_global_settings()
shieldx_logger.info("IP Blacklist Global Setttings: {}".format(global_settings))
status = "QTAD-5378"
result = [build, sps_name, test_name, status]
shieldx_results.add(result)
# Send traffic and expect the traffic blocked (DENY-Blacklist).
test_name = "Send traffic and expect the traffic blocked (DENY-Blacklist)."
shieldx_logger.info(test_name)
stats = breaking_point.send_strikes_traffic(shieldx_constants["IXIA_SLOT"], shieldx_constants["IXIA_PORTS"], traffic_profile)
status = "PASSED" if int(stats["total_allowed"]) == 0 else "FAILED"
result = [build, sps_name, test_name, status]
shieldx_results.add(result)
# Change Response Action from 'Block and Alert(default)' to 'Alert Only'.
test_name = "Change Response Action from 'Block and Alert(default)' to 'Alert Only'."
shieldx_logger.info(test_name)
is_action_set = blacklist.set_ip_blacklist_action(shieldx_constants["SX_BL_ALERT_ONLY"])
time.sleep(2 * shieldx_constants["USER_WAIT"])
status = "PASSED" if is_action_set else "FAILED"
result = [build, sps_name, test_name, status]
shieldx_results.add(result)
# Get IP Blacklist Global settings
test_name = "Get IP Blacklist global settings - ENABLED."
shieldx_logger.info(test_name)
global_settings = blacklist.get_ip_blacklist_global_settings()
shieldx_logger.info("IP Blacklist Global Setttings: {}".format(global_settings))
status = "QTAD-5378"
result = [build, sps_name, test_name, status]
shieldx_results.add(result)
# Send traffic and expect the traffic go through (Response Action: Alert Only).
test_name = "Send traffic and expect the traffic go through (Response Action: Alert Only)."
shieldx_logger.info(test_name)
stats = breaking_point.send_strikes_traffic(shieldx_constants["IXIA_SLOT"], shieldx_constants["IXIA_PORTS"], traffic_profile)
status = "PASSED" if int(stats["total_blocked"]) == 0 else "FAILED"
result = [build, sps_name, test_name, status]
shieldx_results.add(result)
# Cleanup - Disable IP Blacklist.
test_name = "Cleanup - Disable IP Blacklist."
shieldx_logger.info(test_name)
is_disabled = blacklist.disable_ip_blacklist()
time.sleep(2 * shieldx_constants["USER_WAIT"])
status = "PASSED" if is_disabled else "FAILED"
result = [build, sps_name, test_name, status]
shieldx_results.add(result)
# Get IP Blacklist Global settings
test_name = "Get IP Blacklist global settings - DISABLED."
shieldx_logger.info(test_name)
global_settings = blacklist.get_ip_blacklist_global_settings()
shieldx_logger.info("IP Blacklist Global Setttings: {}".format(global_settings))
status = "QTAD-5378"
result = [build, sps_name, test_name, status]
shieldx_results.add(result)
class SystemUnderTest(object):
def __init__(self, rest_session):
# singleton logger
self.logger = CustomLogger().get_logger()
# Aspects of system under test
self.acl_mgmt = ACL_Mgmt(rest_session)
self.audit_log_mgmt = AuditLog(rest_session)
self.jobs_mgmt = JobsMgmt(rest_session)
self.sps_mgmt = SPS_Mgmt(rest_session)
self.sys_mgmt = SysMgmt(rest_session)
def assign_sps(self, acl_container, policy_name):
is_updated = False
if policy_name is not None:
# SPS - map name to ID
sps_id = None
# Get SPS by name
sps = self.sps_mgmt.get_sps_by_name(policy_name)
if sps is not None:
sps_id = sps["id"]
else:
pass
else:
# SPS is Null
policy_name = "null"
sps_id = "null"
# Resolve ACL container
acl_policy = self.acl_mgmt.get_acl_by_name(acl_container)
if acl_policy is not None:
self.logger.info(
"Update ACL with SPS Name: {}".format(policy_name))
self.logger.info("Update ACL with SPS ID: {}".format(sps_id))
# Modify the ACL Rule in the Default ACL Policy
acl_policy["spsId"] = sps_id
acl_policy["aclRules"][0]["spsId"] = sps_id
# Update the ACL
self.logger.info("Update ACL: {}".format(acl_policy))
is_updated = self.acl_mgmt.update_acl(acl_policy)
else:
# ACL Container not found
pass
return is_updated
def get_sps(self, acl_container, acl_rule_order_num=0):
policy_name = None
# Resolve ACL container
acl_policy = self.acl_mgmt.get_acl_by_name(acl_container)
# Get ACL Rules
acl_rules = acl_policy.get("aclRules", [])
self.logger.info("ACL Rules: {}".format(acl_rules))
# Get SPS of specified ACL Rule
sps_id = acl_rules[acl_rule_order_num]["spsId"]
sps = self.sps_mgmt.get_sps_by_id(sps_id)
self.logger.info("SPS: {}".format(sps))
if sps is not None:
# Get SPS Name
policy_name = sps.get("name", None)
else:
pass
return policy_name
def get_system_info(self):
system_info = {}
# Get the software and content versions
versions = self.sys_mgmt.get_system_info()
system_info["software_version"] = versions["version"]
system_info["content_version"] = versions["contentVersion"]
# Get the license info
license_info = self.sys_mgmt.get_license()
system_info["capacity"] = license_info["expected_capacity"]
return system_info
def get_audit_log_by_action(self, start_time, end_time, action):
# Craft query
query = json.dumps({
"eventType": "AUDIT_LOG",
"gte": start_time,
"lte": end_time,
"queryType": "TABLE",
"size": 100
})
# Get Audit Log
audit_log_entries = self.audit_log_mgmt.get_audit_log(query=query)
# Filter logs by action
filtered_logs = [
entry for entry in audit_log_entries
if action in entry["log"]["action"]
]
return filtered_logs
def get_last_completed_job(self):
# Check last completed job
jobs = self.jobs_mgmt.get_jobs()
completed_jobs = [job for job in jobs if job["state"] == "COMPLETED"]
# Get Job ID
job_id = completed_jobs[0]["id"]
# Fetch and return job based on job ID
return self.jobs_mgmt.get_job_by_id(job_id)
def update_content_by_file(self, filename):
# Update content
is_content_update_initiated = self.sys_mgmt.file_based_update_content(
filename)
# Return status
return is_content_update_initiated
def test_policy_clone_and_threat_detection(sut_handle, ixia_handle,
shieldx_constants, shieldx_logger,
content_bundle, traffic_profile,
expected_percent_blocked, datadir,
pytestconfig):
# Initialize
# DUT
sps_mgmt = SPS_Mgmt(sut_handle)
tpp_mgmt = TPP_Mgmt(sut_handle)
acl_mgmt = ACL_Mgmt(sut_handle)
sys_mgmt = SysMgmt(sut_handle)
# Traffic Gen
breaking_point = BreakingPoint(ixia_handle)
# Policies
from_tpp_name = "All Threats"
to_tpp_name = "All Threats Blocked TPP"
sps_name = "All Threats Blocked SPS"
#### Clear SPS from ACL Policy
is_updated = False
default_acl = "Default ACL Policy"
acl_policy = acl_mgmt.get_acl_by_name(default_acl)
if acl_policy is not None:
# Modify the ACL Rule in the Default ACL Policy
acl_policy["spsId"] = "null"
acl_policy["aclRules"][0]["spsId"] = "null"
# Update the ACL
shieldx_logger.info("Update ACL: {}".format(acl_policy))
is_updated = acl_mgmt.update_acl(acl_policy)
assert is_updated == True, "Unable to update ACL."
else:
assert False, "Not able to find ACL."
#### Delete obsolete SPS
sps = sps_mgmt.get_sps_by_name(sps_name)
shieldx_logger.info("Obsolete SPS: {}".format(sps))
if sps is not None:
sps_id = sps["id"]
is_deleted = sps_mgmt.delete_security_policy_set_by_id(sps_id)
assert is_deleted == True, "Unable to delete old SPS."
else:
# No-op
pass
#### Delete obsolete TPP
tpp = tpp_mgmt.get_threat_prevention_policy_by_name(to_tpp_name)
shieldx_logger.info("Obsolete TPP: {}".format(tpp))
if tpp is not None:
to_tpp_id = tpp["id"]
is_deleted = tpp_mgmt.delete_threat_prevention_policy_by_id(to_tpp_id)
assert is_deleted == True, "Unable to delete old TPP."
else:
# No-op
pass
#### Apply desired license
shieldx_license = pytestconfig.getoption("license")
is_license_set = sys_mgmt.set_license(shieldx_license)
assert is_license_set == True, "Unable to set license."
#### File based content update
resolved_filename = str((datadir / content_bundle).resolve())
shieldx_logger.info("Filename: {}".format(resolved_filename))
is_content_update_initiated = sys_mgmt.file_based_update_content(
resolved_filename)
time.sleep(20 * shieldx_constants["USER_WAIT"])
assert is_content_update_initiated == True, "Failed to initiate content update."
#### Clone "All Threats" and set Response to BLOCK
block_threats = True
from_tpp_id = None
to_tpp_id = None
threats = None
apps = None
# Get Threat Prevention Policy
tpp = tpp_mgmt.get_threat_prevention_policy_by_name(from_tpp_name)
from_tpp_id = tpp["id"]
if from_tpp_id is not None:
threats = tpp_mgmt.get_threats_by_policy_id(from_tpp_id)
apps = tpp_mgmt.get_apps_by_policy_id(from_tpp_id)
shieldx_logger.info("TPP Name: {}".format(from_tpp_name))
shieldx_logger.info("TPP ID: {}".format(from_tpp_id))
else:
shieldx_logger.error("Unable to find the TPP.")
# Fetch the payload from a config file
tpp_config_file = "tpp.json"
file_name = str((datadir / tpp_config_file).resolve())
with open(file_name, 'r') as config_file:
tpp_config = json.load(config_file)
# Get the payload for cloning
if "tpp_clone_payload" in tpp_config:
clone_payload = tpp_config["tpp_clone_payload"]
shieldx_logger.info("Clone Payload: {}".format(clone_payload))
else:
pass
# Get the payload for response action
if "tpp_bulk_edit_response_payload" in tpp_config:
response_payload = tpp_config["tpp_bulk_edit_response_payload"]
shieldx_logger.info(
"Bulk Edit Payload: {}".format(response_payload))
else:
pass
# Populate the payload
if clone_payload:
clone_payload["name"] = to_tpp_name
clone_payload["tenantId"] = 1 # this should be fetched
app_names = [app["name"] for app in apps]
# Special handling based on the policy being cloned
# Option is based on "Uses Specific Threats?" flag
# This flag is based whether "specificThreats" is populated.
if from_tpp_name == "Common Threats" or from_tpp_name == "AppVisibility":
# no need to specify the "appNames" in the rules.
# specify the "specificThreats" instead
clone_payload["rules"] = [{"specificThreats": threats}]
else:
# no need to specify the "specificThreats" in the rules.
# specify the "appNames" instead
if app_names:
clone_payload["rules"] = [{"appNames": app_names}]
else:
clone_payload["rules"] = []
else:
shieldx_logger.error(
"Unable to fetch the TPP payload from config file.")
# Create a clone of a TPP, get the TPP ID back
to_tpp_id = tpp_mgmt.create_threat_prevention_policy(clone_payload)
shieldx_logger.info("Create OK, TPP ID: {}".format(to_tpp_id))
assert to_tpp_id != 0, "TPP Clone failed."
# Clone TPP responses
is_cloned = tpp_mgmt.clone_threat_prevention_policy_responses(
from_tpp_id, to_tpp_id)
assert is_cloned == True, "Clone TPP responses failed."
# Bulk Edit - Block threats
if block_threats:
threat_responses = tpp_mgmt.get_threat_responses_by_policy_id(
to_tpp_id)
for threat_response in threat_responses:
threat_response["block"] = True
threat_response["policyId"] = to_tpp_id
response_payload["id"] = to_tpp_id
response_payload["responses"] = threat_responses
shieldx_logger.info("Bulk Edit Payload: {}".format(response_payload))
bulk_edit_success = tpp_mgmt.bulk_update_threat_responses(
response_payload)
assert bulk_edit_success == True, "Bulk edit response action failed."
else:
pass
#### Create "All Threats Blocked SPS"
sps_id = 0
# Fetch the payload from a config file
sps_config_file = "sps.json"
file_name = str((datadir / sps_config_file).resolve())
with open(file_name, 'r') as config_file:
sps_config = json.load(config_file)
# Get the payload for cloning
if "sps_create_payload" in sps_config:
create_payload = sps_config["sps_create_payload"]
shieldx_logger.info("Create Payload: {}".format(create_payload))
else:
create_payload = None
if create_payload is not None:
create_payload["name"] = sps_name
create_payload["threatPreventionPolicyName"] = to_tpp_name
create_payload["threatPreventionPolicyId"] = to_tpp_id
shieldx_logger.info("Create Payload: {}".format(create_payload))
sps_id = sps_mgmt.create_security_policy_set(create_payload)
assert sps_id > 0, "SPS creation failed."
else:
pass
#### Apply SPS to ACL
is_updated = False
default_acl = "Default ACL Policy"
acl_policy = acl_mgmt.get_acl_by_name(default_acl)
if acl_policy is not None:
shieldx_logger.info("Update ACL with SPS Name: {}".format(sps_name))
shieldx_logger.info("Update ACL with SPS ID: {}".format(sps_id))
# Modify the ACL Rule in the Default ACL Policy
acl_policy["spsId"] = sps_id
acl_policy["aclRules"][0]["spsId"] = sps_id
# Update the ACL
shieldx_logger.info("Update ACL: {}".format(acl_policy))
is_updated = acl_mgmt.update_acl(acl_policy)
# Compile and propagate config
time.sleep(20 * shieldx_constants["USER_WAIT"])
assert is_updated == True, "Unable to update ACL."
else:
assert False, "Not able to find ACL."
# Get the system info
system_info = sys_mgmt.get_system_info()
software_version = system_info["version"]
content_version = system_info["contentVersion"]
# Get the license info
license_info = sys_mgmt.get_license()
# Get SPS in default ACL
default_acl = "Default ACL Policy"
acl_policy = acl_mgmt.get_acl_by_name(default_acl)
sps_id = acl_policy["aclRules"][0]["spsId"]
sps = sps_mgmt.get_sps_by_id(sps_id)
assert sps is not None, "Check strikes test init, SPS must not be empty."
# Proceed with test, get current SPS name
sps_name = sps["name"]
# Send traffic
processed_stats = breaking_point.send_strikes_traffic(
shieldx_constants["IXIA_SLOT"], shieldx_constants["IXIA_PORTS"],
traffic_profile)
# Results - ShieldX
shieldx_logger.info("Software: {}".format(software_version))
shieldx_logger.info("Content: {}".format(content_version))
shieldx_logger.info("License: {}".format(license_info))
shieldx_logger.info("SPS: {}".format(sps_name))
# Results - Breaking Point
shieldx_logger.info("BP Model Name: {}".format(
processed_stats["model_name"]))
shieldx_logger.info("BP Test ID: {}".format(processed_stats["test_id"]))
shieldx_logger.info("BP Test Iteration: {}".format(
processed_stats["test_iteration"]))
shieldx_logger.info("Total Strikes: {}".format(
processed_stats["total_strikes"]))
shieldx_logger.info("Total Allowed: {}".format(
processed_stats["total_allowed"]))
shieldx_logger.info("Total Blocked: {}".format(
processed_stats["total_blocked"]))
# Compute percentage
if int(processed_stats["total_strikes"]) != 0:
percent_blocked = "{:.2f}".format(
100 * (int(processed_stats["total_blocked"]) /
int(processed_stats["total_strikes"])))
else:
percent_blocked = "0.0"
# Save snapshots for reporting
result_dir = "{}{}".format(shieldx_constants["SX_REPORT_REPO"],
shieldx_constants["SX_STRIKES_REPO"])
column_names = [
"Build", "Test Name - Iteration - Internal ID", "SPS", "Cpty",
"Total Strikes", "Total Allowed", "Total Blocked", "% Blocked"
]
column_widths = [26, 54, 26, 6, 14, 14, 14, 10]
build = "Mgmt{}Content{}".format(software_version, content_version)
test_model_id_iter = "{} - {} - {}".format(
processed_stats["model_name"], processed_stats["test_iteration"],
processed_stats["test_id"])
cpty = license_info["expected_capacity"]
# Prep result
shieldx_results = Result_Mgmt(result_dir, column_names, column_widths)
result = [
build, test_model_id_iter, sps_name, cpty,
processed_stats["total_strikes"], processed_stats["total_allowed"],
processed_stats["total_blocked"], percent_blocked
]
# Add result
shieldx_results.add(result)
#### Clear SPS from ACL Policy
is_updated = False
default_acl = "Default ACL Policy"
acl_policy = acl_mgmt.get_acl_by_name(default_acl)
if acl_policy is not None:
# Modify the ACL Rule in the Default ACL Policy
acl_policy["spsId"] = "null"
acl_policy["aclRules"][0]["spsId"] = "null"
# Update the ACL
shieldx_logger.info("Update ACL: {}".format(acl_policy))
is_updated = acl_mgmt.update_acl(acl_policy)
assert is_updated == True, "Unable to update ACL."
else:
assert False, "Not able to find ACL."
#### Delete obsolete SPS
sps = sps_mgmt.get_sps_by_name(sps_name)
shieldx_logger.info("Obsolete SPS: {}".format(sps))
if sps is not None:
sps_id = sps["id"]
is_deleted = sps_mgmt.delete_security_policy_set_by_id(sps_id)
assert is_deleted == True, "Unable to delete old SPS."
else:
# No-op
pass
#### Delete obsolete TPP
tpp = tpp_mgmt.get_threat_prevention_policy_by_name(to_tpp_name)
shieldx_logger.info("Obsolete TPP: {}".format(tpp))
if tpp is not None:
to_tpp_id = tpp["id"]
is_deleted = tpp_mgmt.delete_threat_prevention_policy_by_id(to_tpp_id)
assert is_deleted == True, "Unable to delete old TPP."
else:
# No-op
pass
# Pass/Fail Test
assert percent_blocked == 100.0, "Not all threats are detected, abort and check the setup."
def test_bp_detection_and_blocking_after_content_update(
sut_handle, ixia_handle, shieldx_constants, shieldx_logger, run_index,
content_bundle, traffic_profile, expected_percent_blocked, datadir,
pytestconfig):
"""
Use case: Update content; then check BP that threats are detected and blocked
"""
# Initialize
# DUT
sps_mgmt = SPS_Mgmt(sut_handle)
tpp_mgmt = TPP_Mgmt(sut_handle)
acl_mgmt = ACL_Mgmt(sut_handle)
sys_mgmt = SysMgmt(sut_handle)
es = ES(sut_handle)
# Traffic Gen
breaking_point = BreakingPoint(ixia_handle)
#### File based content update
resolved_filename = str((datadir / content_bundle).resolve())
shieldx_logger.info("Filename: {}".format(resolved_filename))
is_content_update_initiated = sys_mgmt.file_based_update_content(
resolved_filename)
shieldx_logger.critical("Waiting for the compilation to finish!!!")
time.sleep(20 * shieldx_constants["USER_WAIT"])
assert is_content_update_initiated == True, "Failed to initiate content update."
# Get the system info
system_info = sys_mgmt.get_system_info()
software_version = system_info["version"]
content_version = system_info["contentVersion"]
# Get the license info
license_info = sys_mgmt.get_license()
# Get SPS in default ACL
default_acl = "Default ACL Policy"
acl_policy = acl_mgmt.get_acl_by_name(default_acl)
sps_id = acl_policy["aclRules"][0]["spsId"]
sps = sps_mgmt.get_sps_by_id(sps_id)
# Check - proceed only if init setup is done
assert sps is not None, "Check strikes test init, SPS must not be empty."
# Proceed with test, get current SPS name
sps_name = sps["name"]
# ES Index
index = "shieldxevents"
# Query - head
head = get_index_payload(index)
# Start time (ms) - now
start_time = es.get_ms_timstamp()
# Send traffic
processed_stats = breaking_point.send_strikes_traffic(
shieldx_constants["IXIA_SLOT"], shieldx_constants["IXIA_PORTS"],
traffic_profile)
# End time (ms) - now + 30secs
end_time = es.get_ms_timstamp() + 30000
# Query - body
body = get_threat_detection_payload(start_time, end_time)
# Query - payload is head + body
payload = json.dumps(head) + "\n" + json.dumps(body)
# Fetch results from ES
es_results = es.multi_search_query(payload)
hits = es_results["responses"][0]["hits"]["hits"]
for hit in hits:
event = hit["_source"]["event"]
shieldx_logger.info("Threat Detected - {}:{} - {}".format(
event["pmId"], event["appId"], event["threatName"]))
if len(hits) > 0:
threat_detection = "PASS"
shieldx_logger.info("Detection is OK, continue monitoring.")
else:
threat_detection = "FAIL"
shieldx_logger.critical(
"Detection stopped, abort test and check setup.")
# Results - ShieldX
shieldx_logger.info("Software: {}".format(software_version))
shieldx_logger.info("Content: {}".format(content_version))
shieldx_logger.info("License: {}".format(license_info))
shieldx_logger.info("SPS: {}".format(sps_name))
# Results - Breaking Point
shieldx_logger.info("BP Model Name: {}".format(
processed_stats["model_name"]))
shieldx_logger.info("BP Test ID: {}".format(processed_stats["test_id"]))
shieldx_logger.info("BP Test Iteration: {}".format(
processed_stats["test_iteration"]))
shieldx_logger.info("Total Strikes: {}".format(
processed_stats["total_strikes"]))
shieldx_logger.info("Total Allowed: {}".format(
processed_stats["total_allowed"]))
shieldx_logger.info("Total Blocked: {}".format(
processed_stats["total_blocked"]))
# Compute percentage
if int(processed_stats["total_strikes"]) != 0:
percent_blocked = "{:.2f}".format(
100 * (int(processed_stats["total_blocked"]) /
int(processed_stats["total_strikes"])))
else:
percent_blocked = "0.0"
# Save snapshots for reporting
result_dir = "{}{}".format(shieldx_constants["SX_REPORT_REPO"],
shieldx_constants["SX_STRIKES_REPO"])
column_names = [
"Build", "Test Name - Iteration - Internal ID", "SPS", "Cpty",
"Total Strikes", "Total Allowed", "Total Blocked", "% Blocked"
]
column_widths = [26, 54, 26, 6, 14, 14, 14, 10]
build = "Mgmt{}Content{}".format(software_version, content_version)
test_model_id_iter = "{} - {} - {}".format(
processed_stats["model_name"], processed_stats["test_iteration"],
processed_stats["test_id"])
cpty = license_info["expected_capacity"]
# Prep result
shieldx_results = Result_Mgmt(result_dir, column_names, column_widths)
result = [
build, test_model_id_iter, sps_name, cpty,
processed_stats["total_strikes"], processed_stats["total_allowed"],
processed_stats["total_blocked"], percent_blocked
]
# Add result
shieldx_results.add(result)
# Pass/Fail Test
# Abort test if a threat is not detected
if float(percent_blocked) < float(expected_percent_blocked):
pytest.exit("Not all threats are detected, abort and check the setup.")
else:
pass
def test_threat_detection_after_content_update(sut_handle, shieldx_constants,
shieldx_logger, run_index,
content_bundle, datadir,
pytestconfig):
"""
Use case: Update content; then check ES that detection continues
Frog threat traffic is running continuously
"""
# Initialize
sps_mgmt = SPS_Mgmt(sut_handle)
sys_mgmt = SysMgmt(sut_handle)
acl_mgmt = ACL_Mgmt(sut_handle)
es = ES(sut_handle)
# Save snapshots for reporting
result_dir = "./"
column_names = ["Build", "Test Name", "SPS", "Cpty", "Threat Detection?"]
column_widths = [26, 36, 26, 6, 18]
# Result Manager
shieldx_results = Result_Mgmt(result_dir, column_names, column_widths)
#### File based content update
resolved_filename = str((datadir / content_bundle).resolve())
shieldx_logger.info("Filename: {}".format(resolved_filename))
is_content_update_initiated = sys_mgmt.file_based_update_content(
resolved_filename)
time.sleep(20 * shieldx_constants["USER_WAIT"])
assert is_content_update_initiated == True, "Failed to initiate content update."
# Get the system info
system_info = sys_mgmt.get_system_info()
software_version = system_info["version"]
content_version = system_info["contentVersion"]
# Get the license info
license_info = sys_mgmt.get_license()
# Get SPS in default ACL
default_acl = "Default ACL Policy"
acl_policy = acl_mgmt.get_acl_by_name(default_acl)
sps_id = acl_policy["aclRules"][0]["spsId"]
sps = sps_mgmt.get_sps_by_id(sps_id)
assert sps is not None, "Init Check - SPS must not be empty."
# Proceed with test, get current SPS name
sps_name = sps["name"]
# ES Index
index = "shieldxevents"
# Query - head
head = get_index_payload(index)
# Check ES
check_es_count = 3
for es_check in range(check_es_count):
shieldx_logger.info(
"Checking ES for threats, attempt {}".format(es_check))
# Check threat detection in the last 10 minutes
time.sleep(10 * shieldx_constants["USER_WAIT"])
# End time (ms) - now
end_time = es.get_ms_timstamp()
# Start time (ms) - 10 minutes ago
start_time = end_time - (10 * 60000)
# Query - body
body = get_threat_detection_payload(start_time, end_time)
# Query - payload is head + body
payload = json.dumps(head) + "\n" + json.dumps(body)
# Fetch results from ES
es_results = es.multi_search_query(payload)
hits = es_results["responses"][0]["hits"]["hits"]
for hit in hits:
event = hit["_source"]["event"]
shieldx_logger.info("Threat Detected - {}:{} - {}".format(
event["pmId"], event["appId"], event["threatName"]))
if len(hits) > 0:
threat_detection = "PASS"
shieldx_logger.info("Detection is OK, continue monitoring.")
else:
threat_detection = "FAIL"
shieldx_logger.critical(
"Detection stopped, abort test and check setup.")
# Results - ShieldX
shieldx_logger.info("Software: {}".format(software_version))
shieldx_logger.info("Content: {}".format(content_version))
shieldx_logger.info("License: {}".format(license_info))
shieldx_logger.info("SPS: {}".format(sps_name))
build = "Mgmt{}Content{}".format(software_version, content_version)
cpty = license_info["expected_capacity"]
use_case = "Threat detection after update"
sx_result = [build, use_case, sps_name, cpty, threat_detection]
# Add result
shieldx_logger.info("Result: {}".format(sx_result))
shieldx_results.add(sx_result)
if threat_detection == "PASS":
pass
else:
pytest.exit("Detection stopped, abort test and check setup.")
shieldx_logger.info("Test complete.")
def test_perf_by_cumulative_bucket(sut_handle, ixia_handle, shieldx_constants,
shieldx_logger, tpp_name, bucket_size,
threats_only, traffic_profile,
expected_tput, datadir, pytestconfig):
# Initialize
# DUT
sps_mgmt = SPS_Mgmt(sut_handle)
tpp_mgmt = TPP_Mgmt(sut_handle)
acl_mgmt = ACL_Mgmt(sut_handle)
sys_mgmt = SysMgmt(sut_handle)
# Traffic Gen
breaking_point = BreakingPoint(ixia_handle)
# Get the system info
system_info = sys_mgmt.get_system_info()
software_version = system_info["version"]
content_version = system_info["contentVersion"]
build = "Mgmt{}Content{}".format(software_version, content_version)
# Get the license info
license_info = sys_mgmt.get_license()
cpty = license_info["expected_capacity"]
# Save snapshots for reporting
result_dir = "{}{}".format(shieldx_constants["SX_REPORT_REPO"],
shieldx_constants["SX_BUCKET_REPO"])
column_names = [
"Build", "Test Name - Iteration - Internal ID", "SPS", "Cpty",
"AvgTxRate(Mbps)", "AvgRxRate(Mbps)", "AvgTCPResp(ms)",
"Rules Under Test", "Action", "BcktSize"
]
column_widths = [26, 54, 20, 6, 16, 16, 16, 36, 8, 8]
# Result Manager
shieldx_results = Result_Mgmt(result_dir, column_names, column_widths)
# Policies
from_tpp_name = tpp_name
to_tpp_name = "Cumulative TPP"
sps_name = "Cumulative SPS"
#### Clear SPS from ACL Policy
is_updated = False
default_acl = "Default ACL Policy"
acl_policy = acl_mgmt.get_acl_by_name(default_acl)
if acl_policy is not None:
# Modify the ACL Rule in the Default ACL Policy
acl_policy["spsId"] = "null"
acl_policy["aclRules"][0]["spsId"] = "null"
# Update the ACL
shieldx_logger.info("Update ACL: {}".format(acl_policy))
is_updated = acl_mgmt.update_acl(acl_policy)
assert is_updated == True, "Unable to update ACL."
else:
assert False, "Not able to find ACL."
# Delete obsolete SPS
sps = sps_mgmt.get_sps_by_name(sps_name)
if sps is not None:
sps_id = sps["id"]
is_deleted = sps_mgmt.delete_security_policy_set_by_id(sps_id)
time.sleep(10 * shieldx_constants["USER_WAIT"])
assert is_deleted, "Unable to delete obsolete SPS."
else:
pass
# Delete obsolete TPP
tpp = tpp_mgmt.get_threat_prevention_policy_by_name(to_tpp_name)
if tpp is not None:
tpp_id = tpp["id"]
is_deleted = tpp_mgmt.delete_threat_prevention_policy_by_id(tpp_id)
time.sleep(10 * shieldx_constants["USER_WAIT"])
assert is_deleted, "Unable to delete obsolete TPP."
else:
pass
# Fetch the TPP and SPS payloads from a config file
tpp_config_file = "tpp.json"
file_name = str((datadir / tpp_config_file).resolve())
with open(file_name, 'r') as config_file:
tpp_config = json.load(config_file)
# Get the payload for cloning
if "tpp_clone_payload" in tpp_config:
tpp_clone_payload = tpp_config["tpp_clone_payload"]
shieldx_logger.info(
"TPP Clone Payload: {}".format(tpp_clone_payload))
else:
assert False, "Missing TPP payload in JSON file."
# Fetch the TPP and SPS payloads from a config file
sps_config_file = "sps.json"
file_name = str((datadir / sps_config_file).resolve())
with open(file_name, 'r') as config_file:
sps_config = json.load(config_file)
# Get the payload for cloning
if "sps_create_payload" in sps_config:
sps_create_payload = sps_config["sps_create_payload"]
shieldx_logger.info(
"SPS Create Payload: {}".format(sps_create_payload))
else:
assert False, "Missing SPS payload in JSON file."
#### Process source TPP
from_tpp_id = None
to_tpp_id = None
threats = None
apps = None
# Get Threat Prevention Policy
tpp = tpp_mgmt.get_threat_prevention_policy_by_name(from_tpp_name)
from_tpp_id = tpp["id"]
if from_tpp_id is not None:
threats = tpp_mgmt.get_threats_by_policy_id(from_tpp_id)
apps = tpp_mgmt.get_apps_by_policy_id(from_tpp_id)
shieldx_logger.info("TPP Name: {}".format(from_tpp_name))
shieldx_logger.info("TPP ID: {}".format(from_tpp_id))
else:
shieldx_logger.error("Unable to find the TPP.")
# Populate the payloads, do the check before proceeding
if tpp_clone_payload:
tpp_clone_payload["name"] = to_tpp_name
tpp_clone_payload["tenantId"] = 1 # this should be fetched
app_names = [app["name"] for app in apps]
else:
assert False, "Check JSON, needed for cloning TPP."
if sps_create_payload is not None:
sps_create_payload["name"] = sps_name
else:
assert False, "Check JSON, needed for creating SPS."
# Check flag if we want to include apps in TPP
if threats_only:
app_names = []
else:
pass
# Use slices of the threats for testing
index = 0
upper_limit = len(threats)
cumulative_ok_rules = []
while index <= upper_limit:
upper_bound = index + bucket_size
if upper_bound > upper_limit:
upper_bound = upper_limit
else:
pass
threat_slice = threats[index:upper_bound]
shieldx_logger.critical("Threat Slice: {}".format(threat_slice))
# merge new slice to accumulated rules
merged_list = cumulative_ok_rules + threat_slice
# Populate rules
tpp_clone_payload["rules"] = [{
"appNames": app_names,
"specificThreats": merged_list
}]
shieldx_logger.critical("Cumulative Bucket: {}".format(merged_list))
# Clone TPP
to_tpp_id = tpp_mgmt.create_threat_prevention_policy(tpp_clone_payload)
shieldx_logger.info("TPP ID: {}".format(to_tpp_id))
assert to_tpp_id > 0, "TPP creation failed."
time.sleep(10 * shieldx_constants["USER_WAIT"])
# Create SPS
sps_create_payload["threatPreventionPolicyName"] = to_tpp_name
sps_create_payload["threatPreventionPolicyId"] = to_tpp_id
sps_id = sps_mgmt.create_security_policy_set(sps_create_payload)
shieldx_logger.info("SPS ID: {}".format(sps_id))
assert sps_id > 0, "SPS creation failed."
time.sleep(10 * shieldx_constants["USER_WAIT"])
# Assign SPS to ACL (default)
is_updated = False
default_acl = "Default ACL Policy"
acl_policy = acl_mgmt.get_acl_by_name(default_acl)
if acl_policy is not None:
shieldx_logger.info(
"Update ACL with SPS Name: {}".format(sps_name))
shieldx_logger.info("Update ACL with SPS ID: {}".format(sps_id))
# Modify the ACL Rule in the Default ACL Policy
acl_policy["spsId"] = sps_id
acl_policy["aclRules"][0]["spsId"] = sps_id
# Update the ACL
shieldx_logger.info("Update ACL: {}".format(acl_policy))
is_updated = acl_mgmt.update_acl(acl_policy)
assert is_updated == True, "Unable to update ACL."
else:
assert False, "Not able to find ACL."
# Wait for the Policy to be updated, do with jobs to check when update is done
time.sleep(10 * shieldx_constants["USER_WAIT"])
# Send traffic
processed_stats = breaking_point.send_perf_traffic(
shieldx_constants["IXIA_SLOT"], shieldx_constants["IXIA_PORTS"],
traffic_profile)
# Record result
sx_rules = [("{}:{}".format(threat["protocolID"], threat["threatID"]))
for threat in threat_slice]
if processed_stats["avg_tx_tput"] >= expected_tput[0] and \
processed_stats["avg_rx_tput"] >= expected_tput[1]:
cumulative_ok_rules.extend(threat_slice)
act_on_slice = "INCLUDE"
shieldx_logger.info("These rules PASS: {}".format(sx_rules))
else:
act_on_slice = "EXCLUDE"
shieldx_logger.critical("These rules FAIL: {}".format(sx_rules))
test_model_id_iter = "{} - {} - {}".format(
processed_stats["model_name"], processed_stats["test_iteration"],
processed_stats["test_id"])
# format rules to display
if len(threat_slice) > 3:
display_rules = "{} + {} rules".format(sx_rules[0:2],
len(sx_rules) - 2)
else:
display_rules = str(sx_rules)
result = [
build, test_model_id_iter, sps_name, cpty,
processed_stats["avg_tx_tput"], processed_stats["avg_rx_tput"],
processed_stats["avg_tcp_response_time"], display_rules,
act_on_slice,
len(cumulative_ok_rules)
]
# Add result
shieldx_results.add(result)
# Clear SPS from ACL Policy
if acl_policy is not None:
shieldx_logger.info("Cleanup SPS in ACL.")
# Modify the ACL Rule in the Default ACL Policy
acl_policy["spsId"] = "null"
acl_policy["aclRules"][0]["spsId"] = "null"
# Update the ACL
shieldx_logger.info("Update ACL: {}".format(acl_policy))
is_updated = acl_mgmt.update_acl(acl_policy)
assert is_updated == True, "Unable to update ACL."
else:
assert False, "Not able to find ACL."
# Delete SPS
is_deleted = sps_mgmt.delete_security_policy_set_by_id(sps_id)
assert is_deleted, "SPS delete failed."
# Wait for the change to be applied
time.sleep(10 * shieldx_constants["USER_WAIT"])
# Delete TPP
is_deleted = tpp_mgmt.delete_threat_prevention_policy_by_id(to_tpp_id)
assert is_deleted, "TPP delete failed."
# Wait for the change to be applied
time.sleep(10 * shieldx_constants["USER_WAIT"])
# Move to next slice
index = index + bucket_size
