class MysqlSqlReOff(unittest.TestCase): def setUp(self): self.sqllist = commen.PutsqlNum() self.ruler_name = commen.PutsqlName("mysql_") LOG.info("规则名称:%s" % self.ruler_name) LOG.info("SQL语句:%s" % self.sqllist) self.sensql = SensitiveSql( self.ruler_name, GlobalConfig.db_type_['mysql'], dbservice.select_dbservice_byname(gp.run_db["mysql"]), GlobalConfig.db_type_['oracle']) self.sensitiveway = SensitiveWay() @logger('敏感mysql类型低风险禁用') def test_mysql_re_off_risk1(self): '''敏感mysql类型低风险禁用''' self.sensql.sqlrisk_re_off(gp.risk_level['risk_low'], self.sqllist) @logger('敏感mysql类型中风险禁用') def test_mysql_re_off_risk2(self): '''敏感mysql类型中风险禁用''' self.sensql.sqlrisk_re_off(gp.risk_level['risk_mid'], self.sqllist) @logger('敏感mysql类型高风险禁用') def test_mysql_re_off_risk3(self): '''敏感mysql类型高风险禁用''' self.sensql.sqlrisk_re_off(gp.risk_level['risk_high'], self.sqllist) @logger('敏感mysql类型极高风险禁用') def test_mysql_re_off_risk4(self): '''敏感mysql类型极高风险禁用''' self.sensql.sqlrisk_re_off(gp.risk_level['risk_higher'], self.sqllist) def tearDown(self): LOG.info("删除新增sql规则") self.sensitiveway.del_ruler(self.ruler_name)
class DmSqlReOff(unittest.TestCase): def setUp(self): self.dbtable = commen.PutsqlName("dbtable_") self.sqllist = "SELECT * FROM " + self.dbtable self.ruler_name = commen.PutsqlName("dm_") LOG.info("规则名称:%s" % self.ruler_name) LOG.info("SQL语句:%s" % self.sqllist) self.sensql = SensitiveSql( self.ruler_name, GlobalConfig.db_type_['dm'], dbservice.select_dbservice_byname(gp.run_db['dm'])) self.sensitiveway = SensitiveWay() @logger('敏感dm类型低风险禁用') def test_dm_re_off_risk1(self): '''敏感dm类型低风险禁用''' self.sensql.sqlrisk_re_off(gp.risk_level['risk_low'], self.sqllist) @logger('敏感dm类型中风险禁用') def test_dm_re_off_risk2(self): '''敏感dm类型中风险禁用''' self.sensql.sqlrisk_re_off(gp.risk_level['risk_mid'], self.sqllist) @logger('敏感dm类型高风险禁用') def test_dm_re_off_risk3(self): '''敏感dm类型高风险禁用''' self.sensql.sqlrisk_re_off(gp.risk_level['risk_high'], self.sqllist) @logger('敏感dm类型极高风险禁用') def test_dm_re_off_risk4(self): '''敏感dm类型极高风险禁用''' self.sensql.sqlrisk_re_off(gp.risk_level['risk_higher'], self.sqllist) def tearDown(self): LOG.info("删除新增sql规则") self.sensitiveway.del_ruler(self.ruler_name)
class DB2SqlRe(unittest.TestCase): def setUp(self): self.sqllist = commen.PutsqlNum() self.ruler_name = commen.PutsqlName("db2_") LOG.info("规则名称:%s" % self.ruler_name) LOG.info("SQL语句:%s" % self.sqllist) self.sensql = SensitiveSql(self.ruler_name, GlobalConfig.db_type_['DB2'], dbservice.select_dbservice_byname(gp.run_db["db2"])) self.sensitiveway = SensitiveWay() @logger('敏感db2类型低风险') def test_db2_re_risk1(self): '''敏感db2类型低风险''' self.sensql.sqlrisk_re(gp.risk_level['risk_low'], self.sqllist, gp.risk_info[1]) @logger('敏感db2类型中风险') def test_db2_re_risk2(self): '''敏感db2类型中风险''' self.sensql.sqlrisk_re(gp.risk_level['risk_mid'], self.sqllist, gp.risk_info[2]) @logger('敏感db2类型高风险') def test_db2_re_risk3(self): '''敏感db2类型高风险''' self.sensql.sqlrisk_re(gp.risk_level['risk_high'], self.sqllist, gp.risk_info[3]) @logger('敏感db2类型极高风险') def test_db2_re_risk4(self): '''敏感db2类型极高风险''' self.sensql.sqlrisk_re(gp.risk_level['risk_higher'], self.sqllist, gp.risk_info[4]) def tearDown(self): LOG.info("删除新增sql规则") self.sensitiveway.del_ruler(self.ruler_name)
def setUp(self): self.sqllist = commen.PutsqlNum() self.ruler_name = commen.PutsqlName("db2_") LOG.info("规则名称:%s" % self.ruler_name) LOG.info("SQL语句:%s" % self.sqllist) self.sensql = SensitiveSql(self.ruler_name, GlobalConfig.db_type_['DB2'], dbservice.select_dbservice_byname(gp.run_db["db2"])) self.sensitiveway = SensitiveWay()
def setUp(self): self.dbtable = commen.PutsqlName("dbtable_") self.sqllist = "SELECT * FROM " + self.dbtable self.ruler_name = commen.PutsqlName("dm_") LOG.info("规则名称:%s" % self.ruler_name) LOG.info("SQL语句:%s" % self.sqllist) self.sensql = SensitiveSql( self.ruler_name, GlobalConfig.db_type_['dm'], dbservice.select_dbservice_byname(gp.run_db['dm'])) self.sensitiveway = SensitiveWay()
def setUp(self): self.dbtable = commen.PutsqlName("dbtable_") sql_execute.db2_create_table('db2', self.dbtable) self.sqllist = "SELECT * FROM " + self.dbtable self.ruler_name = commen.PutsqlName("db2_") LOG.info("规则名称:%s" % self.ruler_name) LOG.info("SQL语句:%s" % self.sqllist) self.sensql = SensitiveSql( self.ruler_name, GlobalConfig.db_type_['DB2'], dbservice.select_dbservice_byname(gp.run_db["db2"])) self.sensitiveway = SensitiveWay()
def sqlrisk_stand_off(self, risklevel, sqllist): self.payload["riskLevel"] = risklevel self.payload["status"] = 0 self.payload["payloadType"] = "standardSQL" self.payload["payloadContent"] = sqllist self.api_dict = self.api_dict["SensitiveSql"]["increase"] self.SensitiveWay = SensitiveWay() LOG.info(self.api_dict) LOG.info("规则名称:%s" % self.payload["name"]) LOG.info("当前sql类型:%s" % self.payload["payloadType"]) LOG.info("新增一条%s类型的sql规则" % self.payload["dbType"]) self.SensitiveWay.add_ruler(self.api_dict, self.payload) time.sleep(10) LOG.info("在%s客户端执行该语句" % self.payload["dbType"]) self.SensitiveWay.dbcon_way(sqllist, self.payload["dbType"]) LOG.info("在审计查询里面查找,sql语句应不被阻断") self.SensitiveWay.shenji_check_safe("业务全审计", sqllist) LOG.info("在%s客户端执行该语句" % self.dbType2) self.SensitiveWay.dbcon_way(sqllist, self.dbType2) LOG.info("在审计查询里面查找,sql语句应不被阻断") self.SensitiveWay.shenji_check_safe("业务全审计", sqllist)
def sqlrisk_re(self, risklevel, sqllist, respond): self.payload["riskLevel"] = risklevel self.payload["status"] = 1 self.payload["payloadType"] = "fuzzySQL" self.payload["payloadContent"] = "select\\s*(from|\\s*)\\s+((?!where).)*$" self.api_dict = self.api_dict["SensitiveSql"]["increase"] self.SensitiveWay = SensitiveWay() LOG.info(self.api_dict) LOG.info("规则名称:%s" % self.payload["name"]) LOG.info("当前sql类型:%s" % self.payload["payloadType"]) LOG.info("新增一条%s类型的sql规则" % self.payload["dbType"]) self.SensitiveWay.add_ruler(self.api_dict, self.payload) time.sleep(10) LOG.info("在%s客户端执行该语句" % self.payload["dbType"]) self.SensitiveWay.dbcon_way(sqllist, self.payload["dbType"]) LOG.info("在审计查询里面查找,sql语句应被阻断") self.SensitiveWay.shenji_check_risk(self.payload["name"], sqllist, respond, risklevel) LOG.info("在%s客户端执行该语句" % self.dbType2) self.SensitiveWay.dbcon_way(sqllist, self.dbType2) LOG.info("在审计查询里面查找,sql语句应不被阻断") self.SensitiveWay.shenji_check_safe("业务全审计", sqllist)
class SensitiveSql(object): def __init__(self, name, dbType, dbId,dbType2=GlobalConfig.db_type_['mysql']): self.payload = {} self.payload["name"] = name self.payload["description"] = name self.payload["dbType"] = dbType self.payload["dbId"] = dbId self.dbType2 = dbType2 self.api_dict = commen.get_api("/PolicyManage.json") def sqlrisk_re(self, risklevel, sqllist, respond): self.payload["riskLevel"] = risklevel self.payload["status"] = 1 self.payload["payloadType"] = "fuzzySQL" self.payload["payloadContent"] = "select\\s*(from|\\s*)\\s+((?!where).)*$" self.api_dict = self.api_dict["SensitiveSql"]["increase"] self.SensitiveWay = SensitiveWay() LOG.info(self.api_dict) LOG.info("规则名称:%s" % self.payload["name"]) LOG.info("当前sql类型:%s" % self.payload["payloadType"]) LOG.info("新增一条%s类型的sql规则" % self.payload["dbType"]) self.SensitiveWay.add_ruler(self.api_dict, self.payload) time.sleep(10) LOG.info("在%s客户端执行该语句" % self.payload["dbType"]) self.SensitiveWay.dbcon_way(sqllist, self.payload["dbType"]) LOG.info("在审计查询里面查找,sql语句应被阻断") self.SensitiveWay.shenji_check_risk(self.payload["name"], sqllist, respond, risklevel) LOG.info("在%s客户端执行该语句" % self.dbType2) self.SensitiveWay.dbcon_way(sqllist, self.dbType2) LOG.info("在审计查询里面查找,sql语句应不被阻断") self.SensitiveWay.shenji_check_safe("业务全审计", sqllist) def sqlrisk_re_off(self, risklevel, sqllist): self.payload["riskLevel"] = risklevel self.payload["status"] = 0 self.payload["payloadType"] = "fuzzySQL" self.payload["payloadContent"] = "select\\s*(from|\\s*)\\s+((?!where).)*$" self.api_dict = self.api_dict["SensitiveSql"]["increase"] self.SensitiveWay = SensitiveWay() LOG.info(self.api_dict) LOG.info("规则名称:%s" % self.payload["name"]) LOG.info("当前sql类型:%s" % self.payload["payloadType"]) LOG.info("新增一条%s类型的sql规则" % self.payload["dbType"]) self.SensitiveWay.add_ruler(self.api_dict, self.payload) time.sleep(10) LOG.info("在%s客户端执行该语句" % self.payload["dbType"]) self.SensitiveWay.dbcon_way(sqllist, self.payload["dbType"]) LOG.info("在审计查询里面查找,sql语句应不被阻断") self.SensitiveWay.shenji_check_safe("业务全审计", sqllist) LOG.info("在%s客户端执行该语句" % self.dbType2) self.SensitiveWay.dbcon_way(sqllist, self.dbType2) LOG.info("在审计查询里面查找,sql语句应不被阻断") self.SensitiveWay.shenji_check_safe("业务全审计", sqllist) def sqlrisk_stand(self, risklevel, sqllist, respond): self.payload["riskLevel"] = risklevel self.payload["status"] = 1 self.payload["payloadType"] = "standardSQL" self.payload["payloadContent"] = sqllist self.api_dict = self.api_dict["SensitiveSql"]["increase"] self.SensitiveWay = SensitiveWay() LOG.info(self.api_dict) LOG.info("规则名称:%s" % self.payload["name"]) LOG.info("当前sql类型:%s" % self.payload["payloadType"]) LOG.info("新增一条%s类型的sql规则" % self.payload["dbType"]) self.SensitiveWay.add_ruler(self.api_dict, self.payload) time.sleep(10) LOG.info("在%s客户端执行该语句" % self.payload["dbType"]) self.SensitiveWay.dbcon_way(sqllist, self.payload["dbType"]) LOG.info("在审计查询里面查找,sql语句应被阻断") self.SensitiveWay.shenji_check_risk(self.payload["name"], sqllist, respond, risklevel) LOG.info("在%s客户端执行该语句" % self.dbType2) self.SensitiveWay.dbcon_way(sqllist, self.dbType2) LOG.info("在审计查询里面查找,sql语句应不被阻断") self.SensitiveWay.shenji_check_safe("业务全审计", sqllist) def sqlrisk_stand_off(self, risklevel, sqllist): self.payload["riskLevel"] = risklevel self.payload["status"] = 0 self.payload["payloadType"] = "standardSQL" self.payload["payloadContent"] = sqllist self.api_dict = self.api_dict["SensitiveSql"]["increase"] self.SensitiveWay = SensitiveWay() LOG.info(self.api_dict) LOG.info("规则名称:%s" % self.payload["name"]) LOG.info("当前sql类型:%s" % self.payload["payloadType"]) LOG.info("新增一条%s类型的sql规则" % self.payload["dbType"]) self.SensitiveWay.add_ruler(self.api_dict, self.payload) time.sleep(10) LOG.info("在%s客户端执行该语句" % self.payload["dbType"]) self.SensitiveWay.dbcon_way(sqllist, self.payload["dbType"]) LOG.info("在审计查询里面查找,sql语句应不被阻断") self.SensitiveWay.shenji_check_safe("业务全审计", sqllist) LOG.info("在%s客户端执行该语句" % self.dbType2) self.SensitiveWay.dbcon_way(sqllist, self.dbType2) LOG.info("在审计查询里面查找,sql语句应不被阻断") self.SensitiveWay.shenji_check_safe("业务全审计", sqllist) def sqlrisk_temp(self, risklevel, sqllist, respond): self.payload["riskLevel"] = risklevel self.payload["status"] = 1 self.payload["payloadType"] = "templateSQL" self.payload["payloadContent"] = sqllist self.api_dict = self.api_dict["SensitiveSql"]["increase"] self.SensitiveWay = SensitiveWay() LOG.info(self.api_dict) LOG.info("规则名称:%s" % self.payload["name"]) LOG.info("当前sql类型:%s" % self.payload["payloadType"]) LOG.info("新增一条%s类型的sql规则" % self.payload["dbType"]) self.SensitiveWay.add_ruler(self.api_dict, self.payload) time.sleep(10) LOG.info("在%s客户端执行该语句" % self.payload["dbType"]) self.SensitiveWay.dbcon_way(sqllist, self.payload["dbType"]) LOG.info("在审计查询里面查找,sql语句应被阻断") self.SensitiveWay.shenji_check_risk(self.payload["name"], sqllist, respond, risklevel) LOG.info("在%s客户端执行该语句" % self.dbType2) self.SensitiveWay.dbcon_way(sqllist, self.dbType2) LOG.info("在审计查询里面查找,sql语句应不被阻断") self.SensitiveWay.shenji_check_safe("业务全审计", sqllist) def sqlrisk_temp_off(self, risklevel, sqllist): self.payload["riskLevel"] = risklevel self.payload["status"] = 0 self.payload["payloadType"] = "templateSQL" self.payload["payloadContent"] = sqllist self.api_dict = self.api_dict["SensitiveSql"]["increase"] self.SensitiveWay = SensitiveWay() LOG.info(self.api_dict) LOG.info("规则名称:%s" % self.payload["name"]) LOG.info("当前sql类型:%s" % self.payload["payloadType"]) LOG.info("新增一条%s类型的sql规则" % self.payload["dbType"]) self.SensitiveWay.add_ruler(self.api_dict, self.payload) time.sleep(10) LOG.info("在%s客户端执行该语句" % self.payload["dbType"]) self.SensitiveWay.dbcon_way(sqllist, self.payload["dbType"]) LOG.info("在审计查询里面查找,sql语句应不被阻断") self.SensitiveWay.shenji_check_safe("业务全审计", sqllist) LOG.info("在%s客户端执行该语句" % self.dbType2) self.SensitiveWay.dbcon_way(sqllist, self.dbType2) LOG.info("在审计查询里面查找,sql语句应不被阻断") self.SensitiveWay.shenji_check_safe("业务全审计", sqllist)