Exemplo n.º 1
0
def test_bats_000_update_content(sut_handle, shieldx_constants,
                                 shieldx_logger):
    manage = SysMgmt(sut_handle)

    # Get the system info
    system_info = manage.get_system_info()

    shieldx_logger.info("Software: {}".format(system_info["version"]))
    shieldx_logger.info("Content: {}".format(system_info["contentVersion"]))

    # Initiate Content Update
    is_content_update_initiated = manage.update_content()

    # Allow compiler to finish task, needs to be dynamic
    time.sleep(shieldx_constants["USER_WAIT"])

    # Check if content update is initiated
    assert is_content_update_initiated == True, "Failed to initiate content update."

    # Allow compiler to finish task, needs to be dynamic
    time.sleep(shieldx_constants["USER_WAIT"])

    # Get the system info
    system_info = manage.get_system_info()

    shieldx_logger.info("Software: {}".format(system_info["version"]))
    shieldx_logger.info("Content: {}".format(system_info["contentVersion"]))
Exemplo n.º 2
0
def test_bats_003_license_info(sut_handle, shieldx_logger):
    system_mgmt = SysMgmt(sut_handle)

    # Get the system info
    license_info = system_mgmt.get_license()

    shieldx_logger.info("License Info: {}".format(license_info))
Exemplo n.º 3
0
def test_staged_version(sut_handle, shieldx_logger):
    sys_mgmt = SysMgmt(sut_handle)

    # Get the staged version
    staged_version = sys_mgmt.get_staged_version()

    for item in staged_version:
        shieldx_logger.info("Staged Version: {}".format(item))
Exemplo n.º 4
0
def test_latest_version(sut_handle, shieldx_logger):
    sys_mgmt = SysMgmt(sut_handle)

    # Get the latest version
    latest_version = sys_mgmt.get_latest_version()

    for item in latest_version:
        shieldx_logger.info("Latest Version: {}".format(item))
Exemplo n.º 5
0
def test_bats_001_check_user(sut_handle, user_info):
    manage = SysMgmt(sut_handle)

    # Get users
    users = manage.get_users()

    print("User check: {}".format(user_info))

    assert any((user["login"] == user_info["login"]) for user in users), "User not found."
Exemplo n.º 6
0
def test_count_tpp_rules(sut_handle, datadir, shieldx_constants,
                         shieldx_logger, tpp_name):
    # Initialize
    # DUT
    tpp_mgmt = TPP_Mgmt(sut_handle)
    sys_mgmt = SysMgmt(sut_handle)

    # Get the system info
    system_info = sys_mgmt.get_system_info()
    software_version = system_info["version"]
    content_version = system_info["contentVersion"]

    # Results - ShieldX
    shieldx_logger.info("Software: {}".format(software_version))
    shieldx_logger.info("Content: {}".format(content_version))
    shieldx_logger.info("TPP: {}".format(tpp_name))

    # Save snapshots for reporting
    result_dir = "{}{}".format(shieldx_constants["SX_REPORT_REPO"],
                               shieldx_constants["SX_TPP_RULES_REPO"])
    column_names = [
        "Build", "Threat Prevention Policy", "Threat Count", "App Count"
    ]
    column_widths = [26, 24, 16, 16]

    build = "Mgmt{}Content{}".format(software_version, content_version)

    # Get Threat Prevention Policy
    tpp = tpp_mgmt.get_threat_prevention_policy_by_name(tpp_name)

    # Get rules - threats and apps
    if tpp is not None:
        # TPP ID
        tpp_id = tpp["id"]

        # Threats and Apps
        threats = tpp_mgmt.get_threats_by_policy_id(tpp_id)
        apps = tpp_mgmt.get_apps_by_policy_id(tpp_id)

        shieldx_logger.info("TPP Name: {}".format(tpp_name))
        shieldx_logger.info("TPP ID: {}".format(tpp_id))

        # Prep result
        shieldx_results = ResultsMgmt(result_dir, column_names, column_widths)
        result = [build, tpp_name, len(threats), len(apps)]

        # Add result
        shieldx_results.add(result)
    else:
        shieldx_logger.error("Unable to find the  TPP.")
Exemplo n.º 7
0
def test_bats_000_create_user(sut_handle, user_info):
    manage = SysMgmt(sut_handle)

    # Get existing users
    users = manage.get_users()

    if any((user["login"] == user_info["login"]) for user in users):
        # Skip creation (no-op), user already exist
        print("No-op, create user.")
    else:
        # Create user
        is_user_created = manage.create_user(user_info)

        assert is_user_created == True, "Not able to create the user."
Exemplo n.º 8
0
def test_bats_003_delete_user(sut_handle, user_login):
    manage = SysMgmt(sut_handle)

    # Get the specific user
    user_info = manage.get_user(user_login)

    # If user info is found, proceed with delete
    if len(user_info) != 0:
        # User found, proceed with update
        is_user_deleted = manage.delete_user(user_login)

        assert is_user_deleted == True, "Not able to delete the user."
    else:
        # Skip update (no-op), user not found
        print("No-op, delete user.")
Exemplo n.º 9
0
def test_bats_002_update_user(sut_handle, user_info):
    manage = SysMgmt(sut_handle)

    # Get existing users
    users = manage.get_users()

    # Check if user exist before proceeding from a list of users
    if any((user["login"] == user_info["login"]) for user in users):
        # User found, proceed with update
        is_user_updated = manage.update_user(user_info)

        assert is_user_updated == True, "Not able to udpate the user."
    else:
        # Skip update (no-op), user not found
        print("No-op, update user.")
Exemplo n.º 10
0
    def show_system_info(self, ip=None, username=None, password=None):
        if all([ip, username, password]):
            self.logger.info("Get system info.")

            # REST Session
            sx_session = SxSession(ip=ip, username=username, password=password)

            # Login 
            sx_session.login()

            # System Management
            sys_mgmt = SysMgmt(sx_session)
            sys_info = sys_mgmt.get_system_info()
            self.logger.info("System Info: {}".format(sys_info))

            # Logout
            sx_session.logout()
        else:
            self.logger.error("Missing parameters.")
Exemplo n.º 11
0
    def __init__(self, rest_session):
        # singleton logger
        self.logger = CustomLogger().get_logger()

        # Aspects of system under test
        self.acl_mgmt = ACL_Mgmt(rest_session)
        self.audit_log_mgmt = AuditLog(rest_session)
        self.jobs_mgmt = JobsMgmt(rest_session)
        self.sps_mgmt = SPS_Mgmt(rest_session)
        self.sys_mgmt = SysMgmt(rest_session)
Exemplo n.º 12
0
def test_bats_000_system_info(sut_handle, shieldx_logger):
    manage = SysMgmt(sut_handle)

    # Get the system info
    system_info = manage.get_system_info()

    shieldx_logger.info("Mgmt Major Version: {}".format(
        system_info["majorVersion"]))
    shieldx_logger.info("Mgmt Minor Version: {}".format(
        system_info["minorVersion"]))
    shieldx_logger.info("Mgmt Build Number: {}".format(
        system_info["buildNumber"]))
    shieldx_logger.info("Software: {}".format(system_info["version"]))
    shieldx_logger.info("Content: {}".format(system_info["contentVersion"]))
    shieldx_logger.info("Uptime: {}".format(system_info["systemUptime"]))
    shieldx_logger.info("Timezone: {}".format(system_info["timezone"]))

    software_version = ".".join(
        (system_info["majorVersion"], system_info["minorVersion"],
         system_info["buildNumber"]))

    assert software_version in system_info[
        "version"], "Issue in software version."
Exemplo n.º 13
0
def test_bats_002_enable_license(sut_handle, license_json, shieldx_constants,
                                 datadir):
    manage = SysMgmt(sut_handle)
    config_reader = CCR()

    # Get license info
    resolved_input_json_file = str((datadir / license_json).resolve())
    license_info = dict(
        config_reader.read_json_config(resolved_input_json_file))

    license_key = license_info.get("key", None)
    license_type = license_info.get("type", None)
    license_capacity = license_info.get("capacity", None)

    # Set the license
    is_license_set = manage.set_license(license_key)

    # Allow passage to cleanup tables
    time.sleep(shieldx_constants["USER_WAIT"])

    # Check if license is set
    assert is_license_set == True, "Failed to activate license."

    # Get the license info
    license_info = manage.get_license(license_key)

    # Check expected to actual capacity
    fetched_capacity = license_info["expected_capacity"]
    assert license_capacity == fetched_capacity, "Capacity does not match."

    # Check expected to actual license type
    fetched_license_type = license_info["license_type"]
    assert license_type == fetched_license_type, "License type does not match."

    # Check if license is active
    fetched_license_state = license_info["current_state"]
    assert "active" == fetched_license_state, "License is not active."
Exemplo n.º 14
0
def test_perf_by_cumulative_bucket(sut_handle, ixia_handle, shieldx_constants,
                                   shieldx_logger, tpp_name, bucket_size,
                                   threats_only, traffic_profile,
                                   expected_tput, datadir, pytestconfig):
    # Initialize
    # DUT
    sps_mgmt = SPS_Mgmt(sut_handle)
    tpp_mgmt = TPP_Mgmt(sut_handle)
    acl_mgmt = ACL_Mgmt(sut_handle)
    sys_mgmt = SysMgmt(sut_handle)
    # Traffic Gen
    breaking_point = BreakingPoint(ixia_handle)

    # Get the system info
    system_info = sys_mgmt.get_system_info()
    software_version = system_info["version"]
    content_version = system_info["contentVersion"]
    build = "Mgmt{}Content{}".format(software_version, content_version)

    # Get the license info
    license_info = sys_mgmt.get_license()
    cpty = license_info["expected_capacity"]

    # Save snapshots for reporting
    result_dir = "{}{}".format(shieldx_constants["SX_REPORT_REPO"],
                               shieldx_constants["SX_BUCKET_REPO"])
    column_names = [
        "Build", "Test Name - Iteration - Internal ID", "SPS", "Cpty",
        "AvgTxRate(Mbps)", "AvgRxRate(Mbps)", "AvgTCPResp(ms)",
        "Rules Under Test", "Action", "BcktSize"
    ]
    column_widths = [26, 54, 20, 6, 16, 16, 16, 36, 8, 8]

    # Result Manager
    shieldx_results = Result_Mgmt(result_dir, column_names, column_widths)

    # Policies
    from_tpp_name = tpp_name
    to_tpp_name = "Cumulative TPP"
    sps_name = "Cumulative SPS"

    #### Clear SPS from ACL Policy
    is_updated = False
    default_acl = "Default ACL Policy"
    acl_policy = acl_mgmt.get_acl_by_name(default_acl)
    if acl_policy is not None:
        # Modify the ACL Rule in the Default ACL Policy
        acl_policy["spsId"] = "null"
        acl_policy["aclRules"][0]["spsId"] = "null"

        # Update the ACL
        shieldx_logger.info("Update ACL: {}".format(acl_policy))
        is_updated = acl_mgmt.update_acl(acl_policy)

        assert is_updated == True, "Unable to update ACL."
    else:
        assert False, "Not able to find ACL."

    # Delete obsolete SPS
    sps = sps_mgmt.get_sps_by_name(sps_name)
    if sps is not None:
        sps_id = sps["id"]
        is_deleted = sps_mgmt.delete_security_policy_set_by_id(sps_id)
        time.sleep(10 * shieldx_constants["USER_WAIT"])

        assert is_deleted, "Unable to delete obsolete SPS."
    else:
        pass

    # Delete obsolete TPP
    tpp = tpp_mgmt.get_threat_prevention_policy_by_name(to_tpp_name)
    if tpp is not None:
        tpp_id = tpp["id"]
        is_deleted = tpp_mgmt.delete_threat_prevention_policy_by_id(tpp_id)
        time.sleep(10 * shieldx_constants["USER_WAIT"])

        assert is_deleted, "Unable to delete obsolete TPP."
    else:
        pass

    # Fetch the TPP and SPS payloads from a config file
    tpp_config_file = "tpp.json"
    file_name = str((datadir / tpp_config_file).resolve())
    with open(file_name, 'r') as config_file:
        tpp_config = json.load(config_file)

        # Get the payload for cloning
        if "tpp_clone_payload" in tpp_config:
            tpp_clone_payload = tpp_config["tpp_clone_payload"]
            shieldx_logger.info(
                "TPP Clone Payload: {}".format(tpp_clone_payload))
        else:
            assert False, "Missing TPP payload in JSON file."

    # Fetch the TPP and SPS payloads from a config file
    sps_config_file = "sps.json"
    file_name = str((datadir / sps_config_file).resolve())
    with open(file_name, 'r') as config_file:
        sps_config = json.load(config_file)

        # Get the payload for cloning
        if "sps_create_payload" in sps_config:
            sps_create_payload = sps_config["sps_create_payload"]
            shieldx_logger.info(
                "SPS Create Payload: {}".format(sps_create_payload))
        else:
            assert False, "Missing SPS payload in JSON file."

    #### Process source TPP
    from_tpp_id = None
    to_tpp_id = None

    threats = None
    apps = None

    # Get Threat Prevention Policy
    tpp = tpp_mgmt.get_threat_prevention_policy_by_name(from_tpp_name)
    from_tpp_id = tpp["id"]

    if from_tpp_id is not None:
        threats = tpp_mgmt.get_threats_by_policy_id(from_tpp_id)
        apps = tpp_mgmt.get_apps_by_policy_id(from_tpp_id)
        shieldx_logger.info("TPP Name: {}".format(from_tpp_name))
        shieldx_logger.info("TPP ID: {}".format(from_tpp_id))
    else:
        shieldx_logger.error("Unable to find the  TPP.")

    # Populate the payloads, do the check before proceeding
    if tpp_clone_payload:
        tpp_clone_payload["name"] = to_tpp_name
        tpp_clone_payload["tenantId"] = 1  # this should be fetched
        app_names = [app["name"] for app in apps]
    else:
        assert False, "Check JSON, needed for cloning TPP."

    if sps_create_payload is not None:
        sps_create_payload["name"] = sps_name
    else:
        assert False, "Check JSON, needed for creating SPS."

    # Check flag if we want to include apps in TPP
    if threats_only:
        app_names = []
    else:
        pass

    # Use slices of the threats for testing
    index = 0
    upper_limit = len(threats)
    cumulative_ok_rules = []
    while index <= upper_limit:
        upper_bound = index + bucket_size
        if upper_bound > upper_limit:
            upper_bound = upper_limit
        else:
            pass

        threat_slice = threats[index:upper_bound]
        shieldx_logger.critical("Threat Slice: {}".format(threat_slice))

        # merge new slice to accumulated rules
        merged_list = cumulative_ok_rules + threat_slice

        # Populate rules
        tpp_clone_payload["rules"] = [{
            "appNames": app_names,
            "specificThreats": merged_list
        }]
        shieldx_logger.critical("Cumulative Bucket: {}".format(merged_list))

        # Clone TPP
        to_tpp_id = tpp_mgmt.create_threat_prevention_policy(tpp_clone_payload)
        shieldx_logger.info("TPP ID: {}".format(to_tpp_id))
        assert to_tpp_id > 0, "TPP creation failed."

        time.sleep(10 * shieldx_constants["USER_WAIT"])

        # Create SPS
        sps_create_payload["threatPreventionPolicyName"] = to_tpp_name
        sps_create_payload["threatPreventionPolicyId"] = to_tpp_id
        sps_id = sps_mgmt.create_security_policy_set(sps_create_payload)
        shieldx_logger.info("SPS ID: {}".format(sps_id))
        assert sps_id > 0, "SPS creation failed."

        time.sleep(10 * shieldx_constants["USER_WAIT"])

        # Assign SPS to ACL (default)
        is_updated = False
        default_acl = "Default ACL Policy"
        acl_policy = acl_mgmt.get_acl_by_name(default_acl)

        if acl_policy is not None:
            shieldx_logger.info(
                "Update ACL with SPS Name: {}".format(sps_name))
            shieldx_logger.info("Update ACL with SPS ID: {}".format(sps_id))
            # Modify the ACL Rule in the Default ACL Policy
            acl_policy["spsId"] = sps_id
            acl_policy["aclRules"][0]["spsId"] = sps_id

            # Update the ACL
            shieldx_logger.info("Update ACL: {}".format(acl_policy))
            is_updated = acl_mgmt.update_acl(acl_policy)

            assert is_updated == True, "Unable to update ACL."
        else:
            assert False, "Not able to find ACL."

        # Wait for the Policy to be updated, do with jobs to check when update is done
        time.sleep(10 * shieldx_constants["USER_WAIT"])

        # Send traffic
        processed_stats = breaking_point.send_perf_traffic(
            shieldx_constants["IXIA_SLOT"], shieldx_constants["IXIA_PORTS"],
            traffic_profile)

        # Record result
        sx_rules = [("{}:{}".format(threat["protocolID"], threat["threatID"]))
                    for threat in threat_slice]

        if processed_stats["avg_tx_tput"] >= expected_tput[0] and \
           processed_stats["avg_rx_tput"] >= expected_tput[1]:
            cumulative_ok_rules.extend(threat_slice)
            act_on_slice = "INCLUDE"
            shieldx_logger.info("These rules PASS: {}".format(sx_rules))
        else:
            act_on_slice = "EXCLUDE"
            shieldx_logger.critical("These rules FAIL: {}".format(sx_rules))

        test_model_id_iter = "{} - {} - {}".format(
            processed_stats["model_name"], processed_stats["test_iteration"],
            processed_stats["test_id"])

        # format rules to display
        if len(threat_slice) > 3:
            display_rules = "{} + {} rules".format(sx_rules[0:2],
                                                   len(sx_rules) - 2)
        else:
            display_rules = str(sx_rules)

        result = [
            build, test_model_id_iter, sps_name, cpty,
            processed_stats["avg_tx_tput"], processed_stats["avg_rx_tput"],
            processed_stats["avg_tcp_response_time"], display_rules,
            act_on_slice,
            len(cumulative_ok_rules)
        ]

        # Add result
        shieldx_results.add(result)

        # Clear SPS from ACL Policy
        if acl_policy is not None:
            shieldx_logger.info("Cleanup SPS in ACL.")
            # Modify the ACL Rule in the Default ACL Policy
            acl_policy["spsId"] = "null"
            acl_policy["aclRules"][0]["spsId"] = "null"

            # Update the ACL
            shieldx_logger.info("Update ACL: {}".format(acl_policy))
            is_updated = acl_mgmt.update_acl(acl_policy)

            assert is_updated == True, "Unable to update ACL."
        else:
            assert False, "Not able to find ACL."

        # Delete SPS
        is_deleted = sps_mgmt.delete_security_policy_set_by_id(sps_id)
        assert is_deleted, "SPS delete failed."

        # Wait for the change to be applied
        time.sleep(10 * shieldx_constants["USER_WAIT"])

        # Delete TPP
        is_deleted = tpp_mgmt.delete_threat_prevention_policy_by_id(to_tpp_id)
        assert is_deleted, "TPP delete failed."

        # Wait for the change to be applied
        time.sleep(10 * shieldx_constants["USER_WAIT"])

        # Move to next slice
        index = index + bucket_size
Exemplo n.º 15
0
def test_threat_detection_after_content_update(sut_handle, shieldx_constants,
                                               shieldx_logger, run_index,
                                               content_bundle, datadir,
                                               pytestconfig):
    """
    Use case: Update content; then check ES that detection continues
              Frog threat traffic is running continuously
    """
    # Initialize
    sps_mgmt = SPS_Mgmt(sut_handle)
    sys_mgmt = SysMgmt(sut_handle)
    acl_mgmt = ACL_Mgmt(sut_handle)
    es = ES(sut_handle)

    # Save snapshots for reporting
    result_dir = "./"
    column_names = ["Build", "Test Name", "SPS", "Cpty", "Threat Detection?"]
    column_widths = [26, 36, 26, 6, 18]
    # Result Manager
    shieldx_results = Result_Mgmt(result_dir, column_names, column_widths)

    #### File based content update
    resolved_filename = str((datadir / content_bundle).resolve())
    shieldx_logger.info("Filename: {}".format(resolved_filename))

    is_content_update_initiated = sys_mgmt.file_based_update_content(
        resolved_filename)
    time.sleep(20 * shieldx_constants["USER_WAIT"])

    assert is_content_update_initiated == True, "Failed to initiate content update."

    # Get the system info
    system_info = sys_mgmt.get_system_info()
    software_version = system_info["version"]
    content_version = system_info["contentVersion"]
    # Get the license info
    license_info = sys_mgmt.get_license()
    # Get SPS in default ACL
    default_acl = "Default ACL Policy"
    acl_policy = acl_mgmt.get_acl_by_name(default_acl)
    sps_id = acl_policy["aclRules"][0]["spsId"]
    sps = sps_mgmt.get_sps_by_id(sps_id)

    assert sps is not None, "Init Check - SPS must not be empty."

    # Proceed with test, get current SPS name
    sps_name = sps["name"]

    # ES Index
    index = "shieldxevents"
    # Query - head
    head = get_index_payload(index)

    # Check ES
    check_es_count = 3
    for es_check in range(check_es_count):
        shieldx_logger.info(
            "Checking ES for threats, attempt {}".format(es_check))

        # Check threat detection in the last 10 minutes
        time.sleep(10 * shieldx_constants["USER_WAIT"])
        # End time (ms) - now
        end_time = es.get_ms_timstamp()
        # Start time (ms) - 10 minutes ago
        start_time = end_time - (10 * 60000)
        # Query - body
        body = get_threat_detection_payload(start_time, end_time)

        # Query - payload is head + body
        payload = json.dumps(head) + "\n" + json.dumps(body)

        # Fetch results from ES
        es_results = es.multi_search_query(payload)
        hits = es_results["responses"][0]["hits"]["hits"]
        for hit in hits:
            event = hit["_source"]["event"]
            shieldx_logger.info("Threat Detected - {}:{} - {}".format(
                event["pmId"], event["appId"], event["threatName"]))

        if len(hits) > 0:
            threat_detection = "PASS"
            shieldx_logger.info("Detection is OK, continue monitoring.")
        else:
            threat_detection = "FAIL"
            shieldx_logger.critical(
                "Detection stopped, abort test and check setup.")

        # Results - ShieldX
        shieldx_logger.info("Software: {}".format(software_version))
        shieldx_logger.info("Content: {}".format(content_version))
        shieldx_logger.info("License: {}".format(license_info))
        shieldx_logger.info("SPS: {}".format(sps_name))

        build = "Mgmt{}Content{}".format(software_version, content_version)
        cpty = license_info["expected_capacity"]
        use_case = "Threat detection after update"

        sx_result = [build, use_case, sps_name, cpty, threat_detection]

        # Add result
        shieldx_logger.info("Result: {}".format(sx_result))
        shieldx_results.add(sx_result)

        if threat_detection == "PASS":
            pass
        else:
            pytest.exit("Detection stopped, abort test and check setup.")

    shieldx_logger.info("Test complete.")
Exemplo n.º 16
0
def test_func_block_traffic(sut_handle, datadir, import_file, ixia_handle, traffic_profile, shieldx_constants, shieldx_logger):
    """
    Suite 1
        1. Start with IP Blacklist disabled
        2. Send Traffic - Expect to go through
        3. Enable and Import blacklist from a file
        4. Send Traffic  - Expect to be blocked
        5. Check Settings: Response Action (default - Block and Alert)
        6. Check Settings: Imported File
        7. Change Response Action from "Block and Alert" to "Alert Only"
        8. Check Settings: Response Action (Alert Only)
        9. Send Traffic - Expect to go through
       10. Disable IP Blacklist
    """
    # Initialize
    # DUT
    sps_mgmt = SPS_Mgmt(sut_handle)
    tpp_mgmt = TPP_Mgmt(sut_handle)
    acl_mgmt = ACL_Mgmt(sut_handle)
    sys_mgmt = SysMgmt(sut_handle)

    # Initialize
    # Blacklist
    blacklist = Blacklist(sut_handle)
    # Traffic - Breaking Point handle
    breaking_point = BreakingPoint(ixia_handle)

    # Get the system info
    system_info = sys_mgmt.get_system_info()
    software_version = system_info["version"]
    content_version = system_info["contentVersion"]
    # Get the license info
    license_info = sys_mgmt.get_license()
    # Get SPS in default ACL
    default_acl = "Default ACL Policy"
    acl_policy = acl_mgmt.get_acl_by_name(default_acl)
    sps_id = acl_policy["aclRules"][0]["spsId"]
    sps = sps_mgmt.get_sps_by_id(sps_id)

    if sps is not None:
        sps_name = sps["name"]
    else:
        sps_name = "None"

    # Reporting
    result_dir = "{}{}{}".format(shieldx_constants["SX_REPORT_REPO"], shieldx_constants["SX_ABURAME_REPO"], "IP_Blacklist/")
    column_names = ["Build", "SPS", "Test Name", "Result"]
    column_widths = [26, 16, 80, 10]
    shieldx_results = Result_Mgmt(result_dir, column_names, column_widths)

    build = "Mgmt{}Content{}".format(software_version, content_version)

    # Start with IP Blacklist disabled.
    test_name = "Is IP Blacklist disabled?"
    shieldx_logger.info(test_name)
    is_disabled = blacklist.disable_ip_blacklist()
    time.sleep(2 * shieldx_constants["USER_WAIT"])
    status = "PASSED" if is_disabled else "FAILED"
    result = [build, sps_name, test_name, status]
    shieldx_results.add(result)

    # Get IP Blacklist Global settings
    test_name = "Get IP Blacklist global settings - DISABLED."
    shieldx_logger.info(test_name)
    global_settings = blacklist.get_ip_blacklist_global_settings()
    shieldx_logger.info("IP Blacklist Global Setttings: {}".format(global_settings))
    status = "QTAD-5378"
    result = [build, sps_name, test_name, status]
    shieldx_results.add(result)

    # Send traffic and expect the traffic go through (Blacklist Disabled).
    test_name = "Send traffic and expect the traffic go through (Blacklist Disabled)."
    shieldx_logger.info(test_name)
    stats = breaking_point.send_strikes_traffic(shieldx_constants["IXIA_SLOT"], shieldx_constants["IXIA_PORTS"], traffic_profile)
    status = "PASSED" if int(stats["total_blocked"]) == 0 else "FAILED"
    result = [build, sps_name, test_name, status]
    shieldx_results.add(result)

    # Enable IP Blacklist, import from file.
    test_name = "Enable IP Blacklist, import from file."
    shieldx_logger.info(test_name)
    # Get the full path and convert it to string
    file_name = str((datadir/import_file).resolve())
    # Import Blacklist - IP Set
    is_imported = blacklist.import_listed_ip(file_name)
    time.sleep(2 * shieldx_constants["USER_WAIT"])
    status = "PASSED" if is_imported else "FAILED"
    result = [build, sps_name, test_name, status]
    shieldx_results.add(result)

    # Get IP Blacklist Global settings
    test_name = "Get IP Blacklist global settings - ENABLED."
    shieldx_logger.info(test_name)
    global_settings = blacklist.get_ip_blacklist_global_settings()
    shieldx_logger.info("IP Blacklist Global Setttings: {}".format(global_settings))
    status = "QTAD-5378"
    result = [build, sps_name, test_name, status]
    shieldx_results.add(result)

    # Send traffic and expect the traffic blocked (DENY-Blacklist).
    test_name = "Send traffic and expect the traffic blocked (DENY-Blacklist)."
    shieldx_logger.info(test_name)
    stats = breaking_point.send_strikes_traffic(shieldx_constants["IXIA_SLOT"], shieldx_constants["IXIA_PORTS"], traffic_profile)
    status = "PASSED" if int(stats["total_allowed"]) == 0 else "FAILED"
    result = [build, sps_name, test_name, status]
    shieldx_results.add(result)

    # Change Response Action from 'Block and Alert(default)' to 'Alert Only'.
    test_name = "Change Response Action from 'Block and Alert(default)' to 'Alert Only'."
    shieldx_logger.info(test_name)
    is_action_set = blacklist.set_ip_blacklist_action(shieldx_constants["SX_BL_ALERT_ONLY"])
    time.sleep(2 * shieldx_constants["USER_WAIT"])
    status = "PASSED" if is_action_set else "FAILED"
    result = [build, sps_name, test_name, status]
    shieldx_results.add(result)

    # Get IP Blacklist Global settings
    test_name = "Get IP Blacklist global settings - ENABLED."
    shieldx_logger.info(test_name)
    global_settings = blacklist.get_ip_blacklist_global_settings()
    shieldx_logger.info("IP Blacklist Global Setttings: {}".format(global_settings))
    status = "QTAD-5378"
    result = [build, sps_name, test_name, status]
    shieldx_results.add(result)

    # Send traffic and expect the traffic go through (Response Action: Alert Only).
    test_name = "Send traffic and expect the traffic go through (Response Action: Alert Only)."
    shieldx_logger.info(test_name)
    stats = breaking_point.send_strikes_traffic(shieldx_constants["IXIA_SLOT"], shieldx_constants["IXIA_PORTS"], traffic_profile)
    status = "PASSED" if int(stats["total_blocked"]) == 0 else "FAILED"
    result = [build, sps_name, test_name, status]
    shieldx_results.add(result)

    # Cleanup - Disable IP Blacklist.
    test_name = "Cleanup - Disable IP Blacklist."
    shieldx_logger.info(test_name)
    is_disabled = blacklist.disable_ip_blacklist()
    time.sleep(2 * shieldx_constants["USER_WAIT"])
    status = "PASSED" if is_disabled else "FAILED"
    result = [build, sps_name, test_name, status]
    shieldx_results.add(result)

    # Get IP Blacklist Global settings
    test_name = "Get IP Blacklist global settings - DISABLED."
    shieldx_logger.info(test_name)
    global_settings = blacklist.get_ip_blacklist_global_settings()
    shieldx_logger.info("IP Blacklist Global Setttings: {}".format(global_settings))
    status = "QTAD-5378"
    result = [build, sps_name, test_name, status]
    shieldx_results.add(result)
Exemplo n.º 17
0
def test_init_setup(sut_handle, ixia_handle, shieldx_constants, shieldx_logger,
                    datadir, pytestconfig):
    # Initialize
    # DUT
    sps_mgmt = SPS_Mgmt(sut_handle)
    tpp_mgmt = TPP_Mgmt(sut_handle)
    acl_mgmt = ACL_Mgmt(sut_handle)
    sys_mgmt = SysMgmt(sut_handle)
    # Traffic Gen
    breaking_point = BreakingPoint(ixia_handle)

    #### Apply desired license
    shieldx_license = pytestconfig.getoption("license")
    is_license_set = sys_mgmt.set_license(shieldx_license)

    assert is_license_set == True, "Unable to set license."

    # Policies
    from_tpp_name = "All Threats"
    to_tpp_name = "All Threats Blocked TPP"
    sps_name = "All Threats Blocked SPS"

    #### Clear SPS from ACL Policy
    is_updated = False
    default_acl = "Default ACL Policy"
    acl_policy = acl_mgmt.get_acl_by_name(default_acl)
    if acl_policy is not None:
        # Modify the ACL Rule in the Default ACL Policy
        acl_policy["spsId"] = "null"
        acl_policy["aclRules"][0]["spsId"] = "null"

        # Update the ACL
        shieldx_logger.info("Update ACL: {}".format(acl_policy))
        is_updated = acl_mgmt.update_acl(acl_policy)

        assert is_updated == True, "Unable to update ACL."
    else:
        assert False, "Not able to find ACL."

    #### Delete obsolete SPS
    sps = sps_mgmt.get_sps_by_name(sps_name)
    shieldx_logger.info("Obsolete SPS: {}".format(sps))
    if sps is not None:
        sps_id = sps["id"]
        is_deleted = sps_mgmt.delete_security_policy_set_by_id(sps_id)

        assert is_deleted == True, "Unable to delete old SPS."
    else:
        # No-op
        pass

    #### Delete obsolete TPP
    tpp = tpp_mgmt.get_threat_prevention_policy_by_name(to_tpp_name)
    shieldx_logger.info("Obsolete TPP: {}".format(tpp))
    if tpp is not None:
        to_tpp_id = tpp["id"]
        is_deleted = tpp_mgmt.delete_threat_prevention_policy_by_id(to_tpp_id)

        assert is_deleted == True, "Unable to delete old TPP."
    else:
        # No-op
        pass

    #### Clone "All Threats" and set Response to BLOCK
    block_threats = True
    from_tpp_id = None
    to_tpp_id = None

    threats = None
    apps = None

    # Get Threat Prevention Policy
    tpp = tpp_mgmt.get_threat_prevention_policy_by_name(from_tpp_name)
    from_tpp_id = tpp["id"]

    if from_tpp_id is not None:
        threats = tpp_mgmt.get_threats_by_policy_id(from_tpp_id)
        apps = tpp_mgmt.get_apps_by_policy_id(from_tpp_id)
        shieldx_logger.info("TPP Name: {}".format(from_tpp_name))
        shieldx_logger.info("TPP ID: {}".format(from_tpp_id))
    else:
        shieldx_logger.error("Unable to find the  TPP.")

    # Fetch the payload from a config file
    tpp_config_file = "tpp.json"
    file_name = str((datadir / tpp_config_file).resolve())
    with open(file_name, 'r') as config_file:
        tpp_config = json.load(config_file)

        # Get the payload for cloning
        if "tpp_clone_payload" in tpp_config:
            clone_payload = tpp_config["tpp_clone_payload"]
            shieldx_logger.info("Clone Payload: {}".format(clone_payload))
        else:
            pass

        # Get the payload for response action
        if "tpp_bulk_edit_response_payload" in tpp_config:
            response_payload = tpp_config["tpp_bulk_edit_response_payload"]
            shieldx_logger.info(
                "Bulk Edit Payload: {}".format(response_payload))
        else:
            pass

    # Populate the payload
    if clone_payload:
        clone_payload["name"] = to_tpp_name
        clone_payload["tenantId"] = 1  # this should be fetched
        app_names = [app["name"] for app in apps]

        # Special handling based on the policy being cloned
        # Option is based on "Uses Specific Threats?" flag
        # This flag is based whether "specificThreats" is populated.
        if from_tpp_name == "Common Threats" or from_tpp_name == "AppVisibility":
            # no need to specify the "appNames" in the rules.
            # specify the "specificThreats" instead
            clone_payload["rules"] = [{"specificThreats": threats}]
        else:
            # no need to specify the "specificThreats" in the rules.
            # specify the "appNames" instead
            if app_names:
                clone_payload["rules"] = [{"appNames": app_names}]
            else:
                clone_payload["rules"] = []
    else:
        shieldx_logger.error(
            "Unable to fetch the TPP payload from config file.")

    # Create a clone of a TPP, get the TPP ID back
    to_tpp_id = tpp_mgmt.create_threat_prevention_policy(clone_payload)
    shieldx_logger.info("Create OK, TPP ID: {}".format(to_tpp_id))

    assert to_tpp_id != 0, "TPP Clone failed."

    # Clone TPP responses
    is_cloned = tpp_mgmt.clone_threat_prevention_policy_responses(
        from_tpp_id, to_tpp_id)

    assert is_cloned == True, "Clone TPP responses failed."

    # Bulk Edit - Block threats
    if block_threats:
        threat_responses = tpp_mgmt.get_threat_responses_by_policy_id(
            to_tpp_id)
        for threat_response in threat_responses:
            threat_response["block"] = True
            threat_response["policyId"] = to_tpp_id

        response_payload["id"] = to_tpp_id
        response_payload["responses"] = threat_responses

        shieldx_logger.info("Bulk Edit Payload: {}".format(response_payload))
        bulk_edit_success = tpp_mgmt.bulk_update_threat_responses(
            response_payload)

        assert bulk_edit_success == True, "Bulk edit response action failed."
    else:
        pass

    #### Create "All Threats Blocked SPS"
    sps_id = 0
    # Fetch the payload from a config file
    sps_config_file = "sps.json"
    file_name = str((datadir / sps_config_file).resolve())
    with open(file_name, 'r') as config_file:
        sps_config = json.load(config_file)

        # Get the payload for cloning
        if "sps_create_payload" in sps_config:
            create_payload = sps_config["sps_create_payload"]
            shieldx_logger.info("Create Payload: {}".format(create_payload))
        else:
            create_payload = None

    if create_payload is not None:
        create_payload["name"] = sps_name
        create_payload["threatPreventionPolicyName"] = to_tpp_name
        create_payload["threatPreventionPolicyId"] = to_tpp_id

        shieldx_logger.info("Create Payload: {}".format(create_payload))
        sps_id = sps_mgmt.create_security_policy_set(create_payload)

        assert sps_id > 0, "SPS creation failed."
    else:
        pass

    #### Apply SPS to ACL
    is_updated = False
    default_acl = "Default ACL Policy"
    acl_policy = acl_mgmt.get_acl_by_name(default_acl)

    if acl_policy is not None:
        shieldx_logger.info("Update ACL with SPS Name: {}".format(sps_name))
        shieldx_logger.info("Update ACL with SPS ID: {}".format(sps_id))
        # Modify the ACL Rule in the Default ACL Policy
        acl_policy["spsId"] = sps_id
        acl_policy["aclRules"][0]["spsId"] = sps_id

        # Update the ACL
        shieldx_logger.info("Update ACL: {}".format(acl_policy))
        is_updated = acl_mgmt.update_acl(acl_policy)

        # Compile and propagate config
        time.sleep(20 * shieldx_constants["USER_WAIT"])

        assert is_updated == True, "Unable to update ACL."
    else:
        assert False, "Not able to find ACL."
Exemplo n.º 18
0
def test_bp_detection_and_blocking_after_content_update(
        sut_handle, ixia_handle, shieldx_constants, shieldx_logger, run_index,
        content_bundle, traffic_profile, expected_percent_blocked, datadir,
        pytestconfig):
    """
    Use case: Update content; then check BP that threats are detected and blocked
    """
    # Initialize
    # DUT
    sps_mgmt = SPS_Mgmt(sut_handle)
    tpp_mgmt = TPP_Mgmt(sut_handle)
    acl_mgmt = ACL_Mgmt(sut_handle)
    sys_mgmt = SysMgmt(sut_handle)
    es = ES(sut_handle)
    # Traffic Gen
    breaking_point = BreakingPoint(ixia_handle)

    #### File based content update
    resolved_filename = str((datadir / content_bundle).resolve())
    shieldx_logger.info("Filename: {}".format(resolved_filename))

    is_content_update_initiated = sys_mgmt.file_based_update_content(
        resolved_filename)
    shieldx_logger.critical("Waiting for the compilation to finish!!!")
    time.sleep(20 * shieldx_constants["USER_WAIT"])
    assert is_content_update_initiated == True, "Failed to initiate content update."

    # Get the system info
    system_info = sys_mgmt.get_system_info()
    software_version = system_info["version"]
    content_version = system_info["contentVersion"]
    # Get the license info
    license_info = sys_mgmt.get_license()
    # Get SPS in default ACL
    default_acl = "Default ACL Policy"
    acl_policy = acl_mgmt.get_acl_by_name(default_acl)
    sps_id = acl_policy["aclRules"][0]["spsId"]
    sps = sps_mgmt.get_sps_by_id(sps_id)

    # Check - proceed only if init setup is done
    assert sps is not None, "Check strikes test init, SPS must not be empty."
    # Proceed with test, get current SPS name
    sps_name = sps["name"]

    # ES Index
    index = "shieldxevents"
    # Query - head
    head = get_index_payload(index)

    # Start time (ms) - now
    start_time = es.get_ms_timstamp()

    # Send traffic
    processed_stats = breaking_point.send_strikes_traffic(
        shieldx_constants["IXIA_SLOT"], shieldx_constants["IXIA_PORTS"],
        traffic_profile)

    # End time (ms) - now + 30secs
    end_time = es.get_ms_timstamp() + 30000

    # Query - body
    body = get_threat_detection_payload(start_time, end_time)

    # Query - payload is head + body
    payload = json.dumps(head) + "\n" + json.dumps(body)

    # Fetch results from ES
    es_results = es.multi_search_query(payload)
    hits = es_results["responses"][0]["hits"]["hits"]
    for hit in hits:
        event = hit["_source"]["event"]
        shieldx_logger.info("Threat Detected - {}:{} - {}".format(
            event["pmId"], event["appId"], event["threatName"]))

    if len(hits) > 0:
        threat_detection = "PASS"
        shieldx_logger.info("Detection is OK, continue monitoring.")
    else:
        threat_detection = "FAIL"
        shieldx_logger.critical(
            "Detection stopped, abort test and check setup.")

    # Results - ShieldX
    shieldx_logger.info("Software: {}".format(software_version))
    shieldx_logger.info("Content: {}".format(content_version))
    shieldx_logger.info("License: {}".format(license_info))
    shieldx_logger.info("SPS: {}".format(sps_name))
    # Results - Breaking Point
    shieldx_logger.info("BP Model Name: {}".format(
        processed_stats["model_name"]))
    shieldx_logger.info("BP Test ID: {}".format(processed_stats["test_id"]))
    shieldx_logger.info("BP Test Iteration: {}".format(
        processed_stats["test_iteration"]))
    shieldx_logger.info("Total Strikes: {}".format(
        processed_stats["total_strikes"]))
    shieldx_logger.info("Total Allowed: {}".format(
        processed_stats["total_allowed"]))
    shieldx_logger.info("Total Blocked: {}".format(
        processed_stats["total_blocked"]))

    # Compute percentage
    if int(processed_stats["total_strikes"]) != 0:
        percent_blocked = "{:.2f}".format(
            100 * (int(processed_stats["total_blocked"]) /
                   int(processed_stats["total_strikes"])))
    else:
        percent_blocked = "0.0"

    # Save snapshots for reporting
    result_dir = "{}{}".format(shieldx_constants["SX_REPORT_REPO"],
                               shieldx_constants["SX_STRIKES_REPO"])
    column_names = [
        "Build", "Test Name - Iteration - Internal ID", "SPS", "Cpty",
        "Total Strikes", "Total Allowed", "Total Blocked", "% Blocked"
    ]
    column_widths = [26, 54, 26, 6, 14, 14, 14, 10]

    build = "Mgmt{}Content{}".format(software_version, content_version)
    test_model_id_iter = "{} - {} - {}".format(
        processed_stats["model_name"], processed_stats["test_iteration"],
        processed_stats["test_id"])

    cpty = license_info["expected_capacity"]

    # Prep result
    shieldx_results = Result_Mgmt(result_dir, column_names, column_widths)
    result = [
        build, test_model_id_iter, sps_name, cpty,
        processed_stats["total_strikes"], processed_stats["total_allowed"],
        processed_stats["total_blocked"], percent_blocked
    ]

    # Add result
    shieldx_results.add(result)

    # Pass/Fail Test
    # Abort test if a threat is not detected
    if float(percent_blocked) < float(expected_percent_blocked):
        pytest.exit("Not all threats are detected, abort and check the setup.")
    else:
        pass
Exemplo n.º 19
0
def test_policy_clone_and_threat_detection(sut_handle, ixia_handle,
                                           shieldx_constants, shieldx_logger,
                                           content_bundle, traffic_profile,
                                           expected_percent_blocked, datadir,
                                           pytestconfig):
    # Initialize
    # DUT
    sps_mgmt = SPS_Mgmt(sut_handle)
    tpp_mgmt = TPP_Mgmt(sut_handle)
    acl_mgmt = ACL_Mgmt(sut_handle)
    sys_mgmt = SysMgmt(sut_handle)
    # Traffic Gen
    breaking_point = BreakingPoint(ixia_handle)

    # Policies
    from_tpp_name = "All Threats"
    to_tpp_name = "All Threats Blocked TPP"
    sps_name = "All Threats Blocked SPS"

    #### Clear SPS from ACL Policy
    is_updated = False
    default_acl = "Default ACL Policy"
    acl_policy = acl_mgmt.get_acl_by_name(default_acl)
    if acl_policy is not None:
        # Modify the ACL Rule in the Default ACL Policy
        acl_policy["spsId"] = "null"
        acl_policy["aclRules"][0]["spsId"] = "null"

        # Update the ACL
        shieldx_logger.info("Update ACL: {}".format(acl_policy))
        is_updated = acl_mgmt.update_acl(acl_policy)

        assert is_updated == True, "Unable to update ACL."
    else:
        assert False, "Not able to find ACL."

    #### Delete obsolete SPS
    sps = sps_mgmt.get_sps_by_name(sps_name)
    shieldx_logger.info("Obsolete SPS: {}".format(sps))
    if sps is not None:
        sps_id = sps["id"]
        is_deleted = sps_mgmt.delete_security_policy_set_by_id(sps_id)

        assert is_deleted == True, "Unable to delete old SPS."
    else:
        # No-op
        pass

    #### Delete obsolete TPP
    tpp = tpp_mgmt.get_threat_prevention_policy_by_name(to_tpp_name)
    shieldx_logger.info("Obsolete TPP: {}".format(tpp))
    if tpp is not None:
        to_tpp_id = tpp["id"]
        is_deleted = tpp_mgmt.delete_threat_prevention_policy_by_id(to_tpp_id)

        assert is_deleted == True, "Unable to delete old TPP."
    else:
        # No-op
        pass

    #### Apply desired license
    shieldx_license = pytestconfig.getoption("license")
    is_license_set = sys_mgmt.set_license(shieldx_license)

    assert is_license_set == True, "Unable to set license."

    #### File based content update
    resolved_filename = str((datadir / content_bundle).resolve())
    shieldx_logger.info("Filename: {}".format(resolved_filename))

    is_content_update_initiated = sys_mgmt.file_based_update_content(
        resolved_filename)
    time.sleep(20 * shieldx_constants["USER_WAIT"])

    assert is_content_update_initiated == True, "Failed to initiate content update."

    #### Clone "All Threats" and set Response to BLOCK
    block_threats = True
    from_tpp_id = None
    to_tpp_id = None

    threats = None
    apps = None

    # Get Threat Prevention Policy
    tpp = tpp_mgmt.get_threat_prevention_policy_by_name(from_tpp_name)
    from_tpp_id = tpp["id"]

    if from_tpp_id is not None:
        threats = tpp_mgmt.get_threats_by_policy_id(from_tpp_id)
        apps = tpp_mgmt.get_apps_by_policy_id(from_tpp_id)
        shieldx_logger.info("TPP Name: {}".format(from_tpp_name))
        shieldx_logger.info("TPP ID: {}".format(from_tpp_id))
    else:
        shieldx_logger.error("Unable to find the  TPP.")

    # Fetch the payload from a config file
    tpp_config_file = "tpp.json"
    file_name = str((datadir / tpp_config_file).resolve())
    with open(file_name, 'r') as config_file:
        tpp_config = json.load(config_file)

        # Get the payload for cloning
        if "tpp_clone_payload" in tpp_config:
            clone_payload = tpp_config["tpp_clone_payload"]
            shieldx_logger.info("Clone Payload: {}".format(clone_payload))
        else:
            pass

        # Get the payload for response action
        if "tpp_bulk_edit_response_payload" in tpp_config:
            response_payload = tpp_config["tpp_bulk_edit_response_payload"]
            shieldx_logger.info(
                "Bulk Edit Payload: {}".format(response_payload))
        else:
            pass

    # Populate the payload
    if clone_payload:
        clone_payload["name"] = to_tpp_name
        clone_payload["tenantId"] = 1  # this should be fetched
        app_names = [app["name"] for app in apps]

        # Special handling based on the policy being cloned
        # Option is based on "Uses Specific Threats?" flag
        # This flag is based whether "specificThreats" is populated.
        if from_tpp_name == "Common Threats" or from_tpp_name == "AppVisibility":
            # no need to specify the "appNames" in the rules.
            # specify the "specificThreats" instead
            clone_payload["rules"] = [{"specificThreats": threats}]
        else:
            # no need to specify the "specificThreats" in the rules.
            # specify the "appNames" instead
            if app_names:
                clone_payload["rules"] = [{"appNames": app_names}]
            else:
                clone_payload["rules"] = []
    else:
        shieldx_logger.error(
            "Unable to fetch the TPP payload from config file.")

    # Create a clone of a TPP, get the TPP ID back
    to_tpp_id = tpp_mgmt.create_threat_prevention_policy(clone_payload)
    shieldx_logger.info("Create OK, TPP ID: {}".format(to_tpp_id))

    assert to_tpp_id != 0, "TPP Clone failed."

    # Clone TPP responses
    is_cloned = tpp_mgmt.clone_threat_prevention_policy_responses(
        from_tpp_id, to_tpp_id)

    assert is_cloned == True, "Clone TPP responses failed."

    # Bulk Edit - Block threats
    if block_threats:
        threat_responses = tpp_mgmt.get_threat_responses_by_policy_id(
            to_tpp_id)
        for threat_response in threat_responses:
            threat_response["block"] = True
            threat_response["policyId"] = to_tpp_id

        response_payload["id"] = to_tpp_id
        response_payload["responses"] = threat_responses

        shieldx_logger.info("Bulk Edit Payload: {}".format(response_payload))
        bulk_edit_success = tpp_mgmt.bulk_update_threat_responses(
            response_payload)

        assert bulk_edit_success == True, "Bulk edit response action failed."
    else:
        pass

    #### Create "All Threats Blocked SPS"
    sps_id = 0
    # Fetch the payload from a config file
    sps_config_file = "sps.json"
    file_name = str((datadir / sps_config_file).resolve())
    with open(file_name, 'r') as config_file:
        sps_config = json.load(config_file)

        # Get the payload for cloning
        if "sps_create_payload" in sps_config:
            create_payload = sps_config["sps_create_payload"]
            shieldx_logger.info("Create Payload: {}".format(create_payload))
        else:
            create_payload = None

    if create_payload is not None:
        create_payload["name"] = sps_name
        create_payload["threatPreventionPolicyName"] = to_tpp_name
        create_payload["threatPreventionPolicyId"] = to_tpp_id

        shieldx_logger.info("Create Payload: {}".format(create_payload))
        sps_id = sps_mgmt.create_security_policy_set(create_payload)

        assert sps_id > 0, "SPS creation failed."
    else:
        pass

    #### Apply SPS to ACL
    is_updated = False
    default_acl = "Default ACL Policy"
    acl_policy = acl_mgmt.get_acl_by_name(default_acl)

    if acl_policy is not None:
        shieldx_logger.info("Update ACL with SPS Name: {}".format(sps_name))
        shieldx_logger.info("Update ACL with SPS ID: {}".format(sps_id))
        # Modify the ACL Rule in the Default ACL Policy
        acl_policy["spsId"] = sps_id
        acl_policy["aclRules"][0]["spsId"] = sps_id

        # Update the ACL
        shieldx_logger.info("Update ACL: {}".format(acl_policy))
        is_updated = acl_mgmt.update_acl(acl_policy)

        # Compile and propagate config
        time.sleep(20 * shieldx_constants["USER_WAIT"])

        assert is_updated == True, "Unable to update ACL."
    else:
        assert False, "Not able to find ACL."

    # Get the system info
    system_info = sys_mgmt.get_system_info()
    software_version = system_info["version"]
    content_version = system_info["contentVersion"]
    # Get the license info
    license_info = sys_mgmt.get_license()
    # Get SPS in default ACL
    default_acl = "Default ACL Policy"
    acl_policy = acl_mgmt.get_acl_by_name(default_acl)
    sps_id = acl_policy["aclRules"][0]["spsId"]
    sps = sps_mgmt.get_sps_by_id(sps_id)

    assert sps is not None, "Check strikes test init, SPS must not be empty."

    # Proceed with test, get current SPS name
    sps_name = sps["name"]

    # Send traffic
    processed_stats = breaking_point.send_strikes_traffic(
        shieldx_constants["IXIA_SLOT"], shieldx_constants["IXIA_PORTS"],
        traffic_profile)

    # Results - ShieldX
    shieldx_logger.info("Software: {}".format(software_version))
    shieldx_logger.info("Content: {}".format(content_version))
    shieldx_logger.info("License: {}".format(license_info))
    shieldx_logger.info("SPS: {}".format(sps_name))
    # Results - Breaking Point
    shieldx_logger.info("BP Model Name: {}".format(
        processed_stats["model_name"]))
    shieldx_logger.info("BP Test ID: {}".format(processed_stats["test_id"]))
    shieldx_logger.info("BP Test Iteration: {}".format(
        processed_stats["test_iteration"]))
    shieldx_logger.info("Total Strikes: {}".format(
        processed_stats["total_strikes"]))
    shieldx_logger.info("Total Allowed: {}".format(
        processed_stats["total_allowed"]))
    shieldx_logger.info("Total Blocked: {}".format(
        processed_stats["total_blocked"]))

    # Compute percentage
    if int(processed_stats["total_strikes"]) != 0:
        percent_blocked = "{:.2f}".format(
            100 * (int(processed_stats["total_blocked"]) /
                   int(processed_stats["total_strikes"])))
    else:
        percent_blocked = "0.0"

    # Save snapshots for reporting
    result_dir = "{}{}".format(shieldx_constants["SX_REPORT_REPO"],
                               shieldx_constants["SX_STRIKES_REPO"])
    column_names = [
        "Build", "Test Name - Iteration - Internal ID", "SPS", "Cpty",
        "Total Strikes", "Total Allowed", "Total Blocked", "% Blocked"
    ]
    column_widths = [26, 54, 26, 6, 14, 14, 14, 10]

    build = "Mgmt{}Content{}".format(software_version, content_version)
    test_model_id_iter = "{} - {} - {}".format(
        processed_stats["model_name"], processed_stats["test_iteration"],
        processed_stats["test_id"])

    cpty = license_info["expected_capacity"]

    # Prep result
    shieldx_results = Result_Mgmt(result_dir, column_names, column_widths)
    result = [
        build, test_model_id_iter, sps_name, cpty,
        processed_stats["total_strikes"], processed_stats["total_allowed"],
        processed_stats["total_blocked"], percent_blocked
    ]

    # Add result
    shieldx_results.add(result)

    #### Clear SPS from ACL Policy
    is_updated = False
    default_acl = "Default ACL Policy"
    acl_policy = acl_mgmt.get_acl_by_name(default_acl)
    if acl_policy is not None:
        # Modify the ACL Rule in the Default ACL Policy
        acl_policy["spsId"] = "null"
        acl_policy["aclRules"][0]["spsId"] = "null"

        # Update the ACL
        shieldx_logger.info("Update ACL: {}".format(acl_policy))
        is_updated = acl_mgmt.update_acl(acl_policy)

        assert is_updated == True, "Unable to update ACL."
    else:
        assert False, "Not able to find ACL."

    #### Delete obsolete SPS
    sps = sps_mgmt.get_sps_by_name(sps_name)
    shieldx_logger.info("Obsolete SPS: {}".format(sps))
    if sps is not None:
        sps_id = sps["id"]
        is_deleted = sps_mgmt.delete_security_policy_set_by_id(sps_id)

        assert is_deleted == True, "Unable to delete old SPS."
    else:
        # No-op
        pass

    #### Delete obsolete TPP
    tpp = tpp_mgmt.get_threat_prevention_policy_by_name(to_tpp_name)
    shieldx_logger.info("Obsolete TPP: {}".format(tpp))
    if tpp is not None:
        to_tpp_id = tpp["id"]
        is_deleted = tpp_mgmt.delete_threat_prevention_policy_by_id(to_tpp_id)

        assert is_deleted == True, "Unable to delete old TPP."
    else:
        # No-op
        pass

    # Pass/Fail Test
    assert percent_blocked == 100.0, "Not all threats are detected, abort and check the setup."
Exemplo n.º 20
0
class SystemUnderTest(object):
    def __init__(self, rest_session):
        # singleton logger
        self.logger = CustomLogger().get_logger()

        # Aspects of system under test
        self.acl_mgmt = ACL_Mgmt(rest_session)
        self.audit_log_mgmt = AuditLog(rest_session)
        self.jobs_mgmt = JobsMgmt(rest_session)
        self.sps_mgmt = SPS_Mgmt(rest_session)
        self.sys_mgmt = SysMgmt(rest_session)

    def assign_sps(self, acl_container, policy_name):
        is_updated = False

        if policy_name is not None:
            # SPS - map name to ID
            sps_id = None
            # Get SPS by name
            sps = self.sps_mgmt.get_sps_by_name(policy_name)

            if sps is not None:
                sps_id = sps["id"]
            else:
                pass
        else:
            # SPS is Null
            policy_name = "null"
            sps_id = "null"

        # Resolve ACL container
        acl_policy = self.acl_mgmt.get_acl_by_name(acl_container)

        if acl_policy is not None:
            self.logger.info(
                "Update ACL with SPS Name: {}".format(policy_name))
            self.logger.info("Update ACL with SPS ID: {}".format(sps_id))
            # Modify the ACL Rule in the Default ACL Policy
            acl_policy["spsId"] = sps_id
            acl_policy["aclRules"][0]["spsId"] = sps_id

            # Update the ACL
            self.logger.info("Update ACL: {}".format(acl_policy))
            is_updated = self.acl_mgmt.update_acl(acl_policy)
        else:
            # ACL Container not found
            pass

        return is_updated

    def get_sps(self, acl_container, acl_rule_order_num=0):
        policy_name = None

        # Resolve ACL container
        acl_policy = self.acl_mgmt.get_acl_by_name(acl_container)

        # Get ACL Rules
        acl_rules = acl_policy.get("aclRules", [])
        self.logger.info("ACL Rules: {}".format(acl_rules))

        # Get SPS of specified ACL Rule
        sps_id = acl_rules[acl_rule_order_num]["spsId"]
        sps = self.sps_mgmt.get_sps_by_id(sps_id)
        self.logger.info("SPS: {}".format(sps))

        if sps is not None:
            # Get SPS Name
            policy_name = sps.get("name", None)
        else:
            pass

        return policy_name

    def get_system_info(self):
        system_info = {}

        # Get the software and content versions
        versions = self.sys_mgmt.get_system_info()
        system_info["software_version"] = versions["version"]
        system_info["content_version"] = versions["contentVersion"]

        # Get the license info
        license_info = self.sys_mgmt.get_license()
        system_info["capacity"] = license_info["expected_capacity"]

        return system_info

    def get_audit_log_by_action(self, start_time, end_time, action):
        # Craft query
        query = json.dumps({
            "eventType": "AUDIT_LOG",
            "gte": start_time,
            "lte": end_time,
            "queryType": "TABLE",
            "size": 100
        })

        # Get Audit Log
        audit_log_entries = self.audit_log_mgmt.get_audit_log(query=query)

        # Filter logs by action
        filtered_logs = [
            entry for entry in audit_log_entries
            if action in entry["log"]["action"]
        ]

        return filtered_logs

    def get_last_completed_job(self):
        # Check last completed job
        jobs = self.jobs_mgmt.get_jobs()
        completed_jobs = [job for job in jobs if job["state"] == "COMPLETED"]

        # Get Job ID
        job_id = completed_jobs[0]["id"]

        # Fetch and return job based on job ID
        return self.jobs_mgmt.get_job_by_id(job_id)

    def update_content_by_file(self, filename):
        # Update content
        is_content_update_initiated = self.sys_mgmt.file_based_update_content(
            filename)

        # Return status
        return is_content_update_initiated