def update_access(name=None, action=None, cyc=None, rate=None, riskLevel=None, audit=None): obj = DBSecurityconfClass.DBSecurityconfig() # 创建数据库服务对象 res = obj.select(dbname=name) id = load(res.text)['data']['items'][0]['objId'] response = obj.update_access(id, action, cyc, rate, riskLevel, audit) result = load(response.text) assert dbservice_dict['dbSecurityconfig']['update'][ 'expected'] == result, '错误:响应结果比对失败' + response.text
def sqlinject_select_bynullname(byparam, param): ''' 名称不存在-查询规则 ''' obj = SqlInjectClass.SqlInject() # 创建sql注入对象 response = obj.select_rule(byparam=byparam, param=param) result = commen.load(response.text) assert len(result['items']) == 0, '错误:响应结果比对失败' + response.text
def update_returnCount(name=None, action=None, rate=None, riskLevel=None, audit=None, status=None): obj = DBSecurityconfClass.DBSecurityconfig() # 创建数据库服务对象 log.LOG.info('查询数据库id') res = obj.select(dbname=name) id = load(res.text)['data']['items'][0]['dbserverId'] log.LOG.info('编辑防御规则') response = obj.update_returnCount(id, action, rate, riskLevel, audit, status) result = load(response.text) assert dbservice_dict['dbSecurityconfig']['update'][ 'expected'] == result, '错误:响应结果比对失败' + response.text time.sleep(10)
def virtual_select_bynullname(byparam, param): ''' 名称不存在-查询规则 ''' obj = VirtualpatchClass.Virtualpatch() # 创建sql注入对象 response = obj.select_rule(byparam=byparam, param=param) result = load(response.text) assert len(result['items']) == 0, '错误:响应结果比对失败' + response.text
def select_dbservice_bynullname(name): ''' 根据名称查询id :param name:数据库保护对象名称 ''' obj = DBserviceClass.DBservice() # 创建数据库服务对象 response = obj.select_dbservice(byparam='byname', value=name) result = commen.load(response.text) return len(result['data']['items'])
def nopage(): obj = DBSecurityconfClass.DBSecurityconfig() # 创建数据库服务对象 response = obj.nopage() result = load(response.text) rs = True for i in result['dbservers']: if i['dbserverDisplayName'] not in namelist: rs = False break assert rs, '错误:响应结果比对失败' + response.text
def select_dbservice_byname(name): ''' 根据名称查询id :param name:数据库保护对象名称 ''' obj = DBserviceClass.DBservice() # 创建数据库服务对象 response = obj.select_dbservice(byparam='byname', value=name) result = commen.load(response.text) assert len(result['data']['items']) == 1 and result['data']['items'][0][ 'objName'] == name, '错误:响应结果比对失败' + response.text return result['data']['items'][0]['objId']
def operate_rule(operate, id): ''' 操作规则 :param id: 规则唯一id operate:操作类型 ''' obj = SqlInjectClass.SqlInject() # 创建sql注入对象 del_dict = sqlinject_dict['mutiOperate_diy_rule'] response = obj.operate_rule(operate=operate, id=id) result = commen.load(response.text) assert result == del_dict['expected'][ operate], '错误:响应结果比对失败' + response.text
def update_rule(id): obj = SqlInjectClass.SqlInject() # 创建sql注入对象 update_dict = sqlinject_dict['update_diy_rule'] response = obj.update_rule(id=id) result = commen.load(response.text) assert result == update_dict['expected'], '错误:响应结果比对失败' + response.text update_dict['body'].pop('content') view_response = obj.view_rule(id=id) rs = True for k in update_dict['body']: if str(update_dict['body'][k]) not in view_response.text: # print(view_response.text) # print(str(update_dict['body'][k])) rs = False break assert rs, '错误:查看结果修改结果失败' + view_response.text
def sqlinject_add(dbType=None, name=None, risk_level=None, status=None, ruleType=None): ''' sql注入特征库新增自定义规则 ''' obj = SqlInjectClass.SqlInject() # 创建sql注入对象 param_dict = copy.deepcopy(sqlinject_dict['add_diy_rule']) response = obj.diy_rule_add(dbType=dbType, name=name, risk_level=risk_level, status=status, ruleType=ruleType) result = commen.load(response.text) assert result == param_dict['expected'], '错误:响应结果比对失败' + response.text
def select(dbname=None, featuresStatus=None, virStatus=None): obj = DBSecurityconfClass.DBSecurityconfig() # 创建数据库服务对象 response = obj.select(dbname, featuresStatus, virStatus) result = load(response.text) rs = result['data']['items'] r = True if dbname != None: if len(rs) != 1 or rs[0]['dbserverDisplayName'] != dbname: r = False if featuresStatus != None: for i in rs: if i['featuresStatus'] != featuresStatus: r = False break if virStatus != None: for i in rs: if i['virStatus'] != virStatus: r = False break assert r, '错误:响应结果比对失败' + response.text
def update_switch(dispose=None, featuresStatus=None, virStatus=None, id=None, dataMaskStatusOM=None): ''' :param dispose:强制白名单 :param featuresStatus: SQL注入特征库开关 :param virStatus: 虚拟补丁开关 :param id: 数据库id :param dataMaskStatusOM: 运维脱敏 ''' obj = DBSecurityconfClass.DBSecurityconfig() # 创建数据库服务对象 response = obj.update(dispose=dispose, featuresStatus=featuresStatus, virStatus=virStatus, id=id, dataMaskStatusOM=dataMaskStatusOM) result = load(response.text) assert dbservice_dict['dbSecurityconfig']['update'][ 'expected'] == result, '错误:响应结果比对失败' + response.text
def sqlinject_select(byparam, param): ''' sql注入条件查询 ''' obj = SqlInjectClass.SqlInject() # 创建sql注入对象 response = obj.select_rule(byparam=byparam, param=param) rs = True result = commen.load(response.text) if byparam == 'byname': assert len(result['items']) == 1 and result['items'][0][ 'chsName'] == param, '错误:响应结果比对失败' + response.text return result['items'][0]['id'] if byparam == 'byrisklevel': for item in result['items']: if item['riskLevel'] != param: rs = False break assert rs, '错误:响应结果比对失败' + response.text if byparam == 'bystatus': for item in result['items']: if item['vpStatus'] != param: rs = False break assert rs, '错误:响应结果比对失败' + response.text
def startOrstop_dbservice(id, mode): obj = DBserviceClass.DBservice() response = obj.startOrstop_dbservice(id, mode) result = commen.load(response.text) assert result == dbservice_dict['startOrstopdbservice'][ 'expected'], '错误:响应结果比对失败' + response.text
def create_dbservice(name): obj = DBserviceClass.DBservice() response = obj.create_dbservice(name) result = commen.load(response.text) assert result == dbservice_dict['createdbserver'][ 'expected'], '错误:响应结果比对失败' + response.text
def update_service(dbname, id, runmode): obj = DBserviceClass.DBservice() response = obj.update_dbservice(dbname=dbname, runmode=runmode, id=id) result = commen.load(response.text) assert result == dbservice_dict['updatedbserver'][ 'expected'], '错误:响应结果比对失败' + response.text