Пример #1
0
def test_bats_022_get_protection_types(sut_handle, shieldx_logger):
    policy_mgmt = PolicyMgmt(sut_handle)

    # Get Protection Types
    protection_types = policy_mgmt.get_protection_types()

    for protection_type in protection_types:
        shieldx_logger.info("Protection Type: {}".format(protection_type))
Пример #2
0
def test_bats_000_get_tpp_list(sut_handle, shieldx_logger):
    policy_mgmt = PolicyMgmt(sut_handle)

    # Get Threat Prevention Policy List
    tpp_list = policy_mgmt.get_threat_prevention_policy_list()

    for tpp in tpp_list:
        shieldx_logger.info("TPP Name: {}".format(tpp["name"]))
        shieldx_logger.info("TPP ID: {}".format(tpp["id"]))
        shieldx_logger.info("---\n")
Пример #3
0
def test_bats_000_get_tpp_list(sut_handle, shieldx_logger):
    policy_mgmt = PolicyMgmt(sut_handle)

    # Get URL Filtering Policy List
    url_policy_list = policy_mgmt.get_url_filtering_policy()

    shieldx_logger.info("URL Policy: {}".format(url_policy_list))

    for url_policy in url_policy_list:
        shieldx_logger.info("URL Policy Name: {}".format(url_policy["name"]))
        shieldx_logger.info("URL Policy ID: {}".format(url_policy["id"]))
        shieldx_logger.info("---\n")
Пример #4
0
def test_func_002_check_threat_severities(sut_handle, shieldx_logger):
    policy = PolicyMgmt(sut_handle)

    expected_severities = ["Critical", "High", "Medium", "Low"].sort()

    try:
        # Get threat severities
        threat_severities = policy.get_threat_severities()

        shieldx_logger.info("Threat Severities: {}".format(threat_severities))
        assert threat_severities.sort(
        ) == expected_severities, "Threat Severity mismatch."
    except Exception as e:
        shieldx_logger.error(e)
Пример #5
0
def test_func_001_check_threat_encyclopedia_references(sut_handle, threat,
                                                       shieldx_logger):
    policy = PolicyMgmt(sut_handle)

    try:
        # Get existing threat prevention policies
        threat_info = policy.get_threat_encyclopedia(threat["pm_id"],
                                                     threat["rule_id"])

        shieldx_logger.info("Threat Info: {}".format(threat_info))
        assert threat_info["entries"]["name"] == threat[
            "name"], "Name mismatch."
    except Exception as e:
        shieldx_logger.error(e)
Пример #6
0
def test_bats_001_get_threats_by_policy(sut_handle, shieldx_logger):
    policy_mgmt = PolicyMgmt(sut_handle)

    # Get Threat Prevention Policy List
    tpp_list = policy_mgmt.get_threat_prevention_policy_list()

    for tpp in tpp_list:
        # Get threats for each TPP
        threats = policy_mgmt.get_threats_by_policy_id(tpp["id"])

        shieldx_logger.info("TPP Name: {}".format(tpp["name"]))
        shieldx_logger.info("TPP ID: {}".format(tpp["id"]))
        shieldx_logger.info("Threat Count: {}".format(len(threats)))
        shieldx_logger.info("---\n")
Пример #7
0
def test_bats_000_get_access_control_policy(sut_handle, shieldx_logger):
    # Initialize
    policy_mgmt = PolicyMgmt(sut_handle)

    # Get Access Control Policy List
    access_control_policy_list = policy_mgmt.get_access_control_policy()

    for access_control_policy in access_control_policy_list:
        acp = dict(access_control_policy)

        if "id" in acp:
            shieldx_logger.info("Default Access Control ID: {}".format(
                acp["id"]))
        else:
            shieldx_logger.error("Default Access Control ID Not Found.")
Пример #8
0
def test_bats_021_get_content_attributes(sut_handle, shieldx_logger):
    policy_mgmt = PolicyMgmt(sut_handle)

    # Get Content Attributes
    content_attributes = policy_mgmt.get_content_attributes()

    shieldx_logger.info("Content Attribute Count: {}".format(
        len(content_attributes)))

    # Show sample
    shieldx_logger.info("Content Attribute Sample: {}".format(
        content_attributes[0]))
    shieldx_logger.info("Content Attribute Sample: {}".format(
        content_attributes[101]))
    shieldx_logger.info("Content Attribute Sample: {}".format(
        content_attributes[1001]))
Пример #9
0
def test_bats_002_get_tpp_by_policy_id(sut_handle, policy_id, policy_name,
                                       shieldx_constants, shieldx_logger):
    policy_mgmt = PolicyMgmt(sut_handle)

    # Get Threat Prevention Policy by ID
    tpp = policy_mgmt.get_threat_prevention_policy_by_id(policy_id)

    if tpp is not None:
        shieldx_logger.info("TPP Name: {}".format(tpp["name"]))
        shieldx_logger.info("TPP ID: {}".format(tpp["id"]))
        shieldx_logger.info("---\n")

        assert policy_name == tpp["name"], "TPP Name does not match."
        assert policy_id == tpp["id"], "TPP ID does not match."
    else:
        shieldx_logger.error("Unknown policy Name: {}".format(policy_name))
        shieldx_logger.error("Unknown policy ID: {}".format(policy_id))

    time.sleep(1 * shieldx_constants["USER_WAIT"])
Пример #10
0
def test_bats_026_delete_tpp(sut_handle, policy_name, shieldx_logger):
    is_deleted = False
    policy_id = None

    policy_mgmt = PolicyMgmt(sut_handle)

    # Get Threat Prevention Policy List
    tpp_list = policy_mgmt.get_threat_prevention_policy_list()

    for tpp in tpp_list:
        if policy_name == tpp["name"]:
            policy_id = tpp["id"]
            break
        else:
            continue

    if policy_id is not None:
        is_deleted = policy_mgmt.delete_threat_prevention_policy_by_id(
            policy_id)
        assert is_deleted == True, "Delete TPP failed."
    else:
        shieldx_logger.error("NOOP - Unable to find the  TPP.")
Пример #11
0
def test_bats_025_tpp_by_rule_ids(sut_handle, datadir, shieldx_logger,
                                  input_json_file, tpp_name, block_threats):
    """ Create TPP by rule IDs, block threats if flag is set. """
    # JSON Config Reader
    config_reader = CCR()

    # Based on the All Threats TPP
    policy_name = "All Threats"

    from_policy_id = None
    to_policy_id = None

    threats = None
    apps = None

    policy_mgmt = PolicyMgmt(sut_handle)

    # Get Threat Prevention Policy
    tpp = policy_mgmt.get_threat_prevention_policy_by_name(policy_name)
    from_policy_id = tpp["id"]

    if from_policy_id is not None:
        threats = policy_mgmt.get_threats_by_policy_id(from_policy_id)
        apps = policy_mgmt.get_apps_by_policy_id(from_policy_id)
        shieldx_logger.info("TPP Name: {}".format(policy_name))
        shieldx_logger.info("TPP ID: {}".format(from_policy_id))
    else:
        shieldx_logger.error("Unable to find the  TPP.")

    # Selected Rule IDs
    resolved_input_json_file = str((datadir / input_json_file).resolve())
    selected_app_names = list(
        config_reader.read_json_config(resolved_input_json_file))
    shieldx_logger.info("Selected Names: {}".format(selected_app_names))

    # Fetch the payload from a config file
    tpp_config_file = "tpp.json"
    resolved_tpp_config_file = str((datadir / tpp_config_file).resolve())
    tpp_config = read_config(resolved_tpp_config_file)

    if tpp_config is not None:
        # Get the payload for cloning
        if "tpp_clone_payload" in tpp_config:
            clone_payload = tpp_config["tpp_clone_payload"]
            shieldx_logger.info("Clone Payload: {}".format(clone_payload))
        else:
            pass

        # Get the payload for response action
        if "tpp_bulk_edit_response_payload" in tpp_config:
            response_payload = tpp_config["tpp_bulk_edit_response_payload"]
            shieldx_logger.info(
                "Bulk Edit Payload: {}".format(response_payload))
        else:
            pass

    # Populate the payload
    if clone_payload:
        clone_payload["name"] = tpp_name
        clone_payload["tenantId"] = 1  # this should be fetched
        clone_payload["rules"] = [{"appNames": selected_app_names}]
    else:
        shieldx_logger.error(
            "Unable to fetch the TPP payload from config file.")

    # Create a clone of a TPP, get the TPP ID back
    to_policy_id = policy_mgmt.create_threat_prevention_policy(clone_payload)
    shieldx_logger.info("Create OK, Policy ID: {}".format(to_policy_id))

    assert to_policy_id != 0, "TPP Clone failed."

    # Bulk Edit - Block threats
    if block_threats:
        threat_responses = policy_mgmt.get_threat_responses_by_policy_id(
            to_policy_id)

        if len(threat_responses) > 0:
            for threat_response in threat_responses:
                threat_response["block"] = True
                threat_response["policyId"] = to_policy_id

            response_payload["id"] = to_policy_id
            response_payload["responses"] = threat_responses

            shieldx_logger.info(
                "Bulk Edit Payload: {}".format(response_payload))
            bulk_edit_success = policy_mgmt.bulk_update_threat_responses(
                response_payload)

            assert bulk_edit_success == True, "Bulk edit response action failed."
        else:
            shieldx_logger.error("NOOP - no threat found.")
    else:
        shieldx_logger.info("NOOP - no blocking required.")
Пример #12
0
def test_bats_012_clone_tpp_plus_dlp(sut_handle, datadir, shieldx_logger,
                                     policy_name, clone_name, block_threats):
    """ Clone canned TPPs; add DLP rules; block threats if flag is set. """
    from_policy_id = None
    to_policy_id = None

    threats = None
    apps = None

    policy_mgmt = PolicyMgmt(sut_handle)

    # Get Threat Prevention Policy
    tpp = policy_mgmt.get_threat_prevention_policy_by_name(policy_name)
    from_policy_id = tpp["id"]

    if from_policy_id is not None:
        threats = policy_mgmt.get_threats_by_policy_id(from_policy_id)
        apps = policy_mgmt.get_apps_by_policy_id(from_policy_id)
        shieldx_logger.info("TPP Name: {}".format(policy_name))
        shieldx_logger.info("TPP ID: {}".format(from_policy_id))
    else:
        shieldx_logger.error("Unable to find the  TPP.")

    # Fetch the payload from a config file
    tpp_config_file = "tpp.json"
    file_name = str((datadir / tpp_config_file).resolve())
    with open(file_name, 'r') as config_file:
        tpp_config = json.load(config_file)

        # Get the payload for cloning
        if "tpp_clone_payload" in tpp_config:
            clone_payload = tpp_config["tpp_clone_payload"]
            shieldx_logger.info("Clone Payload: {}".format(clone_payload))
        else:
            pass

        # Get the payload for response action
        if "tpp_bulk_edit_response_payload" in tpp_config:
            response_payload = tpp_config["tpp_bulk_edit_response_payload"]
            shieldx_logger.info(
                "Bulk Edit Payload: {}".format(response_payload))
        else:
            pass

    # Populate the payload
    if clone_payload:
        clone_payload["name"] = clone_name
        clone_payload["tenantId"] = 1  # this should be fetched
        app_names = [app["name"] for app in apps]

        # Special handling based on the policy being cloned
        # Option is based on "Uses Specific Threats?" flag
        # This flag is based whether "specificThreats" is populated.
        if policy_name == "Common Threats" or policy_name == "AppVisibility":
            # no need to specify the "appNames" in the rules.
            # specify the "specificThreats" instead
            clone_payload["rules"] = [{
                "specificThreats": threats
            }, {
                "protocolNames": ["DLP"]
            }]
        else:
            # no need to specify the "specificThreats" in the rules.
            # specify the "appNames" instead
            if app_names:
                clone_payload["rules"] = [{"appNames": app_names}]
            else:
                clone_payload["rules"] = []
    else:
        shieldx_logger.error(
            "Unable to fetch the TPP payload from config file.")

    # Create a clone of a TPP, get the TPP ID back
    to_policy_id = policy_mgmt.create_threat_prevention_policy(clone_payload)
    shieldx_logger.info("Create OK, Policy ID: {}".format(to_policy_id))

    assert to_policy_id != 0, "TPP Clone failed."

    # Clone TPP responses
    is_cloned = policy_mgmt.clone_threat_prevention_policy_responses(
        from_policy_id, to_policy_id)

    assert is_cloned == True, "Clone TPP responses failed."

    # Bulk Edit - Block threats
    if block_threats:
        threat_responses = policy_mgmt.get_threat_responses_by_policy_id(
            to_policy_id)
        for threat_response in threat_responses:
            #threat["alert"] = True
            threat_response["block"] = True
            #threat["enabled"] = True
            threat_response["policyId"] = to_policy_id

        response_payload["id"] = to_policy_id
        response_payload["responses"] = threat_responses

        shieldx_logger.info("Bulk Edit Payload: {}".format(response_payload))
        bulk_edit_success = policy_mgmt.bulk_update_threat_responses(
            response_payload)

        assert bulk_edit_success == True, "Bulk edit response action failed."
    else:
        pass