def test_sqlinject_update(self):
'''sql注入特征库规则-编辑'''
name = sqlinject.sqlinject_dict['update_diy_rule']['body']['chsName']
id = SqlInject_Case.sqlinject_add(name=name) # 新增-查询
SqlInject_Case.update_rule(id=id) # 编辑
LOG.info('启用验证成功,等待删除。。。')
SqlInject_Case.sqlinject_del_rule(name=name)
def test_sqlinject_sel_stop(self):
'''sql注入特征库-停用'''
id = SqlInject_Case.sqlinject_add(
name=self.name, status=self.param['vpStatus'][2]) # 新增-查询
LOG.info('开始停用。。。')
SqlInject_Case.sqlinject_startORstop_rule(operate='stop',
id=id,
param=self.name) # 停用
LOG.info('停用结束。。。')
SqlInject_Case.sqlinject_del_rule(name=self.name)
def test_sqlinject_sel_start(self):
'''sql注入特征库查询-启用'''
id = SqlInject_Case.sqlinject_add(
name=self.name, status=self.param['vpStatus'][1]) # 新增-查询
LOG.info('开始启用。。。')
SqlInject_Case.sqlinject_startORstop_rule(operate='start',
id=id,
param=self.name) # 启用
LOG.info('启用结束。。。')
SqlInject_Case.sqlinject_del_rule(name=self.name)
def test_sqlinject_all_Veryhigh_start(self):
'''sql注入特征库-通用类型数据库,风险等级为极高,状态启用'''
rulename = self.rule[0] + self.name
SqlInject_Case.check_rule(isAll=1,
name=self.name,
risk_level=self.param['riskLevel'][4],
status=self.param['vpStatus'][2],
dbtype='oracle',
sql=self.sql,
rulename=rulename,
cn_risk_level=self.param['风险级别']['极高'],
cn_res_behavior=self.param['响应行为']['阻断行为'])
def test_sqlinject_oracle_low_start(self):
'''sql注入特征库-oracle类型数据库,风险等级为低,状态启用'''
rulename = self.rule[0] + self.name
SqlInject_Case.check_rule(isAll=2,
name=self.name,
risk_level=self.param['riskLevel'][1],
status=self.param['vpStatus'][2],
dbtype='oracle',
sql=self.sql,
rulename=rulename,
cn_risk_level=self.param['风险级别']['低'],
cn_res_behavior=self.param['响应行为']['告警'])
SqlInject_Case.execsql_rule(dbtype='mysql',
sql=self.sql,
rulename=self.rule[1],
cn_risk_level=self.param['风险级别']['安全'],
cn_res_behavior=self.param['响应行为']['通过'])
def test_sqlinject_dm_veryhigh_start(self):
'''sql注入特征库-dm类型数据库,风险等级为高,状态启用'''
rulename = self.rule[0] + self.name
SqlInject_Case.check_rule(isAll=2,
name=self.name,
risk_level=self.param['riskLevel'][4],
status=self.param['vpStatus'][2],
dbtype='dm',
sql=self.sql,
rulename=rulename,
cn_risk_level=self.param['风险级别']['极高'],
cn_res_behavior=self.param['响应行为']['阻断行为'])
SqlInject_Case.execsql_rule(dbtype='mysql',
sql=self.sql,
rulename=self.rule[1],
cn_risk_level=self.param['风险级别']['安全'],
cn_res_behavior=self.param['响应行为']['通过'])
def test_sqlinject_gbase_middle_start(self):
'''sql注入特征库-gbase类型数据库,风险等级为中,状态启用'''
rulename = self.rule[0] + self.name
SqlInject_Case.check_rule(isAll=2,
name=self.name,
risk_level=self.param['riskLevel'][2],
status=self.param['vpStatus'][2],
dbtype='gbase_s83',
sql=self.sql,
rulename=rulename,
cn_risk_level=self.param['风险级别']['中'],
cn_res_behavior=self.param['响应行为']['阻断行为'])
SqlInject_Case.execsql_rule(dbtype='sqlserver',
sql=self.sql,
rulename=self.rule[1],
cn_risk_level=self.param['风险级别']['安全'],
cn_res_behavior=self.param['响应行为']['通过'])
def tearDown(self):
LOG.info('启用验证成功,等待删除。。。')
SqlInject_Case.sqlinject_del_rule(name=self.name)
def test_sqlinject_view(self):
'''sql注入特征库-查看'''
id = SqlInject_Case.sqlinject_add(name=self.name) # 新增-查询
SqlInject_Case.view_rule(name=self.name, id=id) # 查看
SqlInject_Case.sqlinject_del_rule(name=self.name) # 删除
LOG.info('sql注入特征库查看规则--成功')
def test_sqlinject_sel_superhigh(self):
'''sql注入特征库查询-启用'''
SqlInject_Case.sqlinject_select(byparam=self.param['vpStatus'][0],
param=self.param['vpStatus'][2])
LOG.info('sql注入特征库查询-启用--成功')
def test_sqlinject_sel_superhigh(self):
'''sql注入特征库查询-极高风险'''
SqlInject_Case.sqlinject_select(byparam=self.param['riskLevel'][0],
param=self.param['riskLevel'][4])
LOG.info('sql注入特征库查询-极高风险--成功')
def test_sqlinject_sel_middle(self):
'''sql注入特征库查询-中风险'''
SqlInject_Case.sqlinject_select(byparam=self.param['riskLevel'][0],
param=self.param['riskLevel'][2])
LOG.info('sql注入特征库查询-中风险--成功')
def test_sqlinject_add(self):
'''sql注入特征库新增规则'''
SqlInject_Case.sqlinject_add(name=self.name)
LOG.info('sql注入特征库新增---成功')
SqlInject_Case.sqlinject_del_rule(name=self.name)
